Mama atsisiųsti ką nors

**Coolyxxx** · #1 Spalis 31, 2008, 03:00

Labas,
Na, mano mama kažką atsisiuntė ir užkardą atėjo kartu su kai kuriais žinutę. Kažkaip jis gavo įdiegta prieš ji papasakojo man. Taigi, scans dirbate dabar, tai gali šiek tiek užtrukti, nes jis lėtas kompiuterio. I don't know what it's called though, it's all keistus simbolius, ir neskaito. Turite HijackThis nors, bent vienas dalykas, nereikės ilgai laukti ...

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 8:53:31 dėl 31/10/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ SYSTEM32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ SYSTEM32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ Program Files \ DAP \ DAP.EXE
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Malwarebytes 'Anti-Malware \ mbam.exe
C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Avast4 \ ashSimpl.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe
C: \ Program Files \ Avast4 \ Setup \ avast.setup

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window Title = "Windows Internet Explorer jeigu Administrator Kevin
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Parametrai ProxyOverride = vietos
R3 - URLSearchHook: (no name) - (0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Atsisiųsti ir įrašų Įskiepis Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ "RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ RunOnce: [Malwarebytes 'Anti-Malware] C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe / install / Silent
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: AEO ¶ ¯ · ÉËÙÍÁ ¶ ¹. Lnk =?
O8 - Extra kontekstinio meniu punktą: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra kontekstinio meniu punktą: & Download su & VPN - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra kontekstinio meniu punktą: Atsisiųsti ir visus su DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra 'Tools' MENUITEM:? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://update.microsoft.com/microsof...?1133040258574
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: avast! iAVS4 kontrolės tarnybos (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Seiko Epson Corporation - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
End of file - 7.692 baitų
_______________________________________________
Any help is appreciated.
BTW. Nerandu piktogramą, kuri atrodo kaip "ištrinti" ir mane, kad pašalinti nebus variantas ...

**Coolyxxx** · #2 Spalis 31, 2008, 15:21

Na. Palikau skenuoja važiuoti naktį, bet SuperAntiSpyware laikomi susiduria su problemomis ir uždaryti ... Turiu Malwarebytes prisijunkite čia:

Malwarebytes 'Anti-Malware 1,30
Duomenų bazės versija: 1343
Windows 5.1.2600 Service Pack 3

1/11/2008 9:19:03
mbam-log-2008-11-01 (09-19-03). Txt

Scan Type: Full Scan (C: \ | D: \ | D: \ |)
Objektai nuskaitomi: 190.626
Praėjęs laikas: 3 valandos (-ų) 56 minutės (-ai), 28 second (s)

Atminties procesai Infected: 0
Atminties moduliai Infected: 0
Registro raktus Infected: 0
Vertybių registrą Infected: 0
Registro duomenų elementų Infected: 0
Katalogai Infected: 0
Failai Infected: 2

Atminties procesai Infected:
(Nr. kenksminga daiktų aptikti)

Atminties moduliai Infected:
(Nr. kenksminga daiktų aptikti)

Registro raktus Infected:
(Nr. kenksminga daiktų aptikti)

Vertybių registrą Infected:
(Nr. kenksminga daiktų aptikti)

Registro duomenų elementų Infected:
(Nr. kenksminga daiktų aptikti)

Katalogai Infected:
(Nr. kenksminga daiktų aptikti)

Failai Infected:
C: \ WINDOWS \ system32 \ _005069_.tmp.dll (Trojan.Agent) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ system32 \ _005101_.tmp.dll (Trojan.Agent) -> Karantinas ir sėkmingai ištrintas.

**Gimęs Glazgas** · #3 Spalis 31, 2008, 15:24

Labas

Tęsti skenuoja dirbate, atlikite šiuos veiksmus.

