mažiau kapitalo

Magazine
Go Back   Kompiuterių sultys > Kompiuterių programinė įranga > Virus, Spyware & Security
Reload this Page

Smitfraud virusas

Registruotis Svetainės spy Narių sąrašas Donate Ieškoti Šiandien Žinutės Pažymėti forumus kaip skaitytus Forumo taisyklės

Register


 Default 

Smitfraud virusas




Reply
Puslapis 1 iš 2 1 2
 
Temos įrankiai
  #1  
Old 5 vasaris 2008, 12:35
Naujas Narys
  
Labas
Aš esu nauja valdyba ir aš norėčiau padėti pašalinti virusas, aš manau, kad jis būtų Smitfraud ir ji blokavo mano naršyklės. Turiu paleisti AVG ir Adaware bet tai nepadės. OS XP, čia yra žurnalo. Thank you in advance for your help.


Logfile of HijackThis v1.99.1
Skaitymo išsaugotas 19:35:19, on 05/02/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe
C: \ Program Files \ Thomson \ problema su nautilus USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HJT \ HijackThis.exe
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Patvarumas] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" pradžios
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ drivers \ W32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4.300 serija \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Faksas sprendimai \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [problema su nautilus USB Diagnostika] "C: \ Program Files \ Thomson \ problema su nautilus USB \ Dragdiag.exe" / ikona
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / mažinimą
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / startup
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O8 - Extra kontekstinio meniu punktą: "ir" Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra kontekstinio meniu punktą: Pridėti prie "Windows Live & Favoritus -- http://favorites.live.com/quickadd.aspx
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file)
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl klasė) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.37 212.139.132.36
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
Ø20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sinchronizacija \ NetSvc.exe
O23 - Service: SecuROM User Access Service (v7) (UserAccess7) - Unknown owner - C: \ WINDOWS \ system32 \ UAService7.exe
  #2  
Old 5 vasaris 2008, 13:04
Moderatorius Grupė
  
Sveiki atvykę į CJ.

Prisijungti nėra jokių kenkėjiškų programų, bet mes galime būti arčiau.

Atsisiųsti Malwarebytes 'Anti-Malware darbalaukyje.
  • Dukart spustelėkite mbam-setup.exe ir vykdykite ekrane pateikiamas instrukcijas įdiegti programą.
  • Pabaigoje, įsitikinkite, kad žymės yra dedamas šalia Atnaujinti Malwarebytes 'Anti-Malware ir Raketa Malwarebytes 'Anti-Malware, Tada Apdaila.
  • Jeigu atnaujinimas yra nustatyta, tai atsisiųskite ir įdiekite naujausią versiją.
  • Kai programa paleista, pasirinkite Atlikti išsamią tikrinimo, Tada Scan.
  • Kai nuskaitymas bus baigtas, paspauskite Gerai, Tada Rodyti rezultatus peržiūrėti rezultatus.
  • Būkite tikri, kad viskas yra patikrinta, ir paspauskite Pašalinti pažymėtus.
  • Baigus, žurnalas bus atidaryta "Notepad".
  • Rašyti, kad vėl prisijungti čia.
Būtinai perkrauti kompiuterį.

Prisijungti taip pat galima rasti čia:
C: \ Documents and Settings \Vardas\ Application Data \ Malwarebytes \ Malwarebytes 'Anti-Malware \ Logs \žurnalodata. Txt
Arba C: \ Program Files \ Malwarebytes 'Anti-Malware \ Logs \žurnalodata. Txt

Sekantis prašome pridėti
Malwarebytes Prisijungti
__________________
  #3  
Old 5 vasaris 2008, 13:51
Naujas Narys
  
Hi EF,

Ačiū už greitą atsakymą. Žemiau yra mano žurnale kenkėjiškų programų:

Malwarebytes 'Anti-Malware 1,02
Duomenų bazės versija: 320
Scan Type: Full Scan (: \ | C: \ |)
Objektai nuskaitomi: 73.752
Praėjęs laikas: 23 minučių (-ai) 14 second (s)
Atminties procesai Infected: 0
Atminties moduliai Infected: 0
Registro raktus Infected: 0
Vertybių registrą Infected: 0
Registro duomenų elementų Infected: 0
Katalogai Infected: 0
Failai Infected: 3
Atminties procesai Infected:
(Nr. kenksminga daiktų aptikti)
Atminties moduliai Infected:
(Nr. kenksminga daiktų aptikti)
Registro raktus Infected:
(Nr. kenksminga daiktų aptikti)
Vertybių registrą Infected:
(Nr. kenksminga daiktų aptikti)
Registro duomenų elementų Infected:
(Nr. kenksminga daiktų aptikti)
Katalogai Infected:
(Nr. kenksminga daiktų aptikti)
Failai Infected:
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk (Malware.Trace) -> Nepavyko ištrinti. (Pašalinti į perkrovimo).
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ezpinst.exe (Heuristics.Malware) -> Karantinas ir sėkmingai ištrintas.
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ inst.exe (Heuristics.Malware) -> Karantinas ir sėkmingai ištrintas.
  #4  
Old 5 vasaris 2008, 14:01
Moderatorius Grupė
  
Looks good so far.

Kitas Eiti šį pranešimą ir padaryti Antras žingsnis ir Trečias veiksmas - CCleaner ir SuperAntispyware.

Rašyti SuperAntispyware žurnale kartu su NAUJAS HijackThis į šį pranešimą.
__________________
  #5  
Old 5 vasaris 2008, 14:44
Naujas Narys
  
SUPERAntiSpyware Scan Prisijungti
http://www.superantispyware.com
At 09:34 02/05/2008 Generated PM
Application Version: 3.9.1008
Core Taisyklės Database Versija: 3.395
Sekti Taisyklės duomenų bazė Versija: 1.387
Scan Type: Complete Scan
Iš viso nuskaitymo laikas: 00:22:21
Atminties elementai nuskaityta: 376
Atminties grėsmių detected: 0
Registro objektų nuskaitomi: 5837
Registras grėsmių detected: 0
Failo elementai nuskaityta: 11.505
Failo grėsmių detected: 5
Adware.Tracking Cookie
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn@ads.techguy [2]. Txt
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn @ revsci [2]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn @ pacificpoker [1]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn@videoegg.adbureau [2]. Txt
RootKit.TnCore / Trace
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk


Logfile of HijackThis v1.99.1
Skaitymo išsaugotas 21:43:56, on 05/02/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe
C: \ Program Files \ Thomson \ problema su nautilus USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Patvarumas] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" pradžios
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ drivers \ W32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4.300 serija \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Faksas sprendimai \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [problema su nautilus USB Diagnostika] "C: \ Program Files \ Thomson \ problema su nautilus USB \ Dragdiag.exe" / ikona
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / mažinimą
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / startup
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe
O8 - Extra kontekstinio meniu punktą: "ir" Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra kontekstinio meniu punktą: Pridėti prie "Windows Live & Favoritus -- http://favorites.live.com/quickadd.aspx
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ network diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl klasė) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
Ø20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sinchronizacija \ NetSvc.exe
O23 - Service: SecuROM User Access Service (v7) (UserAccess7) - Unknown owner - C: \ WINDOWS \ system32 \ UAService7.exe
  #6  
Old 5 vasaris 2008, 14:54
Moderatorius Grupė
  
Prisijungti atrodo gerai dabar, yra kompiuteris vis dar jokios kenkėjiškų programų nuorodų?
__________________
  #7  
Old 5 vasaris 2008, 15:02
Naujas Narys
  
Taip jis dar požymių kenkėjiška unfortunatley ..
  #8  
Old 5 vasaris 2008, 15:12
Moderatorius Grupė
  
Atsisiųsti SmitfraudFix (S! RI) darbalaukyje.
  • Extract visus failus į jūsų darbalaukio.
  • Aplanką SmitfraudFix bus sukurta darbalaukyje.
  • Atidaryti SmitfraudFix katalogą ir dukart spustelėkite smitfraudfix.cmd
  • Pasirinkite variantą # 1 - Ieškoti spausdinti 1 paspauskite Registracija
    • Ši programa nuskaito daug failų į savo kompiuterį žinomų modelių, todėl būkite kantrūs, kol ji veikia.
    • Kai tai padaryta, ir nuskaitymo bus rodomas ir ji bus sukurta žurnalas pavadino rezultatai rapport.txt
      • Tai jūsų disko, pavyzdžiui: Local Disk C: ar disko, kurioje yra jūsų operacinė sistema yra įdiegta.
    • Prašome pridėti, kad prisijungti kitą atsakymą.
  • Pastaba: process.exe (Kuris naudojamas SmitFraudFIx) aptinkamas kai kurios antivirusinės programos (AntiVir, Dr.Web, Kaspersky), kaip "RiskTool"; nėra virusas, Tačiau programa naudojama stabdymo sistemos procesus. Antivirusinės programos negali atskirti "gera" ir "kenksminga" naudoti tokias programas, todėl jos gali įspėti vartotoją.
----------

