mai mică de capital,

Magazine
Go Back   Computer JUICE > Computer Software > Nume, Spyware & Securitate
Reload this Page

Smitfraud Nume

Inregistrare Site-ul Spy Lista de stat Doneaza Căuta Posturi de azi Marchează forumurile citite Forum Regulamentul

Register


 Default 

Smitfraud Nume




Reply
Pagina 1 din 2 1 2
 
Thread Tools
  #1  
Old 5 februarie 2008, 12:35
Noile state Group
  
Default Smitfraud Nume

Salut
Sunt nou la bord şi aş dori ajuta la eliminarea un virus care am putea crede ca aceasta să fie Smitfraud şi le-a furat browser-ul meu. Eu am alerga AVG si AdAware dar nu ajuta. OS este XP aici este jurnalul. Vă mulţumim anticipat pentru ajutor.


Logfile de HijackThis v1.99.1
Scan saved at 19:35:19, la 05.02.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Windows \ system32 \ cisvc.exe
C: \ Windows \ system32 \ lxcecoms.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ igfxpers.exe
C: \ Windows \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HJT \ HIJACKTHIS.EXE
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Persistenţa] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / icon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimizate
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / pornire
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / fundal
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra context menu item: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra context menu item: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file)
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network de diagnostic \ xpnetdiag.exe (fişierul lipseşte)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network de diagnostic \ xpnetdiag.exe (fişierul lipseşte)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Class) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.37 212.139.132.36
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C: \ Windows \ system32 \ igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Conştient 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM User Access Service (v7) (UserAccess7) - Unknown owner - C: \ Windows \ system32 \ UAService7.exe
  #2  
Old 5 februarie 2008, 13:04
Moderator Group
  
Default Smitfraud Nume

Bine ati venit la CJ.

Jurnal nu arată nici un malware-ului, dar putem lua o privire mai atentă.

Descărca Malwarebytes' Anti-Malware pe desktop.
  • Faceţi dublu-clic pe mbam-setup.exe şi urmăriţi solicitările pentru a instala programul.
  • La sfârşitul, asiguraţi-vă că un checkmark este plasat lângă Update Malwarebytes' Anti-Malware şi Lansarea Malwarebytes' Anti-Malware, Apoi faceţi clic pe Terminare.
  • Dacă o actualizare este găsit, va descărca şi instala ultima versiune.
  • După ce programul a încărcat, selectaţi Efectuaţi scanare completă, Apoi faceţi clic pe Scanare.
  • Când scanarea este completă, faceţi clic pe OK, Apoi Afişare rezultate pentru a vedea rezultatele.
  • Asiguraţi-vă că totul este verificată, şi faceţi clic pe Eliminaţi selectate.
  • Când se încheie, un jurnal se va deschide în Notepad.
  • Post care vă conectaţi din nou aici.
Asiguraţi-vă că pentru a reporni computerul.

Jurnalul poate fi, de asemenea, găsite aici:
C: \ Documents and Settings \Nume de utilizator\ Application Data \ Malwarebytes \ Malwarebytes' Anti-Malware \ Rapoarte \log -dată. txt
Sau la C: \ Program Files \ Malwarebytes' Anti-Malware \ Rapoarte \log -dată. txt

Înainte posta, vă rugăm să adăugaţi
MalwareBytes jurnal
__________________
  #3  
Old 5 februarie 2008, 13:51
Noile state Group
  
Default Smitfraud Nume

Max EF,

Multumesc pentru raspuns rapid. Mai jos este jurnalul meu pentru Malware:

Malwarebytes' Anti-Malware 1.02
Baza de date versiune: 320
Tip de scanare: scanare completa (A: \ | C: \ |)
Obiecte scanate: 73752
Timpul scurs: 23 minute (s), 14 secunde (s),
Memory Processes Infected: 0
Memory Modules Infected: 0
Chei de Registry Infected: 0
Registry Values Infected: 0
Registrul de date Elemente Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(Nici un rău elemente detectat)
Memory Modules Infected:
(Nici un rău elemente detectat)
Chei de Registry Infected:
(Nici un rău elemente detectat)
Registry Values Infected:
(Nici un rău elemente detectat)
Registrul de date Elemente Infected:
(Nici un rău elemente detectat)
Folders Infected:
(Nici un rău elemente detectat)
Files Infected:
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk (Malware.Trace) -> a eşuat pentru a şterge. (Ştergeţi la repornirea sistemului).
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ezpinst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Ryan Glenn \ Application Data \ inst.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
  #4  
Old 5 februarie 2008, 14:01
Moderator Group
  
Default Smitfraud Nume

Arată bine până acum.

