|
|
|||||||
|
 |
|
|
Konu Araçları |
|
#1
9. Eylül 2008, 10:31
|
|||
|
|||
|
LSASSMGR.exe (ve diğerleri) bulaşmış! Herhangi bir bilgi / yardım?
Hello all,
Ben çok sitenize ama inanılmaz minnettar olduğu burada olduğunuzu yeni yaşıyorum. Bunun üzerine bir enfeksiyon nedeniyle annem's laptopunda stumbled (bunu paylaşın) ve nasıl çözmek için belirsiz yaşıyorum. Dört gün önce, pop-up reklamlar ile IE pencereleri aniden benim bu okuma masaüstü, "Casus Yazılım tespit bir balon ile olur! Tıklayınız indirmek anti casus yazılım için" Ben Symantec VE Spybot S & D Tam tarar koştum (bu virüs de bu) ve bir şey bulamadı tarafından kaymış emin değilim! Sonra Googling başladı ve Malwarebyte's Anti-Malware indirilen ve koştum ki. Bazı şeyler buldum ama sorunu çözmek değildi. Ben PrevxCSI indirilen ama yeterli henüz Lisansı satın almak için $ $ $ yok (ama ben ve eğer gerekirse) ve aşağıdaki listeleri: C: \ WINDOWS \ system32 \ DS fmon.dll - Kötü Amaçlı Yazılımları C: \ WINDOWS \ system32 \ CSRLT.exe - Malware Dropper C: \ WINDOWS \ MSBLT.exe - Malware Dropper C: \ WINDOWS \ system32 \ LSASSMGR.exe - Cloaked Kötü Amaçlı Yazılım C: \ Program Files \ Mozilla Firefox \ firefoxe.exe - Cloaked Kötü Amaçlı Yazılım C: \ Program Files \ Internet Explorer \ iexplor.exe - Cloaked Kötü Amaçlı Yazılım C: \ WINDOWS \ system32 \ spool.exe - Cloaked Kötü Amaçlı Yazılım C: \ WINDOWS \ system32 \ srtsrv32.exe - Cloaked Kötü Amaçlı Yazılım C: \ WINDOWS \ system32 \ LSSMON.exe - Malware Dropper C: \ WINDOWS \ divx32.dll - Malware Dropper C: \ WINDOWS \ system32 \ msupd32.exe - Malware Dropper C: \ WINDOWS \ system32 \ upd01.exe - Malware Dropper Bu bakar ve bir sürü gibi geliyor bana ve ben çok endişe ediyorum.  Does anyone Benim için herhangi bir öneri var mı? Bunu düzeltmek için para harcamak zorunda olacak mıyım?Çok teşekkür ederim! |
|
#2
9. Eylül 2008, 11:32
|
|||
|
|||
|
LSASSMGR.exe (ve diğerleri) bulaşmış! Herhangi bir bilgi / yardım?
Merhaba teddynicholas. Hoşgeldiniz CJ için.
Download ComboFix subs tarafından birini bağlantılar altı. Be üst emin için kaydedin Masaüstü. Bağlantı # 1 Bağlantı # 2 ** Not: Bu doğrudan Masaüstü kaydedilir önemlidir Kapat açık Web tarayıcıları. (Firefox, Internet Explorer vb) ComboFix başlamadan önce. Geçici devre dışı bırakmak senin antivirüsVe herhangi bir AntiSpyware gerçek zamanlı koruma önce bir tarama yapmak. Tıklayın Bu bağlantıyı güvenlik programları ve engelli gerektiğini nasıl devre dışı bırakmak için bir listesini görebilirsiniz. Combofix.exe çift tıklayın ve talimatları izleyin. ComboFix ne zaman sizin için bir giriş oluşturur tamamladı. Gönderi ComboFix giriş Bir sonraki yanıtınıza. Önemli: Süre Çalışıyorsa ComboFix pencere mouseclick etmeyin. İşte bu geciktirmek neden olabilir. Yeniden hatırla-virüsten koruma ve AntiSpyware koruma zaman ComboFix tamamlandığında etkinleştirin.
__________________
 |
|
#3
16. Eylül 2008, 14:27
|
|||
|
|||
|
LSASSMGR.exe (ve diğerleri) bulaşmış! Herhangi bir bilgi / yardım?