Atsisiųskite Combofix iki einantys iš vienos iš žemiau nuorodų.
(Pabandykite visi trys, jei reikia)Svarbu! Combofix.exe TURI išsaugota ir bėgo nuo Desktop.
  • Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant Combofix.
  • Svarbu! Laikinai daryti nepajėgų tavo Antivirus, script blokavimas ir bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo.
    • Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti.
    • Jei Jūsų nėra šiame sąraše, ir jūs nežinote, kaip ją išjungti, kreipkitės.
  • Įspėjimas: Combofix atjungia kompiuterį nuo interneto. Ry ¹ ys automati ¹ kai atkurtas iki Combofix baigia paleisti.
  • Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
    • Iš klaviatūros pasirinkite 1 paspauskite Registracija
  • Kai bus baigta, bus pateikti žurnalas Jums.
  • Skelbti kad Prisijungti kitą atsakymą.
Įspėjimas: Don't mouseclick combofix lango kol jis veikia. Tai gali sukelti jį gardas
  • Jei Combofix eina į sunkumus ir baigiasi anksčiau, ryšys gali būti rankiniu būdu atstatyta iš naujo paleisti kompiuterį.
  • Svarbu: Atminkite, kad vėl įjungti antivirusinę ir šnipinėjimo prieš prisijungti prie interneto.
----------

Sekantis
Smitfraudfix Prisijungti
Combofix Prisijungti
__________________
  #9  
Old 5 vasaris 2008, 15:43
Naujas Narys
  
SmitFraudFix v2.281
Skaitymo Priimta 22:40:52.84, 05/02/2008
Pradėti iš C: \ Documents and Settings \ Ryan Glenn \ Desktop \ SmitfraudFix
Operacinės sistemos: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
NTFS failų sistemos tipas
Fix veikti įprastu režimu
»»»»»»»»»»»»»»»»»»»»»»»» Procesas
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe
C: \ Program Files \ Thomson \ problema su nautilus USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ System32 \ cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» Kompiuteriai

»»»»»»»»»»»»»»»»»»»»»»»» C: \

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ SYSTEM

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ Web

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenas

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn \ Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Meniu

»»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ Favori ~ 1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted raktai

»»»»»»»»»»»»»»»»»»»»»»»» Stacionariųjų kompiuterių komponentai


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
! Dėmesio, šie raktai nėra užsikrėtę neišvengiamai!
IEDFix.exe S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
! Dėmesio, šie raktai nėra užsikrėtę neišvengiamai!
VACFix
Kreditai: Malware analizė ir diagnostika
Kodas: S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler
! Dėmesio, šie raktai nėra užsikrėtę neišvengiamai!
SrchSTS.exe S! Ri
Paieška SharedTaskScheduler's. Dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
! Dėmesio, šie raktai nėra užsikrėtę neišvengiamai!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
! Dėmesio, šie raktai nėra užsikrėtę neišvengiamai!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"System" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Aprašymas: WAN (PPP / SLIP) Interface
Serveris Paieška Užsakymas: 212.139.132.8
Serveris Paieška Užsakymas: 212.139.132.9
HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS3 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37

»»»»»»»»»»»»»»»»»»»»»»»» Ieškoma Wininet.dll infekcija

»»»»»»»»»»»»»»»»»»»»»»»» Pabaiga




ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00]
Veikia nuo: C: \ Documents and Settings \ Ryan Glenn \ Desktop \ ComboFix.exe
ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!
.
((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
C: \ Temp \ tn3
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ WINDOWS \ system32 \ install.exe
----- Bits: Galimi infekuotų teritorijų -----
hxxp: / / www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers / Paslaugos )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ LEGACY_RMCASTT
------- \ rmcastt

