|
|
|||||||
| Registruotis | Svetainės spy | Narių sąrašas | Donate | Ieškoti | Šiandien Žinutės | Pažymėti forumus kaip skaitytus | Forumo taisyklės |
|
 |
|
|
Temos įrankiai |
|
#1
Lapkritis 10, 2008, 18:14
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
Hey guys,
Um. Kiekvieną kartą aš pradėti savo kompiuterį, iexplore.exe (nurodytas užduotis Manger) pasirodo visas pats. I don't ever naudojate Internet Explorer, aš naudoju Firefox. bet tai pasirodo ant jo paties. Jis taip pat naudoja dauguma mano atmintyje. Aš taip pat gauti mlrd langų, kurie I'm willing to bet yra iš šio. Kai aš galutinio proceso grįžta iki 3 ar 4 kartus, tada paprastai ji išnyks po 5 metu man galas. bet tai tik apie 5min tada jos vėl. Ar kas nors žino whats going on? I've run skenuoja su Ad-Aware "," Norton, ir tt, bet jie nerado nieko. Papildoma informacija: Turiu lango XP & & Taip pat yra balsas fcoming iš reklamos. Aš išbandžiau viską. Thanks in advance ^ __ ^ Aš natūra naujų šiuo. Taigi dalykai. Ar kas nors pasakys man, kaip jį pašalinti? Į paprasta ish kelio? = P Logfile of HijackThis v1.99.1 Skaitymo išsaugotas 6:14:25 dėl 11/10/2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Veikia procesus: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ WINDOWS \ eHoMe \ ehtray.exe C: \ windows \ system \ hpsysdrv.exe C: \ Program Files \ HP \ Digital Imaging \ Iškelti \ hpqcmon.exe C: \ WINDOWS \ system32 \ hphmon05.exe C: \ HP \ KBD \ KBD.EXE C: \ WINDOWS \ LTMSG.exe C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe C: \ WINDOWS \ ALCXMNTR.EXE C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe C: \ Program Files \ Updates HP \ 137.903 \ Program \ BackWeb-137903.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ WINDOWS \ system32 \ 0LFlxR4x.exe C: \ Program Files \ Lavasoft \ Ad-Aware SE Professional \ Ad-Aware.exe C: \ PROGRA ~ 1 \ WinZip \ winzip32.exe C: \ DOCUME ~ 1 \ Admini ~ 1 \ locals ~ 1 \ Temp \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/ R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = localhost O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file) O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (3615EE58-6F38-47BA-9DD9-C99BD611C6A6) - C: \ WINDOWS \ system32 \ efcdbxx.dll (file missing) O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing) O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing) O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing) O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ eHoMe \ ehtray.exe O4 - HKLM \ .. \ Run: [hpsysdrv] C: \ windows \ system \ hpsysdrv.exe O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ Iškelti \ hpqcmon.exe O4 - HKLM \ .. \ Run: [HPHUPD05] C: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ system32 \ hphmon05.exe O4 - HKLM \ .. \ Run: [kbd] C: \ HP \ KBD \ KBD.EXE O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [AutoTKit] C: \ HP \ bin \ AUTOTKIT.EXE O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7 O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / R O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe O4 - HKLM \ .. \ RunOnce: [Rodyklė Skalbimo] C: \ Program Files \ Webroot \ Skalbimo mašina \ WashIdx.exe "administratorius" O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe O4 - HKCU \ .. \ Run: [Window Washer] C: \ Program Files \ Webroot \ Skalbimo mašina \ wwDisp.exe O4 - HKCU \ .. \ RunOnce: [Rodyklė Skalbimo] C: \ Program Files \ Webroot \ Skalbimo mašina \ WashIdx.exe "administratorius" O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe O4 - Global Startup: Quicken Numatoma Updates.lnk = C: \ Program Files \ Quicken \ bagent.exe O4 - Global Startup: Atnaujinimai HP.lnk = C: \ Program Files \ Updates HP \ 137.903 \ Program \ BackWeb-137903.exe O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' MENUITEM: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL O9 - Extra button: Musicmatch MX Web leistuve - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe (file missing) O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe (file missing) O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O11 - Options group: [INTERNATIONAL] International * O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL O18 - Protocol: ms-help - (314111C7-A502-11D2-BBCA-00C04F8EC294) - C: \ Program Files \ Common Files \ Microsoft Shared \ Help \ hxds.dll O18 - Filter hijack: text / xml - (807563E5-5146-11d5-A672-00B0D022E945) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Micros ~ 1 \ Office12 \ MSOXMLMF.DL L Ø20 - Winlogon Notify: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (file missing) Ø20 - Winlogon Notify: efcdbxx - efcdbxx.dll (file missing) Ø20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxsrvc.dll Ø20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: ATI HotKey Rinkėjas - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe O23 - Service: ScsiAccess - Unknown owner - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe |
|
#2
Lapkritis 10, 2008, 20:23
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
Sveiki atvykę į CJ.
Prašome atspausdinti šių nurodymų, nes jie bus reikalingi vėliau, kai interneto ryšys nėra. Atsisiųsti SDFix pagal AndyManchesta ir išsaugokite jį savo kompiuteryje. Naudojant šį įrankį, turite naudoti Administratoriaus paskyros ar sąskaitą Administracinės teisės
Atidaryti SDFix katalogą ir dukart paspauskite RunThis.bat paleisti scenarijų.
