|
| |||||||
| Registruotis | Svetainės spy | Narių sąrašas | Donate | Ieškoti | Šiandien Žinutės | Pažymėti forumus kaip skaitytus | Forumo taisyklės |
 |
 |
| | Temos įrankiai |
|
#1
Birželis 18, 2009, 11:46
| |||
| |||
| Hello and thank you for reading. Man buvo bandoma pašalinti nepageidaujamus kenkėjiškų iš mano kompiuterio daugiau nei savaitę dabar, niekas, atrodo, kad dirba. Radau keletą procesų, įskaitant IEXPLORER.EXE, winlogon.exe, Spoolsv.exe ir kitų nežinomų procesų, kaip pavprsrv.exe ir McciCMService.exe. Turėjau pakeisti exe pavadinimas dauguma programų gauti juos atidaryti. Aš paprastai naudoja AVG Free, bet aš pašalinta ir bandė Panda patikrinti, ar tai padės (tai nebuvo). Nuo tada aš pašalinti ir iš naujo Panda AVG. Thank you in advance for your help! Čia yra failų, kad turiu atsisiųsti. SUPERAntiSpyware Scan Prisijungti http://www.superantispyware.com At 01:15 06/18/2009 Generated PM Prašymas Versija: 4.26.1004 Core Taisyklės Database Versija: 3.945 Sekti Taisyklės duomenų bazė Versija: 1.887 Scan Type: Complete Scan Iš viso nuskaitymo laikas: 01:11:18 Atminties elementai nuskaityta: 373 Atminties grėsmių nustatyti: 1 Registro objektų nuskaitomi: 4431 Registras grėsmių aptikta: 86 Failo elementai nuskaityta: 39.059 Failo grėsmių aptikta: 11 Rootkit.Agent / Gen-UACFake \? \ GLOBALROOT \ C: \ WINDOWS \ SYSTEM32 \ UACKPXJQWVUGNSPO KQ.DLL \? \ GLOBALROOT \ C: \ WINDOWS \ SYSTEM32 \ UACKPXJQWVUGNSPO KQ.DLL Unclassified.Unknown Kilmės HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ exp lorer \ Browser Helper Objects \ (2520BA45-3D97-4864-82FF-F47F951727BA) HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ exp lorer \ Browser Helper Objects \ (9B053E00-78D3-B763-47AE-60FF36FF2886) HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer sion \ Ext \ Stats \ (2520BA45-3D97-4864-82FF-F47F951727BA) HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer sion \ Ext \ Stats \ (9B053E00-78D3-B763-47AE-60FF36FF2886) HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (2520BA45-3D97-4864-82FF-F47F951727BA) HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ (9B053E00-78D3-B763-47AE-60FF36FF2886) HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (2520BA45-3D97-4864-82FF-F47F951727BA) HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (9B053E00-78D3-B763-47AE-60FF36FF2886) Trojan.Agent / Gen-AmblBE HKU \. DEFAULT \ Software \ Microsoft \ Windows \ CurrentVer sion \ Ext \ Stats \ (06F20C1A-4811-4C73-A114-792ED70F2CAD) HKU \ S-1-5-18 \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ S tats \ (06F20C1A-4811-4C73-A114-792ED70F2CAD) Adware.TrustInCash C: \ WINDOWS \ system32 \ tisa.cnf C: \ WINDOWS \ REMOVEADWARE.ICO C: \ WINDOWS \ VIDEOSLOTS.ICO Rogue.Component / Trace HKU \ S-1-5-21-776561741-1580436667-854245398-1003 \ Software \ Microsoft \ FIAS4057 Rootkit.Agent / Gen HKLM \ SOFTWARE \ UAC HKLM \ SOFTWARE \ UAC # cmddelay HKLM \ SOFTWARE \ UAC # LastBSOD HKLM \ SOFTWARE \ UAC # affid HKLM \ SOFTWARE \ UAC # type HKLM \ SOFTWARE \ UAC # statyti HKLM \ SOFTWARE \ UAC # subid HKLM \ SOFTWARE \ UAC # ecaab67d-7d92-4ec1-AC32-3087345120a3 HKLM \ SOFTWARE \ UAC # Val HKLM \ SOFTWARE \ UAC # sval HKLM \ SOFTWARE \ UAC # pval HKLM \ SOFTWARE \ UAC \ Connections HKLM \ SOFTWARE \ UAC \ Connections # 905b3008 HKLM \ SOFTWARE \ UAC \ Connections # 7d72e91c HKLM \ SOFTWARE \ UAC \ Connections # a2674c18 HKLM \ SOFTWARE \ UAC \ Connections # b43dcf0f HKLM \ SOFTWARE \ UAC \ Connections # f2065612 HKLM \ SOFTWARE \ UAC \ neleidžiamus HKLM \ SOFTWARE \ UAC \ neleidžiamus # trsetup.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # ViewpointService.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # ViewMgr.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # spysweeper.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # SUPERAntiSpyware.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # SpySub.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # SpywareTerminatorShie ld.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # SpyHunter3.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # XoftSpy.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # SpyEraser.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # combofix.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # otscanit.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # mbam.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # mbam-setup.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # flash_disinfector.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # otmoveit2.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # smitfraudfix.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # prevxcsifree.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # download_mbam-setup.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # cbo_setup.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # spywareblastersetup.e xe HKLM \ SOFTWARE \ UAC \ neleidžiamus # rminstall.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # sdsetup.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # vundofixsvc.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # daft.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # gmer.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # catchme.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # mcpr.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # sdfix.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # hjtinstall.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # fixpolicies.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # emergencyutil.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # techweb.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # GoogleUpdate.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # windowsdefender.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # spybotsd.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # winlognn.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # csrssc.exe HKLM \ SOFTWARE \ UAC \ neleidžiamus # klif.sys HKLM \ SOFTWARE \ UAC \ neleidžiamus # pctssvc.sys HKLM \ SOFTWARE \ UAC \ neleidžiamus # pctcore.sys HKLM \ SOFTWARE \ UAC \ neleidžiamus # mchinjdrv.sys HKLM \ SOFTWARE \ UAC \ neleidžiamus # szkg.sys HKLM \ SOFTWARE \ UAC \ neleidžiamus # sasdifsv.sys HKLM \ SOFTWARE \ UAC \ neleidžiamus # saskutil.sys HKLM \ SOFTWARE \ UAC \ neleidžiamus # sasenum.sys HKLM \ SOFTWARE \ UAC \ neleidžiamus # ccHPx86.sys HKLM \ SOFTWARE \ UAC \ inžektorius HKLM \ SOFTWARE \ UAC \ inžektorius # * HKLM \ SOFTWARE \ UAC \ kaukė HKLM \ SOFTWARE \ UAC \ kaukė # 6aed4b25 HKLM \ SOFTWARE \ UAC \ kaukė # e0ae8144 HKLM \ SOFTWARE \ UAC \ kaukė # 30910b28 HKLM \ SOFTWARE \ UAC \ kaukė # c6216721 HKLM \ SOFTWARE \ UAC \ kaukė # dd118673 HKLM \ SOFTWARE \ UAC \ versijos HKLM \ SOFTWARE \ UAC \ redakcijos # / reklama / crcmds / init Adware.Tracking Cookie C: \ Documents and Settings \ Guest \ Cookies \ guest@ad.yieldmanager [1]. Txt C: \ Documents and Settings \ Guest \ Cookies \ svečių @ DoubleClick "[1]. Txt C: \ Documents and Settings \ Guest \ Cookies \ svečių @ myroitracking [1]. Txt C: \ Documents and Settings \ Guest \ Cookies \ guest@serw.clicksor [1]. Txt C: \ WINDOWS \ system32 \ config \ systemprofile \ Cookies \ s SISTEMA @ IX-rasti [1]. Txt Adware.180solutions/Seekmo/Zango C: \ Program Files \ FASOFT \ n-Track Studio 6 \ setup.exe Naršyklė Hijacker.MS Web Search C: \ WINDOWS \ LOCAL.HTML Malwarebytes 'Anti-Malware 1,37 Duomenų bazės versija: 2269 Windows 5.1.2600 Service Pack 2 6/18/2009 2:25:06 mbam-log-2009-06-18 (14-25-06). Txt Scan Type: Quick Scan Objektai nuskaitomi: 28.750 Praėjęs laikas: 18 minučių (-ai), 54 second (s) Atminties procesai Infected: 0 Atminties moduliai Infected: 0 Registro raktus Infected: 0 Vertybių registrą Infected: 0 Registro duomenų elementų Infected: 0 Katalogai Infected: 0 Failai Infected: 0 Atminties procesai Infected: (Nr. kenksminga daiktų aptikti) Atminties moduliai Infected: (Nr. kenksminga daiktų aptikti) Registro raktus Infected: (Nr. kenksminga daiktų aptikti) Vertybių registrą Infected: (Nr. kenksminga daiktų aptikti) Registro duomenų elementų Infected: (Nr. kenksminga daiktų aptikti) Katalogai Infected: (Nr. kenksminga daiktų aptikti) Failai Infected: (Nr. kenksminga daiktų aptikti) Logfile Trend Micro HijackThis v2.0.2 Skaitymo išsaugotas 2:28:36 dėl 6/18/2009 Platforma: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Veikia procesus: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ igfxtray.