|
|
#1
Jūnijs 3, 2009, 01:39
|
|||
|
|||
|
Man ir ilga malare anti-ļaundabīgo programmu, bet tā nav, lai atbrīvotos no visiem vīrusiem / memory modules / registery taustiņi
Es arī skrēja nolaupīt šo un noņemt kādu. Dll ir atzīts Malwarebytes bet ne visiem gāja. Malwarebytes "Anti-Malware 1,37 Database version: 2216 Windows 5.1.2600 Service Pack 2 02/06/2009 22:04:31 mbam-log-2009-06-02 (22-04-31). txt Scan type: Quick Scan Objekti skenēts: 89.008 Laiks pagājis kopš: 3 minūte (s), 23 second (s) Memory Processes Inficētie: 0 Memory Modules Inficētie: 3 Registry Keys Inficētie: 13 Reģistra vērtības Inficētie: 0 Registry Data Items Infected: 2 Mapes Inficētie: 2 Faili Inficētie: 7 Atmiņas procesi Inficētie: (No ļaunprātīgs preces konstatētas) Memory Modules Inficētie: C: \ WINDOWS \ system32 \ dwkljtof.dll (Trojan.Vundo.H) -> Delete par reboot. C: \ WINDOWS \ system32 \ becbn.dll (Trojan.Agent) -> Delete par reboot. C: \ WINDOWS \ system32 \ xanyzwy.dll (Trojan.Vundo.H) -> Delete par reboot. Registry Keys Inficētie: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (936182df-5f7a-4d1e-a86f-a6d0f061e70a) (Trojan.Vundo.H) -> Delete par reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Paziņot \ feuyhaok (Trojan.Vundo.H) -> Delete par reboot. HKEY_CLASSES_ROOT \ CLSID \ (936182df-5f7a-4d1e-a86f-a6d0f061e70a) (Trojan.Vundo.H) -> Delete par reboot. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (0e8459fd-af07-48F1-8cd1-3884d15eaf47) (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ CLSID \ (0e8459fd-af07-48F1-8cd1-3884d15eaf47) (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ statistika \ (0e8459fd-af07-48F1-8cd1-3884d15eaf47) (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ b mbgzbpm (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Services \ b mbgzbpm (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ bmbgzbpm (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ statistika \ (936182df-5f7a-4d1e-a86f-a6d0f061e70a) (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CLASSES_ROOT \ CLSID \ (10c0b0c0-fc01-473b-8ebb-4376353f96e4) (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ statistika \ (10c0b0c0-fc01-473b-8ebb-4376353f96e4) (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (10c0b0c0-fc01-473b-8ebb-4376353f96e4) (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi. Reģistra vērtības Inficētie: (No ļaunprātīgs preces konstatētas) Registry Data Items Infected: HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Labs: (0) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Labs: (0) -> Karantīnā ievietotie un svītrots veiksmīgi. Mapes Inficētie: C: \ WINDOWS \ system32 \ append.dll (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ system32 \ xlib254.dll (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi. Faili Inficētie: c: \ WINDOWS \ system32 \ xanyzwy.dll (Trojan.Vundo.H) -> Delete par reboot. C: \ WINDOWS \ system32 \ dwkljtof.dll (Trojan.Vundo.H) -> Delete par reboot. C: \ WINDOWS \ system32 \ becbn.dll (Trojan.Agent) -> Delete par reboot. c: \ WINDOWS \ system32 \ zfmhjbu.dll (Trojan.Vundo.H) -> Delete par reboot. c: \ WINDOWS \ system32 \ bekbn.dll (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi. c: \ WINDOWS \ system32 \ drivers \ jcnfgawt.sys (Rootkit.Agent) -> Delete par reboot. c: \ WINDOWS \ system32 \ drivers \ sjbxdggg.sys (Rootkit.Agent) -> Delete par reboot. Logfile of Trend Micro HijackThis v2.0.2 Scan saglabāts 22:52:36, uz 02/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running procesiem: C: \ Windows \ System32 \ Smss.exe C: \ Windows \ system32 \ csrss.exe C: \ Windows \ system32 \ winlogon.exe C: \ Windows \ system32 \ services.exe C: \ Windows \ system32 \ lsass.