Taip pat įdiegti naują versiją HijackThis ir rašyti naują žurnalą nuo jo įkrovos Normalus režimas po SDFix baigta. Atsisiųsti TrendMicro HijackThis.exe (HJT) į Desktop.
__________________
 |
|
#3
Lapkritis 11, 2008, 08:55
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
SDFix Pranešimas
SDFix: Versija 1,240 Pradėti Administrator on Wed 11/11/2008 at 08:39 Microsoft Windows XP [Version 5.1.2600] Running From: C: \ SDFix Tikrinimas Paslaugos : Atkurti numatytąjį apsaugos vertybės Atkūrimas Numatytasis Hosts File Paleista Tikrinimas Failai : Trojos Failai Rasta: C: \ Program Files \ nvcoi \ mst.stt - Panaikinta Aplankas C: \ Program Files \ nvcoi - Removed Aplankas C: \ Program Files \ Laikini - Removed Aplankas C: \ Temp \ sanR24 - Removed Šalinama Temp failai ADS keista : Galutinis patikrinimas : catchme 0.3.1361.2 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2008-11-11 08:47:19 Windows 5.1.2600 Service Pack 3 NTFS skenavimo paslėptus procesus ... skenavimo paslaugų paslėptas ir sistemos avilio ... skenavimo paslėptas registro įrašus ... skenavimo paslėptus failus ... skenavimas baigtas sėkmingai paslėptus procesus: 0 paslėptas paslaugos: 0 paslėptus failus: 0 Kitų paslaugų : Įgaliotas rakto taikymu eksportui: [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ standartas profilis \ authorizedapplications \ list] "% windir% \ \ System32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019" "C: \ Program Files \ \ Atnaujinimai HP \ \ 137.903 \ \ Programos \ \ BackWeb-137903.exe" = "C: \ Program Files \ \ Atnaujinimai HP \ \ 137.903 \ \ Programos \ \ BackWeb-137903 . Exe: *: Disabled: BackWeb-137903 " "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ Outlook.exe: *: Enabled: Microsoft Office Outlook" "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE: *: Enabled:" Microsoft Office Groove " "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ OneNote.exe" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ OneNote.exe: *: Enabled: Microsoft Office OneNote" "C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe" = "C: \ Program Files \ Common Files \ \ AOL \ \ krautuvas \ \ aolload.exe: *: Enabled : AOL Loader " "C: \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ Program Files \ \ AIM6 \ \ aim6.exe: *: Enabled: AIM "% windir% \ \ network diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ network diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20.000" [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list] "% windir% \ \ System32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019" "% windir% \ \ network diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ network diagnostic \ \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20.000" Likęs Failai : Atsargines failų kopijas: - C: \ SDFix \ backups \ backups.zip Failai su Hidden atributus : Tr lapkritis 14, 2007 204 A. SHR --- "C: \ BOOT.BAK" Pn rugpjūtis 22, 2008 635.848 A.SH. --- "C: \ Program Files \ Internet Explorer \ iexplore.exe" Kt 15 liepa 2004 0 A.SH. --- "C: \ WINDOWS \ SMINST \ HPCD.SYS" Thu 10 Jan 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak" Thu 10 Jan 2008 401 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv19.bak" Tr spalis 29, 2008 3.442 A.SH. --- "C: \ Documents and Settings \ All Users \ Documents \ Įrašytas televizija \ TempRec \ TempSBE \ SBE3.tmp" Pavyko! ------------------------------------------ HijackThis Logfile Trend Micro HijackThis v2.0.2 Skaitymo išsaugotas 8:55:16 dėl 11/11/2008 Platforma: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Veikia procesus: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ WINDOWS \ explorer.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe C: \ WINDOWS \ eHoMe \ ehtray.exe C: \ windows \ system \ hpsysdrv.exe C: \ Program Files \ HP \ Digital Imaging \ Iškelti \ hpqcmon.exe C: \ WINDOWS \ system32 \ hphmon05.exe C: \ HP \ KBD \ KBD.EXE C: \ WINDOWS \ LTMSG.exe C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe C: \ WINDOWS \ ALCXMNTR.EXE C: \ WINDOWS \ system32 \ Ctfmon.exe C: \ Program Files \ Webroot \ Skalbimo mašina \ wwDisp.exe C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe C: \ Program Files \ Updates HP \ 137.903 \ Program \ BackWeb-137903.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ WINDOWS \ system32 \ notepad.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/ R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/ R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = aboutšvarūs R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/ R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = localhost O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file) O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing) O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing) O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing) O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ eHoMe \ ehtray.exe O4 - HKLM \ .. \ Run: [hpsysdrv] C: \ windows \ system \ hpsysdrv.exe O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ Iškelti \ hpqcmon.exe O4 - HKLM \ .. \ Run: [HPHUPD05] C: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ system32 \ hphmon05.exe O4 - HKLM \ .. \ Run: [kbd] C: \ HP \ KBD \ KBD.EXE O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [AutoTKit] C: \ HP \ bin \ AUTOTKIT.EXE O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7 O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / R O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe O4 - HKCU \ .. \ Run: [Window Washer] C: \ Program Files \ Webroot \ Skalbimo mašina \ wwDisp.exe O4 - HKUS \ S-1-5-18 \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe O4 - Global Startup: Quicken Numatoma Updates.lnk = C: \ Program Files \ Quicken \ bagent.exe O4 - Global Startup: Atnaujinimai HP.lnk = C: \ Program Files \ Updates HP \ 137.903 \ Program \ BackWeb-137903.exe O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' MENUITEM: S & end to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL O9 - Extra button: Musicmatch MX Web leistuve - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing) O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing) O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing) O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL O23 - Service: Adobe LM Service - Unknown owner - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe O23 - Service: ATI HotKey Rinkėjas - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe O23 - Service: ScsiAccess - Unknown owner - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ sndsrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ spbbcsvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe -- End of file - 9.268 baitų |
|
#4
Lapkritis 11, 2008, 11:07
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
Atsisiųsti Išjungti / šalinti "Windows Messenger darbastalio pašalinti Windows Messenger.