ComboFix 08-09-15.02 - Teddy 2008-09-16 16:34:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00] Koşturuyorlar: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe * Yeni bir geri yükleme noktası Oluşturuldu UYARI-Bu makine değil HAVEN'T Kurtarma Konsolu'nu Installed! . ((((((((((((((((((((((((((((((((((((((( Diğer Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Documents and Settings \ LocalService \ Çerezler \ am system@ad.yieldmanag [1]. Txt C: \ Documents and Settings \ Teddy \ Çerezler \ teddy@ad.yieldmanager [1]. Txt C: \ WINDOWS \ Downloaded Program Files \ setup.inf C: \ WINDOWS \ system32 \ spool.exe . ((((((((((((((((((((((((( Dosyalar 2008/08/16 için 2008/09/16 ))))))))))) kimden Oluşturuldu )))))))))))))))))))) . 2008-09-16 16:21. 2008/09/16 16:50 <DIR> D -------- C: \ WINDOWS \ system32 \ CatRoot_bak 2008-09-16 13:23. 2008/09/16 13:23 <DIR> D -------- C: \ WINDOWS \ LastGood 2008-09-13 13:19. 2008/09/13 13:19 <DIR> D -------- C: \ Program Files \ iTunes 2008-09-13 13:19. 2008/09/13 13:19 <DIR> D -------- C: \ Program Files \ iPod 2008-09-13 13:19. 2008/09/13 13:19 <DIR> D -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-09-13 13:12. 2008/09/13 13:16 <DIR> D -------- C: \ Program Files \ Common Files \ Apple 2008-09-08 16:10. 2008/09/08 16:10 <DIR> D -------- C: \ Program Files \ Easy SpyRemover 2008-09-08 15:45. 2008/09/06 00:59 741376 - a ------ C: \ WINDOWS \ system32 \ LSSMON.EXE 2008-09-08 15:45. 2008/09/04 21:59 17920 - a ------ C: \ WINDOWS \ system32 \ LSASSMGR.EXE 2008-09-07 22:34. 2008/09/02 00:16 38528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-09-07 22:33. 2008/09/07 22:34 <DIR> D -------- C: \ Program Files \ Malwarebytes' Anti-Malware 2008-09-07 22:33. 2008/09/07 22:33 <DIR> D -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes 2008-09-07 22:33. 2008/09/07 22:33 <DIR> D -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-09-07 22:33. 2008/09/02 00:16 17200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-09-06 15:09. 2008/09/06 15:09 90112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx 2008-09-06 15:09. 2008/09/06 15:09 57344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts 2008-09-05 10:44. 2008/09/06 00:59 741376 - a ------ C: \ WINDOWS \ system32 \ msupd32.exe 2008/09/04 21:59. 2008/09/07 12:59 741376 - a ------ C: \ WINDOWS \ system32 \ upd01.exe 2008/09/04 21:59. 2008/09/06 00:59 741376 - a ------ C: \ WINDOWS \ divx32.dll 2008/09/04 21:59. 2008/09/04 21:59 17920 - a ------ C: \ WINDOWS \ system32 \ srtsrv32.exe 2008/09/04 21:59. 2008/09/16 16:24 5903 - a ------ C: \ WINDOWS \ system32 \ mssc32.dll 2008/09/04 21:59. 2008/09/16 16:24 5903 - a ------ C: \ WINDOWS \ system32 \ bsc32.dll 2008-09-02 13:23. 2008/09/02 13:23 <DIR> D -------- C: \ Program Files \ PrevxCSI 2008-09-02 13:23. 2008/09/16 13:32 <DIR> D -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI 2008-09-02 13:23. 2008/09/02 13:23 17408 - a ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys 2008-09-01 01:30. 2008/09/02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008-09-01 01:20. 2008-09-07 22:19 0 - a ------ C: \ WINDOWS \ system32 \ sc02.sc 2008-08-31 01:46. 2007/02/20 16:04 2463976 - a ------ C: \ WINDOWS \ system32 \ NPSWF32.dll 2008-08-31 01:46. 2007/02/20 16:04 190696 - a ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe 2008-08-30 09:59. 2008/08/30 21:34 <DIR> D -------- C: \ Program Files \ Macromedia 2008-08-30 09:59. 2008/08/30 21:27 <DIR> D -------- C: \ Program Files \ Common Files \ Macromedia 2008-08-30 01:25. 2008/09/13 13:18 <DIR> D -------- C: \ Program Files \ Bonjour 2008-08-29 14:33. 2006/09/18 17:55 109744 - a ------ C: \ WINDOWS \ system32 \ drivers \ Symevent.sys 2008-08-29 14:33. 2006/09/18 17:55 48816 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-08-29 10:18. 2008/08/29 10:18 87336 - a ------ C: \ WINDOWS \ System32 \ DNS-sd.exe 2008-08-29 09:53. 2008/08/29 09:53 61440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll 2008-08-27 04:05. 2008/04/07 05:38 45392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll 2008-08-27 04:05. 