Virtumonde.dll, Vundo Čia yra mano Vagystės Prisijungti ...

mason61391 · #1 Rugsėjis 21, 2008, 20:09

kaip ir pavadinimas sako, hhave virusas, kuris manau, yra virtumonde.dll, kuris IVE sakęs yra Vundo forma. Buvau haveing lėtas kompiuteris ir yra daug langų anti viruso ir ristry švaresnės ... ir Keisčiausias dalykas, aš negaliu atnaujinti anything on my computer ?????? Prašau, jei kas nors galėtų pasakyti, ką reikia daryti .... Ačiū Heres My svetimą Prisijungti

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 4:55:10 dėl 9/22/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
C: \ PROGRA ~ 1 \ COMMON ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ Program Files \ McAfee \ VirusScan \ mcshield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ PROGRA ~ 1 \ mcafee.com \ Agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ System32 \ Msiexec.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ kite taskmgr.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager "vartotojo sąsaja] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Vilkite į diską \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / slėpti
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ RunOnce: [SpybotDeletingA5528] komanda / c del "C: \ WINDOWS \ SchedLgU.txt"
O4 - HKLM \ .. \ RunOnce: [SpybotDeletingC6845] cmd / c del C: \ WINDOWS \ SchedLgU.txt "
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ setup \ setup.exe / start / restart / l: eno
O4 - HKCU \ .. \ Run: [DelayShred] C: \ PROGRA ~ 1 \ McAfee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ Admini ~ 1 \ locals ~ 1 \ tempor ~ 1 \ Turinys . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ locals ~ 1 \ tempor ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ locals ~ 1 \ tempor ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ Cookies \ AD4B54 ~ 1.SH!
O4 - HKCU \ .. \ RunOnce: [SpybotDeletingB6548] komanda / c del "C: \ WINDOWS \ SchedLgU.txt"
O4 - HKCU \ .. \ RunOnce: [SpybotDeletingD1472] cmd / c del C: \ WINDOWS \ SchedLgU.txt "
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-V 0x046d-p 0x08d9-f-m vaizdo Logitech-D 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-V 0x046d-p 0x08d9-f-m vaizdo Logitech D 10.5.1.2023 (User 'Default Vartotojo ')
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
Ø20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Paslaugos (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee tinklo agentas (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee realiu laiku Scanner (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe
O23 - Service: Dell Wireless WLAN dėklas tarnybos (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
--
End of file - 7.660 baitų

**evilfantasy** · #2 Rugsėjis 21, 2008, 21:28

Atsisiųsti Malwarebytes 'Anti-Malware (MBAM)

Dukart spustelėkite mbam-setup.exe ir vykdykite ekrane pateikiamas instrukcijas įdiegti programą.
Pabaigoje, įsitikinkite, kad žymės yra dedamas šalia taip:
- Atnaujinti Malwarebytes 'Anti-Malware
- Raketa Malwarebytes 'Anti-Malware
Tada spustelėkite Apdaila.
Jeigu atnaujinimas yra nustatyta, tai atsisiųskite ir įdiekite naujausią versiją.
Kai programa paleista, pasirinkite Atlikti greitai nuskaito, Tada Scan.
Kai nuskaitymas bus baigtas, paspauskite Gerai, Tada Rodyti rezultatus peržiūrėti rezultatus.
Būkite tikri, kad viskas yra patikrinta, ir paspauskite Pašalinti pažymėtus.
Jeigu dezinfekavimo užbaigimo, žurnalas bus atidaryta "Notepad" ir jūs galite būti raginami iš naujo paleisti. (Žr. Ekstra pastaba)
Prisijungti automatiškai išgelbėti MBAM ir gali būti peržiūrėti paspaudę Įrašai kortelėje MBAM.
Nukopijuokite ir įklijuokite visą ataskaitą į kitą atsakymą.

Papildomos pastabos: Jei MBAM susitikimai failą, kurį sunku pašalinti, jums bus pateikiamas kartu su 1, 2 ekrane, spustelėkite Gerai, kad nors ir tegul MBAM elgtis su dezinfekavimo procesą, jei paprašys perkrauti kompiuterį, prašome tai padaryti nedelsiant.