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ System32 \ svchost.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ System32 \ svchost.exe C: \ Windows \ System32 \ svchost.exe C: \ Windows \ Explorer.exe C: \ Windows \ system32 \ Spoolsv.exe C: \ windows \ SOUNDMAN.EXE C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ PROGRA ~ 1 \ Agnitum \ OUTPOS ~ 1 \ op_mon.exe C: \ Windows \ system32 \ carpserv.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe C: \ Windows \ system32 \ ctfmon.exe C: \ PROGRA ~ 1 \ Agnitum \ OUTPOS ~ 1 \ acs.exe C: \ Windows \ System32 \ astsrv.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE C: \ Program Files \ Common Files \ Nero \ Nero BackItUp 4 \ NBService.exe C: \ Windows \ system32 \ oodag.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgam.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgrsx.exe C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgnsx.exe C: \ Windows \ System32 \ svchost.exe C: \ Windows \ system32 \ wscntfy.exe C: \ Windows \ System32 \ svchost.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE c: \ Program Files \ Common Files \ Mozilla kopīgi \ firefox.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.virginmedia.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.tiny.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4.283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - (3CA2F312-6F6E-4B53-A66E-4E65E497C8C0) - C: \ Program Files \ AVG \ AVG8 \ avgssie.dll O2 - BHO: Noklikšķiniet, lai zvanītu BHO - (5C255C8A-E604-49b4-9D64-90988571CECB) - C: \ Program Files \ Windows Live \ Messenger \ wlchtc.dll O2 - BHO: Groove GFS Browser Helper - (72.853.161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ Program Files \ Microsoft Office \ Office12 \ GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O2 - BHO: (no name) - (936182df-5f7a-4d1e-a86f-a6d0f061e70a) - C: \ Windows \ system32 \ xanyzwy.dll O2 - BHO: Java ™ Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - (E7E6F031-17CE-4C07-BC86-EABFE594F69C) - C: \ Program Files \ Java \ jre6 \ lib \ izvietot \ jqs \ ti \ jqs_plugin.dll O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [PinnacleDriverCheck] C: \ WINDOWS \ System32 \ PSDrvCheck.exe O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [InCD] C: \ Program Files \ Ahead \ InCD \ InCD.exe O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Delay O4 - HKLM \ .. \ Run: [OutpostMonitor] C: \ PROGRA ~ 1 \ Agnitum \ OUTPOS ~ 1 \ op_mon.exe / tray / noservice O4 - HKLM \ .. \ Run: [CARPService] carpserv.exe O4 - HKLM \ .. \ Run: [AVG8_TRAY] C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgtray.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ RunServices: [RegisterDropHandler] C: \ PROGRA ~ 1 \ TEXTBR ~ 1.0 \ Bin \ REGIST ~ 1.EXE O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ Windows \ system32 \ ctfmon.exe O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ System32 \ CTFMON.EXE (User 'Default user') Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ EXCEL.EXE/3000 Ø9 - Extra button: Nosūtīt OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll Ø9 - Extra 'Tools' MENUITEM: S & galu OneNote - (2670000A-7350-4f3c-8.081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office12 \ ONBttnIE.dll Ø9 - Extra button: Outpost Firewall Pro Quick Tune - (44627E97-789B-40d4-B5C2-58BD171129A1) - C: \ Program Files \ Agnitum \ Outpost Firewall Pro \ ie_bar.dll Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MIC273 ~ 1 \ Office12 \ REFIEBAR.DLL Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø14 - IERESET.INF: START_PAGE_URL = http://www.tiny.com O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4.636-A375-3CB6248B04CD) - C: \ Program Files \ Microsoft Office \ Office12 \ GrooveSystemServices.dll O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - C: \ Program Files \ AVG \ AVG8 \ avgpp.dll Ø20 - Winlogon Paziņot: avgrsstarter - C: \ Windows \ System32 \ avgrsstx.dll Ø20 - Winlogon Paziņot: feuyhaok - C: \ Windows \ System32 \ xanyzwy.dll O23 - Service: Lavasoft Ad-Aware dienests (aawservice) - Unknown īpašnieks - C: \ Program Files \ Lavasoft \ Ad-Aware \ aawservice.exe (file missing) O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum SIA - C: \ PROGRA ~ 1 \ Agnitum \ OUTPOS ~ 1 \ acs.exe O23 - Service: AST Service (astcc) - Nalpeiron SIA - C: \ Windows \ System32 \ astsrv.exe O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ Windows \ System32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C: \ Program Files \ Common Files \ Autodesk Shared \ Service \ AdskScSrv.exe O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc - C: \ Program Files \ Common Files \ Autodesk Shared \ Service \ AdskNetSrv.exe O23 - Service: AVG8 Watchdog (avg8wd) - AVG Technologies CZ, sro - C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown īpašnieks - C: \ windows \ O23 - Service: Bonjour Service - Unknown īpašnieks - C: \ Program Files \ Bonjour \ mDNSResponder.exe (file missing) O23 - Service: EpsonBidirectionalService - Unknown īpašnieks - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ eEBSVC.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe O23 - Service: gearsec - GEAR Software - C: \ Windows \ system32 \ gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc - C: \ Program Files \ Java \ jre6 \ bin \ jqs.exe O23 - Service: License Management Service ESD - element5 - C: \ Program Files \ Common Files \ element5 Shared \ Service \ Licence Manager ESD.exe O23 - Service: Nero BackItUp plānotājs 4.0 - Nero AG - C: \ Program Files \ Common Files \ Nero \ Nero BackItUp 4 \ NBService.exe O23 - Service: O & O Defrag - O & O Software GmbH - C: \ Windows \ system32 \ oodag.exe O23 - Service: PC Tools papildpakalpojumi dienests (sdauxservice) - PC Tools - C: \ Program Files \ Spyware Doctor \ pctsAuxs.exe O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C: \ Program Files \ Spyware Doctor \ pctsSvc.exe O23 - Service: ThreatFire (threatfire) - PC Tools - C: \ Program Files \ Spyware Doctor \ TFEngine \ TFService.exe O23 - Service: Automatic Updates (wuauserv) - Unknown īpašnieks - C: \ windows \ -- End of failu - 7.951 bytes Any help, lūdzu, datora iet mad bloķēšanas uzdevumu menedžeris, pārlūkojot ir sāpes ar konstantu pop ups, dažas programmas ir atspējota. Es domāju pilnīgi no jauna instalēt. Bet tikai vēlos sistēmas stabilas uz back-up files. |
|
#2
Jūnijs 3, 2009, 10:31
|
|||
|
|||
|
Lejupielādēt DDS by subs un saglabājiet to savā datorā. Alternate DDS download saiti
Vista lietotājiem labais klikšķis uz DDS un izvēlieties Palaist kā administratoram (jūs saņemsiet UAC ātru, lūdzu, atļauj to) * XP lietotājiem Divreiz uzklikšķiniet uz DDS lai tā varētu darboties. * Ja jūsu antivīruss vai ugunsmūra mēģināt bloķēt DDS tad, lūdzu, lai tā varētu darboties. * Kad pabeigts DDS tiks atvērta divu (2) apaļkokiem. 1) DDS.txt 2) Attach.txt * Save gan apaļkokus uz Jūsu rakstāmgalda. * Lūdzu, nokopējiet un ielīmējiet visu saturu gan savā nākamajā atbildes logs. Piezīme: DDS Jums dos norādījumus, lai ievietotu Attach.txt žurnālā, kā pielikumu. Lūdzu, tikai pēc tā, kā jūs jebkuru citu žurnālu, ko kopēt un ielīmēt to atbildi.
__________________
 |