2008/04/07 05:38 22872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapor )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-09-16 20:53 --------- ----- D W C: \ Program Files \ Symantec AntiVirus 2008-09-13 17:17 --------- ----- D W C: \ Program Files \ QuickTime 2008-09-13 17:13 --------- ----- D W C: \ Program Files \ Apple Software Update 2008/09/08 18:53 249956 ---- Aw C: \ WINDOWS \ system32 \ dsfMon.dll 2008-09-01 07:50 --------- ----- D W C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-09-01 05:56 --------- ----- D W C: \ Program Files \ Spybot - Search & Destroy 2008-08-30 05:24 --------- ----- D W C: \ Program Files \ Common Files \ Adobe 2008-08-29 18:34 --------- ----- D W C: \ Program Files \ Common Files \ Symantec Shared 2008-08-29 18:33 --------- ----- D W C: \ Program Files \ Symantec 2008-08-29 18:32 --------- ----- D W C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-08-27 08:22 --------- ----- D W C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet 2008-08-26 00:52 --------- ----- D W C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2 2008-08-13 21:33 --------- ----- D W C: \ Program Files \ Microsoft Silverlight 2008-08-12 02:46 --------- ----- D W C: \ Program Files \ PHM 2008-07-26 08:55 --------- ----- D W C: \ Program Files \ OpenOffice.org 2,4 2008-07-26 08:54 --------- ----- D W C: \ Program Files \ Java 2008/07/19 02:10 94920 ---- Aw C: \ WINDOWS \ system32 \ cdm.dll 2008/07/19 02:10 53448 ---- Aw C: \ WINDOWS \ system32 \ wuauclt.exe 2008/07/19 02:09 563912 ---- Aw C: \ WINDOWS \ system32 \ wuapi.dll 2008/07/19 02:09 325832 ---- Aw C: \ WINDOWS \ system32 \ wucltui.dll 2008/07/19 02:09 205,000 ---- Aw C: \ WINDOWS \ system32 \ wuweb.dll 2008/07/19 02:09 1.811.656 ---- Aw C: \ WINDOWS \ system32 \ Wuaueng.dll 2008/07/07 20:32 253952 ---- Aw C: \ WINDOWS \ system32 \ es.dll 2008/06/24 22:12 295936 ------ W C: \ WINDOWS \ system32 \ wmpeffects.dll 2008/06/24 16:23 74240 ---- Aw C: \ WINDOWS \ system32 \ mscms.dll 2008/06/23 16:57 826368 ---- Aw C: \ WINDOWS \ system32 \ Wininet.dll 2008/06/20 17:41 245248 ---- Aw C: \ WINDOWS \ system32 \ mswsock.dll 2008/04/19 16:57 32 ---- Aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Puan )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * boş girişler ve yasal varsayılan girişler gösterilir değildir REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "SWG" = "C: \ Program Files \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] "ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2004-08-04 15360] "IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136] "SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768] "RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536] "RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488] "SiS Windows KeyHook" = "C: \ Windows \ system32 \ keyhook.exe" [2004-09-02 249856] "SiSUSBRG" = "C: \ Windows \ SiSUSBrg.exe" [2004-09-22 106496] "Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003-12-05 159744] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "DSFHost" = "C: \ Program Files \ Staples \ easyprint \ dsfhost.exe" [2006-01-05 2142301] "Senkronizasyon Yöneticisi" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360] "Zune Başlatıcısı" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104] "GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664] "NBKeyScan" = "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352] "Adobe Acrobat Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-07-19 52896] "vptray" = "C: \ progra ~ 1 \ intern SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168] "Layersecurity Servicemonitor" = "C: \ Windows \ system32 \ LSSMON.EXE" [2008-09-06 741376] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576] "SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE] "AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe] "SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll] C: \ Documents and Settings \ Teddy \ Start Menu \ Programlar \ Başlangıç \ Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664] OneNote 2007 Ekran Clipper ve Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632] C: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ Windows Masaüstü Arama'yı - C: \ Program Files \ Windows Masaüstü Arama \ WindowsSearch.exe [2007-02-05 118784] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Masaüstü Arama \ MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLs" = acaptuser32.