Smitfraud Virus

PK28 · #1 Februāris 5, 2008, 12:35

Sveiki
Es esmu jauns, lai valde, un es vēlētos palīdzēt likvidēt vīrusu, kas man var domāt, ka tas ir Smitfraud un tā ir nolaupīta manā pārlūkprogrammā. Man ir palaist AVG un Adaware, bet tas nepalīdz. OS ir XP šeit log. Thank you in advance for your help.

Logfile of HijackThis v1.99.1
Scan saglabāts 19:35:19, uz 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4.300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HJT \ HijackThis.exe
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [noturīgums] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-sākums
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4.300 Sērija \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4.300 Sērija \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fakss Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / icon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimāla
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / starta
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
Ø8 - ārpus konteksta menu item: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
Ø8 - ārpus konteksta izvēlnes vienums: Pievienot Windows & Live favorīti -- http://favorites.live.com/quickadd.aspx
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø11 - grupā Opcijas: [INTERNATIONAL] International *
Ø16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl klase) -- http://catalog.update.microsoft.com/...?1199470957562
Ø16 - DPF: (E8F628B5-259A-4.734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.37 212.139.132.36
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Paziņot: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown īpašnieks - C: \ WINDOWS \ system32 \ UAService7.exe

**evilfantasy** · #2 Februāris 5, 2008, 13:04

Welcome to CJ.

Log neuzrāda malware, bet mēs varam tuvāk apskatīt.

Lejupielādēt Malwarebytes "Anti-Malware uz Jūsu rakstāmgalda.

Veiciet dubultklikšķi uz mbam-setup.exe un sekojiet norādījumiem, lai instalētu programmu.
Gada beigās, pārliecinieties atzīmes atrodas blakus Update Malwarebytes "Anti-Malware un Launch Malwarebytes "Anti-Malware, Tad noklikšķiniet uz Apdare.
Ja atjaunināšana ir atrasts, tas lejupielādētu un instalētu jaunāko versiju.
Kad programma ir piekrauts, izvēlieties Veikt pilnu skenēšanas, Tad noklikšķiniet uz Scan.
Kad skenēšana ir pabeigta, noklikšķiniet uz OK, Tad Parādīt rezultātus apskatīt rezultātus.
Pārliecinieties, ka viss ir pārbaudīts, un noklikšķiniet uz Noņemt atlasīto.
Kad pabeigts, log tiks atvērts Notepad.
Dienests, piesakieties šeit.

Pārliecinieties, lai restartētu datoru.

Žurnālā var atrast arī šeit:
C: \ Documents and Settings \Lietotājvārds\ Application Data \ Malwarebytes \ Malwarebytes "Anti-Malware \ Logs \log -datums. txt
Vai C: \ Program Files \ Malwarebytes "Anti-Malware \ Logs \log -datums. txt

Next post lūdzu, pievienojiet
Malwarebytes log

PK28 · #3 Februāris 5, 2008, 13:51

Hi EF,

Paldies par ātru atbildi. Zemāk ir mans žurnāls ar Malware:

Malwarebytes "Anti-Malware 1,02
Database versija: 320
Scan type: Full Scan (: \ | C: \ |)
Objekti skenēts: 73.752
Pagājušo laiku: 23 minūte (s), 14 second (s)
Memory Processes Inficētie: 0
Memory Modules Inficētie: 0
Registry Keys Inficētie: 0
Reģistra vērtības Inficētie: 0
Registry Data Items Infected: 0
Mapes Inficētie: 0
Faili Inficētie: 3
Atmiņas procesi Inficētie:
(No ļaunprātīgs preces konstatētas)
Memory Modules Inficētie:
(No ļaunprātīgs preces konstatētas)
Registry Keys Inficētie:
(No ļaunprātīgs preces konstatētas)
Reģistra vērtības Inficētie:
(No ļaunprātīgs preces konstatētas)
Registry Data Items Infected:
(No ļaunprātīgs preces konstatētas)
Mapes Inficētie:
(No ļaunprātīgs preces konstatētas)
Faili Inficētie:
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk (Malware.Trace) -> Failed to dzēst. (Delete par reboot).
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ezpinst.exe (Heuristics.Malware) -> Karantīnā ievietotie un svītrots veiksmīgi.
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ inst.exe (Heuristics.Malware) -> Karantīnā ievietotie un svītrots veiksmīgi.

