|
| |||||||
 |
 |
| | Thread Tools |
|
#1
Septembris 21, 2008, 20:09
| |||
| |||
| tāpat nosaukums saka, ka es hhave vīruss, ko es uzskatu, ir virtumonde.dll, kas IVE teicis ir veids vundo. Man ir bijis haveing lēns dators un ir daudz logus anti vīrusu un ristry tīrītājs ... un savādā lieta, i nevar atjaunināt Anything manā datorā ?????? lūdzu, ja kāds varētu man pateikt, kas jādara .... thanks heres my nolaupīt log Logfile of Trend Micro HijackThis v2.0.2 Scan saglabāts 4:55:10 gada 9/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running procesiem: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe c: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe C: \ Program Files \ McAfee \ VirusScan \ McShield.exe C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Windows \ Explorer.exe c: \ PROGRA ~ 1 \ mcafee.com \ aģents \ mcagent.exe C: \ WINDOWS \ stsystra.exe C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ WINDOWS \ system32 \ WLTRAY.exe D: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE K: \ Programmu faili \ SiteAdvisor \ 6.261 \ SiteAdv.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcsysmon.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ WINDOWS \ system32 \ Msiexec.exe C: \ Program Files \ Windows Defender \ MsMpEng.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ WINDOWS \ system32 \ taskmgr.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4.351-9.252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Velciet, lai Disc \ DrgToDsc.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe" O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / slēpt O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide O4 - HKLM \ .. \ RunOnce: [SpybotDeletingA5528] komanda / c del "C: \ WINDOWS \ SchedLgU.Txt" O4 - HKLM \ .. \ RunOnce: [SpybotDeletingC6845] cmd / c del "C: \ WINDOWS \ SchedLgU.Txt" O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ Setup \ Setup.exe / start / restart / l: ENU O4 - HKCU \ .. \ Run: [DelayShred] C: \ PROGRA ~ 1 \ McAfee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ admini ~ 1 \ Lokālie ~ 1 \ TEMPOR ~ 1 \ Content . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Lokālie ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Lokālie ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Cookies \ AD4B54 ~ 1.SH! O4 - HKCU \ .. \ RunOnce: [SpybotDeletingB6548] komanda / c del "C: \ WINDOWS \ SchedLgU.Txt" O4 - HKCU \ .. \ RunOnce: [SpybotDeletingD1472] cmd / c del "C: \ WINDOWS \ SchedLgU.Txt" O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA") O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m logitech-d 10.5. 1,2023 (User "SISTĒMA") O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user') O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m logitech-d 10.5.1.2023 (User 'Default lietotājs ") Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ EXCEL.EXE/3000 Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll Ø9 - Extra button: Skype - (77BF5300-1.474-4EC7-9.980-D32B190E9B07) - C: \ WINDOWS \ system32 \ shdocvw.dll Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ REFIEBAR.DLL Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file) O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9.458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Ø20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe O23 - Service: McAfee Network Aģents (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe O23 - Service: McAfee Real-time skeneris (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe O23 - Service: SiteAdvisor Service - Unknown īpašnieks - C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe O23 - Service: Dell Wireless WLAN Tray dienests (wltrysvc) - Unknown īpašnieks - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- End of failu - 7.660 bytes  |
|
#2
Septembris 21, 2008, 21:28
| |||
| |||
| Lejupielādēt Malwarebytes "Anti-Malware (MBAM)
Extra Piezīme: Ja MBAM sastopas failu, kas ir grūta, Jums tiks parādīts 1 of 2 uzvednes, noklikšķiniet uz Labi, lai nu un ļaujiet MBAM rīkoties ar dezinfekcijas procesu, ja prasīts restartēt datoru, lūdzu, dariet to nekavējoties. ---------- Tagad sākas jauna HijackThis skenēšanas un pasta žurnālā.