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ görüntü yürütme seçenekleri \ firefox.exe dosya] "Debugger" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ görüntü yürütme seçenekleri \ iexplore.exe dosya] "Debugger" = C: \ Program Files \ Internet Explorer \ iexplor.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ görüntü yürütme seçenekleri \ spoolsv.exe dosyası] "Debugger" = C: \ WINDOWS \ system32 \ spool.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Listesi] "% windir% \ \ system32 \ \" = Sessmgr.exe "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Serisi \ \" = aolload.exe "C: \ \ Program Files \ \ bitlord \ \ BitLord.exe" = "C: \ \ Program Files \ \ Soulseek \ \" = slsk.exe "C: \ \ Program Files \ \ Mozilla Firefox \ \" = firefox.exe "C: \ \ StubInstaller.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "% windir% \ \ Network Diagnostic \ \" = xpnetdiag.exe "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ AIM \ \" = aim.exe "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync RAPI Müdürü "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Bağlantı Yöneticisi "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Uygulama "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" = "C: \ \ Program Files \ \ Isadora \ \" = isadora.exe "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Bonjour \ \" = mDNSResponder.exe "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Listesi] "3389: TCP" = 3389: TCP: @ Xpsp2res.dll, -22009 "1500: TCP" = 1500: TCP: Güvenli Erişim Temsilcisi Port "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Servisi * Yeni * - CATCHME Servisi Oluşturuldu * Yeni * - PROCEXP90 Servisi Oluşturuldu . The 'Zamanlanmış Görevler' klasörüne İçerikleri . - - - - Yetimler Kaldırıldı - - - -- HKLM-Run-CSRLT.EXE - C: \ WINDOWS \ system32 \ CSRLT.EXE . ------- Supplementary Scan ------- . FireFox -: Profile - C: \ Documents and Settings \ Teddy \ Application Data \ Mozilla \ Firefox \ Profiles \ 6xzfp0sa.default \ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / = www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - Rootkit / gizli kötü amaçlı yazılım dedektör Gmer tarafından, http://www.gmer.net Rootkit 2008/09/16 16:51:46 tarama 5/1/2600 Windows Service Pack 2 NTFS gizli işlemler tarama ... Gizli kayıtları otomatik tarama ... Gizli dosya tarama ... başarıyla tamamlandı tarama Gizli dosya: 0 ************************************************** ************************ . Bitiş zamanı: 2008-09-16 17:15:59 ComboFix-karantinaya-files.txt 2008/09/16 21:15:16 Ön Çalıştır'ı: 10478669824 bayt boş Post-Run: 10446106624 bayt boş 190 --- EOF --- 2008-09-11 20:07:51 |
|
#4
16. Eylül 2008, 14:45
|
|||
|
|||
|
LSASSMGR.exe (ve diğerleri) bulaşmış! Herhangi bir bilgi / yardım?
Not: talimatları altında özellikle bu kullanıcı için oluşturulmuştur. Bu kullanıcı değilseniz DON'T gibi sisteminizin çalışmalarına zarar verebilir bu yönergeleri izleyin
Bu dosyaları sil / klasörler aşağıdaki gibidir: 1. Git Başlatmak > Çalıştırmak > Türü Notepad.exe tıklayın Tamam Not Defteri'nde açın. O zorunlu Not Defteri, Wordpad olmaz. 2. Kod kutusu altındaki tüm metin ve basılarak vurgulayarak olarak metin kopyalama Ctrl + C Kodu:
Killall:: Resim:: C: \ Program Files \ Easy SpyRemover C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ upd01.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ bsc32.dll Kayıt Defteri:: [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ resim uygulama seçenekleri dosya \ iexplore.exe] "Debugger" =- [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ görüntü yürütme seçenekleri dosya \ spoolsv.exe] "Debugger" =- 4. Sonra Dosya > Kaydetmek 5. Adı dosya CFScript.txt - Masaüstü için dosyayı kaydedin 6. Sonra sürükleyin CFScript sırasında dosya sürükleyerek () sol fare tuşunu basılı tutun ve (sol fare düğmesini bırakın bırakın) ComboFix.exe doğru aşağıdaki ekran görüntüsünde görebilirsiniz. Önemli: Dikkatle talimat gerçekleştirin!  ComboFix çalıştırmak için, sadece istemleri takip başlar. Yeniden doğmuş sonra (bu yeniden başlatma ister durumda), bu sizin için bir giriş oluşturur. Yazı o (Combofix.txt) sonraki cevap giriş. Not: Süre Çalışıyorsa ComboFix pencere mouseclick etmeyin. Bu dondurma için sistem neden olabilir
__________________
|
|
#5
16. Eylül 2008, 15:32
|
|||
|
|||
|
LSASSMGR.exe (ve diğerleri) bulaşmış! Herhangi bir bilgi / yardım?