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe C: \ Program Files \ Common Files \ motyvai \ McciCMService.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Požiūris \ Common \ ViewpointService.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.att.net/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyServer = http = localhost: 7171 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = *. vietos; <local> O1 - Hosts::: 1 localhost O1 - Hosts: 209.44.111.57 security.microsoft.com O1 - Hosts: 209.44.111.57 inetavirus.com O1 - Hosts: 209.44.111.57 www.inetavirus.com O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ dislokuoti \ jqs \ ty \ jqs_plugin.dll O4 - HKLM \ .. \ Run: [KernelFaultCheck]% SystemRoot% \ System32 \ dumprep 0-k O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" O4 - HKUS \ S-1-5-19 \ .. \ Run: [pivafuniya] rundll32.exe "C: \ WINDOWS \ system32 \ luruwono.dll" S "(User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [pivafuniya] rundll32.exe "C: \ WINDOWS \ system32 \ luruwono.dll" S "(User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ MP \ MySpaceIM.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [MySpaceIM] C: \ Program Files \ MySpace \ MP \ MySpaceIM.exe (User 'Default user') O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll Ø20 - AppInit_DLLs: avgrsstx.dll C: \ WINDOWS \ system32 \ zuhagiye.dll C: \ WINDOWS \ system32 \ nulakili.dll Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe O23 - Service: AVG8 watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe O23 - Service: "Google" Update Service "(gupdate1c9c119864b630) (gupdate1c9c119864b630) - Google Inc - C: \ Program Files \ Google \ update \ GoogleUpdate.exe O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe O23 - Service: McciCMService - Motive Communications, Inc - C: \ Program Files \ Common Files \ Motive \ McciCMService.exe O23 - Service: Panda Technologinių apsaugos tarnybos (PavPrSrv) - Panda Security, SL - C: \ Program Files \ Common Files \ Panda Security \ PavShld \ pavprsrv.exe O23 - Service: Požiūris vadybininkas Paslaugos - Požiūris Corporation - C: \ Program Files \ Požiūris \ Common \ ViewpointService.exe -- End of file - 4.735 baitų |
|
#2
Birželis 18, 2009, 15:35
| ||||||||||||
| ||||||||||||
| Hi there Mybabbits Atsisiųsti Combofix nuo bet kokios nuorodos toliau. Tu privalėti pervardyti Prieš įrašant jį. Išsaugokite jį savo kompiuteryje kaip Combo-fix.exe. Link 1 Link 2 Link 3   Išjunkite antivirusinę ir šnipinėjimo programų, paprastai per dešiniuoju pelės mygtuku spustelėkite piktogramą. Jie gali kitaip trukdyti mūsų įrankiai Atidaryti Task Manager, spausdami klavišą Ctrl Alt Del raktai, tuo pačiu metu. Kai bent dialogo lango meniu pasirinkite File> New Task (Run. ..) Copy / Paste (arba tipo) į Run laukelį ir spustelėkite Gerai taip: (darant prielaidą, ComboFix.exe yra ant darbastalio, kaip buvo nurodyta) "% USERPROFILE% \ desktop \ Combo-fix.exe" / killall Vykdykite ekrane insatructions ir tegul combofix baigti skaičiuoti, Užtikrinti, kad būtų įdiegti atkūrimo konsolę, kai prašoma. Rašyti atgal su savo kitą post. Atsisiųsti GMER Rootkit Skeneriai nuo čia arba čia.
Atsargiai ** ** Rootkit skenuoja neretai klaidingai teigiami. Nesiimtų jokių veiksmų dėl bet "<--- ROOKIT "įrašai Nukopijuokite ir įklijuokite tiek kitą Atsakyti Įrašai
__________________
__________________
Didžiuotis narys ASAP & UNITE Mano sistema: Steves Rig
|
|
#3
Birželis 18, 2009, 18:36
| |||
| |||
| I downloaded ComboFix prie darbastalio ir pasikeitė pavadinimas, kaip nurodyta. Kai bandau paleisti "% USERPROFILE% \ desktop \ Combo-fix.exe" / killall I get a popup ekranas, kuris pirmą kartą mane perspėja, kad programos yra iš nenustatyto šaltinis, todėl aš eiga paleisti. Po to, atrodo lyg combofix veikia teisingai tada man sako, kad iškylančių langų ekrane kažką panašaus į "Windows negali rasti" grpconv ". Įsitikinkite, kad įvedėte teisingą pavadinimą ..." ir tt-ekranas ne negulti pakankamai ilgai, kad mane sugauti ją kita. Aš paspausti Gerai ten, ir tada aš kitą combofix ekraną, sako, kad aptiko AVG Antivirus tebeveikia. Turėjau problemų jį išjungti, todėl nuėjau į priekį ir pašalinta visiškai. Nežinau, kodėl jis vis dar mano, kad tai veikia. Turėčiau eiti į priekį ir spustelėkite Gerai jei tie ekranai per daug ir pamatyti, ar jis vis dar veikia? Ačiū! |
|
#4
Birželis 18, 2009, 23:48
| |||
| |||
| Sveiki Spustelėkite Gerai, jei per ekranus ir pažiūrėkite, ar galite gauti combofix skenavimas užpildyti
__________________ Didžiuotis narys ASAP & UNITE |
|
#5
Birželis 19, 2009, 06:58
| |||
| |||
| Aš vis dar turėjo tam tikrų su combofix problemų. Tuo metu, kai procesas Desktop atėjo tuščią combofix ekrano dingo taškas. Is it supposed to do this? Aš laukė maždaug 10 minučių ar kas nutiktų, ir tada aš paleisti kompiuterį. Po to combofix ekrane grįžo ir pasakė ji buvo sukurti failą ... Here's what I got: ComboFix 09-06-18.02 - Owner 06/19/2009 9:02.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.286 [GMT -4:00] Veikia nuo: C: \ Documents and Settings \ Owner \ Desktop \ Combo-fix.exe Command jungikliai naudojami: / killall AV: AVG Anti-Virus Free * On-susipažinti skenavimo įjungti * (Atnaujinta) (17DDD097-36FF-435F-9E1B-52D74245D6BF) FW: F-Secure Anti-Virus 2006 6,10 * neįgaliesiems * (D4747503-0346-49EB-9262-997542F79BF4) ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!! . ((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Documents and Settings \ LocalService \ Application Data \ twain_32 C: \ Documents and Settings \ NetworkService \ Application Data \ twain_32 C: \ Windows \ system32 \ komponentai C: \ Windows \ system32 \ drivers \ UACymttprqpphespir.sys C: \ Windows \ system32 \ UACakmovnkvlbejvsw.dll C: \ Windows \ system32 \ UACjqblgassmsyrtsd.log C: \ Windows \ system32 \ UACkpxjqwvugnspokq.dll C: \ Windows \ system32 \ UACllkyxudengakpfn.dll C: \ Windows \ system32 \ UACmxexwkuwcfyxylo.dll C: \ Windows \ system32 \ UACtdqoweywvrmpfuc.dat C: \ Windows \ system32 \ UACwixxvmnqlxbujns.log C: \ Windows \ system32 \ UACwqwjasvfplrvpdn.log C: \ Windows \ system32 \ UACxcvrjkwrnbmiqml.dll C: \ bt.log C: \ Documents and Settings \ LocalService \ Application Data \ twain_32 \ user.ds C: \ Documents and Settings \ NetworkService \ Application Data \ twain_32 \ user.ds C: \ Windows \ system32 \ arosetud.ini C: \ Windows \ system32 \ barohozi.dll.tmp C: \ Windows \ system32 \ bavuvofi.dll.tmp C: \ Windows \ system32 \ Components \ flx0.dll C: \ Windows \ system32 \ diwovadu.dll.tmp C: Windows \ System32 \ drivers \ str.sys C: \ Windows \ system32 \ drivers \ UACymttprqpphespir.sys C: \ Windows \ system32 \ edurozoj.ini C: \ Windows \ system32 \ foyefolu.dll.tmp C: \ Windows \ system32 \ huboweri.dll.tmp C: \ Windows \ system32 \ ipepiyik.ini C: \ Windows \ system32 \ irawesak.ini C: \ Windows \ system32 \ jiyiduse.dll.tmp C: \ Windows \ system32 \ lcch.dat C: \ Windows \ system32 \ lut.dat C: \ Windows \ system32 \ nfr.assembly C: \ Windows \ system32 \ nfr.gpref C: \ Windows \ system32 \ obinunud.ini C: \ Windows \ system32 \ ofalonoy.ini C: \ Windows \ system32 \ ozejalir.ini C: \ Windows \ system32 \ srsut.bak1 C: \ Windows \ system32 \ tconini.dat C: \ Windows \ system32 \ UACakmovnkvlbejvsw.dll C: \ Windows \ system32 \ uacinit.dll C: \ Windows \ system32 \ UACjqblgassmsyrtsd.log C: \ Windows \ system32 \ UACkpxjqwvugnspokq.dll C: \ Windows \ system32 \ UACllkyxudengakpfn.dll C: \ Windows \ system32 \ UACmxexwkuwcfyxylo.dll C: \ Windows \ system32 \ UACtdqoweywvrmpfuc.dat C: \ Windows \ system32 \ UACwixxvmnqlxbujns.log C: \ Windows \ system32 \ UACwqwjasvfplrvpdn.log C: \ Windows \ system32 \ UACxcvrjkwrnbmiqml.dll C: \ Windows \ system32 \ ugujasof.ini C: \ Windows \ system32 \ utodobah.ini C: \ Windows \ system32 \ grpconv.exe trūko Restauruotos kopija - C: \ Windows \ ServicePackFiles \ i386 \ grpconv.exe C: \ Windows \ system32 \ proquota.exe trūko Restauruotos kopija - C: \ Windows \ ServicePackFiles \ i386 \ proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers / Paslaugos )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Service_UACd.sys ------- \ Legacy_PODMENA ------- \ Legacy_PODMENADRV ((((((((((((((((((((((((( Failus, sukurtus nuo 2009/05/19 iki 2009/06/19 ))))))))))) )))))))))))))))))))) . 2009-06-19 13:09. 2004-08-04 07:56 50176-C - AW-c: \ windows \ system32 \ dllcache \ proquota.exe 2009-06-19 13:09. 2004-08-04 07:56 50176 ---- AW-c: \ windows \ system32 \ proquota.exe 2009-06-18 18:04. 2009-06-18 18:04 3561743 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes \ Malwarebytes 'Anti-Malware \ mbam-setup.exe 2009-06-18 15:58. 2009-06-18 18:01 117760 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-18 15:57. 2009-06-18 15:57 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2009-06-18 15:54. 2009-06-18 15:57 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2009-06-18 15:54. 2009-06-18 15:54 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com 2009-06-18 15:53. 2009-06-18 15:53 -------- d ----- w C: \ Program Files \ Common Files \ Wise Installation Wizard 2009-06-18 15:42. 2009-06-18 15:42 -------- d ----- W-c: \ Program Files \ CCleaner 2009-06-18 05:27. 2009-06-18 05:27 152576 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Sun \ Java \ jre1.6.0_14 \ lzma.dll 2009-06-18 04:28. 2009-06-18 04:28 -------- d ----- w C: \ Program Files \ Trend Micro 2009-06-13 07:06. 2002-06-19 23:03 151552 ---- AW-c: \ windows \ system32 \ igfxres.dll 2009-06-13 06:38. 2002-06-21 15:02 266240 ---- AW-c: \ windows \ system32 \ shpshftr.dll 2009-06-13 06:00. 2009-06-13 06:00 444 ---- AW-c: \ windows \ system32 \ d3d8caps.dat 2009-06-13 05:01. 2009-06-13 05:01 -------- d ----- w C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Mozilla 2009-06-13 04:44. 2009-06-18 04:53 -------- d ----- W-c: \ Program Files \ Startup optimizavimo 2009-06-12 23:31. 2009-06-12 23:31 -------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes 2009-06-12 22:21. 2009-05-26 17:20 40160 ---- AW-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009-06-12 22:21. 2009-06-12 22:23 -------- d ----- W-c: \ Program Files \ Malwarebytes 'Anti-Malware 2009-06-12 22:21. 2009-05-26 17:19 19096 ---- AW-c: \ windows \ system32 \ drivers \ mbam.sys 2009-06-12 19:18. 2009-06-12 23:26 45 ---- AW-c: \ windows \ system32 \ ca.dat 2009-06-12 18:56. 2008-03-04 19:59 41144 ---- AW-c: \ windows \ system32 \ drivers \ ShlDrv51.sys 2009-06-12 18:56. 2008-02-07 16:03 179640 ---- AW-c: \ windows \ system32 \ drivers \ PavProc.sys 2009-06-12 18:21. 2009-06-12 18:56 -------- d ----- w C: \ Program Files \ Common Files \ Panda Security 2009-06-03 05:12. 2004-08-04 07:56 221184 ---- AW-c: \ windows \ system32 \ wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-19 01:27. 2008-05-23 05:13 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg8 2009-06-18 05:31. 2009-01-05 00:21 410984 ---- AW-c: \ windows \ system32 \ deploytk.dll 2009-06-18 05:31. 2009-01-12 01:18 -------- d ----- w C: \ Program Files \ Java 2009-06-13 04:50. 2009-01-05 04:50 -------- d ----- W-c: \ Program Files \ Web Skelbti 2009-06-13 04:49. 2008-08-20 22:26 -------- d ----- w C: \ Program Files \ Mozilla Thunderbird 2009-06-12 22:57. 2009-04-16 15:22 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ U3 2009-06-12 18:22. 2006-05-02 03:43 -------- D - H - W-c: \ Program Files \ InstallShield įrengimas Informacija 2009-06-12 16:10. 2009-04-19 18:00 -------- d ----- W-c: \ program files \ google 2009-06-02 16:49. 2009-03-29 21:27 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ n-Track Studio6 2009-05-15 13:30. 2006-07-15 14:36 -------- d ----- w C: \ Program Files \ QuickTime 2009-05-15 13:30. 2006-07-15 15:39 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer 2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w C: \ Program Files \ Apple Software Update 2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple 2009-05-12 19:53. 2009-05-12 19:53 16141 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Pagalba \ lego.exe 2009-05-12 19:53. 2009-05-12 19:53 11410 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Identities \ msgdi.dll 2009-05-12 19:53. 2009-05-12 19:53 10121 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Lavasoft \ kern.dll 2009-05-12 19:53. 2009-05-12 19:53 422 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Apple Computer \ socks1.exe 2009-05-12 19:53. 2009-05-12 19:53 145131 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ DIVX \ nomad.exe 2009-05-12 19:53. 2009-05-12 19:53 13221 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Adobe \ rengo.dll 2009-05-12 19:53. 2009-05-12 19:53 11232 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ acccore \ shalom.exe 2009-05-11 14:21. 2009-05-11 14:21 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes 2009-05-11 14:20. 2009-05-11 14:20 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2009-05-01 02:42. 2009-05-01 02:42 130443 ---- AW-c: \ windows \ system32 \ rn.tmp 2009-04-22 16:14. 2006-05-03 02:44 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ n-Track Studio 2009-04-21 07:27. 2006-05-03 02:44 12024 ---- AW-C: \ Documents and Settings \ Owner \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-15 20:25. 2009-04-19 18:01 43528 ------ W-c: \ windows \ system32 \ drivers \ PxHelp20.sys 2009-04-15 20:25. 2009-04-19 18:01 9464 ------ W-c: \ windows \ system32 \ drivers \ cdralw2k.sys 2009-04-15 20:25. 2009-04-19 18:01 9336 ------ W-c: \ windows \ system32 \ drivers \ cdr4_xp.sys 2009-04-15 20:25. 2009-04-19 18:01 120056 ------ W-c: \ windows \ system32 \ pxcpyi64.exe 2009-04-15 20:25. 2009-04-19 18:01 118520 ------ W-c: \ windows \ system32 \ pxinsi64.exe 2009-04-15 20:25. 2009-04-19 18:01 129784 ------ W-c: \ windows \ system32 \ pxafs.dll 2009-04-15 20:24. 2009-04-15 20:24 90112 ---- AW-c: \ windows \ system32 \ dpl100.dll 2009-04-15 20:24. 2009-04-15 20:24 823296 ---- AW-c: \ windows \ system32 \ divx_xx0c.dll 2009-04-15 20:24. 2009-04-15 20:24 823296 ---- AW-c: \ windows \ system32 \ divx_xx07.dll 2009-04-15 20:24. 2009-04-15 20:24 815104 ---- AW-c: \ windows \ system32 \ divx_xx0a.dll 2009-04-15 20:24. 2009-04-15 20:24 802816 ---- AW-c: \ windows \ system32 \ divx_xx11.dll 2009-04-15 20:24. 