----------

Dabar paleisti naują HijackThis nuskaitymo ir po žurnalą.

mason61391 · #3 Rugsėjis 22, 2008, 13:31

Teisingai išbėgau kad Malwarebytes .. dalykas, ir jis pakėlė šis

Malwarebytes 'Anti-Malware 1,28
Duomenų bazės versija: 1194
Windows 5.1.2600 Service Pack 3
9/22/2008 8:55:50
mbam-log-2008-09-22 (20-55-50). Txt
Scan Type: Quick Scan
Objektai nuskaitomi: 53.105
Praėjęs laikas: 6 minutes (-ai), 1 sekundė (s)
Atminties procesai Infected: 0
Atminties moduliai Infected: 1
Registro raktus Infected: 10
Vertybių registrą Infected: 2
Registro duomenų elementų Infected: 2
Katalogai Infected: 1
Infected files: 15
Atminties procesai Infected:
(Nr. kenksminga daiktų aptikti)
Atminties moduliai Infected:
C: \ WINDOWS \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> I ¹ trinti paleid.
Registro raktus Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7b1b1537-fcd3-4186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> I ¹ trinti paleid.
HKEY_CLASSES_ROOT \ CLSID \ (7b1b1537-fcd3-4186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> I ¹ trinti paleid.
HKEY_CLASSES_ROOT \ WR (Malware.Trace) -> Karantinas ir sėkmingai ištrintas.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ dslcnnct (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ IProxyProvid Er (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
Vertybių registrą Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ 7c0a0557 (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ bm7f3936cb (Trojan.Agent) -> I ¹ trinti paleid.
Registro duomenų elementų Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA \ Pranešimo programos (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ssqpmmnf -> Karantinas ir sėkmingai ištrintas.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA \ Autentifikavimas programos (Trojan.Vundo) -> Data: c: \ windows \ system32 \ ssqpmmnf -> I ¹ trinti, kai paleid.
Katalogai Infected:
C: \ WINDOWS \ system32 \ kBin02 (Trojan.Agent) -> Karantinas ir sėkmingai ištrintas.
Failai Infected:
C: \ WINDOWS \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> I ¹ trinti paleid.
C: \ WINDOWS \ system32 \ fNmmpqss.ini (Trojan.Vundo.H) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ system32 \ fNmmpqss.ini2 (Trojan.Vundo.H) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ system32 \ qwtbatxb.dll (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ system32 \ ysirza.dll (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ system32 \ vfcortyh.dll (Trojan.Vundo) -> I ¹ trinti paleid.
C: \ Documents and Settings \ Administrator \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 7LVEI8GK \ upd105320 [1] (Trojan.Vundo) -> I ¹ trinti paleid.
C: \ Documents and Settings \ Administrator \ Local Settings \ Temporary Internet Files \ Content.IE5 \ TPEY0D0R \ nd82m0 [1] (Trojan.Vundo) -> I ¹ trinti paleid.
C: \ WINDOWS \ system32 \ mcrh.tmp (Malware.Trace) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ cookies.ini (Malware.Trace) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ system32 \ jyyubyyg.dll (Trojan.Agent) -> I ¹ trinti paleid.
C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ pskt.ini (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ BM7f3936cb.xml (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
C: \ WINDOWS \ BM7f3936cb.txt (Trojan.Vundo) -> Karantinas ir sėkmingai ištrintas.
*
*
*
I ran to kelis kartus po to, ir dabar sako, kad nieko užsikrėtusių ....

I just ran svetimą .. ir tai rezultatas

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 10:26:25, on 9/22/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
C: \ PROGRA ~ 1 \ COMMON ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ Program Files \ McAfee \ VirusScan \ mcshield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ explorer.exe
C: \ PROGRA ~ 1 \ mcafee.com \ Agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Patraukite Disc \ DrgToDsc.exe
C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Skype \ Phone \ Skype.exe
C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ Program Files \ Skype \ Plugin Manager \ skypePM.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - (04F27F39-1C1B-4A4F-8B5A-A531E364B7A6) - (no file)
O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll
O2 - BHO: (no name) - (12637832-85dB-4C63-B9D6-12B3E50A52C9) - (no file)
O2 - BHO: (no name) - (2504b4df-fd95-47a5-b804-b047829925c0) - (no file)
O2 - BHO: (no name) - (41E299D0-5CFF-4705-A8AD-67B02579661C) - (no file)
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: (no name) - (C089CFFD-5CAA-4DA6-BC8B-39965E47AAF9) - (no file)
O2 - BHO: (no name) - (D7C82C77-9CF6-4513-826E-B9B7ACDC4DB9) - (no file)
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager "vartotojo sąsaja] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Vilkite į diską \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / slėpti
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ setup \ setup.exe / start / restart / l: eno
O4 - HKCU \ .. \ Run: [DelayShred] C: \ PROGRA ~ 1 \ McAfee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ Admini ~ 1 \ locals ~ 1 \ tempor ~ 1 \ Turinys . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ locals ~ 1 \ tempor ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ locals ~ 1 \ tempor ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ Admini ~ 1 \ Cookies \ AD4B54 ~ 1.SH!
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-V 0x046d-p 0x08d9-f-m vaizdo Logitech-D 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-V 0x046d-p 0x08d9-f-m vaizdo Logitech D 10.5.1.2023 (User 'Default Vartotojo ')
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
Ø20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll fgdygo.dll
Ø20 - Winlogon Notify: awtuutTk - awtuutTk.dll (file missing)
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Paslaugos (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee tinklo agentas (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee realiu laiku Scanner (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe
O23 - Service: Dell Wireless WLAN dėklas tarnybos (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
--
End of file - 8.474 baitų
*
*
*
Man labai reikia žinoti Whats going on here Man reikia nešiojamas atgal, ačiū ... leiskite man žinoti, jeigu yra ką aš galiu padaryti, siekiant padėti ...