ComboFix 08-09-15.02 - Teddy 2008-09-16 17:49:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.850 [GMT -4:00] Koşturuyorlar: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe Komuta kullanılan anahtarlar:: C: \ Documents and Settings \ Teddy \ Desktop \ CFScript.txt * Yeni bir geri yükleme noktası Oluşturuldu UYARI-Bu makine değil HAVEN'T Kurtarma Konsolu'nu Installed! . ((((((((((((((((((((((((((((((((((((((( Diğer Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ system32 \ bsc32.dll C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ spool.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ upd01.exe . ((((((((((((((((((((((((( Dosyalar 2008/08/16 için 2008/09/16 ))))))))))) kimden Oluşturuldu )))))))))))))))))))) . 2008-09-16 16:21. 2008/09/16 16:50 <DIR> D -------- C: \ WINDOWS \ system32 \ CatRoot_bak 2008-09-13 13:19. 2008/09/13 13:19 <DIR> D -------- C: \ Program Files \ iTunes 2008-09-13 13:19. 2008/09/13 13:19 <DIR> D -------- C: \ Program Files \ iPod 2008-09-13 13:19. 2008/09/13 13:19 <DIR> D -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6) 2008-09-13 13:12. 2008/09/13 13:16 <DIR> D -------- C: \ Program Files \ Common Files \ Apple 2008-09-08 16:10. 2008/09/08 16:10 <DIR> D -------- C: \ Program Files \ Easy SpyRemover 2008-09-07 22:34. 2008/09/02 00:16 38528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008-09-07 22:33. 2008/09/07 22:34 <DIR> D -------- C: \ Program Files \ Malwarebytes' Anti-Malware 2008-09-07 22:33. 2008/09/07 22:33 <DIR> D -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes 2008-09-07 22:33. 2008/09/07 22:33 <DIR> D -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-09-07 22:33. 2008/09/02 00:16 17200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008-09-06 15:09. 2008/09/06 15:09 90112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx 2008-09-06 15:09. 2008/09/06 15:09 57344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts 2008/09/04 21:59. 2008/09/06 00:59 741376 - a ------ C: \ WINDOWS \ divx32.dll 2008-09-02 13:23. 2008/09/02 13:23 <DIR> D -------- C: \ Program Files \ PrevxCSI 2008-09-02 13:23. 2008/09/16 13:32 <DIR> D -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI 2008-09-02 13:23. 2008/09/02 13:23 17408 - a ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys 2008-09-01 01:30. 2008/09/02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008-09-01 01:20. 2008-09-07 22:19 0 - a ------ C: \ WINDOWS \ system32 \ sc02.sc 2008-08-31 01:46. 2007/02/20 16:04 2463976 - a ------ C: \ WINDOWS \ system32 \ NPSWF32.dll 2008-08-31 01:46. 2007/02/20 16:04 190696 - a ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe 2008-08-30 09:59. 2008/08/30 21:34 <DIR> D -------- C: \ Program Files \ Macromedia 2008-08-30 09:59. 2008/08/30 21:27 <DIR> D -------- C: \ Program Files \ Common Files \ Macromedia 2008-08-30 01:25. 2008/09/13 13:18 <DIR> D -------- C: \ Program Files \ Bonjour 2008-08-29 14:33. 2006/09/18 17:55 109744 - a ------ C: \ WINDOWS \ system32 \ drivers \ Symevent.sys 2008-08-29 14:33. 2006/09/18 17:55 48816 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL 2008-08-29 10:18. 2008/08/29 10:18 87336 - a ------ C: \ WINDOWS \ System32 \ DNS-sd.exe 2008-08-29 09:53. 2008/08/29 09:53 61440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll 2008-08-27 04:05. 2008/04/07 05:38 45392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll 2008-08-27 04:05. 2008/04/07 05:38 22872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapor )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-09-16 21:33 --------- ----- D W C: \ Program Files \ Symantec AntiVirus 2008-09-13 17:17 --------- ----- D W C: \ Program Files \ QuickTime 2008-09-13 17:13 --------- ----- D W C: \ Program Files \ Apple Software Update 2008-09-01 07:50 --------- ----- D W C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008-09-01 05:56 --------- ----- D W C: \ Program Files \ Spybot - Search & Destroy 2008-08-30 05:24 --------- ----- D W C: \ Program Files \ Common Files \ Adobe 2008-08-29 18:34 --------- ----- D W C: \ Program Files \ Common Files \ Symantec Shared 2008-08-29 18:33 --------- ----- D W C: \ Program Files \ Symantec 2008-08-29 18:32 --------- ----- D W C: \ Documents and Settings \ All Users \ Application Data \ Symantec 2008-08-27 08:22 --------- ----- D W C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet 2008-08-26 00:52 --------- ----- D W C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2 2008-08-13 21:33 --------- ----- D W C: \ Program Files \ Microsoft Silverlight 2008-08-12 02:46 --------- ----- D W C: \ Program Files \ PHM 2008-07-26 08:55 --------- ----- D W C: \ Program Files \ OpenOffice.org 2,4 2008-07-26 08:54 --------- ----- D W C: \ Program Files \ Java 2008/04/19 16:57 32 ---- Aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat . ((((((((((((((((((((((((((((( Snapshot@2008-09-16_17.03.48.82 )))))))))) ))))))))))))))))))))))))))))))) . - 2007/07/30 23:18:40 33.624-c - Aw C: \ Windows \ System32 \ Dllcache \ wups.dll + 2008/07/19 02:10:20 36.552-c - Aw C: \ Windows \ System32 \ Dllcache \ wups.dll - 2007/07/30 23:18:40 33.624 ---- Aw C: \ WINDOWS \ system32 \ wups.dll + 2008/07/19 02:10:20 36.552 ---- Aw C: \ WINDOWS \ system32 \ wups.dll - 2007/07/30 23:19:12 43.352 ---- Aw C: \ WINDOWS \ system32 \ wups2.dll + 2008/07/19 02:10:40 45.768 ---- Aw C: \ WINDOWS \ system32 \ wups2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Puan )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * boş girişler ve yasal varsayılan girişler gösterilir değildir REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "SWG" = "C: \ Program Files \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] "ctfmon.exe" = "C: \ Windows \ system32 \ ctfmon.exe" [2004-08-04 15360] "IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136] "SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768] "RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536] "RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488] "SiS Windows KeyHook" = "C: \ Windows \ system32 \ keyhook.exe" [2004-09-02 249856] "SiSUSBRG" = "C: \ Windows \ SiSUSBrg.exe" [2004-09-22 106496] "Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003-12-05 159744] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784] "DSFHost" = "C: \ Program Files \ Staples \ easyprint \ dsfhost.exe" [2006-01-05 2142301] "Senkronizasyon Yöneticisi" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360] "Zune Başlatıcısı" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104] "GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664] "NBKeyScan" = "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352] "Adobe Acrobat Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-07-19 52896] "vptray" = "C: \ progra ~ 1 \ intern SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576] "CSRLT.EXE" = "C: \ Windows \ system32 \ CSRLT.EXE" [BÜ] "SoundMan" = "SOUNDMAN.EXE" [2004/09/22 C: \ WINDOWS \ SOUNDMAN.EXE] "AGRSMMSG" = "AGRSMMSG.exe" [2004/09/22 C: \ WINDOWS \ AGRSMMSG.exe] "SiSPower" = "SiSPower.dll" [2004/09/22 C: \ WINDOWS \ system32 \ SiSPower.dll] C: \ Documents and Settings \ Teddy \ Start Menu \ Programlar \ Başlangıç \ Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664] OneNote 2007 Ekran Clipper ve Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632] C: \ Documents and Settings \ All Users \ Start Menu \ Programlar \ Başlangıç \ Windows Masaüstü Arama'yı - C: \ Program Files \ Windows Masaüstü Arama \ WindowsSearch.exe [2007-02-05 118784] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Masaüstü Arama \ MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLs" = acaptuser32.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ görüntü yürütme seçenekleri \ firefox.exe dosya] "Debugger" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Listesi] "% windir% \ \ system32 \ \" = Sessmgr.exe "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Serisi \ \" = aolload.exe "C: \ \ Program Files \ \ bitlord \ \ BitLord.exe" = "C: \ \ Program Files \ \ Soulseek \ \" = slsk.exe "C: \ \ Program Files \ \ Mozilla Firefox \ \" = firefox.exe "C: \ \ StubInstaller.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "% windir% \ \ Network Diagnostic \ \" = xpnetdiag.exe "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ AIM \ \" = aim.exe "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync RAPI Müdürü "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Bağlantı Yöneticisi "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Uygulama "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" = "C: \ \ Program Files \ \ Isadora \ \" = isadora.exe "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "C: \ \ Program Files \ \ Bonjour \ \" = mDNSResponder.exe "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Listesi] "3389: TCP" = 3389: TCP: @ Xpsp2res.dll, -22009 "1500: TCP" = 1500: TCP: Güvenli Erişim Temsilcisi Port "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Etkin: ActiveSync Servisi R0 pxark; pxark; C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008-09-02 17408] R2 CSIScanner; CSIScanner; C: \ Program Files \ PrevxCSI \ prevxcsi.exe [2008-09-02 618040] R2 SafeAccessAgent; Güvenli Erişim Temsilcisi; C: \ Program Files \ StillSecure \ Güvenli Erişim Ajan \ SAService.exe [2006-01-27 880640] R2 bakış Müdürü Servis; bakış Müdürü Servis; C: \ Program Files \ görüş \ Common \ ViewpointService.exe [2007-01-04 24652] S3 HwIOctl; HwIOctl; C: \ Documents and Settings \ Owner \ Desktop \ HwIOctl.sys [] S3 Ktp3; Elantech Touchpad (KTP3); C: \ Windows \ System32 \ drivers \ Ktp3.sy s [2004-09-22 24704] S3 Memctl; Memctl; C: \ Documents and Settings \ Owner \ Desktop \ Memctl.sys [] . The 'Zamanlanmış Görevler' klasörüne İçerikleri . - - - - Yetimler Kaldırıldı - - - -- HKLM-Run-Layersecurity Servicemonitor - C: \ WINDOWS \ system32 \ LSSMON.EXE HKLM-RunOnce-MSBLT.EXE - C: \ WINDOWS \ MSBLT.EXE ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - Rootkit / gizli kötü amaçlı yazılım dedektör Gmer tarafından, http://www.gmer.net Rootkit 2008/09/16 18:00:27 tarama 5/1/2600 Windows Service Pack 2 NTFS gizli işlemler tarama ... Gizli kayıtları otomatik tarama ... Gizli dosya tarama ... ************************************************** ************************ . ------------------------ Diğer çalışan süreçleri ----------------------- -- . C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe C: \ WINDOWS \ system32 \ IoctlSvc.exe C: \ WINDOWS \ system32 \ MsPMSPSv.exe C: \ WINDOWS \ system32 \ searchindexer.exe C: \ Program Files \ görüş \ bakış Yöneticisi \ ViewMgr.exe C: \ WINDOWS \ system32 \ rundll32.exe C: \ progra ~ 1 \ intern mikro ~ 3 \ rapimgr.exe C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ playlist.exe C: \ Program Files \ Apoint2K \ ApntEx.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ system32 \ searchprotocolhost.exe C: \ WINDOWS \ system32 \ searchfilterhost.exe . ************************************************** ************************ . Tamamlanma süresi: 2008/09/16 18:24:56 - makine yeniden başlatılması oldu ComboFix-karantinaya-files.txt 2008/09/16 22:23:49 ComboFix2.txt 2008/09/16 21:16:14 Ön Çalıştır'ı: 10626510848 bayt boş Post-Run: 10616803328 bayt boş 205 --- EOF --- 2008-09-11 20:07:51 |
|
#6
16. Eylül 2008, 15:50
|
|||
|
|||
|
LSASSMGR.exe (ve diğerleri) bulaşmış! Herhangi bir bilgi / yardım?
