|
| |||||||
 |
 |
| | Thread Tools |
|
#1
Septembris 9, 2008, 10:31
| |||
| |||
| Hello all, Es esmu ļoti jauns jūsu vietni, bet ārkārtīgi pateicīgs, ka jūs esat šeit. I stumbled uz to, jo nesen infekcijas mana mamma ir klēpjdators (mēs dalīties ar to), un es esmu skaidrs, kā to atrisināt. Apmēram četras dienas pirms, IE logus ar pop-up reklāmas pēkšņi notikt ar balonu manā Deskbar, ka rakstīts: "Spyware detected! Klikšķiniet šeit, lai lejupielādētu anti-spyware" I ilga Symantec un Spybot S & D Full Skenē (nav pārliecināti, kā šis vīruss ir nokrities gan tiem), un tie neatrada neko! Tad es sāku googling un lejupielādēt Malwarebyte's Anti-Malware un vadīja to. Tā konstatēja, daži sīkumi, bet tas nav noteikt problēmu. Es lejupielādēt PrevxCSI bet man nav pietiekami daudz $ $ $ vēl nopirkt License (bet es vajadzības gadījumā), un tajā ir uzskaitītas šādi: C: \ WINDOWS \ system32 \ ds fmon.dll - Ļaunprātīga programmatūra C: \ WINDOWS \ system32 \ CSRLT.exe - Malware Dropper C: \ WINDOWS \ MSBLT.exe - Malware Dropper C: \ WINDOWS \ system32 \ LSASSMGR.exe - Cloaked Malware C: \ Program Files \ Mozilla Firefox \ firefoxe.exe - Cloaked Malware C: \ Program Files \ Internet Explorer \ iexplor.exe - Cloaked Malware C: \ WINDOWS \ system32 \ spool.exe - Cloaked Malware C: \ WINDOWS \ system32 \ srtsrv32.exe - Cloaked Malware C: \ WINDOWS \ system32 \ LSSMON.exe - Malware Dropper C: \ WINDOWS \ divx32.dll - Malware Dropper C: \ WINDOWS \ system32 \ msupd32.exe - Malware Dropper C: \ WINDOWS \ system32 \ upd01.exe - Malware Dropper Tas izskatās un izklausās daudz man, un es esmu ļoti noraizējies.  Vai kāds ir kādi noderīgi ieteikumi man? Man nāksies tērēt daudz naudas, lai novērstu šo?Thank you so much! |
|
#2
Septembris 9, 2008, 11:32
| |||
| |||
| Hello teddynicholas. Welcome to CJ. Download ComboFix by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop. Link # 1 Link # 2 ** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt ComboFix. Laiku sakropļot jūsu antivīruss, Un jebkuru antispyware reāllaika aizsardzību pirms veic skenēšanu. Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību. Dubultklikšķi combofix.exe un sekojiet norādījumiem. Kad pabeigts ComboFix ražos log for you. Post ComboFix log Jūsu nākamo atbildi. Svarīgi: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt to apstāsies. Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware aizsardzību, ja ComboFix ir pabeigta.