__________________  |
|
#3
Septembris 22, 2008, 13:31
| |||
| |||
| Aright I ilga ka Malwarebytes .. lieta, un tas pacēla šo Malwarebytes "Anti-Malware 1,28 Database version: 1194 Windows 5.1.2600 Service Pack 3 9/22/2008 8:55:50 mbam-log-2008-09-22 (20-55-50). txt Scan type: Quick Scan Objekti skenēts: 53.105 Pagājušo laiku: 6 minūte (s), 1 second (s) Memory Processes Inficētie: 0 Memory Modules Inficētie: 1 Registry Keys Inficētie: 10 Reģistra vērtības Inficētie: 2 Registry Data Items Infected: 2 Mapes Inficētie: 1 Faili Inficētie: 15 Atmiņas procesi Inficētie: (No ļaunprātīgs preces konstatētas) Memory Modules Inficētie: C: \ WINDOWS \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> Delete par reboot. Registry Keys Inficētie: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7b1b1537-fcd3-4.186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> Delete par reboot. HKEY_CLASSES_ROOT \ CLSID \ (7b1b1537-fcd3-4.186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> Delete par reboot. HKEY_CLASSES_ROOT \ WR (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ dslcnnct (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ IProxyProvid er (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. Reģistra vērtības Inficētie: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ 7c0a0557 (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ bm7f3936cb (Trojan.Agent) -> Delete par reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA \ Paziņojums paketes (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ssqpmmnf -> Karantīnā ievietotie un svītrots veiksmīgi. HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ LSA \ Authentication paketes (Trojan.Vundo) -> Data: c: \ windows \ system32 \ ssqpmmnf -> Delete par reboot. Mapes Inficētie: C: \ WINDOWS \ system32 \ kBin02 (Trojan.Agent) -> Karantīnā ievietotie un svītrots veiksmīgi. Faili Inficētie: C: \ WINDOWS \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> Delete par reboot. C: \ WINDOWS \ system32 \ fNmmpqss.ini (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ system32 \ fNmmpqss.ini2 (Trojan.Vundo.H) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ system32 \ qwtbatxb.dll (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ system32 \ ysirza.dll (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ system32 \ vfcortyh.dll (Trojan.Vundo) -> Delete par reboot. C: \ Documents and Settings \ Administrator \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 7LVEI8GK \ upd105320 [1] (Trojan.Vundo) -> Delete par reboot. C: \ Documents and Settings \ Administrator \ Local Settings \ Temporary Internet Files \ Content.IE5 \ TPEY0D0R \ nd82m0 [1] (Trojan.Vundo) -> Delete par reboot. C: \ WINDOWS \ system32 \ mcrh.tmp (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ cookies.ini (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ system32 \ jyyubyyg.dll (Trojan.Agent) -> Delete par reboot. C: \ WINDOWS \ system32 \ pac.txt (Malware.Trace) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ pskt.ini (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ BM7f3936cb.xml (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. C: \ WINDOWS \ BM7f3936cb.txt (Trojan.Vundo) -> Karantīnā ievietotie un svītrots veiksmīgi. * * * I ilga vairākas reizes pēc tam, un tagad saka, ka nekas nav inficēts .... Es tikko skrēja nolaupīt .. un tas ir rezultāts Logfile of Trend Micro HijackThis v2.0.2 Scan saglabāts 10:26:25, uz 9/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running procesiem: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Windows Defender \ MsMpEng.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe c: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe C: \ Program Files \ McAfee \ VirusScan \ McShield.exe C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Windows \ Explorer.exe c: \ PROGRA ~ 1 \ mcafee.com \ aģents \ mcagent.exe C: \ WINDOWS \ stsystra.exe C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ WINDOWS \ system32 \ WLTRAY.exe D: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Velciet, lai Disc \ DrgToDsc.exe K: \ Programmu faili \ SiteAdvisor \ 6.261 \ SiteAdv.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe C: \ WINDOWS \ system32 \ wuauclt.exe C: \ Program Files \ Skype \ Phone \ Skype.exe C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcsysmon.exe C: \ Program Files \ Skype \ Plugin Manager \ skypePM.