Atsisiųsti ComboFix vienoje iš šių vietų:

Link 1
Link 2
Link 3

* SVARBU! Prisiminti ComboFix.exe savo Desktop

Išjunkite antivirusinę ir šnipinėjimo programų, paprastai per dešiniuoju pelės mygtuku spustelėkite piktogramą. Jie gali kitaip trukdyti mūsų įrankiai
Du kartus paspauskite ant ComboFix.exe ir vykdykite ekrane pateikiamas instrukcijas.
Kaip dalis tai procesas, ComboFix bus patikrinti, ar Microsoft Windows Recovery Console įdiegta. Su kenkėjiškų infekcijų, nes jie yra šiandien, tai primygtinai rekomenduojama, kad šis iš anksto įdiegta į jūsų kompiuterį, prieš darydama bet kenkėjiškų programų pašalinimas. Tai leis jums įkeliama į specialią atkūrimo / remonto būdas, kuris leis mums lengviau padėti Jums reikia savo kompiuteryje turėti problemų po to, kai bandė pašalinti kenkėjiškų programų.
Vykdykite nurodymus, kad būtų galima ComboFix atsisiųsti ir įdiegti "Microsoft Windows" atkūrimo konsolę, ir kai pasirodys, sutinkate su galutinio vartotojo licencinė sutartis, kad įdiegtumėte "Microsoft Windows" atkūrimo konsolę.

** Atkreipkite dėmesį: Jei "Microsoft Windows" atkūrimo konsolę jau įdiegta, ComboFix bus toliau tai kenkėjiškų programų šalinimo procedūras.

Kai Microsoft Windows Recovery Console įdiegta naudojant ComboFix, jūs turėtumėte pamatyti tokį pranešimą:

Spauskite Taip, Toliau skenavimas kenkėjiškų programų.

Kai baigsite, ComboFix pateikia žurnalas Jums. Prašome įtraukti C: \ ComboFix.txt Jūsų kitą atsakymą, alog su kitų rąstų.

**Coolyxxx** · #4 Spalis 31, 2008, 15:52

Dėl tam tikrų priežasčių, ComboFix uždarytas SuperAntiSpyware nors buvo skenavimas, todėl iš naujo dabar. Ir avast! neįsijungtų ant default anymore ... Aš atidarau programa, tačiau ji vis dar nėra sistemos dėkle dalykas ... O programa, kad mano mama atsisiuntė yra nustatytas veikti paleidus ... Prisijungti čia šiaip:

ComboFix 08-10-30.13 - VIP 2008-11-01 9:36:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [11:00 GMT]
Veikia nuo: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
* Sukurtas naujas atkūrimo taškas
.