**evilfantasy** · #4 Februāris 5, 2008, 14:01

Izskatās labi līdz šim.

Blakus iet uz šo ziņu un do Step Two un Step Three - CCleaner un SuperAntispyware.

Post SuperAntispyware log kopā ar NEW HijackThis log in next post.

PK28 · #5 Februāris 5, 2008, 14:44

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/05/2008 at 09:34
Application Version: 3.9.1008
Core Noteikumi Database Version: 3.395
Trace Noteikumi Database Version: 1387
Scan type: Complete Scan
Kopā Scan Time: 00:22:21
Atmiņas vienības skenēts: 376
Memory draudiem detected: 0
Reģistra vienības skenēts: 5.837
Reģistrs draudiem detected: 0
File preces skenēts: 11.505
File draudiem detected: 5
Adware.Tracking Cookie
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn@ads.techguy [2]. Txt
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn @ revsci [2]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn @ pacificpoker [1]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn@videoegg.adbureau [2]. Txt
RootKit.TnCore / Trace
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk

Logfile of HijackThis v1.99.1
Scan saglabāts 21:43:56, uz 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4.300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [noturīgums] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-sākums
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4.300 Sērija \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4.300 Sērija \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fakss Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / icon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / Uzsākšana
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimāla
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / starta
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
Ø8 - ārpus konteksta menu item: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
Ø8 - ārpus konteksta izvēlnes vienums: Pievienot Windows & Live favorīti -- http://favorites.live.com/quickadd.aspx
Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown failu Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø11 - grupā Opcijas: [INTERNATIONAL] International *
Ø16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl klase) -- http://catalog.update.microsoft.com/...?1199470957562
Ø16 - DPF: (E8F628B5-259A-4.734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Paziņot: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
Ø20 - Winlogon Paziņot: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown īpašnieks - C: \ WINDOWS \ system32 \ UAService7.exe

**evilfantasy** · #6 Februāris 5, 2008, 14:54

Log izskatās naudas sodu tagad ir dators joprojām nesniedz ļaunprātīgas programmatūras norādes?

PK28 · #7 Februāris 5, 2008, 15:02

Jā, vēl pazīmes Malware unfortunatley ..

**evilfantasy** · #8 Februāris 5, 2008, 15:12

Lejupielādēt SmitfraudFix (pēc S! Ri) uz Jūsu rakstāmgalda.

Ekstrakts visus failus uz darbvirsmu.
Mape ar nosaukumu SmitfraudFix tiks izveidota uz darbvirsmas.

Open SmitfraudFix mapi un veiciet dubultklikšķi uz smitfraudfix.cmd

Izvēlieties opciju # 1 - Meklēt ierakstot 1 un nospiediet Enter
- Šī programma būs skenēšanas lielu daudzumu failu uz jūsu datora zināms modeļos tādēļ, lūdzu, esiet pacietīgi, kamēr tā darbojas.
- Kad tas ir paveikts, un skenēšanas tiks rādīta un tā radīs žurnāla nosaukumu rezultātus rapport.txt
  - Tas ir saknes jūsu diska, piemēram: Local Disk C: vai nodalījumu, kur jūsu operētājsistēma ir instalēta.
- Lūdzu, pievienojiet šo log jūsu nākamo atbildi.

Piezīme: process.exe (Ko izmanto SmitFraudFIx) atklāj dažas antivīrusu programmas (AntiVir, Dr.Web, Kaspersky) kā "RiskTool"; tas nav vīruss, Bet programma, ko izmanto, lai apturētu sistēmu procesiem. Antivīrusu programmas nevar atšķirt "labos" un "ļaunprātīga" lietot šādas programmas, tāpēc tās var brīdinājumu lietotājam.

http://www.beyondlogic.org/consultin...rocessutil.htm

----------

Lūdzu, lejupielādējiet Combofix ar subs no vienas no saitēm.
(Try visi trīs, ja nepieciešams)

Svarīgi! Combofix.exe Jābūt saglabāt un ilga no Desktop.

Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt Combofix.
Svarīgi! Laiku sakropļot jūsu antivīruss, script bloķēšana un visiem antispyware reāllaika aizsardzību pirms veic skenēšanu.
- Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību.
- Ja jūsu valsts nav sarakstā, un jūs nezināt, kā atspējot, lūdzu, jautājiet.
Brīdinājums: Combofix atvieno datoru no interneta. Savienojums tiek automātiski atjaunots pirms Combofix pabeidz palaist.
Dubultklikšķi combofix.exe un sekojiet norādījumiem.
- No tastatūras izvēlētos 1 un nospiediet Enter
Kad pabeigts, tas rada log for you.
Dienests, log jūsu nākamo atbildi.