Indirmek TrendMicro HijackThis.exe (HJT) Masaüstü için.
__________________
|
|
#7
23. Eylül 2008, 09:24
|
|||
|
|||
|
LSASSMGR.exe (ve diğerleri) bulaşmış! Herhangi bir bilgi / yardım?
Logfile Trend Micro HijackThis v2.0.2 ve
Tarama 12:21:04 at 9/23/2008 kayıtlı Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot modu: Normal Çalışan süreçleri: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ Services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe C: \ Program Files \ PrevxCSI \ prevxcsi.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe C: \ WINDOWS \ system32 \ IoctlSvc.exe C: \ Program Files \ StillSecure \ Güvenli Erişim Ajan \ SAService.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ görüş \ Common \ ViewpointService.exe C: \ WINDOWS \ system32 \ MsPMSPSv.exe C: \ WINDOWS \ system32 \ SearchIndexer.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ PrevxCSI \ prevxcsi.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe C: \ WINDOWS \ SOUNDMAN.EXE C: \ WINDOWS \ system32 \ keyhook.exe C: \ Program Files \ Apoint2K \ Apoint.exe C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe C: \ Program Files \ Staples \ easyprint \ dsfhost.exe C: \ Program Files \ Zune \ ZuneLauncher.exe C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Apoint2K \ Apntex.exe C: \ Program Files \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe C: \ progra ~ 1 \ intern mikro ~ 3 \ rapimgr.exe C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ görüş \ bakış Yöneticisi \ ViewMgr.exe C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ AcroTray.exe C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Yayıncı \ FNPLicensingService.exe C: \ WINDOWS \ system32 \ Taskmgr.exe C: \ WINDOWS \ lsass.exe C: \ WINDOWS \ system32 \ SPOOLER.EXE C: \ WINDOWS \ system32 \ wscntfy.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe C: \ WINDOWS \ system32 \ SearchProtocolHost.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.averatec.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Internet Bağlantısı Sihirbazı, ShellNext = http://oqaserver-a/ R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Ayarlar, ProxyOverride = *. yerel O2 - BHO: Yahoo! Araç Çubuğu Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ yükler \ cpn \ yt.dll O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ intern Spybot ~ 1 \ SDHelper.dll O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ progra ~ 1 \ intern mikro ~ 4 \ Office12 \ GRA8E1 ~ 1.DLL O2 - BHO: SSVHelper Sınıf - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O2 - BHO: Yahoo! Toolbar'ın Başlatıcısı - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AOL Araç Çubuğu 2,0 \ aoltb.dll O2 - BHO: bakış Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ görüş \ bakış Araç Çubuğu \ 3.8.0 \ ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Program Files \ googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8273-0445EE161910) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ GoogleToolbarNotifier \ 3.1.807.1746 \ SW g.dll O2 - BHO: SmartSelect - (F4971EE7-DAA0-4053-9964-665D8EE6A077) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ yükler \ cpn \ yt.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Program Files \ googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ AOL Araç Çubuğu 2,0 \ aoltb.dll O3 - Toolbar: bakış Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ görüş \ Araç Çubuğu Runtime \ 3.8.0 \ IEViewBar.dll O3 - Toolbar: Adobe PDF - (47833539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" O4 - HKLM \ .. \ Run: [RoxioEngineUtility] "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" O4 - HKLM \ .. \ Run: [RoxioAudioCentral] "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent O4 - HKLM \ .. \ Run: [SiS Windows KeyHook] C: \ WINDOWS \ system32 \ keyhook.exe O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [DSFHost] C: \ Program Files \ Staples \ easyprint \ dsfhost.exe O4 - HKLM \ .. \ Run: [Eşitleme Yöneticisi]% SystemRoot% \ system32 \ mobsync.exe / logon O4 - HKLM \ .. \ Run: [Zune Launcher] "C: \ Program Files \ Zune \ ZuneLauncher.exe" O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" O4 - HKLM \ .. \ Run: [Adobe Acrobat Speed Launcher] "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" O4 - HKLM \ .. \ Run: [vptray] C: \ progra ~ 1 \ intern SYMANT ~ 1 \ VPTray.exe O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] C: \ WINDOWS \ system32 \ LSSMON.EXE O4 - HKLM \ .. \ Run: [Yazdırma Biriktiricisi] C: \ WINDOWS \ system32 \ SPOOLER.EXE O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKCU \ .. \ Run: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F -39A1E5104020 O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater \ AdobeUpdater.exe O4 - HKLM \ .. \ Policies \ Explorer \ Run: [LocalSecurityAuthoritySubsystem] C: \ WINDOWS \ lsass.exe O4 - Startup: Adobe Gamma.