((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Warcraft III \ _desktop.ini
C: \ WINDOWS \ system32 \ _005058_.tmp.dll
C: \ WINDOWS \ system32 \ _005059_.tmp.dll
C: \ WINDOWS \ system32 \ _005060_.tmp.dll
C: \ WINDOWS \ system32 \ _005061_.tmp.dll
C: \ WINDOWS \ system32 \ _005068_.tmp.dll
C: \ WINDOWS \ system32 \ _005070_.tmp.dll
C: \ WINDOWS \ system32 \ _005071_.tmp.dll
C: \ WINDOWS \ system32 \ _005072_.tmp.dll
C: \ WINDOWS \ system32 \ _005073_.tmp.dll
C: \ WINDOWS \ system32 \ _005074_.tmp.dll
C: \ WINDOWS \ system32 \ _005075_.tmp.dll
C: \ WINDOWS \ system32 \ _005076_.tmp.dll
C: \ WINDOWS \ system32 \ _005077_.tmp.dll
C: \ WINDOWS \ system32 \ _005078_.tmp.dll
C: \ WINDOWS \ system32 \ _005079_.tmp.dll
C: \ WINDOWS \ system32 \ _005080_.tmp.dll
C: \ WINDOWS \ system32 \ _005081_.tmp.dll
C: \ WINDOWS \ system32 \ _005082_.tmp.dll
C: \ WINDOWS \ system32 \ _005084_.tmp.dll
C: \ WINDOWS \ system32 \ _005087_.tmp.dll
C: \ WINDOWS \ system32 \ _005088_.tmp.dll
C: \ WINDOWS \ system32 \ _005092_.tmp.dll
C: \ WINDOWS \ system32 \ _005093_.tmp.dll
C: \ WINDOWS \ system32 \ _005094_.tmp.dll
C: \ WINDOWS \ system32 \ _005095_.tmp.dll
C: \ WINDOWS \ system32 \ _005096_.tmp.dll
C: \ WINDOWS \ system32 \ _005097_.tmp.dll
C: \ WINDOWS \ system32 \ _005098_.tmp.dll
C: \ WINDOWS \ system32 \ _005099_.tmp.dll
C: \ WINDOWS \ system32 \ _005100_.tmp.dll
C: \ WINDOWS \ system32 \ _005102_.tmp.dll
C: \ WINDOWS \ system32 \ _005103_.tmp.dll
C: \ WINDOWS \ system32 \ _005104_.tmp.dll
C: \ WINDOWS \ system32 \ _005106_.tmp.dll
C: \ WINDOWS \ system32 \ _005107_.tmp.dll
C: \ WINDOWS \ system32 \ _005108_.tmp.dll
C: \ WINDOWS \ system32 \ _005109_.tmp.dll
C: \ WINDOWS \ system32 \ _005110_.tmp.dll
C: \ WINDOWS \ system32 \ _005111_.tmp.dll
C: \ WINDOWS \ system32 \ _005112_.tmp.dll
C: \ WINDOWS \ system32 \ _005115_.tmp.dll
C: \ WINDOWS \ system32 \ _005116_.tmp.dll
C: \ WINDOWS \ system32 \ _005117_.tmp.dll
C: \ WINDOWS \ system32 \ _005118_.tmp.dll
C: \ WINDOWS \ system32 \ _005119_.tmp.dll
C: \ WINDOWS \ system32 \ _005121_.tmp.dll
C: \ WINDOWS \ system32 \ _005122_.tmp.dll
C: \ WINDOWS \ system32 \ _005123_.tmp.dll
C: \ WINDOWS \ system32 \ _005125_.tmp.dll
C: \ WINDOWS \ system32 \ _005128_.tmp.dll
C: \ WINDOWS \ system32 \ _005129_.tmp.dll
C: \ WINDOWS \ system32 \ _005133_.tmp.dll
C: \ WINDOWS \ system32 \ _005134_.tmp.dll
C: \ WINDOWS \ system32 \ _005136_.tmp.dll
C: \ WINDOWS \ system32 \ _005137_.tmp.dll
C: \ WINDOWS \ system32 \ _005139_.tmp.dll
C: \ WINDOWS \ system32 \ _005141_.tmp.dll
C: \ WINDOWS \ system32 \ _005142_.tmp.dll
C: \ WINDOWS \ system32 \ _005143_.tmp.dll
C: \ WINDOWS \ system32 \ _005144_.tmp.dll
C: \ WINDOWS \ system32 \ _005147_.tmp.dll
C: \ WINDOWS \ system32 \ _005148_.tmp.dll
C: \ WINDOWS \ system32 \ _005149_.tmp.dll
C: \ WINDOWS \ system32 \ _005150_.tmp.dll
C: \ WINDOWS \ system32 \ _005151_.tmp.dll
C: \ WINDOWS \ system32 \ _005156_.tmp.dll
C: \ WINDOWS \ system32 \ _005158_.tmp.dll
C: \ WINDOWS \ system32 \ Cache
C: \ WINDOWS \ system32 \ Cfx32.lic
C: \ WINDOWS \ system32 \ cfx32.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivers / Paslaugos )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_NPF

((((((((((((((((((((((((( Failus, sukurtus nuo 2008/09/28 iki 2008/10/31 ))))))))))) ))))))))))))))))))))
.

2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008-10-31 20:33. 2008-10-31 20:33 <DIR> d -------- C: \ Program Files \ Tudou
2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ NetApi32.DLL
2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys
2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntoskrnl.exe
2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe
2008-09-18 19:05. 2008-10-31 20:52 <DIR> d -------- C: \ Program Files \ Avast4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-10-31 09:32 --------- d --- AW C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-10-22 05:10 38.496 ---- AW C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-10-22 05:10 15.504 ---- AW C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead
2008-09-08 10:41 333.824 ---- AW C: \ WINDOWS \ system32 \ drivers \ srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]

