Whatever I do I can't get rid of TROJAN.VUNDO.H

**redsowwer** · #1 Spalis 16, 2008, 09:51

Aš išbandžiau daug kartų Malwarebytes ištrinti VUNDO.H virusas. Jis verčia iš naujo paleisti kompiuterį ir paleisti Malwarebytes vėl tik rasti tai vis tiek sistema. Aš taip pat turiu išjungti sistemos atkūrimo, prieš pradedant jas.

Thanks for your help!

**evilfantasy** · #2 Spalis 16, 2008, 11:27

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik.

Vieta varnelė prie šių įrašų: (jei yra)

O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - C: \ Windows \ system32 \ digestp.dll
Ø20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll

Svarbu: Uždaryti visus išskyrus HijackThis langai ir spustelėkite Fix patikrinta.

Išeitis HijackThis.

----------

Atsisiųsti OTMoveIt2 iki Oldtimer ir išsaugokite jį savo Desktop.

Pastaba Jei dirbate su Vista, paspauskite dešiniuoju pelės klavišu ir pasirinkti OTMoveIt2.exe Vykdyti kaip administratorius.

1. Dukart spustelėkite OTMoveIt2.exe paleisti.
2. Kopijuoti ir codebox žemiau linijos.

Kodas

[nužudyti Explorer] "C: \ WINDOWS \ SYSTEM32 \ digestp.dll EmptyTemp [Start Explorer]

3. Atgal į OTMoveIt2 dešiniuoju pelės mygtuku spustelėkite Nukopijuokite sąrašas files / folders judėti langas (pagal geltoname juostoje) ir pasirinkite Pasta
4. Spauskite raudoną Moveit! mygtuką.
5. Kopijuoti viską Rezultatų langas (pagal žalia juosta) ir įklijuokite jį į kitą atsakymą.
6. Uždaryti OTMoveIt2

Pastaba: Jei failo arba aplanko negalima perkelti iš karto jums gali tekti iš naujo paleisti kompiuterį, kad būtų baigti pereiti procesą. Jei prašoma iš naujo paleisti kompiuterį, pasirinkite Taip. Jei ne, perkraukite anyway.

**redsowwer** · #3 Spalis 16, 2008, 12:39

Well I ran viskas jums išsiųstas. Hijack atėjo baudą ir 2 bylos yra išbraukiami.

OTMOVEIT2 programa - Aš kopijuoti 4 eilučių
[nužudyti Explorer]
C: \ WINDOWS \ SYSTEM32 \ digestp.dll
EmptyTemp
[Start Explorer

pagal geltona juosta ir eiga MOVEIT.

Pagal žaliame laukelyje programų pasakė Naršyti žuvo sėkmingai Tačiau aš klaidos dialogo langas.

Saidas OTMOVEIT2 OTMOVEIT2.EXE - Bad image

Paraiška arba DLL C: \ Windows \ rakxhfy.dll nėra svarbių langus vaizdas. Prašome tai patikrinti prieš savo installtion diską.

Teko perkrauti ir OTMOVEIT atėjo ir vėl aš atėjo kartu su pačios klaidos dialogo, kaip nurodyta pirmiau. Kaip man atsikratyti šio OTMOVEIT2 kai ji reboot. Ar yra kas nors dar reikia nuveikti?

**evilfantasy** · #4 Spalis 16, 2008, 12:45

Taip yra daugiau daryti. Don't worry about klaidos pranešimą ...

Atsisiųsti Random sistemos informacijos priemonė (RSIT) atsitiktinai / atsitiktinį ir išsaugokite jį darbalaukyje.

Dukart spustelėkite RSIT.exe paleisti.
Spauskite Tęsti ne disclaimer ekrane.
Kai jis baigė, du rąstai bus atidaryta.
log.txt <bus maksimaliai ir info.txt <bus mažinama
Prašome rašyti turinys abu Įrašai į kitą atsakymą.

**redsowwer** · #5 Spalis 16, 2008, 13:26

log.txt:
Jūsų failo 28,7 KB bytes viršija forumo riba 19,5 KB iš šio tipo failų. Turėjau WinZip LOG failus jį gauti jums padaryti cdonstraints KOMPIUTERINĖS SULTYS areštas failus.