**evilfantasy** · #4 Rugsėjis 22, 2008, 16:47

Išjungti Windows Defender "

Mums reikia išjungti "Windows Defender Real-time apsaugos, nes ji gali trukdyti nustato, kad turime padaryti.

Atidaryti Windows Defender
Spauskite Įrankiai, Bendrieji nustatymai
Slinkite žemyn ir nuimkite Įjunkite apsaugą realiuoju laiku (rekomenduojama)
Po to nuimkite, spustelėkite ant Saugoti mygtuką ir uždarykite Windows Defender.

Po to visi pataisymai yra pilnas labai svarbu, kad Jūs realiu laiku Apsauga kartą.

----------

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik.

Vieta varnelė prie šių įrašų: (jei yra)

O2 - BHO: (no name) - (04F27F39-1C1B-4A4F-8B5A-A531E364B7A6) - (no file)
O2 - BHO: (no name) - (12637832-85dB-4C63-B9D6-12B3E50A52C9) - (no file)
O2 - BHO: (no name) - (2504b4df-fd95-47a5-b804-b047829925c0) - (no file)
O2 - BHO: (no name) - (41E299D0-5CFF-4705-A8AD-67B02579661C) - (no file)
O2 - BHO: (no name) - (C089CFFD-5CAA-4DA6-BC8B-39965E47AAF9) - (no file)
O2 - BHO: (no name) - (D7C82C77-9CF6-4513-826E-B9B7ACDC4DB9) - (no file)
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
Ø20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll fgdygo.dll
Ø20 - Winlogon Notify: awtuutTk - awtuutTk.dll (file missing)

Svarbu: Uždaryti visus išskyrus HijackThis langai ir spustelėkite Fix patikrinta.

Išeitis HijackThis ir paleiskite kompiuterį iš naujo registruotis padarytus pakeitimus HijackThis.

----------

Parsisiųsti ComboFix iki einantys iš vienos iš žemiau nuorodų. Būtinai įrašykite jį į viršų Desktop.

Link # 1
Link # 2

** Pastaba: Svarbu, kad ji yra saugomi tiesiai darbalaukyje

Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant ComboFix.

Laikinai daryti nepajėgų tavo AntivirusIr bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo. Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti. (McAfee negalėjo pasukti visiškai išjungti. Tiesiog paleiskite ComboFix vistiek ir leisti jai veikti, jeigu kas nors bando jį užblokuoti.)

Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
Baigę ComboFix gamins žurnalas Jums.
Skelbti ComboFix Prisijungti ir nauja HijackThis Jūsų kitą atsakymą.

Svarbu: Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti ją gardas.

Atminkite, kad vėl įjungti antivirusinės ir apsaugos nuo šnipinėjimo programų, kai ComboFix baigtas.

mason61391 · #5 Rugsėjis 22, 2008, 19:14

ok I ran Combo nustatyti, čia yra reslults ...