__________________  |
|
#3
Septembris 16, 2008, 14:27
| |||
| |||
| ComboFix 08-09-15.02 - Teddy 2008-09-16 16:34:04.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00] Sākot no: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe * Izveido jaunu atjaunošanas punktu WARNING, šī mašīna nav atkop Installed! . ((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt C: \ Documents and Settings \ Teddy \ Cookies \ teddy@ad.yieldmanager [1]. Txt C: \ WINDOWS \ Downloaded Program Files \ setup.inf C: \ WINDOWS \ system32 \ spool.exe . ((((((((((((((((((((((((( Faili Created no 2008/08/16 līdz 2008/09/16 ))))))))))) )))))))))))))))))))) . 2008/09/16 16:21. 2008/09/16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak 2008/09/16 13:23. 2008/09/16 13:23 <DIR> d -------- C: \ WINDOWS \ LastGood 2008/09/13 13:19. 2008/09/13 13:19 <DIR> d -------- C: \ Program Files \ iTunes 2008/09/13 13:19. 2008/09/13 13:19 <DIR> d -------- C: \ Program Files \ iPod 2008/09/13 13:19. 2008/09/13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008/09/13 13:12. 2008/09/13 13:16 <DIR> d -------- C: \ Program Files \ Common Files \ Apple 2008/09/08 16:10. 2008/09/08 16:10 <DIR> d -------- C: \ Program Files \ Easy SpyRemover 2008/09/08 15:45. 2008/09/06 00:59 741.376 - ------ C: \ WINDOWS \ system32 \ LSSMON.EXE 2008/09/08 15:45. 2008/09/04 21:59 17.920 - ------ C: \ WINDOWS \ system32 \ LSASSMGR.EXE 2008/09/07 22:34. 2008/09/02 00:16 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008/09/07 22:33. 2008/09/07 22:34 <DIR> d -------- C: \ Program Files \ Malwarebytes "Anti-Malware 2008/09/07 22:33. 2008/09/07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes 2008/09/07 22:33. 2008/09/07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008/09/07 22:33. 2008/09/02 00:16 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008/09/06 15:09. 2008/09/06 15:09 90.112 - ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx 2008/09/06 15:09. 2008/09/06 15:09 57.344 - ------ C: \ WINDOWS \ system32 \ QuickTime.qts 2008/09/05 10:44. 2008/09/06 00:59 741.376 - ------ C: \ WINDOWS \ system32 \ msupd32.exe 2008/09/04 21:59. 2008/09/07 12:59 741.376 - ------ C: \ WINDOWS \ system32 \ upd01.exe 2008/09/04 21:59. 2008/09/06 00:59 741.376 - ------ C: \ WINDOWS \ divx32.dll 2008/09/04 21:59. 2008/09/04 21:59 17.920 - ------ C: \ WINDOWS \ system32 \ srtsrv32.exe 2008/09/04 21:59. 2008/09/16 16:24 5.903 - ------ C: \ WINDOWS \ system32 \ mssc32.dll 2008/09/04 21:59. 2008/09/16 16:24 5.903 - ------ C: \ WINDOWS \ system32 \ bsc32.dll 2008/09/02 13:23. 2008/09/02 13:23 <DIR> d -------- C: \ Program Files \ PrevxCSI 2008/09/02 13:23. 2008/09/16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI 2008/09/02 13:23. 2008/09/02 13:23 17.408 - ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys 2008/09/01 01:30. 2008/09/02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008/09/01 01:20. 2008/09/07 22:19 0 - ------ C: \ WINDOWS \ system32 \ sc02.sc 2008/08/31 01:46. 2007/02/20 16:04 2.463.976 - ------ C: \ WINDOWS \ system32 \ NPSWF32.dll 2008/08/31 01:46. 2007/02/20 16:04 190.696 - ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe 2008/08/30 09:59. 2008/08/30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia 2008/08/30 09:59. 2008/08/30 21:27 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia 2008/08/30 01:25. 2008/09/13 13:18 <DIR> d -------- C: \ Program Files \ Bonjour 2008/08/29 14:33. 2006/09/18 17:55 109.744 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS 2008/08/29 14:33. 2006/09/18 17:55 48.816 - ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008/08/29 10:18. 2008/08/29 10:18 87.336 - ------ C: \ WINDOWS \ system32 \ dns-sd.exe 2008/08/29 09:53. 2008/08/29 09:53 61.440 - ------ C: \ WINDOWS \ system32 \ dnssd.dll 2008/08/27 04:05. 2008/04/07 05:38 45.392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll 2008/08/27 04:05. 2008/04/07 05:38 22.872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008/09/16 20:53 --------- d ----- w C: \ Program Files \ Symantec AntiVirus 2008/09/13 17:17 --------- d ----- w C: \ Program Files \ QuickTime 2008/09/13 17:13 --------- d ----- w C: \ Program Files \ Apple Software Update 2008/09/08 18:53 249.956 ---- aw C: \ WINDOWS \ system32 \ dsfMon.dll 2008/09/01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008/09/01 05:56 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008/08/30 05:24 --------- d ----- w C: \ Program Files Common Files \ Adobe 2008/08/29 18:34 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared 2008/08/29 18:33 --------- d ----- w C: \ Program