Brīdinājums: Nav mouseclick combofix loga kamēr tas darbojas. Tas var izraisīt to stall

Ja Combofix nokļūst grūtībās, un to beidz priekšlaicīgi, savienojumu var manuāli atjaunoja restartējot datoru.
Svarīgi: Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware, pirms atjaunot saikni ar internetu.

----------

Next post
Smitfraudfix log
Combofix log

PK28 · #9 Februāris 5, 2008, 15:43

SmitFraudFix v2.281
Scan parakstīts 22:40:52.84, 05/02/2008
Skaitīt no C: \ Documents and Settings \ Ryan Glenn \ Desktop \ SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Failsistēmas veids ir NTFS
Fix darbosies parastajā režīmā
»»»»»»»»»»»»»»»»»»»»»»»» Process
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4.300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» Hosts

»»»»»»»»»»»»»»»»»»»»»»»» C: \

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Windows \ System

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ Web

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn \ Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ Favori ~ 1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Bojāti taustiņi

»»»»»»»»»»»»»»»»»»»»»»»» Stacionāro datoru komponentes

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
! Uzmanību pēc atslēgas nav neizbēgami inficēti!
IEDFix.exe by S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
! Uzmanību pēc atslēgas nav neizbēgami inficēti!
VACFix
Kredīti: Malware Analysis & Diagnostic
Kods: S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
! Uzmanību pēc atslēgas nav neizbēgami inficēti!
SrchSTS.exe by S! Ri
Meklēt SharedTaskScheduler's. Dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
! Uzmanību pēc atslēgas nav neizbēgami inficēti!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
! Uzmanību pēc atslēgas nav neizbēgami inficēti!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"System" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Apraksts: WAN (PPP / SLIP) Interface
DNS serveris Meklēt Order: 212.139.132.8
DNS serveris Meklēt Order: 212.139.132.9
HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS3 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37

»»»»»»»»»»»»»»»»»»»»»»»» Skenēšana Wininet.dll infekcija

»»»»»»»»»»»»»»»»»»»»»»»» End

ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00]
Sākot no: C: \ Documents and Settings \ Ryan Glenn \ Desktop \ ComboFix.exe
WARNING, šī mašīna nav atkop Installed!
.
((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
C: \ temp \ tn3
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ WINDOWS \ system32 \ install.exe
----- BITS: Iespējamie inficētās vietas -----
hxxp: / / www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers / Pakalpojumi )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ LEGACY_RMCASTT
------- \ rmcastt