C: \ Documents and Settings \ Vip \ Start Menu \ Programs \ Startup \
"" Ôîú ÓëÖμôû.lnk - C: \ Program Files \ Tudou \ U ÓëTudou \ TudouVa.exe [2008-07-06 3248128]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ System]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(56F9679E-7826-4C84-81F3-532071A8BCC5) "=" C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll "[2006-04-24 282624]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ System32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Startup "Adobe Reader Speed Launch.lnk]
Backup = C: \ WINDOWS \ PSS \ "Adobe Reader Speed Launch.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Startup "Adobe Reader" Synchronizer.lnk]
Backup = C: \ WINDOWS \ PSS \ "Adobe Reader" Synchronizer.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas WinZip Quick Pick.lnk]
Backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Azureus Turbo Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Azureus Ultra Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Aktyvūs Turbo Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas eMule Turbo Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas LimeWire Apie Startup.lnk]
Backup = C: \ WINDOWS \ PSS \ LimeWire Apie Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas LimeWire Turbo Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas PowerReg Tvarkaraštis V3.exe]
Backup = C: \ WINDOWS \ PSS \ PowerReg Tvarkaraštis V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Registracija Tom Clancy's Rainbow Six]
Backup = C: \ WINDOWS \ PSS \ Registracija Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas SpeedFan.lnk]
Backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas WordWeb.lnk]
Backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \! AVG Anti-spyware
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Boss Key
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LogonStudio
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SWG
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Photo Downloader]
- ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools]
- ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LanguageShortcut]
- ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Kalba \ Language.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl]
- ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Steam]
- ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent]
- ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BluetoothAuthenticationA Gent]
- ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ C-Media Mixer]
- ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ Services]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LIVEUPDATE Pranešimo Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"PML Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"ose" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"C: \ Program Files \ DAP \ \ DAP.exe" =
"C: \ Program Files \ Messenger \ \ msmsgs.exe" =
"<Nėra Name>" = "C: \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ Program Files \ \ PPStream \ \ PPStream.exe
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ Program Files \ UT2004 \ \ SYSTEM \ \ UT2004.exe" =
"C: \ Program Files \ DeusEx \ \ SYSTEM \ \ DeusEx.exe" =
"C: \ Program Files \ \ Tudou \ \ · ÉËÙTudou \ \ TudouVa.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3.389 TCP" = 3389 TCP *: Disabled: @ Xpsp2res.dll, -22.009
"15.394 TCP" = 15.394 TCP *: Disabled: BitComet 15.394 TCP
"15.394: UDP" = 15.394: UDP: *: Disabled: BitComet 15.394 UDP
"6.555 TCP" = 6.555: TCP: *: Disabled: BitComet 6.555 TCP
"6.555: UDP" = 6.555: UDP: *: Disabled: BitComet 6.555 UDP

R1 aswSP; Avast! Savigynai, C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416]
R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088]
R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008-07-20 20560]
R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223]
R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ system32 \ drivers \ SBKUPN T. SYS [2001-07-13 14976]
S3 motccgp; Siemens USB Composite Device Driver, C: \ WINDOWS \ system32 \ drivers \ motccgp.sys [2007-06-18 17920]
S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680]
S3 MotDev; "Motorola Inc USB Device, C: \ WINDOWS \ system32 \ drivers \ motodrv.sys [2007-05-07 42112]
S3 RTLWUSB; WG111v2 NETGEAR 54Mbps Wireless USB 2.0 Adapter NT Driver, C: \ WINDOWS \ system32 \ drivers \ wg111v2.sys [2006-03-16 167808]
S3 XDva042; XDva042, C: \ WINDOWS \ system32 \ XDva042.sys []
.
Turinys "Scheduled Tasks" katalogą

2008/10/01 C: \ WINDOWS \ Uždaviniai \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57]

2008/10/27 C: \ WINDOWS \ Uždaviniai \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007/05/14 C: \ WINDOWS \ Uždaviniai \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008/10/25 C: \ WINDOWS \ Uždaviniai \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.
- - - - Orphans nuimti - - - --

URLSearchHooks-(0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file)
ShellIconOverlayIdentifiers-hex (2): 7b 38,41,34,32,44,46,42,46,2 D 37,38,36,38,2 D 34,30,32,39,2 d, 39, 35,38, \ - (no file)
ShellExecuteHooks-(E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA) - (no file)
MSConfigStartUp-COMODO Firewall - C: \ Program Files \ COMODO \ Firewall \ cfp.exe
MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe
MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Faksas sprendimai \ fm3032.exe
MSConfigStartUp-TkBellExe - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe

.
------- Papildomos Scan -------
.
Firefox -: Profilis - C: \ Documents and Settings \ Vip \ Application Data \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \
Firefox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com /
.
.
------- Failas asociacijų -------
.
txtfile = C: \ WINDOWS \ Notepad.exe% 1
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 09:42:02
Windows 5.1.2600 Service Pack 3 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
------------------------ Kitos aktyvūs procesai ----------------------- --
.
C: \ WINDOWS \ system32 \ ati2evxx.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ ati2evxx.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ system32 \ searchindexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ imapi.exe
.
************************************************** ************************
.
Atlikimo laikas: 2008-11-01 9:47:03 - mašina buvo paleistas
ComboFix-karantine-files.txt 2008-10-31 22:46:53

Pre-Rida: 17476198400 bytes nemokamai
Post-Rida: 17429176320 bytes nemokamai

WindowsXP-KB310994-SP2-Pro-BOOTDISK-LTH.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
C: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect

335 --- EOF --- 2008-10-24 09:01:23
__________________________________________________ _________________________________________________

EDIT: buvau spustelėję aplink ir radau piktogramą, kad atrodė kaip pašalinti. Aš paspausti ir jis pradėjo pašalinti (arba bent jau aš tikiuosi, kad tai buvo), nes ji buvo keistai simboliais.

**Coolyxxx** · #5 Spalis 31, 2008, 18:39

SuperAntiSpyware žurnalas. Man teko daryti greitai nuskaito, nes jis visada sugalvoti klaida, kai aš visiškai nuskaitymas.

SUPERAntiSpyware Scan Prisijungti
http://www.superantispyware.com

At 11:45 11/01/2008 Generated AM

Prašymas Versija: 4.21.1004

Core Taisyklės Database Versija: 3.618
Sekti Taisyklės duomenų bazė Versija: 1.603

Scan Type: Quick Scan
Iš viso nuskaitymo laikas: 00:35:28

Atminties elementai nuskaityta: 490
Atminties grėsmių detected: 0
Registro objektų nuskaityta: 436
Registras grėsmių detected: 0
Failo elementai nuskaityta: 33.788
Failo grėsmių detected: 2

Trojan.Vundo-Variantas / F
C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL
C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL

**Gimęs Glazgas** · #6 Lapkritis 1, 2008, 10:16

Hi again

Please don't click ant nieko ar paleisti bet daugiau nuskaito kai aš patarti, kad taip. Jis tiesiog daro dalykus painioja man - matau vienas įrašas žurnale, bet jis dingo iš kito ir tt - ačiū.

Manau tai problema

C: \ Program Files \ Tudou

nebent tavo mama yra ir kinų kalba "YouTube" gerbėjas.

Noriu turėti bent šiuos du failus rasti SAS išvaizdą.

Apsilankykite: Virustotal

Iš šio puslapio galite rasti vidurį "ŽmonėsMygtuką.

Spauskite "Browse" mygtuką ir pereikite į šį failą RED:

C: \ WINDOWS \ SYSTEM32 \ AZIPCONTMN.DLL

Paspauskite "Atidaryti.
Tada spustelėkite "Siųsti failą"Mygtuką ir Virustotal puslapio apačioje.
Tai bus nuskaityti failo. Būkite kantrūs.
Kai nuskaityti, kopijuoti ir įklijuoti į kitą Atsakyti rezultatus.

Pakartokite aukščiau šią bylą taip pat.

C: \ WINDOWS \ SYSTEM32 \ SYSFOLDERAZIPCNT.DLL

Combofix

Uždarykite visus atidarytus naršyklės.
Atidaryti Užrašų ir kopijuoti / įklijuoti į langelį žemiau tekstą į jį:

Kodas

  Folder:
  C: \ Program Files \ Tudou

Pažvelgus į žemiau esantį vaizdą, kaip pavyzdžiui

Išsaugoti kaip CFScript.txt, Toje pačioje vietoje kaip ComboFix.exe

Atsižvelgdamas į pirmiau, vilkite nuotrauką CFScript ant ComboFix.exe.