2009-04-15 20:24 684032 ---- AW-c: \ windows \ system32 \ DivX.dll 2009-04-01 16:35. 2009-04-01 16:34 7040776 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ MySpace \ MP \ Install \ MSIMClientSetup.1.0.789.0-static-a.exe 2009-04-01 16:33. 2009-04-01 16:33 300800 ---- AW-C: \ MySpaceIM_Setup.exe 2009-03-31 23:24. 2009-03-31 23:23 16494272 ---- AW-C: \ nTrackSetup.exe 2009-03-30 22:38. 2009-03-30 22:38 25214 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _16496df1.exe 2009-03-30 22:38. 2009-03-30 22:38 2998 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _69525f90.exe 2009-03-30 22:38. 2009-03-30 22:38 2998 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _294823.exe 2009-03-30 22:38. 2009-03-30 22:38 2998 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _18be6784.exe 2009-03-30 22:38. 2009-03-30 22:38 25214 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _4ae13d6c.exe 2009-03-30 22:38. 2009-03-30 22:38 25214 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _2cd672ae.exe 2009-02-26 16:20. 2009-02-26 16:20 6309376 ---- AW-c: \ Program Files \ ntrack.exe 2009-02-26 16:05. 2009-02-26 16:05 126976 ---- AW-c: \ Program Files \ AMGateway.ax 2009-02-26 16:05. 2009-02-26 16:05 63168 ---- AW-c: \ Program Files \ RegisterComponents.exe 2009-02-26 16:05. 2009-02-26 16:05 163520 ---- AW-c: \ Program Files \ ReportDump.exe 2009-02-26 16:04. 2009-02-26 16:04 86016 ---- AW-c: \ Program Files \ vstscan.exe 2009-02-26 16:04. 2009-02-26 16:04 45056 ---- AW-c: \ Program Files \ ball.ax 2009-02-26 16:01. 2009-02-26 16:01 78848 ---- AW-c: \ Program Files \ EmptyProjectAction.dll 2009-02-26 16:01. 2009-02-26 16:01 147456 ---- AW-c: \ Program Files \ nTrackDotControls.dll 2009-02-26 16:00. 2009-02-26 16:00 637440 ---- AW-c: \ Program Files \ NativeControls6.dll 2009-02-26 15:59. 2009-02-26 15:59 99328 ---- AW-c: \ Program Files \ SurroundVSTGui.dll 2009-02-26 15:59. 2009-02-26 15:59 45056 ---- AW-c: \ Program Files \ yeti.mmedia.dll 2009-02-26 15:59. 2009-02-26 15:59 40960 ---- AW-c: \ Program Files \ cdcopier.dll 2009-02-26 15:59. 2009-02-26 15:59 28672 ---- AW-c: \ Program Files \ Ripper.dll 2009-02-26 15:59. 2009-02-26 15:59 8704 ---- AW-c: \ Program Files \ ntrack3rdparty.dll 2009-02-26 15:59. 2009-02-26 15:59 5120 ---- AW-c: \ Program Files \ WindowsFormsBase.dll 2009-02-26 15:59. 2009-02-26 15:59 36864 ---- AW-c: \ Program Files \ nttest.dll 2009-02-26 15:59. 2009-02-26 15:59 32768 ---- AW-c: \ Program Files \ nTrackDotNet.dll 2009-02-26 15:59. 2009-02-26 15:59 24576 ---- AW-c: \ Program Files \ AVFader.dll 2009-02-26 15:59. 2009-02-26 15:59 6656 ---- AW-c: \ Program Files \ nativecontrolsinterop.dll 2009-02-07 22:10. 2009-02-07 22:10 528726 ---- AW-c: \ Program Files \ n-Track.htm 2009-02-06 00:15. 2009-02-06 00:15 225792 ---- AW-c: \ Program Files \ AutoVol.dll 2009-02-06 00:14. 2009-02-06 00:14 228352 ---- AW-c: \ Program Files \ Chorus.dll 2009-02-06 00:14. 2009-02-06 00:14 228864 ---- AW-c: \ Program Files \ Echo.dll 2009-02-06 00:12. 2009-02-06 00:12 369152 ---- AW-c: \ Program Files \ ntrck_PitchShift.dll 2009-02-06 00:11. 2009-02-06 00:11 176128 ---- AW-c: \ Program Files \ Riverbero.dll 2009-02-06 00:09. 2009-02-06 00:09 434688 ---- AW-c: \ Program Files \ facomp10.dll 2009-02-06 00:08. 2009-02-06 00:08 379904 ---- AW-c: \ Program Files \ dxirewire.dll 2009-02-06 00:06. 2009-02-06 00:06 951808 ---- AW-c: \ Program Files \ fa4bdeq.dll 2009-01-13 14:16. 2009-01-13 14:16 3455 ---- AW-c: \ Program Files \ order.html 2008-11-28 00:23. 2008-11-28 00:23 642840 ---- AW-c: \ Program Files \ n-track.cfg 2008-10-25 23:46. 2008-10-25 23:46 4920 ---- AW-c: \ Program Files \ order_upgrade.html 2008-09-02 23:06. 2008-09-02 23:06 231936 ---- AW-c: \ Program Files \ ShellCtl.dll 2008-08-31 13:20. 2008-08-31 13:20 105056 ---- AW-c: \ Program Files \ Setup.bmp 2008-06-20 18:37. 2008-06-20 18:37 24576 ---- AW-c: \ Program Files \ ScrollerAbout.dll 2008-06-20 18:18. 2008-06-20 18:18 831058 ---- AW-c: \ Program Files \ banks_default.txt 2008-06-20 18:18. 2008-06-20 18:18 709 ---- AW-c: \ Program Files \ ntrack.exe.config 2008-06-20 18:18. 2008-06-20 18:18 22124 ---- AW-c: \ Program Files \ us428_faders.dat 2008-06-20 18:18. 2008-06-20 18:18 22124 ---- AW-c: \ Program Files \ us224_faders.dat 2008-06-20 18:17. 2008-06-20 18:17 4035 ---- AW-c: \ Program Files \ n-track_help.cnt 2008-06-20 18:17. 2008-06-20 18:17 169585 ---- AW-c: \ Program Files \ Drum Example.sng 2008-06-20 18:17. 2008-06-20 18:17 15457 ---- AW-c: \ Program Files \ FACOMP10.HLP 2008-06-20 18:17. 2008-06-20 18:17 25698 ---- AW-c: \ Program Files \ FA4BDEQ.HLP 2008-06-20 18:16. 2008-06-20 18:16 19339 ---- AW-c: \ Program Files \ n-TRACK_EFX.HLP 2004-06-11 20:19. 2004-06-11 20:19 25214 ---- AW-c: \ Program Files \ help_icon.ico 2004-06-07 13:23. 2004-06-07 13:23 25214 ---- AW-c: \ Program Files \ link_icon.ico 2000-11-12 03:30. 2000-11-12 03:30 86 ---- AW-c: \ Program Files \ BUYIT!. URL 2000-11-12 03:28. 2000-11-12 03:28 73 ---- AW-c: \ Program Files \ n-Track.url 2009-04-15 20:24. 2009-04-15 20:24 1044480 ---- AW-C: \ Program Files \ Mozilla Firefox \ Plugins \ libdivx.dll 2009-04-15 20:24. 2009-04-15 20:24 200704 ---- AW-C: \ Program Files \ Mozilla Firefox \ Plugins \ ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "IgfxTray" = "C: \ Windows \ system32 \ igfxtray.exe" [2002-06-19 155648] "HotKeysCmds" = "C: \ Windows \ system32 \ hkcmd.exe" [2002-06-19 114688] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-06-18 148888] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "MySpaceIM" = "C: \ Program Files \ MySpace \ MP \ MySpaceIM.exe" [2008-12-12 9555968] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] (5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLs" = "c: \ windows \ system32 \ avgrsstx.dl L [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ sessmgr.exe" = "C: \ Program Files \ AVG \ \ AVG8 \ \ avgupd.exe" = "C: \ Program Files \ AVG \ \ AVG8 \ \ avgemc.exe" = "C: \ Program Files \ \ ATT-HSI \ \ McciBrowser.exe" = "C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" = "C: \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ \ WINDOWS \ \ System32 \ \ igfxtray.exe" = "C: \ Program Files \ AVG \ \ AVG8 \ \ avgrsx.exe" = "% windir% \ \ System32 \ \ drivers \ \ svchost.exe" = "C: \ Program Files \ \" MySpace \ \ MP \ \ MySpaceIM.exe "= [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "53: TCP" = 53: TCP: websrvx R1 AvgLdx86; AVG AVI Loader Vairuotojas x86, c: \ windows \ system32 \ drivers \ avgldx86.sys [5/23/2008 1:13 96.520] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/26/2009 10:05 9.968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/26/2009 10:05 72.944] R1 ShldDrv; Panda Failas Shield Driver; c: \ windows \ system32 \ drivers \ ShlDrv51.sys [6/12/2009 2:56 41.144] R2 avg8emc; AVG8 E-mail Scanner, C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe [5/23/2008 1:13 902.424] R2 avg8wd; AVG8 WatchDog, C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [5/23/2008 1:13 282.904] R2 AvgTdiX; AVG8 Tinklo readresatora; c: \ windows \ system32 \ drivers \ avgtdix.sys [5/23/2008 1:13 75.272] R2 PavProc; Panda procese, apsaugos Driver; c: \ windows \ system32 \ drivers \ PavProc.sys [6/12/2009 2:56 179.640] R2 Požiūris Manager paslaugos; Požiūris Manager paslaugos; C: \ Program Files \ Požiūris \ Common \ ViewpointService.exe [2/5/2009 6:56 24.652] R3 (A7E39B01-B403-11d4-BD18-00D0B7A1821E); AIM 3,0 dalies 01 Codec Driver VCH-, C: \ Windows \ system32 \ drivers \ Vch.sys [5/1/2006 11:58 20.023] S2 gupdate1c9c119864b630; Google "Update Service" (gupdate1c9c119864b630), c: \ program files \ google \ update \ GoogleUpdate.exe [4/19/2009 2:02 133.104] S2 sgejhlqxcrvoui; sgejhlqxcrvoui; \? \ C: \ windows \ syste M32 \ drivers \ ngaysfvqh.sys -> C: \ Windows \ system32 \ drivers \ ngaysfvqh.sys [?] S2 vnoakhdmmnhfkc; vnoakhdmmnhfkc; \? \ C: \ windows \ syste M32 \ drivers \ ncjdccfwkwt.sys -> C: \ Windows \ system32 \ drivers \ ncjdccfwkwt.sys [?] S3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/26/2009 10:05 7.408] . Turinys "Scheduled Tasks" katalogą 2009/06/19 C: \ Windows \ Uždaviniai \ GoogleUpdateTaskMachine.job - C: \ Program Files \ Google \ update \ GoogleUpdate.exe [2009-04-19 18:00] . . ------- Papildomos Scan ------- . uStart Page = hxxp: / / www.att.net/ uInternet Connection Wizard, ShellNext = Iexplore uInternet Parametrai ProxyServer = http = localhost: 7171 uInternet Parametrai ProxyOverride = *. vietos; <local> uSearchURL, (Default) = hxxp: / / us.rd.yahoo.com / Customize / YComp / defaults / SU / *http://www.yahoo.com IE: & paieška FF - ProfilePath - C: \ Documents and Settings \ Owner \ Application Data \ Mozilla \ Firefox \ Profiles \ a8c9lkqd.default \ FF - prefs.js: browser.search.defaulturl - hxxp: / / search.yahoo.com / search? FR = ffsp1 & p = FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp: / / search.yahoo.com / search? FR = ffds1 & p = FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7.171 FF - prefs.js: network.proxy.type - 4 FF - plugin: C: \ Program Files \ Mozilla Firefox \ Plugins \ npViewpoint.dll FF - plugin: C: \ Program Files \ Požiūris \ Viewpoint Media Player \ npViewpoint.dll . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2009-06-19 09:15 Windows 5.1.2600 Service Pack 2 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... skenavimo paslėptus failus ... skenavimas baigtas sėkmingai paslėptus failus: 0 ************************************************** ************************ . --------------------- DLL Loaded Pagal aktyvūs procesai --------------------- - - - - - - -> "Winlogon.exe" (612) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll . ------------------------ Kitos aktyvūs procesai ----------------------- -- . C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe C: \ Program Files \ Common Files \ Motive \ McciCMService.exe C: \ Program Files \ Common Files \ Panda Security \ PavShld \ pavprsrv.exe C: \ Windows \ system32 \ wscntfy.exe C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe . ************************************************** ************************ . Atlikimo laikas: 2009-06-19 9:20 - mašina buvo paleistas ComboFix-karantine-files.txt 2009-06-19 13:20 Pre-Rida: 6120624128 bytes nemokamai Post-Rida: 6057713664 bytes nemokamai 300 GMER 1.0.15.14972 -- http://www.gmer.net Rootkit scan 2009-06-19 09:55:00 Windows 5.1.2600 Service Pack 2 ---- Sistema - GMER 1.0.15 ---- Kodas \? \ C: \ DOCUME ~ 1 \ Owner \ locals ~ 1 \ Temp \ catchme.sys pIofCallDriver ---- Prietaisai - GMER 1.0.15 ---- Device \ filesystem \ NTFS \ NTFS ShlDrv51.sys (PandaShield vairuotojas / Panda Security, SL) Device \ filesystem \ Fastfat \ FatCdrom ShlDrv51.sys (PandaShield vairuotojas / Panda Security, SL) Device \ Driver \ Tcpip \ Device \ Ip avgtdix.sys (AVG Tinklo jungtis watcher / AVG Technologies CZ, sro) Device \ Driver \ Tcpip \ Device \ TCP avgtdix.sys (AVG Tinklo jungtis watcher / AVG Technologies CZ, sro) Device \ Driver \ Tcpip \ Device \ UDP avgtdix.sys (AVG Tinklo jungtis watcher / AVG Technologies CZ, sro) Device \ Driver \ Tcpip \ Device \ RawIp avgtdix.sys (AVG Tinklo jungtis watcher / AVG Technologies CZ, sro) Device \ Driver \ Tcpip \ Device \ IPMULTICAST avgtdix.sys (AVG Tinklo jungtis watcher / AVG Technologies CZ, sro) Device \ filesystem \ Fastfat \ Riebalai ShlDrv51.sys (PandaShield vairuotojas / Panda Security, SL) AttachedDevice \ filesystem \ Fastfat \ Riebalai fltmgr.sys ( "Microsoft failųsistemos Filter Manager / Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
|
#6
Birželis 19, 2009, 15:36
| |||
| |||
| Howdy ten Gerą darbą gauti combofix užbaigti, combofix abejo, prireikė šiek tiek šlamšto iš savo sistemos! Dar kai darbas liko padaryti dar nors .... 1. Uždarykite visus atidarytus naršyklės. 2.Užtikrinti turite neįgaliesiems visi antivirusinę ir kovos kenkėjiškų programų, todėl jie neturi trukdyti ComboFix veikia. 3. Atidarykite Notepad ir nukopijuokite / įklijuokite į quotebox žemiau tekstą į jį: Kodas File: C: \ WINDOWS \ system32 \ luruwono.dll C: \ WINDOWS \ system32 \ rn.tmp C: \ WINDOWS \ system32 \ drivers \ ngaysfvqh.sys C: \ WINDOWS \ system32 \ drivers \ ncjdccfwkwt.sys Driver:: sgejhlqxcrvoui vnoakhdmmnhfkc DDS:: uInternet Parametrai ProxyServer = http = localhost: 7171 uInternet Parametrai ProxyOverride = *. vietos; <local> FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy. http_port - 7.171 FF - prefs.js: network.proxy.type - 4  Nuoroda į paveikslėlį aukščiau, vilkite CFScript į ComboFix.exe Kai baigsite, ji turi pateikti žurnale jums C: \ ComboFix.txt kurį aš reikalauti iš kito atsakymo. Atsisiųskite ATF Cleaner iki Atribune. Ši programa yra Windows XP ir Windows 2000 Dukart spustelėkite ATF-Cleaner.exe paleisti programą. Po Svarbiausias Pasirinkite: Select All Spauskite Tuščias Rinktiniai mygtuką. Jei naudojate Firefox naršyklę Spauskite Firefox viršuje ir pasirinkti: Select All Spauskite Tuščias Rinktiniai mygtuką. PASTABA Jei norite išsaugoti savo išsaugotus slaptažodžius, spauskite Ne į eilutę. Jei naudojate Opera naršyklę Spauskite Opera viršuje ir pasirinkti: Select All Spauskite Tuščias Rinktiniai mygtuką. PASTABA Jei norite išsaugoti savo išsaugotus slaptažodžius, spauskite Ne į eilutę. Spauskite Atsijungti pagrindiniame meniu, jei norite uždaryti programą. Dėl Techninė pagalbaDukart spustelėkite e-pašto adresas, esančių kiekvienos meniu apačioje. Nustatyti interneto ryšį ir atlikti internetu skenavimas su Internet Explorer į Kaspersky Online Scanner. ** Vista vartotojai - dešiniuoju pelės mygtuku spustelėkite IE / Firefox piktogramą ir paleisti kaip administratorius Spauskite SutinkuKai paraginti atsisiųsti ir įdiegti programą failų ir duomenų bazės kenkėjiškų programų sąvokų apibrėžimai.
Ši animacija padės jums per procesą:  ** Pastaba: ** Optimizuoti nuskaitymo laikas ir gaminti protingiau ataskaitos peržiūros: Uždarykite visas atidarytas programas Išjungti realiu laiku skenerio visus esamus antivirusinę programą atlikdami online scan. Jūs galite atsijungti nuo interneto, kai tik prasideda skenavimas. Pastaba: "Internet Explorer 7 vartotojams: Jei bet kuriuo metu turite problemų Peržiūri priimti mygtuką licenciją, paspauskite Zoom įrankis apačioje dešinėje IE langą ir nustatytas priartinimas iki 75%. Kai licencija gyvūnus, nukrenta iki 100%. Rašyti nugaros nuo combofix rezultatų ir Kaspersky skanuoti. Atnaujinti mane, kaip viskas veikia dabar
__________________ Didžiuotis narys ASAP & UNITE |
|
#7
Birželis 21, 2009, 09:08
| |||
| |||
| http://www.yahoo.com IE: & Search FF - ProfilePath -. ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net |
|
#8
Birželis 21, 2009, 14:54
| |||
| |||
| Sveiki Prisijungti galite Posted neskaito, Ar galite repost naudodami Notepad kaip redaktoriaus ir užtikrinti, kad word wrap yra išjungtas. Leidžia išbandyti skirtingus skaitytuvo ... Atlikti internetu skenavimas su Panda ActiveScan
* Išjunkite realiu laiku skenerio visus esamus antivirusinę programą atlikdami online scan. Avast vartotojų Pastaba: Prašome tęsti internetu nuskaityti Panda jei gaunate perspėjimą. Tai yra klaidingas teigiamas Avast nes Panda Antivirus nėra šifruoti jo virusu duomenų bazę.