((((((((((((((((((((((((( Faili Created no 2008/01/05 līdz 2008/02/05 ))))))))))) ))))))))))))))))))))
.
2008/02/05 22:22. 2008/02/05 22:23 <DIR> d -------- C: \ ComboFix [1]
2008/02/05 21:02. 2004/08/04 05:00 388.608 - ------ C: \ kmd.exe
2008/02/05 20:11. 2008/02/05 20:11 <DIR> d -------- C: \ Program Files \ Malwarebytes "Anti-Malware
2008/02/05 20:11. 2008/02/05 20:11 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Malwarebytes
2008/02/05 20:11. 2008/02/05 20:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/02/05 19:05. 2008/02/05 19:05 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Uniblue
2008/02/05 18:50. 2008/02/05 18:50 444 - ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2008/02/05 18:21. 2008/02/05 18:21 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Grisoft
2008/02/05 18:00. 2008/02/05 18:00 <DIR> d -------- C: \ Program Files \ RogueRemover FREE
2008/02/05 17:57. 2007/09/05 23:22 289.144 - ------ C: \ WINDOWS \ system32 \ VCCLSID.exe
2008/02/05 17:57. 2006/04/27 16:49 288.417 - ------ C: \ WINDOWS \ system32 \ SrchSTS.exe
2008/02/05 17:57. 2008/02/05 00:23 85.504 - ------ C: \ WINDOWS \ system32 \ VACFix.exe
2008/02/05 17:57. 2008/01/27 14:37 81.920 - ------ C: \ WINDOWS \ system32 \ IEDFix.exe
2008/02/05 17:57. 2003/06/05 20:13 53.248 - ------ C: \ WINDOWS \ system32 \ Process.exe
2008/02/05 17:57. 2004/07/31 17:50 51.200 - ------ C: \ WINDOWS \ system32 \ dumphive.exe
2008/02/05 17:57. 2007/10/03 23:36 25.600 - ------ C: \ WINDOWS \ system32 \ WS2Fix.exe
2008/02/04 19:47. 2008/02/04 19:47 <DIR> d -------- C: \ WINDOWS \ MaxSecureBackup
2008/02/04 19:46. 2008/02/04 19:57 <DIR> d -------- C: \ Program Files \ Max Registry Cleaner
2008/02/04 19:46. 2007/05/24 16:57 143.360 - ------ C: \ WINDOWS \ system32 \ GetHardDiskNo.dll
2008/02/04 19:46. 2008/02/04 19:46 63 - ------ C: \ Windows \ System \ SYSRegC.dll
2008/02/02 13:49. 2008/02/02 13:49 <DIR> d -------- C: \ Program Files \ Panicware
2008/02/01 20:22. 2008/02/05 22:17 3.352 - ------ C: \ WINDOWS \ system32 \ tmp.reg
2008/02/01 19:32. 2008/02/01 19:32 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SUPERAntiSpyware.com
2008/02/01 18:42. 2008/02/05 19:56 <DIR> d -------- C: \ Program Files \ HJT
2008/02/01 18:39. 2008/02/01 18:39 <DIR> d -------- C: \ Program Files \ FileASSASSIN
2008/02/01 18:31. 2008/02/01 18:31 100 - ------ C: \ WINDOWS \ system32 \ ikhcore.cfg
2008/02/01 18:21. 2005/09/23 07:29 626.688 - ------ C: \ WINDOWS \ system32 \ msvcr80.dll
2008/01/31 20:28. 2008/01/31 20:28 <DIR> d -------- C: \ VundoFix Backups
2008/01/31 19:34. 2008/02/05 22:26 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008/01/31 19:34. 2008/02/02 00:55 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SUPERAntiSpyware.com
2008/01/31 19:34. 2008/01/31 19:34 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008/01/29 22:28. 2008/01/29 22:28 <DIR> d -------- C: \ Program Files \ Common Files \ Download Manager
2008/01/29 22:08. 2008/02/01 18:49 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008/01/29 21:15. 2008/02/03 17:03 <DIR> d -------- C: \ Program Files \ SpywareBlaster
2008/01/23 18:08. 2008/01/23 18:08 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SuperAdBlocker.com
2008/01/22 18:39. 2008/01/22 18:39 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Grisoft
2008/01/22 18:39. 2007/05/30 12:10 10.872 - ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys
2008/01/22 18:18. 2008/01/22 18:18 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008/01/22 18:15. 2008/02/05 21:48 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AVG7
2008/01/22 18:15. 2008/01/22 18:15 110.592 - ------ C: \ WINDOWS \ system32 \ avgfwafu.dll
2008/01/22 17:56. 2008/02/03 08:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Avg7
2008/01/21 21:10. 2008/01/22 18:14 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008/01/20 16:33. 2008/01/20 16:33 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ErrorSmart
2008/01/19 10:09. 2008/01/19 10:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008/01/12 11:46. 2008/01/12 11:46 <DIR> d -------- C: \ Program Files \ Common Files \ xing dalītas
2008/01/12 10:17. 2008/02/02 00:54 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008/01/10 19:54. 2008/01/12 10:18 <DIR> d -------- C: \ Program Files \ Lavasoft