Files \ Symantec 2008/08/29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008/08/27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet 2008/08/26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2 2008/08/13 21:33 --------- d ----- w C: \ Program Files \ Microsoft Silverlight 2008/08/12 02:46 --------- d ----- w C: \ Program Files \ PHM 2008/07/26 08:55 --------- d ----- w C: \ Program Files \ OpenOffice.org 2,4 2008/07/26 08:54 --------- d ----- w C: \ Program Files \ Java 2008/07/19 02:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll 2008/07/19 02:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe 2008/07/19 02:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll 2008/07/19 02:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll 2008/07/19 02:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll 2008/07/19 02:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ wuaueng.dll 2008/07/07 20:32 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll 2008/06/24 22:12 295.936 ------ w C: \ WINDOWS \ system32 \ wmpeffects.dll 2008/06/24 16:23 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll 2008/06/23 16:57 826.368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll 2008/06/20 17:41 245.248 ---- aw C: \ WINDOWS \ system32 \ mswsock.dll 2008/04/19 16:57 32 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "SWG" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007/04/02 68.856] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008/09/06 413.696] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006/11/13 1.289.000] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 15.360] "IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008/02/28 1.828.136] "SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008/08/18 1.832.272] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "RemoteControl" = "C: \ Program Files CyberLink \ PowerDVD \ PDVDServ.exe" [2004/05/14 32.768] "RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003/05/01 65.536] "RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003/07/15 319.488] "SiS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004/09/02 249.856] "SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004/09/22 106.496] "Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003/12/05 159.744] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008/06/10 144.784] "DSFHost" = "C: \ Program Files \ Skavas \ easyprint \ dsfhost.exe" [2006/01/05 2.142.301] "Sinhronizācija Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004/08/04 143.360] "Zune Launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007/03/14 24.104] "GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006/10/27 31.016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008/01/11 39.792] "NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008/02/28 570.664] "NBKeyScan" = "C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBKeyScan.exe" [2008/02/18 2.221.352] "Adobe Acrobat Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9,0 \ Acrobat \ Acrobat_sl.exe" [2008/06/12 37.232] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006/07/19 52.896] "vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006/09/27 125.168] "Layersecurity Servicemonitor" = "C: \ WINDOWS \ system32 \ LSSMON.EXE" [2008/09/06 741.376] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008/09/10 289.576] "SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE] "AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe] "SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll] C: \ Documents and Settings \ Teddy \ Start Menu \ Programs \ Startup \ Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005/03/16 113.664] OneNote 2007 ekrānu Clipper un Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006/10/26 98.632] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Windows darbvirsmas Search.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2007/02/05 118.784] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7.826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007/02/05 294.400] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLs" = acaptuser32.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izpildes iespējām \ firefox.exe] "Debugger" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izpildes iespējām \ iexplore.exe] "Debugger" = C: \ Program Files \ Internet Explorer \ iexplor.exe [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izpildes iespējām \ Spoolsv.exe] "Debugger" = C: \ WINDOWS \ system32 \ spool.