ComboFix 08-09-20.05 - administratorius 2008-09-23 4:07:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.526 [GMT 2:00]
Veikia nuo: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Sukurtas naujas atkūrimo taškas
ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!
.
((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ djynmrpe.ini
C: \ WINDOWS \ system32 \ EMVwxyay.ini
C: \ WINDOWS \ system32 \ fxdehybr.ini
C: \ WINDOWS \ system32 \ hgillUtv.ini
C: \ WINDOWS \ system32 \ hwpdknag.ini
C: \ WINDOWS \ system32 \ hytrocfv.ini
C: \ WINDOWS \ system32 \ jrawajwy.ini
C: \ WINDOWS \ system32 \ kruvwslm.ini
C: \ WINDOWS \ system32 \ ljbuenel.ini
C: \ WINDOWS \ system32 \ mbpyegow.ini
C: \ WINDOWS \ system32 \ MSINET.oca
C: \ WINDOWS \ system32 \ oopfgjdw.ini
C: \ WINDOWS \ system32 \ oujogpou.ini
C: \ WINDOWS \ system32 \ ovbmvuhg.ini
C: \ WINDOWS \ system32 \ rmkrhevi.ini
C: \ WINDOWS \ system32 \ uhikvuhh.ini
C: \ WINDOWS \ system32 \ vpgysgqj.ini
.
((((((((((((((((((((((((( Failus, sukurtus nuo 2008/08/23 iki 2008/09/23 ))))))))))) ))))))))))))))))))))
.
2008-09-23 01:06. 2008-09-23 01:06 <DIR> d -------- C: \ Program Files \ DIVX
2008-09-22 22:11. 2008-09-22 22:20 1.374 - ------ C: \ WINDOWS \ imsins.BAK
2008-09-22 21:30. 2008-05-01 16:33 331.776 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ msadce.dll
2008-09-22 21:25. 2008-04-11 21:04 691.712 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ inetcomm.dll
2008-09-22 20:47. 2008-09-22 20:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-22 20:47. 2008-09-22 20:47 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-09-22 20:47. 2008-09-10 00:04 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-22 20:47. 2008-09-10 00:03 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-22 04:54. 2008-09-22 20:47 <DIR> d -------- C: \ Desktop
2008-09-22 04:47. 2008-09-22 04:48 <DIR> d -------- C: \ Program Files \ Windows Defender "
2008-09-22 04:36. 2008-09-22 04:36 <DIR> D - h ----- C: \ WINDOWS \ system32 \ GroupPolicy
2008-09-22 02:58. 2008-09-22 02:58 268 - Ah ----- C: \ sqmdata00.sqm
2008-09-22 00:30. 2008-09-22 00:30 <DIR> d -------- C: \ VundoFix atsarginiai
.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 23:08 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ LimeWire
2008-09-22 20:34 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype
2008-09-22 20:25 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM
2008-09-22 03:36 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-22 00:07 --------- d ----- w C: \ Program Files \ McAfee
2008-08-14 04:47 --------- d ----- w C: \ Documents and Settings \ Guest \ Application Data \ SiteAdvisor
2008-08-02 01:04 --------- d ----- w C: \ Program Files \ Enigma Software Group
2008-07-30 03:57 876.883 - SHA-w C: \ WINDOWS \ system32 \ EMVwxyay.ini2
2008-07-30 03:49 --------- d ----- w C: \ Program Files \ CCleaner
2008-07-30 03:05 --------- d ----- w C: \ Documents and Settings \ Guest \ Application Data \ ATI
2008-07-29 03:35 --------- d ----- w C: \ Program Files \ Common Files \ LogiShrd
2008-07-27 03:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Roxio
2008-07-26 06:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ McAfee
2008-07-26 03:45 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-07-25 08:36 524.288 ---- AW C: \ WINDOWS \ system32 \ DivXsm.exe
2008-07-24 18:28 --------- d ----- w C: \ Program Files \ SiteAdvisor
2008-07-24 16:32 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ SiteAdvisor
2008-07-23 16:50 9.464 ------ w C: \ WINDOWS \ system32 \ drivers \ cdralw2k.sys