Nepainiokite Windows Messenger su Messenger nes jie yra ne tas pats. Windows Messenger yra dažna priežastis iškylančių langų. Rozpakuj failą darbalaukyje. Atidaryti MessengerDisable.exe ir pasirinkite apačioje langelis -- Šalinti Windows Messenger ir paspauskite Taikyti. Išeiti iš MessengerDisable tada ištrinti du failus, kurie buvo pateikti į Desktop. ---------- Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik. Vieta varnelė prie šių įrašų: (jei yra) - O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file) - O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing) - O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing) - O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing) - O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE Svarbu: Uždaryti visus išskyrus HijackThis langai ir spustelėkite Fix patikrinta. Išeitis HijackThis. ---------- Pastaba Toliau instrukcijos buvo sukurtas specialiai šiam vartotojui. Jei nėra šio vartotojo NĖRA laikytis šių nurodymų, nes jie gali sugadinti jūsų sistemos veikimą Pereiti į Start> Run ir tipas notepad.exe tada Gerai Nukopijuokite ir įklijuokite šį kodą į Notepad ir išsaugokite fixme.reg Jūsų Desktop Kodas
REGEDIT4 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =- Įsitikinkite, kad galite pasakyti, jei gausite pranešimą apie sėkmingą pridedant pirmiau į registrą. Jei nenorite gauti prane ¹ im ± sėkmė, it didn't work. Ištrinti iš darbastalio fixme.reg. ---------- Parsisiųsti ComboFix iki einantys iš vienos iš žemiau nuorodų. Būtinai įrašykite jį į viršų Desktop. Link # 1 Link # 2 ** Pastaba: Svarbu, kad ji yra saugomi tiesiai darbalaukyje Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant ComboFix. Laikinai daryti nepajėgų tavo AntivirusIr bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo. Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti. Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas. Windows XP sistemos diegimo atkūrimo konsolė: - Jei naudojate Windows XP ir dar neturite atkūrimo konsolę, įrengtas, prašome įsitikinti, kad jūsų interneto ryšys yra aktyvus (jeigu įmanoma) ir spauskite Taip. - Jeigu dėl kažkokių priežasčių jūsų internetas yra ne darbo paspauskite Ne. -- Jei naudojate Windows XP, jums nebus pasiūlyta. - Kai esate raginami sutikti su EULA paspauskite Gerai. - Priimti Microsoft EULA (Paspauskite Taip). - Kai jūs pasakė, kad RC yra įdiegtas spustelėkite TAIP toliau nuskaitymo kenkėjiškų programų. Baigę ComboFix gamins žurnalas Jums. Skelbti ComboFix Prisijungti Jūsų kitą atsakymą. Svarbu: Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti ją gardas. Atminkite, kad vėl įjungti antivirusinės ir apsaugos nuo šnipinėjimo programų, kai ComboFix baigtas. Taip pat norėčiau žinoti, kaip kompiuteris veikia dabar.