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = DWORD: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ BitLord \ \ BitLord.exe" = "C: \ \ Program Files \ \ Soulseek \ \ slsk.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ StubInstaller.exe" = "C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ AIM \ \ aim.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OneNote.exe" = "C: \ \ Program Files \ \ Isadora \ \ isadora.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3.389: TCP" = 3.389: TCP: @ xpsp2res.dll, -22.009 "1500: TCP" = 1500: TCP: Droša piekļuve Agent Port "26.675: TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service * Jaunizveidoto Service * - CATCHME * Jaunizveidoto Service * - PROCEXP90 . Saturs "Scheduled Tasks" mape . - - - - Bāreņiem likvidētas - - - -- HKLM-Run-CSRLT.EXE - C: \ WINDOWS \ system32 \ CSRLT.EXE . ------- Papildu Scan ------- . FireFox -: Profile - C: \ Documents and Settings \ Teddy \ Application Data \ Mozilla \ Firefox \ Profiles \ 6xzfp0sa.default \ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q = . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2008/09/16 16:51:46 Windows 5.1.2600 Service Pack 2 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... skenēšana slēptos failus ... scan sekmīgi pabeigta slēptos failus: 0 ************************************************** ************************ . Izpildes laiks: 2008-09-16 17:15:59 ComboFix-karantīnā-files.txt 2008/09/16 21:15:16 Pre-Run: 10478669824 bytes free Post-Run: 10446106624 bytes free 190 --- EOF --- 2008/09/11 20:07:51 |
|
#4
Septembris 16, 2008, 14:45
| |||
| |||
| Piezīme: Instrukcijas turpmāk tika izveidota speciāli šim lietotājam. Ja Jums nav šī lietotāja, DO NOT ievērojiet šos norādījumus, jo tie varētu kaitēt jūsu sistēmas darbības principus Izdzēst šos failus / mapes, tas ir: 1. Doties uz Sākums > Skriet > Type Notepad.exe un noklikšķiniet uz OK atvērt Notepad. Tas vajag ir Notepad, nevis Wordpad. 2. Kopēt tekstu tālāk kodu ailē, uzsverot visu tekstu un nospiediet Ctrl + C Kods: Killall:: File: C: \ Program Files \ Easy SpyRemover C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ upd01.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ bsc32.dll Reģistrs: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image fails izpildes iespējām \ iexplore.exe] "Dzēst", =- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izpildes iespējām \ Spoolsv.exe] "Dzēst" =- 4. Pēc tam noklikšķiniet uz Fails > Glābt 5. Nosaukums failu CFScript.txt - Saglabāt failu darbvirsmā 6. Velciet CFScript (turiet peles kreiso pogu un velkot failu) un nometiet to (izlaide peles kreiso pogu) pārnes ComboFix.exe kā redzat attēlā zemāk. Svarīgi: Veic šo instrukciju uzmanīgi!  ComboFix sāks izpildīt, vienkārši sekojiet instrukcijām. Pēc reboot (ja tā lūdz atsāknēšana), tā sagatavos log for you. Post (Combofix.txt), kas ieiet jūsu nākamo atbildi. Piezīme: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt sistēmas iesaldēt
__________________ |
|
#5
Septembris 16, 2008, 15:32
| |||
| |||
| ComboFix 08-09-15.02 - Teddy 2008-09-16 17:49:20.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.850 [GMT -4:00] Sākot no: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe Komandu slēdžus izmanto:: C: \ Documents and Settings \ Teddy \ Desktop \ CFScript.txt * Izveido jaunu atjaunošanas punktu WARNING, šī mašīna nav atkop Installed! . ((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ system32 \ bsc32.dll C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ spool.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ upd01.exe . ((((((((((((((((((((((((( Faili Created no 2008/08/16 līdz 2008/09/16 ))))))))))) )))))))))))))))))))) . 2008/09/16 16:21. 2008/09/16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak 2008/09/13 13:19. 2008/09/13 13:19 <DIR> d -------- C: \ Program Files \ iTunes 2008/09/13 13:19. 2008/09/13 13:19 <DIR> d -------- C: \ Program Files \ iPod 2008/09/13 13:19. 2008/09/13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008/09/13 13:12. 2008/09/13 13:16 <DIR> d -------- C: \ Program Files \ Common Files \ Apple 2008/09/08 16:10. 2008/09/08 16:10 <DIR> d -------- C: \ Program Files \ Easy SpyRemover 2008/09/07 22:34. 2008/09/02 00:16 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008/09/07 22:33. 2008/09/07 22:34 <DIR> d -------- C: \ Program Files \ Malwarebytes "Anti-Malware 2008/09/07 22:33. 2008/09/07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes 2008/09/07 22:33. 2008/09/07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008/09/07 22:33. 2008/09/02 00:16 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008/09/06 15:09. 