Înainte de a merge acest post şi face Pasul Doi şi Etapa a treia - CCleaner si SUPERAntiSpyware.

Post SUPERAntiSpyware jurnal, împreună cu un Hijackthis NOU jurnal în acest post următor.
__________________
  #5  
Old 5 februarie 2008, 14:44
Noile state Group
  
Default Smitfraud Nume

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
AM Generated 02.05.2008 la 09:34
Application Version: 3-9-1008
Core Reguli Baza de date Versiune: 3395
Trace Reguli Baza de date Versiune: 1387
Scan type: Complete Scan
Total Scan Ora: 00:22:21
Elemente de memorie scanate: 376
Memorie ameninţările detectate: 0
Registrul articole scanate: 5837
Registrul ameninţările detectate: 0
Elemente Fişier scanate: 11505
File ameninţările detectate: 5
Adware.Tracking Cookie
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn@ads.techguy [2]. Txt
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn @ revsci [2]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn @ PacificPoker [1]. Txt
C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn@videoegg.adbureau [2]. Txt
RootKit.TnCore / Trace
C: \ Windows \ system32 \ drivers \ core.cache.dsk


Logfile de HijackThis v1.99.1
Scan saved at 21:43:56, la 05.02.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Windows \ system32 \ cisvc.exe
C: \ Windows \ system32 \ lxcecoms.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ Windows \ system32 \ igfxpers.exe
C: \ Windows \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Persistenţa] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / icon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimizate
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / pornire
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / fundal
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra context menu item: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra context menu item: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network de diagnostic \ xpnetdiag.exe (fişierul lipseşte)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network de diagnostic \ xpnetdiag.exe (fişierul lipseşte)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Class) -- http://catalog.update.microsoft.com/...?1199470957562
O16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): nume = 212.139.132.36 212.139.132.37
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C: \ Windows \ system32 \ igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Conştient 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: SecuROM User Access Service (v7) (UserAccess7) - Unknown owner - C: \ Windows \ system32 \ UAService7.exe
  #6  
Old 5 februarie 2008, 14:54
Moderator Group
  
Default Smitfraud Nume

Jurnal arată bine acum, este încă de calculator care orice indicaţii de malware?
__________________
  #7  
Old 5 februarie 2008, 15:02
Noile state Group
  
Default Smitfraud Nume

Da, încă mai prezintă semne de Malware .. unfortunatley
  #8  
Old 5 februarie 2008, 15:12
Moderator Group
  
Default Smitfraud Nume

Descărca SmitfraudFix (by S! Ri) pe Desktop.
  • Extras toate fişierele pentru a vă Destop.
  • Un dosar numit SmitfraudFix va fi creat pe desktop.
  • Deschideţi folderul SmitfraudFix şi faceţi dublu-clic pe smitfraudfix.cmd
  • Selectaţi opţiunea # 1 - Căutaţi prin tastarea 1 şi apăsaţi Introduceţi
    • Acest program va scana cantităţi mari de fişiere de pe computer pentru cunoscute modele deci aşteptaţi în timp ce funcţionează.
    • Când este gata, rezultatele de scanare va fi afişat şi va crea un jurnal numit rapport.txt
      • Aceasta este în rădăcina de unitate, de exemplu: Local Disk C: partiţie sau în cazul în care sistemul de operare este instalat.
    • Vă rugăm să anexaţi acest jurnal în următoarea replică.
  • Notă: process.exe (Care este utilizat de SmitFraudFIx) este detectat de către unele programe antivirus (AntiVir, Dr.Web, Kaspersky) ca fiind o "RiskTool"; nu este un virus, Dar un program folosit pentru a opri sistemul de procese. Programe antivirus nu poate face distincţia între "bine" şi "rău" de utilizare a unor astfel de programe, prin urmare, ele pot atenţiona utilizatorul.
----------