__________________ Didžiuotis narys ASAP & UNITE |
|
#9
Birželis 22, 2009, 04:28
| |||
| |||
| Wow. Jūs visiškai teisus, paskutinė žinutė-Sorry about that. Net neįsivaizduoju, kas nutiko (jis atrodė teisę, kai aš įdėti jį vistiek), bet aš pabandyti dar kartą. Aktyvus Scan dirbo, bet nemanau, dezinfekuojamos, iš tikrųjų nieko, aš paspaudėte mygtuką, ir ji tapo pilkas, bet nieko neįvyko. Štai Įrašai tiek: ComboFix 09-06-20.04 - Owner 06/21/2009 11:33.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.123 [GMT -4:00] Veikia nuo: C: \ Documents and Settings \ Owner \ Desktop \ Combo-Fix.exe Command jungikliai naudojami: C: \ Documents and Settings \ Owner \ Desktop \ CFScript.txt AV: AVG Anti-Virus Free * On-susipažinti skenavimo įjungti * (Atnaujinta) (17DDD097-36FF-435F-9E1B-52D74245D6BF) FW: F-Secure Anti-Virus 2006 6,10 * neįgaliesiems * (D4747503-0346-49EB-9262-997542F79BF4) Failas: "C: \ Windows \ system32 \ drivers \ ncjdccfwkwt.sys" "C: \ Windows \ system32 \ drivers \ ngaysfvqh.sys" "C: \ Windows \ system32 \ luruwono.dll" "C: \ Windows \ system32 \ rn.tmp" . ((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Windows \ system32 \ rn.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers / Paslaugos )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_SGEJHLQXCRVOUI ------- \ Legacy_VNOAKHDMMNHFKC ------- \ Service_sgejhlqxcrvoui ------- \ Service_vnoakhdmmnhfkc ((((((((((((((((((((((((( Failus, sukurtus nuo 2009/05/21 iki 2009/06/21 ))))))))))) )))))))))))))))))))) . 2009-06-19 13:09. 2004-08-04 07:56 50176-C - AW-c: \ windows \ system32 \ dllcache \ proquota.exe 2009-06-19 13:09. 2004-08-04 07:56 50176 ---- AW-c: \ windows \ system32 \ proquota.exe 2009-06-19 13:09. 2004-08-04 07:56 39424-C - AW-c: \ windows \ system32 \ dllcache \ grpconv.exe 2009-06-19 13:09. 2004-08-04 07:56 39424 ---- AW-c: \ windows \ system32 \ grpconv.exe 2009-06-18 18:04. 2009-06-18 18:04 3561743 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes \ Malwarebytes 'Anti-Malware \ mbam-setup.exe 2009-06-18 15:58. 2009-06-18 18:01 117760 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-18 15:57. 2009-06-18 15:57 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2009-06-18 15:54. 2009-06-18 15:57 -------- d ----- w C: \ Program Files \ SUPERAntiSpyware 2009-06-18 15:54. 2009-06-18 15:54 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com 2009-06-18 15:53. 2009-06-18 15:53 -------- d ----- w C: \ Program Files \ Common Files \ Wise Installation Wizard 2009-06-18 15:42. 2009-06-18 15:42 -------- d ----- W-c: \ Program Files \ CCleaner 2009-06-18 05:27. 2009-06-18 05:27 152576 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Sun \ Java \ jre1.6.0_14 \ lzma.dll 2009-06-18 04:28. 2009-06-18 04:28 -------- d ----- w C: \ Program Files \ Trend Micro 2009-06-13 07:06. 2002-06-19 23:03 151552 ---- AW-c: \ windows \ system32 \ igfxres.dll 2009-06-13 06:38. 2002-06-21 15:02 266240 ---- AW-c: \ windows \ system32 \ shpshftr.dll 2009-06-13 06:00. 2009-06-13 06:00 444 ---- AW-c: \ windows \ system32 \ d3d8caps.dat 2009-06-13 05:01. 2009-06-13 05:01 -------- d ----- w C: \ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Mozilla 2009-06-13 04:44. 2009-06-18 04:53 -------- d ----- W-c: \ Program Files \ Startup optimizavimo 2009-06-12 23:31. 2009-06-12 23:31 -------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes 2009-06-12 22:21. 2009-05-26 17:20 40160 ---- AW-c: \ windows \ system32 \ drivers \ mbamswissarmy.sys 2009-06-12 22:21. 2009-06-12 22:23 -------- d ----- W-c: \ Program Files \ Malwarebytes 'Anti-Malware 2009-06-12 22:21. 2009-05-26 17:19 19096 ---- AW-c: \ windows \ system32 \ drivers \ mbam.sys 2009-06-12 19:18. 2009-06-12 23:26 45 ---- AW-c: \ windows \ system32 \ ca.dat 2009-06-12 18:56. 2008-03-04 19:59 41144 ---- AW-c: \ windows \ system32 \ drivers \ ShlDrv51.sys 2009-06-12 18:56. 2008-02-07 16:03 179640 ---- AW-c: \ windows \ system32 \ drivers \ PavProc.sys 2009-06-12 18:21. 2009-06-12 18:56 -------- d ----- w C: \ Program Files \ Common Files \ Panda Security 2009-06-03 05:12. 2004-08-04 07:56 221184 ---- AW-c: \ windows \ system32 \ wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-19 01:27. 2008-05-23 05:13 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg8 2009-06-18 05:31. 2009-01-05 00:21 410984 ---- AW-c: \ windows \ system32 \ deploytk.dll 2009-06-18 05:31. 2009-01-12 01:18 -------- d ----- w C: \ Program Files \ Java 2009-06-13 04:50. 2009-01-05 04:50 -------- d ----- W-c: \ Program Files \ Web Skelbti 2009-06-13 04:49. 2008-08-20 22:26 -------- d ----- w C: \ Program Files \ Mozilla Thunderbird 2009-06-12 22:57. 2009-04-16 15:22 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ U3 2009-06-12 18:22. 2006-05-02 03:43 -------- D - H - W-c: \ Program Files \ InstallShield įrengimas Informacija 2009-06-12 16:10. 2009-04-19 18:00 -------- d ----- W-c: \ program files \ google 2009-06-02 16:49. 2009-03-29 21:27 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ n-Track Studio6 2009-05-15 13:30. 2006-07-15 14:36 -------- d ----- w C: \ Program Files \ QuickTime 2009-05-15 13:30. 2006-07-15 15:39 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer 2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w C: \ Program Files \ Apple Software Update 2009-05-15 13:29. 2009-05-15 13:29 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple 2009-05-12 19:53. 2009-05-12 19:53 16141 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Pagalba \ lego.exe 2009-05-12 19:53. 2009-05-12 19:53 11410 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Identities \ msgdi.dll 2009-05-12 19:53. 2009-05-12 19:53 10121 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Lavasoft \ kern.dll 2009-05-12 19:53. 2009-05-12 19:53 422 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Apple Computer \ socks1.exe 2009-05-12 19:53. 2009-05-12 19:53 145131 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ DIVX \ nomad.exe 2009-05-12 19:53. 2009-05-12 19:53 13221 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ Adobe \ rengo.dll 2009-05-12 19:53. 2009-05-12 19:53 11232 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ acccore \ shalom.exe 2009-05-11 14:21. 2009-05-11 14:21 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes 2009-05-11 14:20. 2009-05-11 14:20 -------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2009-04-22 16:14. 2006-05-03 02:44 -------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ n-Track Studio 2009-04-21 07:27. 2006-05-03 02:44 12024 ---- AW-C: \ Documents and Settings \ Owner \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-15 20:25. 2009-04-19 18:01 43528 ------ W-c: \ windows \ system32 \ drivers \ PxHelp20.sys 2009-04-15 20:25. 2009-04-19 18:01 9464 ------ W-c: \ windows \ system32 \ drivers \ cdralw2k.sys 2009-04-15 20:25. 2009-04-19 18:01 9336 ------ W-c: \ windows \ system32 \ drivers \ cdr4_xp.sys 2009-04-15 20:25. 2009-04-19 18:01 120056 ------ W-c: \ windows \ system32 \ pxcpyi64.exe 2009-04-15 20:25. 2009-04-19 18:01 118520 ------ W-c: \ windows \ system32 \ pxinsi64.exe 2009-04-15 20:25. 2009-04-19 18:01 129784 ------ W-c: \ windows \ system32 \ pxafs.dll 2009-04-15 20:24. 2009-04-15 20:24 90112 ---- AW-c: \ windows \ system32 \ dpl100.dll 2009-04-15 20:24. 2009-04-15 20:24 823296 ---- AW-c: \ windows \ system32 \ divx_xx0c.dll 2009-04-15 20:24. 2009-04-15 20:24 823296 ---- AW-c: \ windows \ system32 \ divx_xx07.dll 2009-04-15 20:24. 2009-04-15 20:24 815104 ---- AW-c: \ windows \ system32 \ divx_xx0a.dll 2009-04-15 20:24. 2009-04-15 20:24 802816 ---- AW-c: \ windows \ system32 \ divx_xx11.dll 2009-04-15 20:24. 2009-04-15 20:24 684032 ---- AW-c: \ windows \ system32 \ DivX.dll 2009-04-01 16:35. 2009-04-01 16:34 7040776 ---- AW-C: \ Documents and Settings \ Owner \ Application Data \ MySpace \ MP \ Install \ MSIMClientSetup.1.0.789.0-static-a.exe 2009-04-01 16:33. 2009-04-01 16:33 300800 ---- AW-C: \ MySpaceIM_Setup.exe 2009-03-31 23:24. 2009-03-31 23:23 16494272 ---- AW-C: \ nTrackSetup.exe 2009-03-30 22:38. 2009-03-30 22:38 25214 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _16496df1.exe 2009-03-30 22:38. 2009-03-30 22:38 2998 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _69525f90.exe 2009-03-30 22:38. 