2008/09/06 15:09 90.112 - ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx 2008/09/06 15:09. 2008/09/06 15:09 57.344 - ------ C: \ WINDOWS \ system32 \ QuickTime.qts 2008/09/04 21:59. 2008/09/06 00:59 741.376 - ------ C: \ WINDOWS \ divx32.dll 2008/09/02 13:23. 2008/09/02 13:23 <DIR> d -------- C: \ Program Files \ PrevxCSI 2008/09/02 13:23. 2008/09/16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI 2008/09/02 13:23. 2008/09/02 13:23 17.408 - ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys 2008/09/01 01:30. 2008/09/02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008/09/01 01:20. 2008/09/07 22:19 0 - ------ C: \ WINDOWS \ system32 \ sc02.sc 2008/08/31 01:46. 2007/02/20 16:04 2.463.976 - ------ C: \ WINDOWS \ system32 \ NPSWF32.dll 2008/08/31 01:46. 2007/02/20 16:04 190.696 - ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe 2008/08/30 09:59. 2008/08/30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia 2008/08/30 09:59. 2008/08/30 21:27 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia 2008/08/30 01:25. 2008/09/13 13:18 <DIR> d -------- C: \ Program Files \ Bonjour 2008/08/29 14:33. 2006/09/18 17:55 109.744 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS 2008/08/29 14:33. 2006/09/18 17:55 48.816 - ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008/08/29 10:18. 2008/08/29 10:18 87.336 - ------ C: \ WINDOWS \ system32 \ dns-sd.exe 2008/08/29 09:53. 2008/08/29 09:53 61.440 - ------ C: \ WINDOWS \ system32 \ dnssd.dll 2008/08/27 04:05. 2008/04/07 05:38 45.392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll 2008/08/27 04:05. 2008/04/07 05:38 22.872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008/09/16 21:33 --------- d ----- w C: \ Program Files \ Symantec AntiVirus 2008/09/13 17:17 --------- d ----- w C: \ Program Files \ QuickTime 2008/09/13 17:13 --------- d ----- w C: \ Program Files \ Apple Software Update 2008/09/01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008/09/01 05:56 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008/08/30 05:24 --------- d ----- w C: \ Program Files Common Files \ Adobe 2008/08/29 18:34 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared 2008/08/29 18:33 --------- d ----- w C: \ Program Files \ Symantec 2008/08/29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008/08/27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet 2008/08/26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2 2008/08/13 21:33 --------- d ----- w C: \ Program Files \ Microsoft Silverlight 2008/08/12 02:46 --------- d ----- w C: \ Program Files \ PHM 2008/07/26 08:55 --------- d ----- w C: \ Program Files \ OpenOffice.org 2,4 2008/07/26 08:54 --------- d ----- w C: \ Program Files \ Java 2008/04/19 16:57 32 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat . ((((((((((((((((((((((((((((( Snapshot@2008-09-16_17.03.48.82 )))))))))) ))))))))))))))))))))))))))))))) . - 2007/07/30 23:18:40 33.624-c - aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll + 2008/07/19 02:10:20 36.552-c - aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll - 2007/07/30 23:18:40 33.624 ---- aw C: \ WINDOWS \ system32 \ wups.dll + 2008/07/19 02:10:20 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll - 2007/07/30 23:19:12 43.352 ---- aw C: \ WINDOWS \ system32 \ wups2.dll + 2008/07/19 02:10:40 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "SWG" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007/04/02 68.856] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008/09/06 413.696] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006/11/13 1.289.000] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 15.360] "IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008/02/28 1.828.136] "SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008/08/18 1.832.272] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "RemoteControl" = "C: \ Program Files CyberLink \ PowerDVD \ PDVDServ.exe" [2004/05/14 32.768] "RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003/05/01 65.536] "RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003/07/15 319.488] "SiS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004/09/02 249.856] "SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004/09/22 106.496] "Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003/12/05 159.744] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008/06/10 144.784] "DSFHost" = "C: \ Program Files \ Skavas \ easyprint \ dsfhost.exe" [2006/01/05 2.142.301] "Sinhronizācija Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004/08/04 143.360] "Zune Launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007/03/14 24.104] "GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006/10/27 31.016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008/01/11 39.792] "NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008/02/28 570.664] "NBKeyScan" = "C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBKeyScan.exe" [2008/02/18 2.221.352] "Adobe Acrobat Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9,0 \ Acrobat \ Acrobat_sl.exe" [2008/06/12 37.232] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006/07/19 52.896] "vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006/09/27 125.168] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008/09/10 289.576] "CSRLT.EXE" = "C: \ WINDOWS \ system32 \ CSRLT.EXE" [BV] "SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE] "AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe] "SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll] C: \ Documents and Settings \ Teddy \ Start Menu \ Programs \ Startup \ Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005/03/16 113.664] OneNote 2007 ekrānu Clipper un Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006/10/26 98.632] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Windows darbvirsmas Search.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2007/02/05 118.784] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7.826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007/02/05 294.400] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLs" = acaptuser32.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ image file izpildes iespējām \ firefox.exe] "Debugger" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = DWORD: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ BitLord \ \ BitLord.exe" = "C: \ \ Program Files \ \ Soulseek \ \ slsk.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ StubInstaller.exe" = "C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ AIM \ \ aim.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OneNote.exe" = "C: \ \ Program Files \ \ Isadora \ \ isadora.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "3.389: TCP" = 3.389: TCP: @ xpsp2res.dll, -22.009 "1500: TCP" = 1500: TCP: Droša piekļuve Agent Port "26.675: TCP" = 26.675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service R0 pxark; pxark, C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008/09/02 17.408] R2 CSIScanner; CSIScanner, C: \ Program Files \ PrevxCSI \ prevxcsi.exe [2008/09/02 618.040] R2 SafeAccessAgent; drošu piekļuvi Agent; C: \ Program Files \ StillSecure \ drošu piekļuvi Agent \ SAService.exe [2006/01/27 880.640] R2 Viewpoint Manager Service; Viewpoint Manager Service, C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007/01/04 24.652] S3 HwIOctl; HwIOctl, C: \ Documents and Settings \ Īpašnieks \ Desktop \ HwIOctl.sys [] S3 Ktp3; Elantech Touchpad (KTP3), C: \ WINDOWS \ system32 \ drivers \ Ktp3.sy s [2004/09/22 24.704] S3 Memctl; Memctl, C: \ Documents and Settings \ Īpašnieks \ Desktop \ Memctl.sys [] . Saturs "Scheduled Tasks" mape . - - - - Bāreņiem likvidētas - - - -- HKLM-Run-Layersecurity Servicemonitor - C: \ WINDOWS \ system32 \ LSSMON.EXE HKLM-RunOnce-MSBLT.EXE - C: \ WINDOWS \ MSBLT.EXE ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2008/09/16 18:00:27 Windows 5.1.2600 Service Pack 2 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... skenēšana slēptos failus ... ************************************************** ************************ . ------------------------ Citi Running Processes ----------------------- -- . C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBService.exe C: \ WINDOWS \ system32 \ IoctlSvc.exe C: \ WINDOWS \ system32 \ MsPMSPSv.exe C: \ WINDOWS \ system32 \ searchindexer.exe C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe C: \ WINDOWS \ system32 \ rundll32.exe C: \ PROGRA ~ 1 \ Micros ~ 3 \ rapimgr.exe C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ Playlist.exe C: \ Program Files \ Apoint2K \ ApntEx.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ system32 \ searchprotocolhost.exe C: \ WINDOWS \ system32 \ searchfilterhost.exe . ************************************************** ************************ . Izpildes laiks: 2008-09-16 18:24:56 - mašīna bija rebooted ComboFix-karantīnā-files.txt 2008/09/16 22:23:49 ComboFix2.txt 2008/09/16 21:16:14 Pre-Run: 10626510848 bytes free Post-Run: 10616803328 bytes free 205 --- EOF --- 2008/09/11 20:07:51 |
|
#6
Septembris 16, 2008, 15:50
| |||
| |||
| Lejupielādēt TrendMicro HijackThis.exe (HJT) uz Desktop.