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ WINDOWS \ system32 \ wuauclt.exe C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - (04F27F39-1C1B-4A4F-8B5A-A531E364B7A6) - (no file) O2 - BHO: (no name) - (089FD14D-132B-48FC-8.861-0048AE113215) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll O2 - BHO: (no name) - (12.637.832-85dB-4C63-B9D6-12B3E50A52C9) - (no file) O2 - BHO: (no name) - (2504b4df-fd95-47a5-b804-b047829925c0) - (no file) O2 - BHO: (no name) - (41E299D0-5CFF-4705-A8AD-67B02579661C) - (no file) O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O2 - BHO: (no name) - (C089CFFD-5CAA-4DA6-BC8B-39965E47AAF9) - (no file) O2 - BHO: (no name) - (D7C82C77-9CF6-4513-826E-B9B7ACDC4DB9) - (no file) O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4.351-9.252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Velciet, lai Disc \ DrgToDsc.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe" O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / slēpt O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ Setup \ Setup.exe / start / restart / l: ENU O4 - HKCU \ .. \ Run: [DelayShred] C: \ PROGRA ~ 1 \ McAfee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ admini ~ 1 \ Lokālie ~ 1 \ TEMPOR ~ 1 \ Content . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Lokālie ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Lokālie ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ admini ~ 1 \ Cookies \ AD4B54 ~ 1.SH! O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA") O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m logitech-d 10.5. 1,2023 (User "SISTĒMA") O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user') O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m logitech-d 10.5.1.2023 (User 'Default lietotājs ") Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ EXCEL.EXE/3000 Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll Ø9 - Extra button: Skype - (77BF5300-1.474-4EC7-9.980-D32B190E9B07) - C: \ WINDOWS \ system32 \ shdocvw.dll Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ REFIEBAR.DLL Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file) O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9.458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Ø20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll fgdygo.dll Ø20 - Winlogon Paziņot: awtuutTk - awtuutTk.dll (file missing) O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe O23 - Service: McAfee Network Aģents (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe O23 - Service: McAfee Real-time skeneris (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe O23 - Service: SiteAdvisor Service - Unknown īpašnieks - C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe O23 - Service: Dell Wireless WLAN Tray dienests (wltrysvc) - Unknown īpašnieks - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- End of failu - 8.474 bytes * * * Man tiešām ir jāzina Kas notiek šeit Man ir vajadzīga šī klēpjdatora atpakaļ, thank you ... let me know, ja ir kaut ko es varu darīt, lai palīdzētu ... |
|
#4
Septembris 22, 2008, 16:47
| |||
| |||
| Disable Windows Defender Mums ir nepieciešams, lai izslēgtu Windows Defender reāllaika aizsardzību, jo tas var traucēt nosaka, ka mums ir nepieciešams veikt.
---------- Open HijackThis un izvēlieties Vai sistēmas skenēšanu tikai. Vieta atzīme blakus šādiem ierakstiem: (ja ir)
Iziet HijackThis un restartējiet datoru, lai reģistrēt veiktās izmaiņas HijackThis. ---------- Download ComboFix by subs no vienas no saitēm. Pārliecinieties top saglabājiet to Desktop. Link # 1 Link # 2 ** Piezīme: Ir svarīgi, ka tā ir saglabāta tieši jūsu Desktop Aizveriet visas atvērtās interneta pārlūkprogrammas. (Firefox, Internet Explorer uc) pirms uzsākt ComboFix. Laiku sakropļot jūsu antivīruss, Un jebkuru antispyware reāllaika aizsardzību pirms veic skenēšanu. Click šo saiti redzēt sarakstu drošības programmas, kas ir invalīdi un to, kā pārtraukt to darbību. (McAfee var nebūt savukārt pilnīgi izslēgt. Ieskriet ComboFix vienalga, un tas varētu strādāt, ja kaut ko mēģina bloķēt tam.) Dubultklikšķi combofix.exe un sekojiet norādījumiem. Kad pabeigts ComboFix ražos log for you. Post ComboFix log un jaunu HijackThis log Jūsu nākamo atbildi. Svarīgi: Nav mouseclick ComboFix loga kamēr tas darbojas. Tas var izraisīt to apstāsies. Atcerieties, ka jauna aktivizētu jūsu antivīrusu un antispyware aizsardzību, ja ComboFix ir pabeigta.