2009-03-30 22:38 2998 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _294823.exe 2009-03-30 22:38. 2009-03-30 22:38 2998 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _18be6784.exe 2009-03-30 22:38. 2009-03-30 22:38 25214 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _4ae13d6c.exe 2009-03-30 22:38. 2009-03-30 22:38 25214 ---- AR-c: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Installer \ (47312E0A-043C-409D-B6D0-1482457F2CDA) \ _2cd672ae.exe 2009-02-26 16:20. 2009-02-26 16:20 6309376 ---- AW-c: \ Program Files \ ntrack.exe 2009-02-26 16:05. 2009-02-26 16:05 126976 ---- AW-c: \ Program Files \ AMGateway.ax 2009-02-26 16:05. 2009-02-26 16:05 63168 ---- AW-c: \ Program Files \ RegisterComponents.exe 2009-02-26 16:05. 2009-02-26 16:05 163520 ---- AW-c: \ Program Files \ ReportDump.exe 2009-02-26 16:04. 2009-02-26 16:04 86016 ---- AW-c: \ Program Files \ vstscan.exe 2009-02-26 16:04. 2009-02-26 16:04 45056 ---- AW-c: \ Program Files \ ball.ax 2009-02-26 16:01. 2009-02-26 16:01 78848 ---- AW-c: \ Program Files \ EmptyProjectAction.dll 2009-02-26 16:01. 2009-02-26 16:01 147456 ---- AW-c: \ Program Files \ nTrackDotControls.dll 2009-02-26 16:00. 2009-02-26 16:00 637440 ---- AW-c: \ Program Files \ NativeControls6.dll 2009-02-26 15:59. 2009-02-26 15:59 99328 ---- AW-c: \ Program Files \ SurroundVSTGui.dll 2009-02-26 15:59. 2009-02-26 15:59 45056 ---- AW-c: \ Program Files \ yeti.mmedia.dll 2009-02-26 15:59. 2009-02-26 15:59 40960 ---- AW-c: \ Program Files \ cdcopier.dll 2009-02-26 15:59. 2009-02-26 15:59 28672 ---- AW-c: \ Program Files \ Ripper.dll 2009-02-26 15:59. 2009-02-26 15:59 8704 ---- AW-c: \ Program Files \ ntrack3rdparty.dll 2009-02-26 15:59. 2009-02-26 15:59 5120 ---- AW-c: \ Program Files \ WindowsFormsBase.dll 2009-02-26 15:59. 2009-02-26 15:59 36864 ---- AW-c: \ Program Files \ nttest.dll 2009-02-26 15:59. 2009-02-26 15:59 32768 ---- AW-c: \ Program Files \ nTrackDotNet.dll 2009-02-26 15:59. 2009-02-26 15:59 24576 ---- AW-c: \ Program Files \ AVFader.dll 2009-02-26 15:59. 2009-02-26 15:59 6656 ---- AW-c: \ Program Files \ nativecontrolsinterop.dll 2009-02-07 22:10. 2009-02-07 22:10 528726 ---- AW-c: \ Program Files \ n-Track.htm 2009-02-06 00:15. 2009-02-06 00:15 225792 ---- AW-c: \ Program Files \ AutoVol.dll 2009-02-06 00:14. 2009-02-06 00:14 228352 ---- AW-c: \ Program Files \ Chorus.dll 2009-02-06 00:14. 2009-02-06 00:14 228864 ---- AW-c: \ Program Files \ Echo.dll 2009-02-06 00:12. 2009-02-06 00:12 369152 ---- AW-c: \ Program Files \ ntrck_PitchShift.dll 2009-02-06 00:11. 2009-02-06 00:11 176128 ---- AW-c: \ Program Files \ Riverbero.dll 2009-02-06 00:09. 2009-02-06 00:09 434688 ---- AW-c: \ Program Files \ facomp10.dll 2009-02-06 00:08. 2009-02-06 00:08 379904 ---- AW-c: \ Program Files \ dxirewire.dll 2009-02-06 00:06. 2009-02-06 00:06 951808 ---- AW-c: \ Program Files \ fa4bdeq.dll 2009-01-13 14:16. 2009-01-13 14:16 3455 ---- AW-c: \ Program Files \ order.html 2008-11-28 00:23. 2008-11-28 00:23 642840 ---- AW-c: \ Program Files \ n-track.cfg 2008-10-25 23:46. 2008-10-25 23:46 4920 ---- AW-c: \ Program Files \ order_upgrade.html 2008-09-02 23:06. 2008-09-02 23:06 231936 ---- AW-c: \ Program Files \ ShellCtl.dll 2008-08-31 13:20. 2008-08-31 13:20 105056 ---- AW-c: \ Program Files \ Setup.bmp 2008-06-20 18:37. 2008-06-20 18:37 24576 ---- AW-c: \ Program Files \ ScrollerAbout.dll 2008-06-20 18:18. 2008-06-20 18:18 831058 ---- AW-c: \ Program Files \ banks_default.txt 2008-06-20 18:18. 2008-06-20 18:18 709 ---- AW-c: \ Program Files \ ntrack.exe.config 2008-06-20 18:18. 2008-06-20 18:18 22124 ---- AW-c: \ Program Files \ us428_faders.dat 2008-06-20 18:18. 2008-06-20 18:18 22124 ---- AW-c: \ Program Files \ us224_faders.dat 2008-06-20 18:17. 2008-06-20 18:17 4035 ---- AW-c: \ Program Files \ n-track_help.cnt 2008-06-20 18:17. 2008-06-20 18:17 169585 ---- AW-c: \ Program Files \ Drum Example.sng 2008-06-20 18:17. 2008-06-20 18:17 15457 ---- AW-c: \ Program Files \ FACOMP10.HLP 2008-06-20 18:17. 2008-06-20 18:17 25698 ---- AW-c: \ Program Files \ FA4BDEQ.HLP 2008-06-20 18:16. 2008-06-20 18:16 19339 ---- AW-c: \ Program Files \ n-TRACK_EFX.HLP 2004-06-11 20:19. 2004-06-11 20:19 25214 ---- AW-c: \ Program Files \ help_icon.ico 2004-06-07 13:23. 2004-06-07 13:23 25214 ---- AW-c: \ Program Files \ link_icon.ico 2000-11-12 03:30. 2000-11-12 03:30 86 ---- AW-c: \ Program Files \ BUYIT!. URL 2000-11-12 03:28. 2000-11-12 03:28 73 ---- AW-c: \ Program Files \ n-Track.url 2009-04-15 20:24. 2009-04-15 20:24 1044480 ---- AW-C: \ Program Files \ Mozilla Firefox \ Plugins \ libdivx.dll 2009-04-15 20:24. 2009-04-15 20:24 200704 ---- AW-C: \ Program Files \ Mozilla Firefox \ Plugins \ ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-06-19_13.16.48 )))))))))))) ))))))))))))))))))))))))))))) . + 2009-06-21 15:41. 2009-06-21 15:41 16384 C: \ Windows \ Temp \ Perflib_Perfdata_5b4.dat . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "IgfxTray" = "C: \ Windows \ system32 \ igfxtray.exe" [2002-06-19 155648] "HotKeysCmds" = "C: \ Windows \ system32 \ hkcmd.exe" [2002-06-19 114688] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-06-18 148888] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "MySpaceIM" = "C: \ Program Files \ MySpace \ MP \ MySpaceIM.exe" [2008-12-12 9555968] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] (5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2008-12-22 16:05 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLs" = "c: \ windows \ system32 \ avgrsstx.dl L [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ sessmgr.exe" = "C: \ Program Files \ AVG \ \ AVG8 \ \ avgupd.exe" = "C: \ Program Files \ AVG \ \ AVG8 \ \ avgemc.exe" = "C: \ Program Files \ \ ATT-HSI \ \ McciBrowser.exe" = "C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" = "C: \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ \ WINDOWS \ \ System32 \ \ igfxtray.exe" = "C: \ Program Files \ AVG \ \ AVG8 \ \ avgrsx.exe" = "% windir% \ \ System32 \ \ drivers \ \ svchost.exe" = "C: \ Program Files \ \" MySpace \ \ MP \ \ MySpaceIM.exe "= [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "53: TCP" = 53: TCP: websrvx R1 AvgLdx86; AVG AVI Loader Vairuotojas x86, c: \ windows \ system32 \ drivers \ avgldx86.sys [5/23/2008 1:13 96.520] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/26/2009 10:05 9.968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/26/2009 10:05 72.944] R1 ShldDrv; Panda Failas Shield Driver; c: \ windows \ system32 \ drivers \ ShlDrv51.sys [6/12/2009 2:56 41.144] R2 avg8emc; AVG8 E-mail Scanner, C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgemc.exe [5/23/2008 1:13 902.424] R2 avg8wd; AVG8 WatchDog, C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [5/23/2008 1:13 282.904] R2 AvgTdiX; AVG8 Tinklo readresatora; c: \ windows \ system32 \ drivers \ avgtdix.sys [5/23/2008 1:13 75.272] R2 PavProc; Panda procese, apsaugos Driver; c: \ windows \ system32 \ drivers \ PavProc.sys [6/12/2009 2:56 179.640] R2 Požiūris Manager paslaugos; Požiūris Manager paslaugos; C: \ Program Files \ Požiūris \ Common \ ViewpointService.exe [2/5/2009 6:56 24.652] R3 (A7E39B01-B403-11d4-BD18-00D0B7A1821E); AIM 3,0 dalies 01 Codec Driver VCH-, C: \ Windows \ system32 \ drivers \ Vch.sys [5/1/2006 11:58 20.023] S2 gupdate1c9c119864b630; Google "Update Service" (gupdate1c9c119864b630), c: \ program files \ google \ update \ GoogleUpdate.exe [4/19/2009 2:02 133.104] S3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/26/2009 10:05 7.408] . Turinys "Scheduled Tasks" katalogą 2009/06/21 C: \ Windows \ Uždaviniai \ GoogleUpdateTaskMachine.job - C: \ Program Files \ Google \ update \ GoogleUpdate.exe [2009-04-19 18:00] . . ------- Papildomos Scan ------- . uStart Page = hxxp: / / www.att.net/ uInternet Connection Wizard, ShellNext = Iexplore uSearchURL, (Default) = hxxp: / / us.rd.yahoo.com / Customize / YComp / defaults / SU / *http://www.yahoo.com IE: & paieška FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2009-06-21 11:42 Windows 5.1.2600 Service Pack 2 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... skenavimo paslėptus failus ... skenavimas baigtas sėkmingai paslėptus failus: 0 ************************************************** ************************ . --------------------- DLL Loaded Pagal aktyvūs procesai --------------------- - - - - - - -> "Winlogon.exe" (612) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll . ------------------------ Kitos aktyvūs procesai ----------------------- -- . C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe C: \ Program Files \ Common Files \ Motive \ McciCMService.exe C: \ Program Files \ Common Files \ Panda Security \ PavShld \ pavprsrv.exe C: \ Program Files \ AVG \ AVG8 \ avgrsx.exe C: \ Windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Atlikimo laikas: 2009-06-21 11:47 - mašina buvo paleistas ComboFix-karantine-files.txt 2009-06-21 15:47 ComboFix2.txt 2009-06-19 13:20 Pre-Rida: 4974522368 bytes nemokamai Post-Rida: 5621665792 bytes nemokamai WindowsXP-KB310994-SP2-Home-BOOTDISK-LTH.