2008/01/10 19:38. 2008/01/10 19:38 <DIR> d -------- C: \ Program Files \ AVI Codec Pack
2008/01/10 18:51. 2005/04/05 14:18 135.168 - ------ C: \ WINDOWS \ system32 \ igfxres.dll
2008/01/09 19:20. 2008/01/09 19:20 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Yahoo!
2008/01/09 18:03. 2008/01/09 18:03 <DIR> d - h ----- C: \ WINDOWS \ PIF
2008/01/09 17:52. 2008/01/10 17:51 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ dvdcss
2008/01/08 18.20. 2007/03/05 05:00 421.888 - ------ C: \ WINDOWS \ system32 \ lxcedrs.dll
2008/01/08 18.20. 2007/01/30 10:22 413.696 - ------ C: \ WINDOWS \ system32 \ lxceinpa.dll
2008/01/08 18.20. 2007/01/30 10:35 397.312 - ------ C: \ WINDOWS \ system32 \ lxceiesc.dll
2008/01/08 18.20. 2007/02/22 18:32 344.064 - ------ C: \ WINDOWS \ system32 \ lxcecoin.dll
2008/01/08 18.20. 2006/10/03 23:21 330.030 - ------ C: \ WINDOWS \ system32 \ lxcehelp.chm
2008/01/08 18.20. 2007/01/30 10:18 323.584 - ------ C: \ WINDOWS \ system32 \ lxcehcp.dll
2008/01/08 18.20. 2007/01/30 10:35 274.432 - ------ C: \ WINDOWS \ system32 \ lxceinst.dll
2008/01/08 18.20. 2005/02/24 17:23 61.440 - ------ C: \ WINDOWS \ system32 \ lxcecnv4.dll
2008/01/07 20:59. 2008/01/07 20:59 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2008/01/06 20:31. 2008/01/06 20:31 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ InstallShield
2008/01/06 20:18. 2008/01/06 20:35 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VersionTracker Pro
2008/01/05 16:23. 2008/01/05 16:23 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2
2008/01/05 16:23. 2006/10/04 14:06 1.197.294 --------- C: \ WINDOWS \ system32 \ dllcache \ Sysmain.sdb
2008/01/05 16:23. 2006/10/04 14:06 764.868 --------- C: \ WINDOWS \ system32 \ dllcache \ apph_sp.sdb
2008/01/05 16:23. 2006/10/04 14:06 217.118 --------- C: \ WINDOWS \ system32 \ dllcache \ apphelp.sdb
2008/01/05 16:19. 2008/01/05 16:21 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008/01/05 15:19. 2008/01/05 15:19 <DIR> d -------- C: \ swsetup
2008/01/05 15:09. 2008/01/05 15:08 23.600 - ------ C: \ WINDOWS \ system32 \ drivers \ TVICHW32.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/02/03 23:25 --------- d ----- w C: \ Program Files \ Google
2008/01/31 10:50 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ vso
2008/01/24 17:31 --------- d ----- w C: \ Program Files \ Lx_cats
2008/01/18 19:58 --------- d ----- w C: \ Program Files \ DivX
2008/01/18 19:57 --------- d ----- w C: \ Program Files \ Java
2008/01/18 19:56 --------- d ----- w C: \ Program Files \ Real
2008/01/12 11:45 --------- d ----- w C: \ Program Files \ Common Files \ Real
2008/01/12 10:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008/01/12 10:18 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Lavasoft
2008/01/09 19:24 --------- d ----- w C: \ Program Files \ Yahoo!
2008/01/08 18:20 --------- d ----- w C: \ Program Files \ Lexmark 4.300 Series
2008/01/07 21:55 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AdobeUM
2008/01/04 20:45 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008/01/04 19:57 --------- d ----- w C: \ Program Files \ Analog Devices
2008/01/04 19:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ PC Drivers Headquarters
2008/01/04 18:08 --------- d ----- w C: \ Program Files \ Gabest
2008/01/04 18:08 --------- d ----- w C: \ Program Files \ CyberLink
2008/01/02 23:18 --------- d ----- w C: \ Program Files \ Ahead
2008/01/02 23:14 --------- d ----- w C: \ Program Files \ Common Files \ Ahead
2007/12/29 14:16 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ DivX
2007/12/22 11:48 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2007/12/21 16:06 47.360 ---- aw C: \ WINDOWS \ system32 \ drivers \ pcouffin.sys
2007/12/21 16:06 47.360 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ pcouffin.sys
2007/12/21 16:06 --------- d ----- w C: \ Program Files \ VSO
2007/12/11 20:36 --------- d ----- w C: \ Program Files \ Virtual Dub
2007/12/10 20:22 --------- d ----- w C: \ Program Files \ plugins
2007/12/10 20:22 --------- d ----- w C: \ Program Files \ aviproxy
2007/12/10 19:47 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Pegasys Inc
2007/12/10 19:39 33.408 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDRBSDRV.SYS
2007/12/06 01:47 --------- d ----- w C: \ Program Files \ MSN Messenger