Vă rugăm să descărcaţi Combofix de sUBs de la unul din link-urile de mai jos.
(Încearcă toate trei, dacă este necesar)Important! Combofix.exe TREBUIE SĂ pentru a fi salvate şi a fugit de la Spaţiul de lucru.
  • Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc), înainte de a începe Combofix.
  • Important! Temporar dezactiva al tău antivirus, script-ul de blocare , precum şi orice antispyware de protecţie în timp real înainte care efectuează o scanare.
    • Faceţi clic pe acest link pentru a vedea o listă de programe de securitate care ar trebui să fie cu handicap şi modul de dezactivare a lor.
    • Dacă dumneavoastră nu este în listă şi nu ştiţi cum să dezactivaţi-l, vă rugăm să întrebaţi.
  • Atenţie: Combofix deconectează computerul de pe internet. Conexiunea este restabilit în mod automat înainte de Combofix completeaza sa fugi.
  • Faceţi dublu clic combofix.exe & urmăriţi solicitările.
    • De la tastatura, selectaţi 1 şi apăsaţi Introduceţi
  • Când aţi terminat, se va produce un jurnal pentru tine.
  • Post-vă că intraţi în următorul răspuns.
Atenţie: Nu mouseclick combofix fereastra în timp ce se execută. Care pot determina să-l băga în grajd
  • Dacă Combofix rulează în dificultate şi se termină prematur, conexiunea poate fi restaurată de manual reporniţi computerul.
  • Important: Amintiţi-vă pentru a reactiva antivirus şi antispyware, înainte de reconnecting la Internet.
----------

Înainte post
Smitfraudfix jurnal
Combofix jurnal
__________________
  #9  
Old 5 februarie 2008, 15:43
Noile state Group
  
Default Smitfraud Nume

SmitFraudFix v2.281
Scan încheiat la 22:40:52.84, 05.02.2008
A alerga de la C: \ Documents and Settings \ Ryan Glenn \ Desktop \ SmitFraudFix
Sistem de operare: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Este tipul de sistem de fişiere NTFS
Fix rula în modul normal
Procesul de »»»»»»»»»»»»»»»»»»»»»»»»
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Windows \ system32 \ lxcecoms.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Windows \ system32 \ igfxpers.exe
C: \ Windows \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Windows \ system32 \ notepad.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Windows \ system32 \ cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» Găzduieşte

»»»»»»»»»»»»»»»»»»»»»»»» C: \

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C: \ windows \ system

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ Web

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Windows \ system32

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn \ Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ Favori ~ 1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted chei

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Componente


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!! Atentie, următoarele chei nu sunt în mod inevitabil, infectate!!!
IEDFix.exe de S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!! Atentie, următoarele chei nu sunt în mod inevitabil, infectate!!!
VACFix
Credite: Malware & Analiza de diagnostic
Cod: S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!! Atentie, următoarele chei nu sunt în mod inevitabil, infectate!!!
SrchSTS.exe de S! Ri
Cautati SharedTaskScheduler lui. Dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!! Atentie, următoarele chei nu sunt în mod inevitabil, infectate!!!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!! Atentie, următoarele chei nu sunt în mod inevitabil, infectate!!!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"System" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Descriere: WAN (PPP / SLIP) Interface
Server DNS Cauta Ordine: 212.139.132.8
Server DNS Cauta Ordine: 212.139.132.9
HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS3 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37

»»»»»»»»»»»»»»»»»»»»»»»» De scanare pentru Wininet.dll infecţie

»»»»»»»»»»»»»»»»»»»»»»»» Sfârşit




ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00]
Running de la: C: \ Documents and Settings \ Ryan Glenn \ Desktop \ ComboFix.exe
AVERTISMENT-această maşină nu are instalat Consola de recuperare!!
.
Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Windows \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
C: \ temp \ tn3
C: \ Windows \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ WINDOWS \ system32 \ install.exe
----- BITS: posibile site-uri infectate -----
hxxp: / / www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivere / Servicii )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ LEGACY_RMCASTT
------- \ rmcastt