__________________
|
|
#5
Lapkritis 11, 2008, 11:55
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
ComboFix Prisijungti
ComboFix 08-11-10.01 - administratorius 2008-11-11 11:39:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT -7:00] Veikia nuo: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe * Sukurtas naujas atkūrimo taškas . ((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Documents and Settings \ Administrator \ My Documents \ TSKS ~ 1 C: \ Program Files \ Common Files \ racle ~ 1 C: \ Program Files \ stem32 ~ 1 C: \ Program Files \ wnsxs ~ 1 C: \ Windows \ BMf3ec611b.txt C: \ Windows \ system32 \0LFlxR4x.exe.a_a C: \ Windows \ system32 \ epljwqgq.ini C: \ Windows \ system32 \ fj8wNOvc.exe.a_a C: \ Windows \ system32 \ icidbcft.ini C: \ Windows \ system32 \ iDlo01 C: \ Windows \ system32 \ jrjvfibu.ini C: \ Windows \ system32 \ jryeuaqx.ini C: \ Windows \ system32 \ mcrh.tmp C: \ Windows \ system32 \ MSINET.oca C: \ Windows \ system32 \ mvmqocpc.ini C: \ Windows \ system32 \ oqstv.ini C: \ Windows \ system32 \ oqstv.ini2 D: \ Autorun.inf . ((((((((((((((((((((((((( Failus, sukurtus nuo 2008/10/11 iki 2008/11/11 ))))))))))) )))))))))))))))))))) . 2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-11-11 08:38. 2008-11-11 08:38 578.560 - A - C --- C: \ windows \ system32 \ dllcache \ User32.dll 2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ Windows \ ERUNT 2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix 2008-11-02 09:12. 2008-11-10 14:10 41.474 - ------ C: \ windows \ system32 \0LFlxR4x.exe_ 2008-11-02 09:12. 2008-11-11 09:12 40.450 - ------ C: \ windows \ system32 \0LFlxR4x.exe 2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo! 2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo! 2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo! 2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ Windows \ system32 \ CatRoot_bak 2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- c: \ windows \ system32 \ dllcache \ srv.sys 2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- c: \ windows \ system32 \ dllcache \ bthport.sys 2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- c: \ windows \ system32 \ dllcache \ Afd.sys 2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- c: \ windows \ system32 \ dllcache \ Ntoskrnl.exe 2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrnlpa.exe 2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrpamp.exe 2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- c: \ windows \ system32 \ dllcache \ Win32k.sys 2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- c: \ windows \ system32 \ dllcache \ inetcomm.dll 2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- c: \ windows \ system32 \ dllcache \ rmcast.sys 2008-10-28 18:39. 2008-10-28 18:39 10 - ------ C: \ Windows \ Wininit.ini 2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- c: \ windows \ system32 \ dllcache \ NetApi32.DLL 2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ scripting 2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ LT 2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ bitai 2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ l2schemas 2008-10-15 18:23. 2007-06-13 03:23 1.033.216 - ------ C: \ Windows \ SET25A.tmp 2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - ------ C: \ Windows \ system32 \ Ntoskrnl.exe 2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive 2008-10-12 17:26. 2008-10-12 17:25 30.272 - ------ C: \ Windows \ system32 \ fj8wNOvc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-11-11 18:38 --------- d ----- WC: \ Program Files \ Symantec AntiVirus 2008-11-10 22:05 --------- ----- WC d: \ Program Files \ DIVX 2008-11-10 22:03 --------- d ----- Tualetas: \ Program Files \ Java 2008-11-10 01:37 --------- d ----- WC: \ Program Files \ Microsoft Plus! Digital Media Edition 2008-11-10 01:35 --------- d ----- WC: \ Program Files \ Microsoft Works 2008-11-08 02:37 90.112 ---- AW C: \ Windows \ DUMP3a98.tmp 2008-11-08 01:26 30 ---- AW C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat 2008-10-29 22:21 77.824 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ FDIWrapper.dll 2008-10-29 22:21 69.632 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ msxmlwrapper.dll 2008-10-29 22:21 5.632 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ GUI.dll 2008-10-29 22:21 49.152 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ PCHI18N.dll 2008-10-29 22:21 32.768 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ pchapi.dll 2008-10-29 22:21 26.572 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ INV16.dll 2008-10-29 22:21 213.089 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ motive.zip 2008-10-29 22:21 139.264 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ ContentUpdater.exe 2008-10-29 22:21 114.688 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ ZipLib.dll 2008-10-29 22:21 114.688 ---- AW C: \ Windows \ PCHealth \ HELPCTR \ Pardavėjai \ CN = "Hewlett-Packard", L = Cupertino, S = Ca, C = US \ Pavilion \ XPENABP4EN \ plugin \ bin \ jsharpde \ asst_ui.dll 2008-10-29 22:11 --------- D - h - WC: \ Program Files \ InstallShield įrengimas Informacija 2008-10-29 22:11 --------- d ----- WC: \ Program Files \ ATI Technologies 2008-10-25 01:16 --------- ----- WC d: \ Documents and Settings \ Administrator \ Application Data \ Move Networks 2008-10-16 22:05 --------- ----- WC d: \ Documents and Settings \ All Users \ Application Data \ Požiūris 2008-10-16 01:06 --------- ----- WC d: \ Program Files \ Google 2008-09-28 22:59 --------- d ----- WC: \ Program Files \ Common Files \ AOL 2008-09-22 21:29 --------- ----- WC d: \ Documents and Settings \ All Users \ Application Data \ AOL OCP 2008-09-22 21:29 --------- ----- WC d: \ Documents and Settings \ Administrator \ Application Data \ acccore 2008-09-22 21:27 --------- ----- WC d: \ Documents and Settings \ All Users \ Application Data \ AOL 2008-09-17 01:24 --------- ----- WC d: \ Documents and Settings \ Administrator \ Application Data \ VSO 2008-09-15 12:12 1.846.400 ---- AW C: \ Windows \ system32 \ Win32k.sys 2008-08-26 07:24 826.368 ---- AW C: \ Windows \ system32 \ wininet.dll 2008-08-14 09:33 2.023.936 ---- AW C: \ Windows \ system32 \ Ntkrnlpa.exe 2007-12-28 00:53 79.738 ---- AW C: \ Documents and Settings \ Fonts \ broken_ghost.zip 2007-11-23 01:25 81.920 ---- AW C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe 2007-11-23 01:25 47.360 ---- AW C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-13 15360] "Window Washer" = "C: \ Program Files \ Webroot \ Skalbimo mašina \ wwDisp.exe" [2005-03-08 910336] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "ehTray" = "C: \ Windows \ eHoMe \ ehtray.exe" [2004-08-04 50176] "hpsysdrv" = "c: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds" = "C: \ Windows \ System32 \ hkcmd.exe" [2003-10-02 118784] "CamMonitor" = "C: \ Program Files \ HP \ Digital Imaging \ Iškelti \ hpqcmon.exe" [2002-10-07 90112] "HPHmon05" = "C: \ Windows \ System32 \ hphmon05.exe" [2003-05-23 483328] "KBD" = "C: \ HP \ KBD \ KBD.EXE" [2003-02-11 61440] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2003-12-17 151597] "Recguard" = "C: \ Windows \ SMINST \ RECGUARD.EXE" [2002-09-13 212992] "PS2" = "C: \ Windows \ system32 \ ps2.exe" [2002-10-16 81920] "Sunkist2k" = "C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" [2005-06-02 48752] "vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005-06-23 85696] "RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001-07-09 155648] "GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792] "ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 C: \ WINDOWS \ system32 \ Ati2mdxx.exe] "LTMSG" = "LTMSG.exe" [2003/07/14 C: \ Windows \ ltmsg.