2008-07-23 16:50 9.336 ------ w C: \ WINDOWS \ system32 \ drivers \ cdr4_xp.sys
2008-07-23 16:50 43.528 ------ w C: \ WINDOWS \ system32 \ drivers \ PxHelp20.sys
2008-07-23 16:50 3.596.288 ---- AW C: \ WINDOWS \ system32 \ qt-dx331.dll
2008-07-23 16:50 129.784 ------ w C: \ WINDOWS \ system32 \ pxafs.dll
2008-07-23 16:50 120.056 ------ w C: \ WINDOWS \ system32 \ pxcpyi64.exe
2008-07-23 16:50 118.520 ------ w C: \ WINDOWS \ system32 \ pxinsi64.exe
2008-07-23 16:48 200.704 ---- AW C: \ WINDOWS \ system32 \ ssldivx.dll
2008-07-23 16:48 1.044.480 ---- AW C: \ WINDOWS \ system32 \ libdivx.dll
2008-07-23 16:46 12.288 ---- AW C: \ WINDOWS \ system32 \ DivXWMPExtType.dll
2008-07-21 13:33 890.828 - SHA-w C: \ WINDOWS \ system32 \ hgillUtv.ini2
2008-07-21 10:06 10.520 ---- AW C: \ WINDOWS \ system32 \ avgrsstx.dll
2008-07-18 20:10 94.920 ---- AW C: \ WINDOWS \ system32 \ cdm.dll
2008-07-18 20:10 53.448 ---- AW C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-18 20:10 45.768 ---- AW C: \ WINDOWS \ system32 \ wups2.dll
2008-07-18 20:10 36.552 ---- AW C: \ WINDOWS \ system32 \ wups.dll
2008-07-18 20:09 563.912 ---- AW C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-18 20:09 325.832 ---- AW C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-18 20:09 205.000 ---- AW C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-18 20:09 1.811.656 ---- AW C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-18 20:07 210.976 ---- AW C: \ WINDOWS \ system32 \ muweb.dll
2008-07-18 14:29 77 ---- AW C: \ Documents and Settings \ Administrator \ 2064.bat
2008-07-07 20:26 253.952 ---- AW C: \ WINDOWS \ system32 \ es.dll
2008-06-24 16:43 74.240 ---- AW C: \ WINDOWS \ system32 \ mscms.dll
2008-06-23 16:57 826.368 ---- AW C: \ WINDOWS \ system32 \ wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager" UI "=" C: \ WINDOWS \ system32 \ WLTRAY.exe "[2007-03-16 1392640]
"StartCCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" [2008-03-25 144784]
"RoxioDragToDisc" = "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Vilkite į diską \ DrgToDsc.exe" [2004-01-27 1179648]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-05-27 413696]
"SiteAdvisor" = "C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe" [2007-06-21 36640]
"McENUI" = "C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe" [2007-11-30 1164576]
"mcagent_exe" = "C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe" [2007-11-01 582992]
"SigmatelSysTrayApp" = "stsystra.exe" [2006/02/10 C: \ WINDOWS \ stsystra.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"WUAppSetup" = "C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe" [2007-02-04 435736]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center]
"AntiVirusDisableNotify" = dword: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ McAfeeAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ McAfeeFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Messenger \ \ msmsgs.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ Program Files \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"C: \ Program Files \ Common Files \ \ McAfee \ \ MNA \ \ McNASvc.exe" =
"C: \ Program Files \ Skype \ \ Phone \ \ Skype.exe" =
S1 AvgLdx86, AVG Free AVI Loader Vairuotojas x86, C: \ WINDOWS \ system32 \ drivers \ avgldx86.sys [2008-07-21 96520]
S4 avg8wd; AVG Free8 WatchDog, C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe []
* Naujai sukurta tarnyba * - catchme
* Naujai sukurta tarnyba * - PROCEXP90
.
Turinys "Scheduled Tasks" katalogą
.
- - - - Orphans nuimti - - - --
HKCU-run-LogitechSetup - D: \ setup \ setup.exe