2007/05/20 11:28 31.528 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DellSupport" = "C: \ Program Files \ Dell Support \ DSAgnt.exe" [2004/07/19 07:51 306.688]
"msnmsgr" = "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" [2007/01/19 12:54 5.674.352]
"updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe" [2006/03/30 16:45 313.472]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007/06/21 14:06 1.318.912]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004/08/04 05:00 15.360]
"Uniblue RegistryBooster 2" = "C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Noturība" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2005/04/05 19:23 114.688]
"ISUSScheduler" = "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2004/07/27 16:50 81.920]
"IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005/04/05 14:22 94.208]
"HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005/04/05 19:19 77.824]
"LXCECATS" = "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007/02/22 05:17 73.728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4.300 Sērija \ lxcemon.exe" [2005/08/02 17:45 192.512]
"EzPrint" = "C: \ Program Files \ Lexmark 4.300 Sērija \ ezprint.exe" [2005/07/26 12:17 94.208]
"FaxCenterServer" = "C: \ Program Files \ Lexmark Fakss Solutions \ fm3032.exe" [2005/07/12 09:36 299.008]
"SpeedTouch USB Diagnostics" = "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" [2004/01/26 11:38 866.816]
"PWRISOVM.EXE" = "C: \ Program Files \ PowerISO \ PWRISOVM.EXE" [2007/01/20 07:09 200.704]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e XE" [2001/07/09 11:50 155.648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007/09/25 00:11 132.496]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008/01/22 18:14 579.072]
! AVG Anti-Spyware "=" C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe "[2007/06/11 09:25 6.731.312]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2004/08/04 05:00 15.360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008/01/22 18:14 219.136]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ reader_sl.exe [2005/09/23 22:05:26 29.696]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001/02/13 01:01:04 83.360]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Policies \ SYSTEM]
"DisableRegistryTools" = 0 (0x0)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006/12/20 13:55 77.824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007/04/19 13:41 294.912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
S1 SABKUTIL; SABKUTIL, C: \ Program Files \ SuperAdBlocker.com \ Super Ad Blocker \ SABKUTIL.sys []
.
Saturs "Scheduled Tasks" mape
"2008/02/05 21:51:05 C: \ WINDOWS \ Uzdevumi \ Pārbaudīt atjauninājumus Windows Live Toolbar.job"
- C: \ Program Files \ Windows Live Toolbar \ MSNTBUP.EXE
"2008/02/05 03:30:00 C: \ WINDOWS \ Uzdevumi \ ErrorSmart Scheduled Scan.job"
- C: \ Program Files \ ErrorSmart \ ErrorSmart.ex
- C: \ Program Files \ ErrorSmart
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/02/05 22:35:43
Windows 5.1.2600 Service Pack 2 NTFS
skenēšana slēptās procesi ...
skenēšana slēptās palaišana ieraksti ...
skenēšana slēptos failus ...
scan sekmīgi pabeigta
slēptos failus: 0
************************************************** ************************
.
------------------------ Citi Running Processes ----------------------- --
.
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ Lokālie ~ 1 \ Temp \ SSUPDATE.EXE
.
************************************************** ************************
.
Pabeigšanas laiks: 2008/02/05 22:38:02 - mašīna bija rebooted [Ryan Glenn]
ComboFix-karantīnā-files.txt 2008/02/05 22:37:46
.
2008/01/06 03:02:26 --- EOF ---

**evilfantasy** · #10 Februāris 5, 2008, 15:55

Run CCleaner.

Post NEW HijackThis log.

Vai Combofix palīdzēt?

Similar Threads
Pavediens	Thread Starter	Forums	Replies	Last Post
Mani draugi MAC ir vīruss ... Umm ... yeah ... Virus ...	cheesepuff	Vīrusu, spiegprogrammatūru un drošība	3	29 oktobris 2008 12:58
Smitfraud-C Viņš negrib mirt!	PlatSpin	Vīrusu, spiegprogrammatūru un drošība	13	19 augusts 2008 10:24
Smitfraud-c.msvps	guccijana	Vīrusu, spiegprogrammatūru un drošība	158	30 janvāris 2008 20:07
Smitfraudfix.exe - Smitfraud-C.Toolbar888	Hybr! D	Vīrusu, spiegprogrammatūru un drošība	1	29 oktobris 2007 11:02
Zlob, smitfraud, pop ups, red wallpaper izmaiņas	guccijana	Vīrusu, spiegprogrammatūru un drošība	20	30 septembris 2007 20:26