Kai bus baigta, bus pateikti žurnale jums "C: \ ComboFix.txt"

Don't mouseclick combofix lango, o tai veikia. Tai gali privesti prie to gardo.

DĖMESIO! Visi kiti galvoja, naudojant aukščiau scenarijų tai daro savo rizika - Jums gali baigtis iš naujo įdiegti "Windows"!

Prašome rašyti žurnalą C: \ ComboFix.txt , Virustotal rezultatus ir švieži HijackThis papildoma peržiūra.

**Coolyxxx** · #7 Lapkritis 1, 2008, 16:53

Taip mano mama laikrodžiai Kai kurie Kinijos vaizdo ... Aš negalėjau rasti failus, kai Browsing Virustotal. Aš net nuvyko į juos Explorer, negalėjo rasti juos abu. Got Įrašai:
ComboFix:

ComboFix 08-11-01.01 - VIP 2008-11-02 10:36:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [11:00 GMT]
Veikia nuo: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
Command jungikliai naudojami: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt
* Sukurtas naujas atkūrimo taškas
.

((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Tudou

.
((((((((((((((((((((((((( Failus, sukurtus nuo 2008/10/01 iki 2008/11/01 ))))))))))) ))))))))))))))))))))
.

2008-11-01 09:55. 2008-11-01 09:55 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Uniblue
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ NetApi32.DLL
2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys
2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntoskrnl.exe
2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-10-31 09:52 --------- d ----- w C: \ Program Files \ Avast4
2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-10-31 09:32 --------- d --- AW C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-10-22 05:10 38.496 ---- AW C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-10-22 05:10 15.504 ---- AW C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead
2008-09-15 12:12 1.846.400 ---- AW C: \ WINDOWS \ system32 \ Win32k.sys
2008-09-08 10:41 333.824 ---- AW C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008-08-28 07:46 74.752 ---- AW C: \ WINDOWS \ system32 \ msw3prt.dll
2008-08-28 07:46 104.960 ---- AW C: \ WINDOWS \ system32 \ Win32spl.dll
2008-08-26 07:24 826.368 ---- AW C: \ WINDOWS \ system32 \ wininet.dll
2008-08-14 10:11 2.189.184 ---- AW C: \ WINDOWS \ system32 \ Ntoskrnl.exe
2008-08-14 09:33 2.066.048 ---- AW C: \ WINDOWS \ system32 \ Ntkrnlpa.exe
2008-07-29 12:05 32.768 - SHA-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ History \ History.IE5 \ MSHist012008072920080 730 \ Index.dat
.

((((((((((((((((((((((((((((( Fotografiją @ 2008-11-01_ 9.46.14.14 ))))))))))) ))))))))))))))))))))))))))))))
.
- 2008-10-31 22:41:26 16.384 ---- Atw C: \ Windows \ Temp \ Perflib_Perfdata_570.dat
+ 2008-11-01 23:26:02 16.384 ---- Atw C: \ Windows \ Temp \ Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056]
"avast" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008-07-20 78008]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ System]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(56F9679E-7826-4C84-81F3-532071A8BCC5) "=" C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll "[2006-04-24 282624]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ System32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Startup "Adobe Reader Speed Launch.lnk]
Backup = C: \ WINDOWS \ PSS \ "Adobe Reader Speed Launch.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Startup "Adobe Reader" Synchronizer.lnk]
Backup = C: \ WINDOWS \ PSS \ "Adobe Reader" Synchronizer.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas WinZip Quick Pick.lnk]
Backup = C: \ WINDOWS \ PSS \ WinZip Quick Pick.lnkCommon Paleidimas