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S [operating systems] C: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / fastdetect / noexecute = OptIn 248 ;************************************************* ************************************************** ************************************************** ****************************** ANALIZĖ: 2009-06-22 07:16:51 Apsauga: 1 Kenkėjiškų programų: 10 Įtariamųjų 0 ;************************************************* ************************************************** ************************************************** ****************************** Apsauga Aprašymas Versija Aktyvus Atnaujinta ;================================================= ================================================== ================================================== ================= AVG Anti-Virus Free 8,0 Taip Taip ;================================================= ================================================== ================================================== ================= Malware Id Aprašymas tipas Aktyvus wrote Disinfectable Dezinfekuoti Vieta ;================================================= ================================================== ================================================== ================= 00139061 Cookie / Doubleclick TrackingCookie Ne Taip 0 C: \ Documents and Settings \ Owner \ Cookies \ @ "DoubleClick" savininkas [1]. Txt 00262020 Cookie / Atwola TrackingCookie Ne Taip 0 C: \ Documents and Settings \ Owner \ Cookies \ savininkas @ atwola [2]. Txt 00590315 Rootkit / Agent.LNB HackTools Ne Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP500 \ A0228202.sys 00590315 Rootkit / Agent.LNB HackTools Ne Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP501 \ A0229224.sys 00590315 Rootkit / Agent.LNB HackTools Ne Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP491 \ A0222017.sys 00590315 Rootkit / Agent.LNB HackTools Ne Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP493 \ A0223098.sys 00674736 W32/Autorun.AFX Virus / Worm Ne 1 Taip Taip: C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP491 \ A0221911.dll 00674736 W32/Autorun.AFX Virus / Worm Ne 1 Taip Taip: C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP490 \ A0221821.dll 00950476 Bck / Tdss.AZ Virus / Trojan Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233263.dll 00950476 Bck / Tdss.AZ Virus / Trojan Ne Taip Taip 0 C: \ Qoobox \ Quarantine \ C \ WINDOWS \ system32 \ UACakmovnk vlbejvsw.dll.vir 00950477 Bck / Tdss.AZ Virus / Trojan Ne Taip Taip 0 C: \ Qoobox \ Quarantine \ C \ WINDOWS \ system32 \ UACllkyxud engakpfn.dll.vir 00950477 Bck / Tdss.AZ Virus / Trojan Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233264.dll 00966996 Bck / Tdss.BC Virus / Trojan Ne Taip Taip 0 C: \ Qoobox \ Quarantine \ C \ WINDOWS \ system32 \ UACkpxjqwv ugnspokq.dll.vir 00966996 Bck / Tdss.BC Virus / Trojan Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233265.dll 01099605 Trj / Alureon.AL Virus / Trojan Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233262.dll 01099605 Trj / Alureon.AL Virus / Trojan Ne Taip Taip 0 C: \ Qoobox \ Quarantine \ C \ WINDOWS \ system32 \ UACxcvrjkw rnbmiqml.dll.vir 01318562 Trj / Downloader.WAV Virus / Trojan Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223044.dll 01318562 Trj / Downloader.WAV Virus / Trojan Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223065.dll 01318562 Trj / Downloader.WAV Virus / Trojan Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223056.dll 01318562 Trj / Downloader.WAV Virus / Trojan Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP492 \ A0223073.dll 02885963 Rootkit / Booto.C Virus / Worm Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0234260.sys 02885963 Rootkit / Booto.C Virus / Worm Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP505 \ A0235260.sys 02885963 Rootkit / Booto.C Virus / Worm Ne Taip Taip 0 C: \ System Volume Information \ _Restore (0BC9C26D-029D-4DC1-B3DC-4990696A2ECD) \ RP503 \ A0233266.sys ;================================================= ================================================== ================================================== ================= Įtariamųjų Išsiųsta kur f ;================================================= ================================================== ================================================== ================= ;================================================= ================================================== ================================================== ================= Pažeidžiamumas Id wrote Aprašymas f ;================================================= ================================================== ================================================== ================= 208.380 DAUG MS09-015-f 208.379 DAUG MS09-014-f 208.378 DAUG MS09-013-f 208.377 DAUG MS09-012-f 206.981 DAUG MS09-007-f 206.980 DAUG MS09-006-f 204.670 DAUG MS09-001-f 203.806 DAUG MS08-078-f 203.508 DAUG MS08-073-f 203.505 DAUG MS08-071-f 202.465 DAUG MS08-068-f 201.683 DAUG MS08-067-f 201.258 DAUG MS08-066-f 201.256 DAUG MS08-064-f 201.255 DAUG MS08-063-f 201.253 DAUG MS08-061-f 201.250 DAUG MS08-058-f 209.275 DAUG MS08-049-f 209.273 DAUG MS08-045-f 196.455 MEDIUM MS08-037-f 194.861 DAUG MS08-031-f 194.860 DAUG MS08-030-f 191.618 DAUG MS08-025-f 191.617 DAUG MS08-024-f 191.614 DAUG MS08-021-f 191.613 DAUG MS08-020-f 187.735 DAUG MS08-010-f 187.733 DAUG MS08-008-f 184.380 MEDIUM MS08-002-f 184.379 MEDIUM MS08-001-f 182.048 DAUG MS07-069-f 182.046 DAUG MS07-067-f 179.553 DAUG MS07-061-f 176.383 DAUG MS07-058-f 176.382 DAUG MS07-057-f 170.911 DAUG MS07-050-f 170.907 DAUG MS07-046-f 170.906 DAUG MS07-045-f 170.904 DAUG MS07-043-f 114.666 DAUG MS06-015-f 93.454 MEDIUM MS05-049-f ;================================================= ================================================== ================================================== ================= |
|
#10
Birželis 22, 2009, 09:30
| |||
| |||
| Howdy ten Atkreipkite dėmesį - Per šį pakeitimą mes įvežamų į saugų režimą. Prašome atsispausdinti šiuos savo interneto sujungimo nurodymai negali būti jums neprieinamos, per šį laikotarpį. Taip pat galite kopijuoti ir įklijuoti nustatyti į tekstinį failą ir išsaugokite jį lengvai pasiekiamoje vietoje už nuorodą. Citata:
Vienas dalykas, aš tai paminėti anksčiau buvo, kad jums atrodo, kad dvi AntiVirus įrengtas, su vienu neįgaliesiems. Galiu tik paklausti: F-Secure AV, kai senas abonemento galiojimas baigsis? Nors Panda nuskaitymo pakėlė keletą daiktų - paieškos rezultatus tikrai atrodo gerai. Dažniausiai tai, kas rasta yra arba karantino pagal combofix ar sugautų Jūsų System Restore, kuri galime išstumti ne su tikslu nustatyti siekiant išvengti pakartotinio užsikrėtimo. Aš pastebėjau, kad jūs jau turite SUPERAntiSpyware įrengta ... Noriu paleisti scan man imu. Pirmasis leidžia atnaujinti SAS ir nustatyti galimybes iki nuskaitymo
Perkraukite kompiuterį "Safe Mode"Naudojant F8 metodas. Norėdami tai padaryti, paleiskite kompiuterį ir išklausęs kompiuteryje beep kartą paleisties metu (bet prieš "Windows", pasirodo piktograma) paspauskite klavišą F8 keletą kartų. Meniu bus rodomas keletą variantų. Naudokite rodyklių klavišus pereikite ir pasirinkite parinktį paleisti Windows "Safe Mode". Skaitymo su SUPERAntiSpyware taip:
__________________ Didžiuotis narys ASAP & UNITE |