__________________ |
|
#7
Septembris 23, 2008, 09:24
| |||
| |||
| Logfile of Trend Micro HijackThis v2.0.2 Scan saglabāts 12:21:04, uz 9/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running procesiem: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe C: \ Program Files \ PrevxCSI \ prevxcsi.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBService.exe C: \ WINDOWS \ system32 \ IoctlSvc.exe C: \ Program Files \ StillSecure \ drošu piekļuvi Agent \ SAService.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ WINDOWS \ system32 \ MsPMSPSv.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ Windows \ Explorer.exe C: \ Program Files \ PrevxCSI \ prevxcsi.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe C: \ WINDOWS \ SOUNDMAN.EXE C: \ WINDOWS \ system32 \ keyhook.exe C: \ Program Files \ Apoint2K \ Apoint.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ Skavas \ easyprint \ dsfhost.exe C: \ Program Files \ Zune \ ZuneLauncher.exe C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Apoint2K \ Apntex.exe C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe C: \ PROGRA ~ 1 \ Micros ~ 3 \ rapimgr.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ Viewpoint \ Viewpoint Manager \ ViewMgr.exe C: \ Program Files \ Adobe \ Acrobat 9,0 \ Acrobat \ AcroTray.exe C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe C: \ WINDOWS \ system32 \ taskmgr.exe C: \ WINDOWS \ lsass.exe C: \ WINDOWS \ system32 \ SPOOLER.EXE C: \ WINDOWS \ system32 \ wscntfy.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe C: \ WINDOWS \ system32 \ SearchProtocolHost.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.averatec.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://oqaserver-a/ R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4.283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: Groove GFS Browser Helper - (72.853.161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ GRA8E1 ~ 1.DLL O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: AOL Toolbar Launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AOL Toolbar 2,0 \ aoltb.dll O2 - BHO: Viewpoint Toolbar BHO - (A7327C09-B521-4EDB-8.509-7D2660C9EC98) - C: \ Program Files \ Viewpoint \ Viewpoint rīkjoslu \ 3.8.0 \ ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8.333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8.273-0445EE161910) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll O2 - BHO: SmartSelect - (F4971EE7-DAA0-4.053-9.964-665D8EE6A077) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ installs \ CPN \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4.965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar2.dll O3 - Toolbar: AOL Toolbar - (DE9C389F-3.316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ AOL Toolbar 2,0 \ aoltb.dll O3 - Toolbar: Viewpoint Toolbar - (F8AD5AA5-D966-4.667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ Viewpoint \ Toolbar Runtime \ 3.8.0 \ IEViewBar.dll O3 - Toolbar: Adobe PDF - (47.833.539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" O4 - HKLM \ .. \ Run: [RoxioEngineUtility] "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" O4 - HKLM \ .. \ Run: [RoxioAudioCentral] "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent O4 - HKLM \ .. \ Run: [SiS Windows KeyHook] C: \ WINDOWS \ system32 \ keyhook.exe O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [DSFHost] C: \ Program Files \ Skavas \ easyprint \ dsfhost.exe O4 - HKLM \ .. \ Run: [Synchronization Manager]% SystemRoot% \ system32 \ mobsync.exe / pieteikšanās O4 - HKLM \ .. \ Run: [Zune Launcher] "C: \ Program Files \ Zune \ ZuneLauncher.exe" O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBKeyScan.exe" O4 - HKLM \ .. \ Run: [Adobe Acrobat Speed Launcher] "C: \ Program Files \ Adobe \ Acrobat 9,0 \ Acrobat \ Acrobat_sl.exe" O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] C: \ WINDOWS \ system32 \ LSSMON.EXE O4 - HKLM \ .. \ Run: [Drukāt spolētāja] C: \ WINDOWS \ system32 \ SPOOLER.EXE O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKCU \ .. \ Run: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F -39A1E5104020 O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater \ AdobeUpdater.exe O4 - HKLM \ .. \ Policies \ Explorer \ Run: [LocalSecurityAuthoritySubsystem] C: \ WINDOWS \ lsass.exe O4 - Startup: Adobe Gamma.