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664] HP Digital Imaging Monitor.lnk - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ sessmgr.exe" = "C: \ Program Files \ \ Atnaujinimai HP \ \ 137.903 \ \ Programos \ \ BackWeb-137903.exe" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ OneNote.exe" = "% windir% \ \ network diagnostic \ \ xpnetdiag.exe" = R2 CX88XBAR; Conexant 2388x Crossbar Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040] [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ D] \ Shell \ Autorun \ command - D: \ Info.exe folder.htt 480 480 * Naujai sukurta tarnyba * - PROCEXP90 . Turinys "Scheduled Tasks" katalogą 2008/10/30 C: \ Windows \ Uždaviniai \ At1.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/11 C: \ Windows \ Uždaviniai \ At10.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/02 C: \ Windows \ Uždaviniai \ At100.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At101.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At102.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At103.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At104.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At105.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/11 C: \ Windows \ Uždaviniai \ At106.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/11 C: \ Windows \ Uždaviniai \ At107.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/09 C: \ Windows \ Uždaviniai \ At108.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/09 C: \ Windows \ Uždaviniai \ At109.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/11 C: \ Windows \ Uždaviniai \ At11.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/09 C: \ Windows \ Uždaviniai \ At110.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/10 C: \ Windows \ Uždaviniai \ At111.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/10 C: \ Windows \ Uždaviniai \ At112.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/06 C: \ Windows \ Uždaviniai \ At113.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/09 C: \ Windows \ Uždaviniai \ At114.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/11 C: \ Windows \ Uždaviniai \ At115.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/11 C: \ Windows \ Uždaviniai \ At116.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/09 C: \ Windows \ Uždaviniai \ At117.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At118.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At119.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/09 C: \ Windows \ Uždaviniai \ At12.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/02 C: \ Windows \ Uždaviniai \ At120.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/09 C: \ Windows \ Uždaviniai \ At13.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/09 C: \ Windows \ Uždaviniai \ At14.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/10 C: \ Windows \ Uždaviniai \ At15.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/10 C: \ Windows \ Uždaviniai \ At16.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/06 C: \ Windows \ Uždaviniai \ At17.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/09 C: \ Windows \ Uždaviniai \ At18.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/11 C: \ Windows \ Uždaviniai \ At19.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At2.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/11 C: \ Windows \ Uždaviniai \ At20.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/09 C: \ Windows \ Uždaviniai \ At21.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At22.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At23.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At24.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At3.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At4.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At5.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At6.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/31 C: \ Windows \ Uždaviniai \ At7.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/10/30 C: \ Windows \ Uždaviniai \ At8.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/01 C: \ Windows \ Uždaviniai \ At9.job - C: \ Windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25] 2008/11/02 C: \ Windows \ Uždaviniai \ At97.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At98.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] 2008/11/02 C: \ Windows \ Uždaviniai \ At99.job - C: \ Windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12] . - - - - Orphans nuimti - - - -- HKCU-run-SWG - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe HKCU-run-RecordNow! - (No file) HKLM-run-HPHUPD05 - C: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe HKLM-run-AutoTKit - C: \ HP \ bin \ AUTOTKIT.EXE HKLM-run-UpdateManager - C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe HKLM-run-ATIPTA - C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe . ------- Papildomos Scan ------- . Firefox -: Profilis - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \ Firefox -: prefs.js - STARTUP.HOMEPAGE - Apie musšvarūs FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \ Extensions \ moveplayer @ movenetworks. com \ platform \ WINNT_x86-MSVC \ Plugins \ npmnqmp07076007.dll FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Plugins \ npPxPlay.dll FF -: plugin - C: \ Program Files \ Mozilla Firefox \ Plugins \ npmozax.dll FF -: plugin - C: \ Program Files \ Mozilla Firefox \ Plugins \ npsnapfish.dll FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ NETSCAPE6 \ nppl3260.dll FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ NETSCAPE6 \ nprjplug.dll FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ NETSCAPE6 \ nprpjplug.dll . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2008-11-11 11:44:13 Windows 5.1.2600 Service Pack 3 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... skenavimo paslėptus failus ... ************************************************** ************************ . Atlikimo laikas: 2008-11-11 11:47:43 ComboFix-karantine-files.txt 2008-11-11 18:46:39 Pre-Rida: 89004101632 bytes nemokamai Post-Rida: 89081098240 bytes nemokamai 272 --- EOF --- 2008-10-30 03:01:59 ~ ~ Šiol iexplore.exe hasn't popped up ^ _ ^ Ar vistiek įsitikinti, that's it's gone? & & Ar viskas gerai, jei aš ištrinti, ką aš galiu atsisiųsti? |
|
#6
Lapkritis 11, 2008, 12:04
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
Mes švarūs viską aukštyn kol mes nuveikti. Dar daug reikia nuveikti, tačiau turiu trunka ilgai. Grįšiu vėliau.