((((((((((((((((((((((((( Dosar Creat de la 2008-01-05 la 2008-02-05 ))))))))))) ))))))))))))))))))))
.
2008-02-05 22:22. 2008-02-05 22:23 <DIR> d -------- C: \ ComboFix [1]
2008-02-05 21:02. 2004-08-04 05:00 388.608 - un ------ C: \ kmd.exe
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Malwarebytes
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-02-05 19:05. 2008-02-05 19:05 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Uniblue
2008-02-05 18:50. 2008-02-05 18:50 444 - a ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2008-02-05 18:21. 2008-02-05 18:21 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Grisoft
2008-02-05 18:00. 2008-02-05 18:00 <DIR> d -------- C: \ Program Files \ RogueRemover GRATUIT
2008-02-05 17:57. 2007-09-05 23:22 289.144 - un ------ C: \ WINDOWS \ system32 \ VCCLSID.exe
2008-02-05 17:57. 2006-04-27 16:49 288.417 - un ------ C: \ WINDOWS \ system32 \ SrchSTS.exe
2008-02-05 17:57. 2008-02-05 00:23 85.504 - a ------ C: \ WINDOWS \ system32 \ VACFix.exe
2008-02-05 17:57. 2008-01-27 14:37 81.920 - a ------ C: \ WINDOWS \ system32 \ IEDFix.exe
2008-02-05 17:57. 2003-06-05 20:13 53.248 - a ------ C: \ WINDOWS \ system32 \ Process.exe
2008-02-05 17:57. 2004-07-31 17:50 51.200 - a ------ C: \ WINDOWS \ system32 \ dumphive.exe
2008-02-05 17:57. 2007-10-03 23:36 25.600 - a ------ C: \ WINDOWS \ system32 \ WS2Fix.exe
2008-02-04 19:47. 2008-02-04 19:47 <DIR> d -------- C: \ WINDOWS \ MaxSecureBackup
2008-02-04 19:46. 2008-02-04 19:57 <DIR> d -------- C: \ Program Files \ Max Registry Cleaner
2008-02-04 19:46. 2007-05-24 16:57 143.360 - un ------ C: \ WINDOWS \ system32 \ GetHardDiskNo.dll
2008-02-04 19:46. 2008-02-04 19:46 63 - a ------ C: \ WINDOWS \ SYSTEM \ SYSRegC.dll
2008-02-02 13:49. 2008-02-02 13:49 <DIR> d -------- C: \ Program Files \ Panicware
2008-02-01 20:22. 2008-02-05 22:17 3.352 - o ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-02-01 19:32. 2008-02-01 19:32 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SUPERAntiSpyware.com
2008-02-01 18:42. 2008-02-05 19:56 <DIR> d -------- C: \ Program Files \ HJT
2008-02-01 18:39. 2008-02-01 18:39 <DIR> d -------- C: \ Program Files \ FileASSASSIN
2008-02-01 18:31. 2008-02-01 18:31 100 - a ------ C: \ WINDOWS \ system32 \ ikhcore.cfg
2008-02-01 18:21. 2005-09-23 07:29 626.688 - un ------ C: \ WINDOWS \ system32 \ msvcr80.dll
2008-01-31 20:28. 2008-01-31 20:28 <DIR> d -------- C: \ Backups VundoFix
2008-01-31 19:34. 2008-02-05 22:26 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-31 19:34. 2008-02-02 00:55 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SUPERAntiSpyware.com
2008-01-31 19:34. 2008-01-31 19:34 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-29 22:28. 2008-01-29 22:28 <DIR> d -------- C: \ Program Files \ Common Files \ Download Manager
2008-01-29 22:08. 2008-02-01 18:49 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-01-29 21:15. 2008-02-03 17:03 <DIR> d -------- C: \ Program Files \ SpywareBlaster
2008-01-23 18:08. 2008-01-23 18:08 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SuperAdBlocker.com
2008-01-22 18:39. 2008-01-22 18:39 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Grisoft
2008-01-22 18:39. 2007-05-30 12:10 10.872 - a ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys
2008-01-22 18:18. 2008-01-22 18:18 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-22 18:15. 2008-02-05 21:48 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AVG7
2008-01-22 18:15. 2008-01-22 18:15 110.592 - un ------ C: \ WINDOWS \ system32 \ avgfwafu.dll
2008-01-22 17:56. 2008-02-03 08:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ AVG7
2008-01-21 21:10. 2008-01-22 18:14 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-20 16:33. 2008-01-20 16:33 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ErrorSmart
2008-01-19 10:09. 2008-01-19 10:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files
2008-01-12 11:46. 2008-01-12 11:46 <DIR> d -------- C: \ Program Files \ Common Files \ Xing la comun de
2008-01-12 10:17. 2008-02-02 00:54 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-10 19:54. 2008-01-12 10:18 <DIR> d -------- C: \ Program Files \ Lavasoft