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Azureus Turbo Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Azureus Ultra Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Aktyvūs Turbo Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas eMule Turbo Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ eMule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas LimeWire Apie Startup.lnk]
Backup = C: \ WINDOWS \ PSS \ LimeWire Apie Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas LimeWire Turbo Accelerator.lnk]
Backup = C: \ WINDOWS \ PSS \ LimeWire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas PowerReg Tvarkaraštis V3.exe]
Backup = C: \ WINDOWS \ PSS \ PowerReg Tvarkaraštis V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Registracija Tom Clancy's Rainbow Six]
Backup = C: \ WINDOWS \ PSS \ Registracija Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas SpeedFan.lnk]
Backup = C: \ WINDOWS \ PSS \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ Kevin Start Menu Programs ^ ^ ^ Paleidimas WordWeb.lnk]
Backup = C: \ WINDOWS \ PSS \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \! AVG Anti-spyware
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Boss Key
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LogonStudio
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SWG
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Adobe Photo Downloader]
- ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ DAEMON Tools]
- ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ LanguageShortcut]
- ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Kalba \ Language.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ QuickTime Task]
- ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl]
- ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Steam]
- ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ WinampAgent]
- ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ BluetoothAuthenticationA Gent]
- ------ 2008-04-14 06:42 110592 C: \ WINDOWS \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ C-Media Mixer]
- ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ Services]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LIVEUPDATE Pranešimo Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"PML Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"ose" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"C: \ Program Files \ DAP \ \ DAP.exe" =
"C: \ Program Files \ Messenger \ \ msmsgs.exe" =
"<Nėra Name>" = "C: \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ Program Files \ \ PPStream \ \ PPStream.exe
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ Program Files \ UT2004 \ \ SYSTEM \ \ UT2004.exe" =
"C: \ Program Files \ DeusEx \ \ SYSTEM \ \ DeusEx.exe" =

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3.389 TCP" = 3389 TCP *: Disabled: @ Xpsp2res.dll, -22.009
"15.394 TCP" = 15.394 TCP *: Disabled: BitComet 15.394 TCP
"15.394: UDP" = 15.394: UDP: *: Disabled: BitComet 15.394 UDP
"6.555 TCP" = 6.555: TCP: *: Disabled: BitComet 6.555 TCP
"6.555: UDP" = 6.555: UDP: *: Disabled: BitComet 6.555 UDP

R1 aswSP; Avast! Savigynai, C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-20 78416]
R1 atitray; atitray, C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088]
R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008-07-20 20560]
R2 ROCKEYNT; ROCKEYNT, C: \ WINDOWS \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223]
R2 SBKUPNT; SBKUPNT, C: \ WINDOWS \ system32 \ drivers \ SBKUPN T. SYS [2001-07-13 14976]
S3 motccgp; Siemens USB Composite Device Driver, C: \ WINDOWS \ system32 \ drivers \ motccgp.sys [2007-06-18 17920]
S3 motccgpfl; MotCcgpFlService, C: \ WINDOWS \ system32 \ DRI VERS \ motccgpfl.sys [2007-01-22 7680]
S3 MotDev; "Motorola Inc USB Device, C: \ WINDOWS \ system32 \ drivers \ motodrv.sys [2007-05-07 42112]
S3 RTLWUSB; WG111v2 NETGEAR 54Mbps Wireless USB 2.0 Adapter NT Driver, C: \ WINDOWS \ system32 \ drivers \ wg111v2.sys [2006-03-16 167808]
S3 XDva042; XDva042, C: \ WINDOWS \ system32 \ XDva042.sys []
.
Turinys "Scheduled Tasks" katalogą

2008/10/01 C: \ WINDOWS \ Uždaviniai \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57]

2008/10/27 C: \ WINDOWS \ Uždaviniai \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007/05/14 C: \ WINDOWS \ Uždaviniai \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008/10/25 C: \ WINDOWS \ Uždaviniai \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 10:39:31
Windows 5.1.2600 Service Pack 3 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************
.
Atlikimo laikas: 2008-11-02 10:41:44
ComboFix-karantine-files.txt 2008-11-01 23:41:32
ComboFix2.txt 2008-10-31 22:47:05

Pre-Rida: 17222828032 bytes nemokamai
Post-Rida: 17200967680 bytes nemokamai

233 --- EOF --- 2008-10-24 09:01:23
__________________________________________________ _________________________

HijackThis:

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 10:50:19, on 2/11/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Parametrai ProxyOverride = vietos
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Atsisiųsti ir įrašų Įskiepis Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ "RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay
O4 - HKLM \ .. \ Run: [avast] C: \ Program Files \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O8 - Extra kontekstinio meniu punktą: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra kontekstinio meniu punktą: & Download su & VPN - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra kontekstinio meniu punktą: Atsisiųsti ir visus su DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra 'Tools' MENUITEM:? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://update.microsoft.com/microsof...?1133040258574
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: avast! iAVS4 kontrolės tarnybos (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Seiko Epson Corporation - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
End of file - 6.734 baitų

**Gimęs Glazgas** · #8 Lapkritis 2, 2008, 05:29

Labas

Šie du failai nebuvo rastas combofix, todėl aš nelabai tikisi, kad jie būtų ten.

Kaip sistema veikia dabar?

Leiskite veikti internete skenavimas.

Atlikti internetu skenavimas su Panda ActiveScan

Spauskite Scan Your PC Now
"Pop-up" langas, arba naujoje kortelėje bus atidaryta.
Spauskite Registruotis
Pasirinkite variantą jums patinka labiausiai, bet mes rekomenduojame Nemokama registracija.
Spauskite Registruotis
Įveskite savo elektroninio pašto adresą, ir sukurti slaptažodį.
Pasirinkite "Nenoriu gauti jokios informacijos tipą". (Jei norite gauti tokią informaciją)
Spauskite Siųsti
Patvirtinti registraciją, ir toliau įvesdami savo vartotojo vardą ir slaptažodį, tada spauskite Registracija
Pasirinkite Full Scan, tada paspauskite Scan Now
Palaukite komponentai turi būti pakraunami ir įrengti. Negalima uždaryti šio lango arba pereiti į kitą puslapį, kol ji paima. Jūs galite toliau naudotis internetu atidarymas kitoje naršyklės lange.
Jeigu ji nustato, bet jis gali būti kenkėjiškų programų dezinfekuoti, Dezinfekuokite mygtuką, bus įjungtas. Spauskite Dezinfekuoti
Prašome ignoruoti siūlome įsigyti programą. Spauskite Eksportuoti
Eksporto prisijunkite ir išsaugokite jį savo kompiuteryje.
Prašau pridėti Šio žurnalo Jūsų atsakymas kartu su nauja HijackThis turinį.

* Išjunkite realiu laiku skenerio visus esamus antivirusinę programą atlikdami online scan.

**Coolyxxx** · #9 Lapkritis 3, 2008, 03:07

Citata:

Originally Posted by Gimęs Glazgas

Prašau pridėti Šio žurnalo Jūsų atsakymas kartu su nauja HijackThis turinį.

Na, tu sako pridėti, raudona, taigi aš maniau aš norėčiau pridėti. Nežinote, koks skirtumas yra tarp tvirtinimo ir kopijuoti / įklijuoti, išskyrus jau po ... Panda Active Scan rasti kai kurių dalykų, bet aš tik vieną dezinfekuoti, širdys viena, nes dėl kitų, jis pasakė man jį nusipirkti.

**Gimęs Glazgas** · #10 Lapkritis 5, 2008, 07:45

Hi again

Atsiprašome už ne grįžti prie jūsų anksčiau - realiame gyvenime yra gana užsiėmęs tuo metu.

Kaip sistema veikia dabar?

Tik Prekė PowerRegScheduler - galite jį pašalinti, jei norite.

Panašios Temos
Siūlas	Thread Starter	Forumas	Atsakymai	Last Post
Parsisiųsti PDF failai undeletable	dhonwenz	BENDROJI PROGRAMINĖS ĮRANGOS Pokalbiai	0	2 birželis 2009 17:23
49 Dauguma paimti WordPress Themes All Time!	KanoakaVirus	Web Design, Hosting & SEO	1	1 kovas 2009 12:04
Kvailas sūnus parsisiųsti kenksmingą programe, can anyone please help?	john101	Virus, Spyware & Security	28	29 spalis 2008 18:55
Paimti DVD, o ne standartinio formato, o ne tikri, kurios programos	gladrock	Multimedia & Codecs	1	2 sausis 2008 11:52
Kas geriausias albumas pirktus / atsisiuntė neseniai?	Hybr! D	Off Topic Discussion	13	29 spalis 2007 18:07