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 ekrānu Clipper un Launcher.lnk = C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe Ø8 - ārpus konteksta menu item: & AOL Toolbar Search - C: \ Program Files \ aol \ AOL rīkjosla 2,0 \ resursu \ en-US \ Local \ search.html Ø8 - ārpus konteksta izvēlnes vienums: Pievienot saiti Target esošiem PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html Ø8 - ārpus konteksta izvēlnes vienums: Pievienot esošiem PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppend.html Ø8 - ārpus konteksta izvēlnes vienums: Convert Link Target uz Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html Ø8 - ārpus konteksta izvēlnes vienums: Convert to Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECapture.html Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ EXCEL.EXE/3000 Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ ONBttnIE.dll Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ ONBttnIE.dll Ø9 - Extra button: Izveidot Mobile Izlases - (2EAF5BB1-070F-11D3-9.307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ INetRepl.dll Ø9 - Extra button: (no name) - (2EAF5BB2-070F-11D3-9.307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ INetRepl.dll Ø9 - Extra 'Tools' MENUITEM: Izveidot Mobile Favorite ... - (2EAF5BB2-070F-11D3-9.307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ INetRepl.dll Ø9 - Extra button: AOL Toolbar - (3369AF0D-62E9-4bda-8.103-B4C75499B578) - C: \ Program Files \ AOL \ AOL Toolbar 2,0 \ aoltb.dll Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MIC273 ~ 1 \ Office12 \ REFIEBAR.DLL Ø9 - Extra button: AIM - (AC9E2541-2.814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø14 - IERESET.INF: START_PAGE_URL = http://www.averatec.com Ø16 - DPF: (0D6BB8B8-0.257-420C-B9EB-CFA90DB1026C) -- http://svrnsec01.purchase.edu:88/setup.cab Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klase) -- http://v5.windowsupdate.microsoft.co...?1096453339343 O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4.636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ Micros ~ 4 \ Office12 \ GR99D3 ~ 1.DLL O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9.458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Ø20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE O23 - Service: Nero BackItUp plānotājs 3 - Nero AG - C: \ Program Files \ Nero \ NERO8 \ Nero BackItUp \ NBService.exe O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl draugiem - Prolific Technology Inc - C: \ WINDOWS \ system32 \ IoctlSvc.exe O23 - Service: Droša piekļuve Aģents (SafeAccessAgent) - StillSecure - C: \ Program Files \ StillSecure \ drošu piekļuvi Agent \ SAService.exe O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe O23 - Service: Symantec Antivirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe -- End of failu - 14.719 bytes |
|
#8
Septembris 23, 2008, 10:25
| |||
| |||
| Lejupielādēt Malwarebytes "Anti-Malware (MBAM)
Extra Piezīme: Ja MBAM sastopas failu, kas ir grūta, Jums tiks parādīts 1 of 2 uzvednes, noklikšķiniet uz Labi, lai nu un ļaujiet MBAM rīkoties ar dezinfekcijas procesu, ja prasīts restartēt datoru, lūdzu, dariet to nekavējoties. ---------- Tagad sākas jauna HijackThis skenēšanas un pēc log kopā ar MBAM žurnālā.
__________________ |