2008-01-10 19:38. 2008-01-10 19:38 <DIR> d -------- C: \ Program Files \ AVI Codec Pack
2008-01-10 18:51. 2005-04-05 14:18 135.168 - un ------ C: \ WINDOWS \ system32 \ igfxres.dll
2008-01-09 19:20. 2008-01-09 19:20 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Yahoo!
2008-01-09 18:03. 2008-01-09 18:03 <DIR> d - h ----- C: \ WINDOWS \ PIF
2008-01-09 17:52. 2008-01-10 17:51 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ dvdcss
2008-01-08 18:20. 2007-03-05 05:00 421.888 - un ------ C: \ WINDOWS \ system32 \ lxcedrs.dll
2008-01-08 18:20. 2007-01-30 10:22 413.696 - un ------ C: \ WINDOWS \ system32 \ lxceinpa.dll
2008-01-08 18:20. 2007-01-30 10:35 397.312 - un ------ C: \ WINDOWS \ system32 \ lxceiesc.dll
2008-01-08 18:20. 2007-02-22 18:32 344.064 - un ------ C: \ WINDOWS \ system32 \ lxcecoin.dll
2008-01-08 18:20. 2006-10-03 23:21 330.030 - un ------ C: \ WINDOWS \ system32 \ lxcehelp.chm
2008-01-08 18:20. 2007-01-30 10:18 323.584 - un ------ C: \ WINDOWS \ system32 \ lxcehcp.dll
2008-01-08 18:20. 2007-01-30 10:35 274.432 - un ------ C: \ WINDOWS \ system32 \ lxceinst.dll
2008-01-08 18:20. 2005-02-24 17:23 61.440 - a ------ C: \ WINDOWS \ system32 \ lxcecnv4.dll
2008-01-07 20:59. 2008-01-07 20:59 54.156 - Ah ----- C: \ WINDOWS \ QTFont.qfn
2008-01-06 20:31. 2008-01-06 20:31 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ InstallShield
2008-01-06 20:18. 2008-01-06 20:35 <DIR> d -------- C: \ Documents and Settings \ Glenn Ryan \ Application Data \ VersionTracker Pro
2008-01-05 16:23. 2008-01-05 16:23 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2
2008-01-05 16:23. 2006-10-04 14:06 1.197.294 --------- C: \ WINDOWS \ system32 \ dllcache \ sysmain.sdb
2008-01-05 16:23. 2006-10-04 14:06 764,868 --------- C: \ WINDOWS \ system32 \ dllcache \ apph_sp.sdb
2008-01-05 16:23. 2006-10-04 14:06 217,118 --------- C: \ WINDOWS \ system32 \ dllcache \ apphelp.sdb
2008-01-05 16:19. 2008-01-05 16:21 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008-01-05 15:19. 2008-01-05 15:19 <DIR> d -------- C: \ swsetup
2008-01-05 15:09. 2008-01-05 15:08 23.600 - a ------ C: \ WINDOWS \ system32 \ drivers \ TVICHW32.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 23:25 --------- d ----- w C: \ Program Files \ Google
2008-01-31 10:50 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VSO
2008-01-24 17:31 --------- d ----- w C: \ Program Files \ Lx_cats
2008-01-18 19:58 --------- d ----- w C: \ Program Files \ DivX
2008-01-18 19:57 --------- d ----- w C: \ Program Files \ Java
2008-01-18 19:56 --------- d ----- w C: \ Program Files \ Real
2008-01-12 11:45 --------- d ----- w C: \ Program Files \ Common Files \ Real
2008-01-12 10:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-12 10:18 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Lavasoft
2008-01-09 19:24 --------- d ----- w C: \ Program Files \ Yahoo!
2008-01-08 18:20 --------- d ----- w C: \ Program Files \ Lexmark 4300 Series
2008-01-07 21:55 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AdobeUM
2008-01-04 20:45 --------- d - h - w C: \ Program Files \ de instalare InstallShield Informaţii
2008-01-04 19:57 --------- d ----- w C: \ Program Files \ Analog Devices
2008-01-04 19:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ PC-ul Drivers Sediul Central
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ Gabest
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ CyberLink
2008-01-02 23:18 --------- d ----- w C: \ Program Files \ Ahead
2008-01-02 23:14 --------- d ----- w C: \ Program Files \ Common Files \ Ahead
2007-12-29 14:16 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ DivX
2007-12-22 11:48 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ vsosdk
2007-12-21 16:06 47.360 ---- aw C: \ WINDOWS \ system32 \ drivers \ pcouffin.sys
2007-12-21 16:06 47.360 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ pcouffin.sys
2007-12-21 16:06 --------- d ----- w C: \ Program Files \ VSO
2007-12-11 20:36 --------- d ----- w C: \ Program Files \ Virtual Dub
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ plugin-uri
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ aviproxy