((((((((((((((((((((((((( Failus, sukurtus nuo 2008/01/05 iki 2008/02/05 ))))))))))) ))))))))))))))))))))
.
2008-02-05 22:22. 2008-02-05 22:23 <DIR> d -------- C: \ ComboFix [1]
2008-02-05 21:02. 2004-08-04 05:00 388.608 - ------ C: \ kmd.exe
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Malwarebytes
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-02-05 19:05. 2008-02-05 19:05 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Uniblue
2008-02-05 18:50. 2008-02-05 18:50 444 - ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2008-02-05 18:21. 2008-02-05 18:21 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Grisoft
2008-02-05 18:00. 2008-02-05 18:00 <DIR> d -------- C: \ Program Files \ RogueRemover NEMOKAMAI
2008-02-05 17:57. 2007-09-05 23:22 289.144 - ------ C: \ WINDOWS \ system32 \ VCCLSID.exe
2008-02-05 17:57. 2006-04-27 16:49 288.417 - ------ C: \ WINDOWS \ system32 \ SrchSTS.exe
2008-02-05 17:57. 2008-02-05 00:23 85.504 - ------ C: \ WINDOWS \ system32 \ VACFix.exe
2008-02-05 17:57. 2008-01-27 14:37 81.920 - ------ C: \ WINDOWS \ system32 \ IEDFix.exe
2008-02-05 17:57. 2003-06-05 20:13 53.248 - ------ C: \ WINDOWS \ system32 \ Process.exe
2008-02-05 17:57. 2004-07-31 17:50 51.200 - ------ C: \ WINDOWS \ system32 \ dumphive.exe
2008-02-05 17:57. 2007-10-03 23:36 25.600 - ------ C: \ WINDOWS \ system32 \ WS2Fix.exe
2008-02-04 19:47. 2008-02-04 19:47 <DIR> d -------- C: \ WINDOWS \ MaxSecureBackup
2008-02-04 19:46. 2008-02-04 19:57 <DIR> d -------- C: \ Program Files \ Max Registry Cleaner
2008-02-04 19:46. 2007-05-24 16:57 143.360 - ------ C: \ WINDOWS \ system32 \ GetHardDiskNo.dll
2008-02-04 19:46. 2008-02-04 19:46 63 - ------ C: \ WINDOWS \ SYSTEM \ SYSRegC.dll
2008-02-02 13:49. 2008-02-02 13:49 <DIR> d -------- C: \ Program Files \ Panicware
2008-02-01 20:22. 2008-02-05 22:17 3.352 - ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-02-01 19:32. 2008-02-01 19:32 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SUPERAntiSpyware.com
2008-02-01 18:42. 2008-02-05 19:56 <DIR> d -------- C: \ Program Files \ HJT
2008-02-01 18:39. 2008-02-01 18:39 <DIR> d -------- C: \ Program Files \ FileASSASSIN
2008-02-01 18:31. 2008-02-01 18:31 100 - ------ C: \ WINDOWS \ system32 \ ikhcore.cfg
2008-02-01 18:21. 2005-09-23 07:29 626.688 - ------ C: \ WINDOWS \ system32 \ msvcr80.dll
2008-01-31 20:28. 2008-01-31 20:28 <DIR> d -------- C: \ VundoFix atsarginiai
2008-01-31 19:34. 2008-02-05 22:26 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-31 19:34. 2008-02-02 00:55 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SUPERAntiSpyware.com
2008-01-31 19:34. 2008-01-31 19:34 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-29 22:28. 2008-01-29 22:28 <DIR> d -------- C: \ Program Files \ Common Files \ Download Manager
2008-01-29 22:08. 2008-02-01 18:49 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-29 21:15. 2008-02-03 17:03 <DIR> d -------- C: \ Program Files \ SpywareBlaster
2008-01-23 18:08. 2008-01-23 18:08 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SuperAdBlocker.com
2008-01-22 18:39. 2008-01-22 18:39 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Grisoft
2008-01-22 18:39. 2007-05-30 12:10 10.872 - ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys
2008-01-22 18:18. 2008-01-22 18:18 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-22 18:15. 2008-02-05 21:48 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AVG7
2008-01-22 18:15. 2008-01-22 18:15 110.592 - ------ C: \ WINDOWS \ system32 \ avgfwafu.dll
2008-01-22 17:56. 2008-02-03 08:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Avg7
2008-01-21 21:10. 2008-01-22 18:14 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-20 16:33. 2008-01-20 16:33 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ErrorSmart
2008-01-19 10:09. 2008-01-19 10:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008-01-12 11:46. 2008-01-12 11:46 <DIR> d -------- C: \ Program Files \ Common Files \ Xing bendrai