__________________
|
|
#7
Lapkritis 11, 2008, 12:19
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
Daugiau žingsniai? Maniau, kad mes buvome padaryti D:
Greita klausimą; yra bet tai vyksta įtakos programų, įdiegtos į kompiuterį? Alrightie, aš turiu eiti truputį taip pat XP |
|
#8
Lapkritis 11, 2008, 13:07
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
iexplore.exe 'ai vis dar čia; -;
|
|
#9
Lapkritis 11, 2008, 16:28
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
Ne mes dar ne viskas. I'll give all clear, kai jis per
 Pastaba Toliau instrukcijos buvo sukurtas specialiai šiam vartotojui. Jei nėra šio vartotojo NĖRA laikytis šių nurodymų, nes jie gali sugadinti jūsų sistemos veikimą Ištrinti šiuos failus / aplankus, taip: 1. Pereiti į Pradžia > Bėgti > Pagal tipą Notepad.exe ir paspauskite Gerai atidarykite "Notepad". Tai privalėti būti Notepad, WordPad nėra. 2. Kopijuoti tekstą žemiau kodą langelyje, pabrėžiant visą tekstą ir paspausdami Ctrl + C Kodas
4. Tada spustelėkite Failas > Saugoti 5. Bylos pavadinimas CFScript.txt - Išsaugokite šį failą savo darbalaukyje 6. Vilkite CFScript (paspauskite ir laikykite kairįjį pelės klavišą, vilkite failą) ir palikite jį (spaudai kairįjį pelės mygtuką) į ComboFix.exe kaip matote ekrano apačioje. Svarbu: Atlikti šį nurodymą atidžiai!  ComboFix bus pradėti vykdyti, tiesiog vykdykite ekrane pateikiamas instrukcijas. Po perkrovimo (jei ji prašo paleisti), tai duos žurnalas Jums. Rašyti, kad žurnalas (Combofix.txt) į jūsų kitą atsakymą. Pastaba Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti jūsų sistema įšaldyti
__________________
|
|
#10
Lapkritis 11, 2008, 17:36
|
|||
|
|||
|
Šalinama iexplore.exe virusas / svetimą Prisijungti
Okay ^ __ ^
Combofix Prisijungti ComboFix 08-11-10.01 - administratorius 2008-11-11 17:21:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.153 [GMT -7:00] Veikia nuo: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe Command jungikliai naudojami: C: \ Documents and Settings \ Administrator \ Desktop \ CFScript.txt * Sukurtas naujas atkūrimo taškas Failas: C: \ Windows \ SET25A.tmp C: \ Windows \ system32 \0LFlxR4x.exe C: \ Windows \ system32 \0LFlxR4x.exe_ C: \ Windows \ system32 \ fj8wNOvc.exe C: \ Windows \ Uždaviniai \ At1.job C: \ Windows \ Uždaviniai \ At10.job C: \ Windows \ Uždaviniai \ At100.job C: \ Windows \ Uždaviniai \ At101.job C: \ Windows \ Uždaviniai \ At102.job C: \ Windows \ Uždaviniai \ At103.job C: \ Windows \ Uždaviniai \ At104.job C: \ Windows \ Uždaviniai \ At105.job C: \ Windows \ Uždaviniai \ At106.job C: \ Windows \ Uždaviniai \ At107.job C: \ Windows \ Uždaviniai \ At108.job C: \ Windows \ Uždaviniai \ At109.job C: \ Windows \ Uždaviniai \ At11.job C: \ Windows \ Uždaviniai \ At110.job C: \ Windows \ Uždaviniai \ At111.job C: \ Windows \ Uždaviniai \ At112.job C: \ Windows \ Uždaviniai \ At113.job C: \ Windows \ Uždaviniai \ At114.job C: \ Windows \ Uždaviniai \ At115.job C: \ Windows \ Uždaviniai \ At116.job C: \ Windows \ Uždaviniai \ At117.job C: \ Windows \ Uždaviniai \ At118.job C: \ Windows \ Uždaviniai \ At119.job C: \ Windows \ Uždaviniai \ At12.job C: \ Windows \ Uždaviniai \ At120.job C: \ Windows \ Uždaviniai \ At13.job C: \ Windows \ Uždaviniai \ At14.job C: \ Windows \ Uždaviniai \ At15.job C: \ Windows \ Uždaviniai \ At16.job C: \ Windows \ Uždaviniai \ At17.job C: \ Windows \ Uždaviniai \ At18.job C: \ Windows \ Uždaviniai \ At19.job C: \ Windows \ Uždaviniai \ At2.job C: \ Windows \ Uždaviniai \ At20.job C: \ Windows \ Uždaviniai \ At21.job C: \ Windows \ Uždaviniai \ At22.job C: \ Windows \ Uždaviniai \ At23.job C: \ Windows \ Uždaviniai \ At24.job C: \ Windows \ Uždaviniai \ At3.job C: \ Windows \ Uždaviniai \ At4.job C: \ Windows \ Uždaviniai \ At5.job C: \ Windows \ Uždaviniai \ At6.job C: \ Windows \ Uždaviniai \ At7.job C: \ Windows \ Uždaviniai \ At8.job C: \ Windows \ Uždaviniai \ At9.job C: \ Windows \ Uždaviniai \ At97.job C: \ Windows \ Uždaviniai \ At98.job C: \ Windows \ Uždaviniai \ At99.job . ((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Windows \ SET25A.tmp C: \ Windows \ system32 \0LFlxR4x.exe C: \ Windows \ system32 \0LFlxR4x.exe.a_a C: \ Windows \ system32 \ fj8wNOvc.exe C: \ Windows \ Uždaviniai \ At1.job C: \ Windows \ Uždaviniai \ At10.job C: \ Windows \ Uždaviniai \ At100.job C: \ Windows \ Uždaviniai \ At101.job C: \ Windows \ Uždaviniai \ At102.job C: \ Windows \ Uždaviniai \ At103.job C: \ Windows \ Uždaviniai \ At104.job C: \ Windows \ Uždaviniai \ At105.job C: \ Windows \ Uždaviniai \ At106.job C: \ Windows \ Uždaviniai \ At107.job C: \ Windows \ Uždaviniai \ At108.job C: \ Windows \ Uždaviniai \ At109.job C: \ Windows \ Uždaviniai \ At11.job C: \ Windows \ Uždaviniai \ At110.job C: \ Windows \ Uždaviniai \ At111.job C: \ Windows \ Uždaviniai \ At112.job C: \ Windows \ Uždaviniai \ At113.job C: \ Windows \ Uždaviniai \ At114.job C: \ Windows \ Uždaviniai \ At115.job C: \ Windows \ Uždaviniai \ At116.job C: \ Windows \ Uždaviniai \ At117.job C: \ Windows \ Uždaviniai \ At118.job C: \ Windows \ Uždaviniai \ At119.job C: \ Windows \ Uždaviniai \ At12.job C: \ Windows \ Uždaviniai \ At120.job C: \ Windows \ Uždaviniai \ At13.job C: \ Windows \ Uždaviniai \ At14.job C: \ Windows \ Uždaviniai \ At15.job C: \ Windows \ Uždaviniai \ At16.job C: \ Windows \ Uždaviniai \ At17.job C: \ Windows \ Uždaviniai \ At18.job C: \ Windows \ Uždaviniai \ At19.job C: \ Windows \ Uždaviniai \ At2.job C: \ Windows \ Uždaviniai \ At20.job C: \ Windows \ Uždaviniai \ At21.job C: \ Windows \ Uždaviniai \ At22.job C: \ Windows \ Uždaviniai \ At23.job C: \ Windows \ Uždaviniai \ At24.job C: \ Windows \ Uždaviniai \ At3.job C: \ Windows \ Uždaviniai \ At4.job C: \ Windows \ Uždaviniai \ At5.job C: \ Windows \ Uždaviniai \ At6.job C: \ Windows \ Uždaviniai \ At7.job C: \ Windows \ Uždaviniai \ At8.job C: \ Windows \ Uždaviniai \ At9.job C: \ Windows \ Uždaviniai \ At97.job C: \ Windows \ Uždaviniai \ At98.job C: \ Windows \ Uždaviniai \ At99.job . ((((((((((((((((((((((((( Failus, sukurtus nuo 2008/10/12 iki 2008/11/12 ))))))))))) )))))))))))))))))))) . 2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro 2008-11-11 08:38. 2008-11-11 08:38 578.560 - A - C --- C: \ windows \ system32 \ dllcache \ User32.dll 2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ Windows \ ERUNT 2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix 2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo! 2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo! 2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo! 2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ Windows \ system32 \ CatRoot_bak 2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- c --- c: \ windows \ system32 \ dllcache \ srv.sys 2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- c --- c: \ windows \ system32 \ dllcache \ bthport.sys 2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- c --- c: \ windows \ system32 \ dllcache \ Afd.sys 2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- c --- c: \ windows \ system32 \ dllcache \ Ntoskrnl.exe 2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrnlmp.exe 2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrnlpa.exe 2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- c --- c: \ windows \ system32 \ dllcache \ Ntkrpamp.exe 2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- c --- c: \ windows \ system32 \ dllcache \ Win32k.sys 2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- c --- c: \ windows \ system32 \ dllcache \ inetcomm.dll 2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- c --- c: \ windows \ system32 \ dllcache \ rmcast.sys 2008-10-28 18:39. 2008-10-28 18:39 10 - ------ C: \ Windows \ Wininit.ini 2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- c --- c: \ windows \ system32 \ dllcache \ NetApi32.DLL 2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ scripting 2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ LT 2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ system32 \ bitai 2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ l2schemas 2008-10-15 18:23. 2006-09-23 14:12 1.022.976 - ------ C: \ Windows \ system32 \ SETA0B.tmp 2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - ------ C: \ Windows \ system32 \ Ntoskrnl.exe 2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive . (((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-11-12 00:29 --------- d ----- WC: \ Program Files \ Symantec AntiVirus 2008-11-10 22:05 --------- ----- WC d: \ Program Files \ DIVX 2008-11-10 22:03 --------- d ----- Tualetas: \ Program Files \ Java 2008-11-10 01:37 --------- d ----- WC: \ Program Files \ Microsoft Plus! Digital Media Edition 2008-11-10 01:35 --------- d ----- WC: \ Program Files \ Microsoft Works 2008-11-08 02:37 90.112 ---- AW C: \ Windows \ DUMP3a98.tmp 