2007-12-10 19:47 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Pegasys Inc
2007-12-10 19:39 33.408 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDRBSDRV.SYS
2007-12-06 01:47 --------- d ----- w C: \ Program Files \ MSN Messenger
2007-05-20 11:28 31.528 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DellSupport" = "C: \ Program Files \ Dell Support \ DSAgnt.exe" [2004-07-19 07:51 306688]
"Yahoo! Pager" = "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"Uniblue RegistryBooster 2" = "C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Persistenţa:" = "C: \ WINDOWS \ system32 \ e igfxpers.ex" [2005-04-05 19:23 114688]
"ISUSScheduler" = "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2004-07-27 16:50 81920]
"IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005-04-05 14:22 94208]
"WinampAgent" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-04-05 19:19 77824]
"LXCECATS" = "C: \ WINDOWS \ System32 \ Spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 05:17 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2005-08-02 17:45 192512]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2005-07-26 12:17 94208]
"FaxCenterServer" = "C: \ Program Files \ Lexmark Soluţii Fax \ fm3032.exe" [2005-07-12 09:36 299008]
"SpeedTouch USB Diagnostics" = "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" [2004-01-26 11:38 866816]
"PWRISOVM.EXE" = "C: \ Program Files \ PowerISO \ PWRISOVM.EXE" [2007-01-20 07:09 200704]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001-07-09 11:50 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC" = "C: \ Program ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-22 18:14 579072]
"! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ Program ~ 1 \ Grisoft \ AVG7 \ AVGW.EXE" [2008-01-22 18:14 219136]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableRegistryTools" = 0 (0x0)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
S1 SABKUTIL; SABKUTIL; C: \ Program Files \ SuperAdBlocker.com \ Super Ad Blocker \ SABKUTIL.sys []
.
Cuprins de la "Activităţi programate" dosar
"2008-02-05 21:51:05 C: \ WINDOWS \ Tasks \ Actualizări de check pentru Windows Live Toolbar.job"
- C: \ Program Files \ Windows Live Toolbar \ MSNTBUP.EXE
"2008-02-05 03:30:00 C: \ WINDOWS \ Tasks \ ErrorSmart programate Scan.job"
- C: \ Program Files \ ErrorSmart \ ErrorSmart.ex
- C: \ Program Files \ ErrorSmart
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 22:35:43
Windows 5.1.2600 Service Pack 2 NTFS
scanare ascuns procese ...
scanare ascuns autostart intrări ...
scanare fişiere ascunse ...
scanare sa finalizat cu succes
fişiere ascunse: 0
************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ Windows \ system32 \ lxcecoms.exe
C: \ Windows \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ Windows \ system32 \ wscntfy.exe
LOCALS C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ ~ 1 \ Temp \ SSUPDATE.EXE
.
************************************************** ************************
.
Finalizarea time: 2008-02-05 22:38:02 - masina a fost repornită [Ryan Glenn]
ComboFix-carantină-files.txt 2008-02-05 22:37:46
.
2008-01-06 03:02:26 --- EOF ---
  #10  
Old 5 februarie 2008, 15:55
Moderator Group
  
Default Smitfraud Nume

Run CCleaner.

Posteaza un nou log HijackThis.

Te ajuta Combofix?
__________________
Reply
Pagina 1 din 2 1 2

Register

Marcaje

Similar Threads
Fir Thread Starter Forum Răspunsurile Ultimul mesaj
Prietenii mei MAC are un virus ... Umm ... da ... un virus ... cheesepuff Nume, Spyware & Securitate 3 29 octombrie 2008 12:58
Smitfraud-C El nu vreau să mor! PlatSpin Nume, Spyware & Securitate 13 19 august 2008 10:24
Smitfraud-c.msvps guccijana Nume, Spyware & Securitate 158 30 ianuarie 2008 20:07
Smitfraudfix.exe - Smitfraud-C.Toolbar888 Hybr! D Nume, Spyware & Securitate 1 29 octombrie 2007 11:02
Zlob, smitfraud, pop up, modificări de culoare roşie tapet guccijana Nume, Spyware & Securitate 20 30 Sep 2007 20:26
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Suc.
Contact -- Confidentialitate -- Harta site-ului -- Vârf

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd. SEO de vBSEO © 2009, Crawlability, Inc