2008-01-12 10:17. 2008-02-02 00:54 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-10 19:54. 2008-01-12 10:18 <DIR> d -------- C: \ Program Files \ Lavasoft
2008-01-10 19:38. 2008-01-10 19:38 <DIR> d -------- C: \ Program Files \ AVI Codec Pack
2008-01-10 18:51. 2005-04-05 14:18 135.168 - ------ C: \ WINDOWS \ system32 \ igfxres.dll
2008-01-09 19:20. 2008-01-09 19:20 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Yahoo!
2008-01-09 18:03. 2008-01-09 18:03 <DIR> D - h ----- C: \ WINDOWS \ PIF
2008-01-09 17:52. 2008-01-10 17:51 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ dvdcss
2008-01-08 18:20. 2007-03-05 05:00 421.888 - ------ C: \ WINDOWS \ system32 \ lxcedrs.dll
2008-01-08 18:20. 2007-01-30 10:22 413.696 - ------ C: \ WINDOWS \ system32 \ lxceinpa.dll
2008-01-08 18:20. 2007-01-30 10:35 397.312 - ------ C: \ WINDOWS \ system32 \ lxceiesc.dll
2008-01-08 18:20. 2007-02-22 18:32 344.064 - ------ C: \ WINDOWS \ system32 \ lxcecoin.dll
2008-01-08 18:20. 2006-10-03 23:21 330.030 - ------ C: \ WINDOWS \ system32 \ lxcehelp.chm
2008-01-08 18:20. 2007-01-30 10:18 323.584 - ------ C: \ WINDOWS \ system32 \ lxcehcp.dll
2008-01-08 18:20. 2007-01-30 10:35 274.432 - ------ C: \ WINDOWS \ system32 \ lxceinst.dll
2008-01-08 18:20. 2005-02-24 17:23 61.440 - ------ C: \ WINDOWS \ system32 \ lxcecnv4.dll
2008-01-07 20:59. 2008-01-07 20:59 54.156 - Ah ----- C: \ WINDOWS \ QTFont.qfn
2008-01-06 20:31. 2008-01-06 20:31 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ InstallShield
2008-01-06 20:18. 2008-01-06 20:35 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VersionTracker Pro
2008-01-05 16:23. 2008-01-05 16:23 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2
2008-01-05 16:23. 2006-10-04 14:06 1.197.294 --------- C: \ WINDOWS \ system32 \ dllcache \ Sysmain.sdb
2008-01-05 16:23. 2006-10-04 14:06 764.868 --------- C: \ WINDOWS \ system32 \ dllcache \ apph_sp.sdb
2008-01-05 16:23. 2006-10-04 14:06 217.118 --------- C: \ WINDOWS \ system32 \ dllcache \ Apphelp.sdb
2008-01-05 16:19. 2008-01-05 16:21 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008-01-05 15:19. 2008-01-05 15:19 <DIR> d -------- C: \ swsetup
2008-01-05 15:09. 2008-01-05 15:08 23.600 - ------ C: \ WINDOWS \ system32 \ drivers \ TVICHW32.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 23:25 --------- d ----- w C: \ Program Files \ Google
2008-01-31 10:50 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VSO
2008-01-24 17:31 --------- d ----- w C: \ Program Files \ Lx_cats
2008-01-18 19:58 --------- d ----- w C: \ Program Files \ DIVX
2008-01-18 19:57 --------- d ----- w C: \ Program Files \ Java
2008-01-18 19:56 --------- d ----- w C: \ Program Files \ Real
2008-01-12 11:45 --------- d ----- w C: \ Program Files \ Common Files \ Real
2008-01-12 10:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-12 10:18 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Lavasoft
2008-01-09 19:24 --------- d ----- w C: \ Program Files \ Yahoo!
2008-01-08 18:20 --------- d ----- w C: \ Program Files \ Lexmark 4.300 serija
2008-01-07 21:55 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AdobeUM
2008-01-04 20:45 --------- D - h - w C: \ Program Files \ InstallShield įrengimas Informacija
2008-01-04 19:57 --------- d ----- w C: \ Program Files \ Analog Devices
2008-01-04 19:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ PC Drivers Headquarters
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ Gabest
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ CyberLink
2008-01-02 23:18 --------- d ----- w C: \ Program Files \ Ahead
2008-01-02 23:14 --------- d ----- w C: \ Program Files \ Common Files \ Ahead
2007-12-29 14:16 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ DIVX
2007-12-22 11:48 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2007-12-21 16:06 47.360 ---- AW C: \ WINDOWS \ system32 \ drivers \ pcouffin.sys
2007-12-21 16:06 47.360 ---- AW C: \ Documents and Settings \ Ryan Glenn \ Application Data \ pcouffin.sys
2007-12-21 16:06 --------- d ----- w C: \ Program Files \ VSO