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Ekran Clipper ve Launcher.lnk = C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE O4 - Global Startup: Windows Masaüstü Arama'yı = C: \ Program Files \ Windows Masaüstü Arama \ WindowsSearch.exe O8 - Extra menü item: & Yahoo! Toolbar Arama - C: \ Program Files \ AOL \ AOL araç çubuğu 2,0 \ kaynak \ en-US \ local \ search.html O8 - Extra menü öğesi: Mevcut PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html Bağlantı Hedef ekleyin O8 - Extra menü öğesi: Mevcut PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppend.html ekleyin O8 - Extra menü öğesi: Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html Hedef Bağlantı Convert O8 - Extra menü öğesi: Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECapture.html Convert O8 - Extra menü item: E & Microsoft Excel'e xport - res: / / C: \ progra ~ 1 \ intern mikro ~ 4 \ Office12 \ EXCEL.EXE/3000 O9 - Extra düğmesi: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll O9 - Extra düğmesi: - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ intern ~ mikro OneNote gönder 4 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' MENUITEM: S & son OneNote için - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ intern mikro ~ 4 \ Office12 \ ONBttnIE.dll O9 - Extra düğmesi: - (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - C: \ progra ~ 1 \ intern mikro ~ 3 \ INetRepl.dll Mobil Favori Oluştur O9 - Extra düğmesi: (no name) - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ progra ~ 1 \ intern mikro ~ 3 \ INetRepl.dll O9 - Extra 'Tools' MENUITEM: Mobil En sevdiğim oluştur ... - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ progra ~ 1 \ intern mikro ~ 3 \ INetRepl.dll O9 - Extra düğmesi: AOL Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Program Files \ AOL \ AOL Araç Çubuğu 2,0 \ aoltb.dll O9 - Extra düğmesi: Araştırma - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ intern MIC273 ~ 1 \ Office12 \ REFIEBAR.DLL O9 - Extra düğmesi: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe O9 - Extra düğmesi: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ progra ~ 1 \ intern Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ progra ~ 1 \ intern Spybot ~ 1 \ SDHelper.dll O9 - Extra düğmesi: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O14 - IERESET.INF: START_PAGE_URL = http://www.averatec.com O16 - DPF: (0D6BB8B8-0257-420C-B9EB-CFA90DB1026C) -- http://svrnsec01.purchase.edu:88/setup.cab O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Sınıf) -- http://v5.windowsupdate.microsoft.co...?1096453339343 O18 - Protokol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ progra ~ 1 \ intern mikro ~ 4 \ Office12 \ GR99D3 ~ 1.DLL O18 - Protokol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ progra ~ 1 \ intern COMMON ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe O23 - Service: Symantec AntiVirus Definition gözlemcisi (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe O23 - Service: FLEXnet Lisans Servisi - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Yayıncı \ FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Common \ Google Updater \ googleupdaterservice.exe O23 - Service: InstallDriver Tablo Yöneticisi (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C: \ progra ~ 1 \ intern Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Servisi - Prolific Technology Inc - C: \ WINDOWS \ system32 \ IoctlSvc.exe O23 - Service: Güvenli Erişim Aracısı (SafeAccessAgent) - StillSecure - C: \ Program Files \ StillSecure \ Güvenli Erişim Ajan \ SAService.exe O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe O23 - Service: SymWMI Servisi (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Güvenlik Merkezi \ SymWSC.exe O23 - Service: bakış Müdürü Servisi - bakış Corporation - C: \ Program Files \ görüş \ Common \ ViewpointService.exe -- Dosya sonu - 14.719 bayt |
|
#8
23. Eylül 2008, 10:25
|
|||
|
|||
|
LSASSMGR.exe (ve diğerleri) bulaşmış! Herhangi bir bilgi / yardım?
Indirmek Malwarebytes' Anti-Malware (MBAM)
Ekstra Not: Eğer bu MBAM kaldırmak için zor bir dosya karşılaştığında, 1 2 karşılaşacaksınız tıklayın da Tamam'ı ve bilgisayarı yeniden başlatmanız istenir MBAM ve dezenfeksiyon işlemi ile devam izin ister, lütfen bunu hemen. ---------- Şimdi yeni bir HijackThis tarama ve MBAM giriş ile birlikte oturum sonrası çalıştırın.
__________________
|