__________________ |
|
#5
Septembris 22, 2008, 19:14
| |||
| |||
| ok i ran combo fix, šeit ir reslults ... ComboFix 08-09-20.05 - Administrator 2008-09-23 4:07:24.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.526 [GMT 2:00] Sākot no: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe * Izveido jaunu atjaunošanas punktu WARNING, šī mašīna nav atkop Installed! . ((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ system32 \ djynmrpe.ini C: \ WINDOWS \ system32 \ EMVwxyay.ini C: \ WINDOWS \ system32 \ fxdehybr.ini C: \ WINDOWS \ system32 \ hgillUtv.ini C: \ WINDOWS \ system32 \ hwpdknag.ini C: \ WINDOWS \ system32 \ hytrocfv.ini C: \ WINDOWS \ system32 \ jrawajwy.ini C: \ WINDOWS \ system32 \ kruvwslm.ini C: \ WINDOWS \ system32 \ ljbuenel.ini C: \ WINDOWS \ system32 \ mbpyegow.ini C: \ WINDOWS \ system32 \ MSINET.oca C: \ WINDOWS \ system32 \ oopfgjdw.ini C: \ WINDOWS \ system32 \ oujogpou.ini C: \ WINDOWS \ system32 \ ovbmvuhg.ini C: \ WINDOWS \ system32 \ rmkrhevi.ini C: \ WINDOWS \ system32 \ uhikvuhh.ini C: \ WINDOWS \ system32 \ vpgysgqj.ini . ((((((((((((((((((((((((( Faili Created no 2008/08/23 līdz 2008/09/23 ))))))))))) )))))))))))))))))))) . 2008/09/23 01:06. 2008/09/23 01:06 <DIR> d -------- C: \ Program Files \ DivX 2008/09/22 22:11. 2008/09/22 22:20 1.374 - ------ C: \ WINDOWS \ imsins.BAK 2008/09/22 21:30. 2008/05/01 16:33 331.776 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msadce.dll 2008/09/22 21:25. 2008/04/11 21:04 691.712 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ inetcomm.dll 2008/09/22 20:47. 2008/09/22 20:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008/09/22 20:47. 2008/09/22 20:47 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes 2008/09/22 20:47. 2008/09/10 00:04 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys 2008/09/22 20:47. 2008/09/10 00:03 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys 2008/09/22 04:54. 2008/09/22 20:47 <DIR> d -------- C: \ Desktop 2008/09/22 04:47. 2008/09/22 04:48 <DIR> d -------- C: \ Program Files \ Windows Defender 2008/09/22 04:36. 2008/09/22 04:36 <DIR> d - h ----- C: \ WINDOWS \ system32 \ GroupPolicy 2008/09/22 02:58. 2008/09/22 02:58 268 - ah ----- C: \ sqmdata00.sqm 2008/09/22 00:30. 2008/09/22 00:30 <DIR> d -------- C: \ VundoFix Backups . (((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008/09/22 23:08 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ limewire 2008/09/22 20:34 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype 2008/09/22 20:25 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM 2008/09/22 03:36 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy 2008/09/22 00:07 --------- d ----- w C: \ Program Files \ McAfee 2008/08/14 04:47 --------- d ----- w C: \ Documents and Settings \ Guest \ Application Data \ SiteAdvisor 2008/08/02 01:04 --------- d ----- w C: \ Program Files \ Enigma Software Group 2008/07/30 03:57 876.883 - SHA-w C: \ WINDOWS \ system32 \ EMVwxyay.ini2 2008/07/30 03:49 --------- d ----- w C: \ Program Files \ CCleaner 2008/07/30 03:05 --------- d ----- w C: \ Documents and Settings \ Guest \ Application Data \ ATI 2008/07/29 03:35 --------- d ----- w C: \ Program Files \ Common Files \ LogiShrd 2008/07/27 03:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Roxio 2008/07/26 06:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ McAfee 2008/07/26 03:45 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy 2008/07/25 08:36 524.288 ---- aw C: \ WINDOWS \ system32 \ DivXsm.exe 2008/07/24 18:28 --------- d ----- w C: \ Program Files \ SiteAdvisor 2008/07/24 16:32 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ SiteAdvisor 2008/07/23 16:50 9.464 ------ w C: \ WINDOWS \ system32 \ drivers \ cdralw2k.sys 2008/07/23 16:50 9.336 ------ w C: \ WINDOWS \ system32 \ drivers \ cdr4_xp.sys 2008/07/23 16:50 43.528 ------ w C: \ WINDOWS \ system32 \ drivers \ PxHelp20.sys 2008/07/23 16:50 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll 2008/07/23 16:50 129.784 ------ w C: \ WINDOWS \ system32 \ pxafs.dll 2008/07/23 16:50 120.056 ------ w C: \ WINDOWS \ system32 \ pxcpyi64.exe 2008/07/23 16:50 118.520 ------ w C: \ WINDOWS \ system32 \ pxinsi64.exe 2008/07/23 16:48 200.704 ---- aw C: \ WINDOWS \ system32 \ ssldivx.dll 2008/07/23 16:48 1.044.480 ---- aw C: \ WINDOWS \ system32 \ libdivx.dll 2008/07/23 16:46 12.288 ---- aw C: \ WINDOWS \ system32 \ DivXWMPExtType.dll 2008/07/21 13:33 890.828 - SHA-w C: \ WINDOWS \ system32 \ hgillUtv.ini2 2008/07/21 10:06 10.520 ---- aw C: \ WINDOWS \ system32 \ avgrsstx.dll 2008/07/18 20:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll 2008/07/18 20:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe 2008/07/18 20:10 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll 2008/07/18 20:10 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll 2008/07/18 20:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll 2008/07/18 20:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll 2008/07/18 20:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll 2008/07/18 20:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ wuaueng.dll 2008/07/18 20:07 210.976 ---- aw C: \ WINDOWS \ system32 \ muweb.dll 2008/07/18 14:29 77 ---- aw C: \ Documents and Settings \ Administrator \ 2064.bat 2008/07/07 20:26 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll 2008/06/24 16:43 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll 2008/06/23 16:57 826.368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "CTFMON.EXE" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2008/04/14 15.360] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [2006/03/08 761.947] "Broadcom Wireless Manager UI" = "C: \ WINDOWS \ system32 \ WLTRAY.exe" [2007/03/16 1.392.640] "StartCCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" [2006/11/10 90.112] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" [2008/03/25 144.784] "RoxioDragToDisc" = "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Velciet, lai Disc \ DrgToDsc.exe" [2004/01/27 1.179.648] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008/05/27 413.696] "SiteAdvisor" = "C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe" [2007/06/21 36.640] "McENUI" = "C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe" [2007/11/30 1.164.576] "mcagent_exe" = "C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe" [2007/11/01 582.992] "SigmatelSysTrayApp" = "stsystra.exe" [2006/02/10 C: \ WINDOWS \ stsystra.exe] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2008/04/14 15.360] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce] "WUAppSetup" = "C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe" [2007/02/04 435.736] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center] "AntiVirusDisableNotify" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ McAfeeAntiVirus] "DisableMonitoring" = DWORD: 00000001 [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security center \ Monitoring \ McAfeeFirewall] "DisableMonitoring" = DWORD: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" = "C: \ \ Program Files \ \ limewire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ Common Files \ \ McAfee \ \ MNA \ \ McNASvc.exe" = "C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = S1 AvgLdx86; AVG Free AVI Loader Driver x86, C: \ WINDOWS \ System32 \ Drivers \ avgldx86.sys [2008/07/21 96.520] S4 avg8wd; AVG Free8 Watchdog, C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe [] * Jaunizveidoto Service * - CATCHME * Jaunizveidoto Service * - PROCEXP90 . Saturs "Scheduled Tasks" mape . - - - - Bāreņiem likvidētas - - - -- HKCU-Run-LogitechSetup - D: \ Setup \ Setup.exe . ------- Papildu Scan ------- . FireFox -: Profile - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ aqi5r52b.default \ . ************************************************** ************************ catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net Rootkit scan 2008/09/23 04:09:28 Windows 5.1.2600 Service Pack 3 NTFS skenēšana slēptās procesi ... skenēšana slēptās palaišana ieraksti ... skenēšana slēptos failus ... scan sekmīgi pabeigta slēptos failus: 0 ************************************************** ************************ . Izpildes laiks: 2008-09-23 4:10:26 ComboFix, karantīnā ievietoto-files.txt 2008/09/23 02:10:23 Pre-Run: 62363549696 bytes free Post-Run: 62437605376 bytes free 153 --- EOF --- 2008/09/22 20:32:15 * * * * Tad es skrēja nolaupīt tas atkal * * Logfile of Trend Micro HijackThis v2.0.2 Scan saglabāts 4:11:27 gada 9/23/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running procesiem: C: \ WINDOWS \ System32 \ Smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ Program Files \ Windows Defender \ MsMpEng.