2007-12-11 20:36 --------- d ----- w C: \ Program Files \ Virtual Dub
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ Plugins
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ aviproxy
2007-12-10 19:47 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ PEGASYS Inc
2007-12-10 19:39 33.408 ---- AW C: \ WINDOWS \ system32 \ drivers \ CDRBSDRV.SYS
2007-12-06 01:47 --------- d ----- w C: \ Program Files \ MSN Messenger
2007-05-20 11:28 31.528 ---- AW C: \ Documents and Settings \ Ryan Glenn \ Application Data \ GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DellSupport" = "C: \ Program Files \ Dell Support \ DSAgnt.exe" [2004-07-19 07:51 306688]
"msnmsgr" = "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"Uniblue RegistryBooster 2" = "C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Patvarumas" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2005-04-05 19:23 114688]
"ISUSScheduler" = "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2004-07-27 16:50 81920]
"IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005-04-05 14:22 94208]
"HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-04-05 19:19 77824]
"LXCECATS" = "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 05:17 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4.300 serija \ lxcemon.exe" [2005-08-02 17:45 192512]
"EzPrint" = "C: \ Program Files \ Lexmark 4.300 serija \ ezprint.exe" [2005-07-26 12:17 94208]
"FaxCenterServer" = "C: \ Program Files \ Lexmark Faksas sprendimai \ fm3032.exe" [2005-07-12 09:36 299008]
"Problema su nautilus USB Diagnostics" = "C: \ Program Files \ Thomson \ problema su nautilus USB \ Dragdiag.exe" [2004-01-26 11:38 866816]
"PWRISOVM.EXE" = "C: \ Program Files \ PowerISO \ PWRISOVM.EXE" [2007-01-20 07:09 200704]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001-07-09 11:50 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-22 18:14 579072]
"! AVG Anti-spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-spyware 7,5 \ avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-22 18:14 219136]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ System]
"DisableRegistryTools" = 0 (0x0)
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "= C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SecurityProviders]
SecurityProviders msapsspc.dll, Schannel.dll, digest.dll, msnsspc.dll,
S1 SABKUTIL; SABKUTIL, C: \ Program Files \ SuperAdBlocker.com \ Super ad blocker \ SABKUTIL.sys []
.
Turinys "Scheduled Tasks" katalogą
"2008-02-05 21:51:05 C: \ WINDOWS \ Uždaviniai \ check Atnaujinimai Windows Live Toolbar.job"
- C: \ Program Files \ Windows Live Toolbar \ MSNTBUP.EXE
"2008-02-05 03:30:00 C: \ WINDOWS \ Uždaviniai \ ErrorSmart Numatoma Scan.job"
- C: \ Program Files \ ErrorSmart \ ErrorSmart.ex
- C: \ Program Files \ ErrorSmart
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 22:35:43
Windows 5.1.2600 Service Pack 2 NTFS
skenavimo paslėptus procesus ...
skenavimo paslėptas autostart entries ...
skenavimo paslėptus failus ...
skenavimas baigtas sėkmingai
paslėptus failus: 0
************************************************** ************************
.
------------------------ Kitos aktyvūs procesai ----------------------- --
.
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Grisoft \ AVG Anti-spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ locals ~ 1 \ Temp \ SSUPDATE.EXE
.
************************************************** ************************
.
Atlikimo laikas: 2008-02-05 22:38:02 - mašina buvo paleistas [Ryan Glenn]
ComboFix-karantine-files.txt 2008-02-05 22:37:46
.
2008-01-06 03:02:26 --- EOF ---
  #10  
Old 5 vasaris 2008, 15:55
Moderatorius Grupė
  
Pradėti CCleaner.

Post a new HijackThis.

Ar Combofix padėti?
__________________
Reply
Puslapis 1 iš 2 1 2

Register
Temos įrankiai



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Kompiuterių Sultys.
Kontaktas -- Privatumo -- Svetainės -- Viršus

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd SEO by © 2009 vBSEO, zaindeksowania, Inc