2008-11-08 01:26 30 ---- AW C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. Dat 2008-10-29 22:11 --------- D - h - WC: \ Program Files \ InstallShield įrengimas Informacija 2008-10-29 22:11 --------- d ----- WC: \ Program Files \ ATI Technologies 2008-10-25 01:16 --------- ----- WC d: \ Documents and Settings \ Administrator \ Application Data \ Move Networks 2008-10-16 22:05 --------- ----- WC d: \ Documents and Settings \ All Users \ Application Data \ Požiūris 2008-10-16 01:06 --------- ----- WC d: \ Program Files \ Google 2008-09-28 22:59 --------- d ----- WC: \ Program Files \ Common Files \ AOL 2008-09-22 21:29 --------- ----- WC d: \ Documents and Settings \ All Users \ Application Data \ AOL OCP 2008-09-22 21:29 --------- ----- WC d: \ Documents and Settings \ Administrator \ Application Data \ acccore 2008-09-22 21:27 --------- ----- WC d: \ Documents and Settings \ All Users \ Application Data \ AOL 2008-09-17 01:24 --------- ----- WC d: \ Documents and Settings \ Administrator \ Application Data \ VSO 2007-12-28 00:53 79.738 ---- AW C: \ Documents and Settings \ Fonts \ broken_ghost.zip 2007-11-23 01:25 81.920 ---- AW C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe 2007-11-23 01:25 47.360 ---- AW C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma REGEDIT4 [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-13 15360] "Window Washer" = "C: \ Program Files \ Webroot \ Skalbimo mašina \ wwDisp.exe" [2005-03-08 910336] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "ehTray" = "C: \ Windows \ eHoMe \ ehtray.exe" [2004-08-04 50176] "hpsysdrv" = "c: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds" = "C: \ Windows \ System32 \ hkcmd.exe" [2003-10-02 118784] "CamMonitor" = "C: \ Program Files \ HP \ Digital Imaging \ Iškelti \ hpqcmon.exe" [2002-10-07 90112] "HPHmon05" = "C: \ Windows \ System32 \ hphmon05.exe" [2003-05-23 483328] "KBD" = "C: \ HP \ KBD \ KBD.EXE" [2003-02-11 61440] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2003-12-17 151597] "Recguard" = "C: \ Windows \ SMINST \ RECGUARD.EXE" [2002-09-13 212992] "PS2" = "C: \ Windows \ system32 \ ps2.exe" [2002-10-16 81920] "Sunkist2k" = "C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264] "ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" [2005-06-02 48752] "vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005-06-23 85696] "RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001-07-09 155648] "GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 39792] "ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 C: \ WINDOWS \ system32 \ Ati2mdxx.exe] "LTMSG" = "LTMSG.exe" [2003/07/14 C: \ Windows \ ltmsg.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664] HP Digital Imaging Monitor.lnk - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ System32 \ \ sessmgr.exe" = "C: \ Program Files \ \ Atnaujinimai HP \ \ 137.903 \ \ Programos \ \ BackWeb-137903.exe" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ Outlook.exe" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" = "C: \ Program Files \ Microsoft Office \ \ Office12 \ \ OneNote.exe" = "% windir% \ \ network diagnostic \ \ xpnetdiag.exe" = R2 CX88XBAR; Conexant 2388x Crossbar Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040] . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net Rootkit scan 2008-11-11 17:26:59 Windows 5.1.2600 Service Pack 3 NTFS skenavimo paslėptus procesus ... skenavimo paslėptas autostart entries ... skenavimo paslėptus failus ... skenavimas baigtas sėkmingai paslėptus failus: 0 ************************************************** ************************ . ------------------------ Kitos aktyvūs procesai ----------------------- -- . C: \ Windows \ system32 \ ati2evxx.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccsetmgr.exe C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe C: \ Program Files \ Photodex \ ProShowGold \ scsiaccess.exe C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe C: \ Program Files \ Updates HP \ 137.903 \ Program \ BackWeb-137903.exe C: \ Windows \ system32 \ hpzipm12.exe . ************************************************** ************************ . Atlikimo laikas: 2008-11-11 17:34:29 - mašina buvo paleistas ComboFix-karantine-files.txt 2008-11-12 00:34:22 ComboFix2.txt 2008-11-11 18:47:44 Pre-Rida: 89064681472 bytes nemokamai Post-Rida: 89055629312 bytes nemokamai 239 --- EOF --- 2008-10-30 03:01:59 |