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ System32 \ WLTRYSVC.EXE C: \ WINDOWS \ System32 \ bcmwltry.exe C: \ WINDOWS \ system32 \ Spoolsv.exe C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe c: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe c: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe C: \ Program Files \ McAfee \ VirusScan \ McShield.exe C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe C: \ WINDOWS \ system32 \ svchost.exe c: \ PROGRA ~ 1 \ mcafee.com \ aģents \ mcagent.exe C: \ WINDOWS \ stsystra.exe C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ WINDOWS \ system32 \ WLTRAY.exe D: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Velciet, lai Disc \ DrgToDsc.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE K: \ Programmu faili \ SiteAdvisor \ 6.261 \ SiteAdv.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe c: \ PROGRA ~ 1 \ McAfee \ MSC \ mcuimgr.exe C: \ WINDOWS \ system32 \ imapi.exe C: \ WINDOWS \ system32 \ notepad.exe C: \ WINDOWS \ explorer.exe C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - (089FD14D-132B-48FC-8.861-0048AE113215) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4.351-9.252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.dll O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ WINDOWS \ system32 \ WLTRAY.exe O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Velciet, lai Disc \ DrgToDsc.exe" O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6.261 \ SiteAdv.exe" O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / slēpt O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA") O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m logitech-d 10.5. 1,2023 (User "SISTĒMA") O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user') O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f video-m logitech-d 10.5.1.2023 (User 'Default lietotājs ") Ø8 - ārpus konteksta menu item: E & ksportēt uz Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ EXCEL.EXE/3000 Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll Ø9 - Extra button: Skype - (77BF5300-1.474-4EC7-9.980-D32B190E9B07) - C: \ WINDOWS \ system32 \ shdocvw.dll Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 3 \ Office11 \ REFIEBAR.DLL Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klase) -- http://update.microsoft.com/microsof...?1222115615015 O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9.458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL O23 - Service: Ati Hotkey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: ATI Smart - Unknown īpašnieks - C: \ WINDOWS \ system32 \ ati2sgag.exe O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe O23 - Service: McAfee Network Aģents (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ McAfee \ MNA \ mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ vīruss ~ 1 \ mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ McAfee \ mcproxy \ mcproxy.exe O23 - Service: McAfee Real-time skeneris (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe O23 - Service: SiteAdvisor Service - Unknown īpašnieks - C: \ Program Files \ SiteAdvisor \ 6.261 \ SAService.exe O23 - Service: Dell Wireless WLAN Tray dienests (wltrysvc) - Unknown īpašnieks - C: \ WINDOWS \ System32 \ WLTRYSVC.EXE -- End of failu - 6.865 bytes .... any ideas yet? |
|
#6
Septembris 22, 2008, 19:46
| |||
| |||
| Viss izskatās fine now. Kādas problēmas jūs joprojām ir? ---------- Lejupielādēt CCleaner Slim un saglabājiet to savā datorā. Kad fails ir saglabāts, dodieties uz Desktop un veiciet dubultklikšķi uz ccsetupxxx_slim.exe Sekojiet norādēm, lai instalētu programmu. Pabeigtu uzstādīšanu, tad:
---------- Java ir novecojis. Vecākas versijas ir ievainojamības, ka ļaunprātīgas vietnes var izmantot, lai inficēt jūsu sistēmā. Vispirms instalēt jaunu Sun Java Runtime Environment Noteikti aizvērt visus pārlūkprogrammas logus, pirms sākt uzstādīšanu. Noņemt veco versiju (s)
---------- Lejupielādēt Disable / Remove Windows Messenger uz Darbvirsma, lai novērstu Windows Messenger. Nejauciet Windows Messenger ar MSN Messenger jo tie nav vienādi. Windows Messenger ir bieži cēlonis logus. Atarhivējiet failu uz darbvirsmas. Open MessengerDisable.exe un izvēlies apakšējā kaste -- Atinstalēt Windows Messenger un noklikšķiniet uz Lietot. Iziet no MessengerDisable tad izdzēst divus failus, kas tika likts uz darbvirsmas.
__________________ |