.
------- Papildomos Scan -------
.
Firefox -: Profilis - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ aqi5r52b.default \
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 04:09:28
Windows 5.1.2600 Service Pack 3 NTFS
skenavimo paslėptus procesus ...
skenavimo paslėptas autostart entries ...
skenavimo paslėptus failus ...
skenavimas baigtas sėkmingai
paslėptus failus: 0
************************************************** ************************
.
Atlikimo laikas: 2008-09-23 4:10:26
ComboFix-karantine-files.txt 2008-09-23 02:10:23
Pre-Rida: 62363549696 bytes nemokamai
Post-Rida: 62437605376 bytes nemokamai
153 --- EOF --- 2008-09-22 20:32:15
*
*
*
*
Tada išbėgau Vagystės šį kartą

*
*
Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 4:11:27 dėl 9/23/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
C: \ WINDOWS \ system32 \ bcmwltry.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
C: \ PROGRA ~ 1 \ COMMON ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
C: \ Program Files \ McAfee \ VirusScan \ mcshield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ mcafee.com \ Agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ WINDOWS \ system32 \ WLTRAY.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Patraukite Disc \ DrgToDsc.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcuimgr.exe
C: \ WINDOWS \ system32 \ imapi.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ WINDOWS \ explorer.exe
C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager "vartotojo sąsaja] C: \ WINDOWS \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Vilkite į diską \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / slėpti
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-V 0x046d-p 0x08d9-f-m vaizdo Logitech-D 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-V 0x046d-p 0x08d9-f-m vaizdo Logitech D 10.5.1.2023 (User 'Default Vartotojo ')
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://update.microsoft.com/microsof...?1222115615015
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Paslaugos (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee tinklo agentas (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ McAfee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee realiu laiku Scanner (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe
O23 - Service: Dell Wireless WLAN dėklas tarnybos (wltrysvc) - Unknown owner - C: \ WINDOWS \ system32 \ WLTRYSVC.EXE
--
End of file - 6.865 baitų

.... Dar kokių nors idėjų?

**evilfantasy** · #6 Rugsėjis 22, 2008, 19:46

Viskas atrodo gerai dabar. Kokios problemos Jums vis dar turite?

----------

Atsisiųsti CCleaner Slim ir išsaugokite jį darbalaukyje.
Jei failas buvo išsaugotas, eikite į savo darbastalio ir dukart paspauskite ccsetupxxx_slim.exe
Vykdykite nurodymus, kad įdiegti šią programą.
Užbaigti diegimo tada:

Dukart spustelėkite CCleaner nuorodą darbalaukyje pradėti programą.
Spauskite Funkcijos blokas kairėje, tada pasirinkite Slapukų.
- Po Naikinti slapukus, Pabrėžti visus slapukus norite palikti visam laikui
- Spauskite rodyklę į dešinę > perkelti juos į Cookie palaikyti langas.
Pereiti į Funkcijos > Detaliai JTtikrinti Tik ištrinti failus Windows Temp katalogus vyresni nei 48 valandų
Spauskite Cleaner kairėje tada Pradėti Cleaner dėl teisės paleisti programą.
Svarbu: Įsitikinkite VISI naršyklės langus, yra uždarytos prieš pasirinkdami Pradėti Cleaner
Atsargiai! Tai nėra rekomenduojama, kad jūs naudojate "Fusions" funkcija, nebent esate labai gerai susipažinęs su registre.
Atsijungti CCleaner po to, kai ji baigė savo procesas.

----------

Java yra pasenusi.

Senesnės versijos turi silpnąsias vietas, kad kenkėjiškų svetainių galima naudoti užkrėsti savo sistemą.

Pirmiausia įdiekite naują Sun Java Runtime Environment

Būtinai uždaryti visus naršyklės langus, prieš pradedant diegti.

Pašalinti seną versiją (-ai)

Parsisiųsti JavaRa ir išpakuokite failą darbalaukyje.
Atidaryti JavaRA.exe ir pasirinkite Ištrinti senų versijų
Kai visiškai išvežimo JavaRA ir ištrinti programą.
Pradėti CCleaner.

----------

Atsisiųsti Išjungti / šalinti "Windows Messenger darbastalio pašalinti Windows Messenger.

Nepainiokite Windows Messenger su Messenger nes jie yra ne tas pats. Windows Messenger yra dažna priežastis iškylančių langų.

Rozpakuj failą darbalaukyje. Atidaryti MessengerDisable.exe ir pasirinkite apačioje langelis -- Šalinti Windows Messenger ir paspauskite Taikyti.

Išeiti iš MessengerDisable tada ištrinti du failus, kurie buvo pateikti į Desktop.

Panašios Temos
Siūlas	Thread Starter	Forumas	Atsakymai	Last Post
Draugai Pc Infected - Vundo / Variantas-RONads - Vundo/Variant-0216 ir-309k	redden137	Virus, Spyware & Security	3	Balandis 28, 2009 15:18
Nafamamo.dll Klaida Windows/system32 ir VirtuMonde	Jacko2983	Virus, Spyware & Security	30	Balandis 19, 2009 17:24
I Can't Get atsikratyti TROJAN.VUNDO.H iš savo kompiuterio	theprodigycmb	Virus, Spyware & Security	13	Kovas 16, 2009 16:40
Help Needed su Trojan.vundo.h (VirtuMonde) + failus ir SS	Jasperbak nl	Virus, Spyware & Security	32	22 sausis 2009 05:48
Win32/adware.virtumonde - bigmaq juosta	delboy2028	Virus, Spyware & Security	1	Gegužė 1, 2008 09:50