**redsowwer** · #6 Spalis 16, 2008, 13:34

LOG failus

Logfile atsitiktinių sistemos informacijos priemonė 1,04 (Written by atsitiktinai / random)
Pradėti savininkas ne 2008-10-16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
Sistemos diske C: yra 136 GB (92%) kainuoja apie 149 GB
Viso RAM: 382 MB (30% free)
Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 3:56:33 dėl 10/16/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Common Files \ Naujoji sienos \ PrismXL \ PRISMXL.SYS
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Owner \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe
C: \ Program Files \ Common Files \ Symantec Shared \ COH \ coh32.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Owner.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Atsisiųsti ir įrašų Įskiepis Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ "RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: puskarininkių 2,0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ coIEPlg.dll
O2 - BHO: Symantec intrusion prevencija - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ SW g.dll
O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - C: \ Windows \ system32 \ digestp.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ GoogleToolbar1.dll
O3 - Toolbar: Rodyti Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ CoIEPlg.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe"
O4 - HKLM \ .. \ Run: [osCheck] "C: \ Program Files \ Norton 360 \ osCheck.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Global Startup: Device Detector 3.lnk = C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro "ActiveX" Scan Konsultantas 6,6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan Installer Class 2,0) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl klasė) -- http://www.update.microsoft.com/wind...?1211623928390
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klasė) -- http://www.update.microsoft.com/micr...?1211630845500
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: paubftzz - C: \ WINDOWS \ SYSTEM32 \ digestp.dll
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: Automatinė LIVEUPDATE Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Lic NETCONNECT paslaugos (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InCD failų sistemos tarnyba (InCDsrv) - AHEAD Software - C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe
O23 - Service: LIVEUPDATE - Symantec Corporation - C: \ Program Files \ Symantec \ LIVEUPDATE \ LuComServer_3_4.EXE
O23 - Service: LIVEUPDATE pranešimas - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: PrismXL - Nauji krašto Technologies, Inc - C: \ Program Files \ Common Files \ Naujoji sienos \ PrismXL \ PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe
--
End of file - 7.993 baitų
====== ====== Numatytas užduotis aplanko
C: \ WINDOWS \ užduotis \ Automatinis Visas Backup.job
C: \ WINDOWS \ užduočių \ Dienos Changed Files.job
C: \ WINDOWS \ užduočių \ PEACTREE SAVAITĖS GRĮŽTI UP.job
====== ====== Kanceliarija sąvartynas
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)]
Adobe PDF Reader Link Helper - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)]
RealPlayer Atsisiųsti ir įrašų Įskiepis Internet Explorer - C: \ Program Files \ Real \ "RealPlayer \ rpbrowserrecordplugin.dll [2008-04-19 308856]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)]
C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ coIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)]
Symantec intrusion prevencija - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ IDS \ IPSBHO.dll [2008-10-16 116088]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8333-CF10577473F7)]
Google Toolbar Helper - C: \ Program Files \ Google \ GoogleToolbar1.dll [2007-06-04 2554944]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)]
Google Toolbar Notifier BHO - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ SW g.dll [2008-09-26 737776]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
C: \ Windows \ system32 \ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Toolbar - C: \ Program Files \ Yahoo! \ Companion \ Įrenginiai \ NKP \ yt.dll [2005-08-04 343112]
(2318C2B1-4965-11d4-9B18-009027A5CD4F) - & Google - C: \ Program Files \ Google \ GoogleToolbar1.dll [2007-06-04 2554944]
ID
(7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Rodyti Norton Toolbar - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2,6 \ CoIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = C: \ Program Files \ QuickTime \ qttask.exe [2005-01-28 98304]
"Adobe Photo Downloader" = C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher" = C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe [2008-01-11 39792]
"TkBellExe" = C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe [2008-04-19 185896]
"ccApp" = C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe [2008-02-18 51048]
"osCheck" = C: \ Program Files \ Norton 360 \ osCheck.exe [2008-02-26 988512]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MSMSGS" = C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232]
"Ctfmon.exe" = C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware" = C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA]
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004-11-12 344064]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp]
C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe [2008-02-18 51048]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey]
C: \ WINDOWS \ zHotkey.exe [2004-05-17 543232]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
C: \ WINDOWS \ system32 \ Ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD]
C: \ Program Files \ Ahead \ InCD \ InCD.exe [2003-09-01 1200178]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS]
C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck]
C: \ WINDOWS \ system32 \ \ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck]
C: \ WINDOWS \ system32 \ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard]
C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl]
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd]
C: \ WINDOWS \ ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SoundMan]
C: \ WINDOWS \ SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM]
C: \ Program Files \ Digital Media Reader \ shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager]
C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [2003-08-19 110592]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas BigFix.lnk]
C: \ PROGRA ~ 1 \ BigFix \ BigFix.exe [2002-07-31 1742384]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ įkrovos Microsoft Office.lnk]
C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office \ OSA9.exe [2000-01-21 65588]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup
Device Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ AtiExtEvent]
C: \ WINDOWS \ system32 \ Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]
C: \ WINDOWS \ system32 \ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ WINDOWS \ system32 \ upnpui.dll [2008-04-13 239616]
WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "= C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ standartas profilis \ authorizedapplications \ list]
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled:" America Online "9.0"
"% windir% \ network diagnostic \ xpnetdiag.exe" = "% windir% \ network diagnostic \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20.000"
"C: \ Program Files \ Internet Explorer \ iexplore.exe" = "C: \ Program Files \ Internet Explorer \ iexplore.exe: *: Disabled:" Internet Explorer "
"C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe« = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Enabled: LogMeIn Rescue"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ system32 \ sessmgr.exe" = "% windir% \ system32 \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled:" America Online "9.0"
"% windir% \ network diagnostic \ xpnetdiag.exe" = "% windir% \ network diagnostic \ xpnetdiag.exe: *: Enabled: @ Xpsp3res.dll, -20.000"
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)]
shell \ Autorun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-B301-806d6172696f)]
shell \ Autorun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe folder.htt 480 480

====== Sąrašas files / folders sukurtas paskutiniais mėnesių 1 ======
2008-10-16 15:56:08 D ---- ---- C: \ rsit
2008-10-16 15:19:05 D ---- ---- C: \ _OTMoveIt
2008-10-16 14:07:16 D ---- ---- C: \ Program Files \ Panda Security
2008-10-16 13:48:04 ---- ---- C: \ WINDOWS \ system32 \ CF23987.exe
2008-10-16 13:47:57 ---- ---- C: \ Bug.txt
2008-10-16 13:20:06 D ---- ---- C: \ VundoFix atsarginiai
2008-10-16 13:20:06 ---- ---- C: \ VundoFix.txt
2008-10-16 12:26:25 D ---- ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25:40 D ---- ---- C: \ Program Files \ SUPERAntiSpyware
2008-10-16 12:25:39 D ---- ---- C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25:12 D ---- ---- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-10-16 11:20:45 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB956803
2008-10-16 11:20:36 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB956391
2008-10-16 11:20:27 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB957095
2008-10-16 11:17:11 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB954211
2008-10-16 11:16:54 HDC ---- ---- C: \ WINDOWS \ $ $ NtUninstallKB956841
2008-10-16 11:08:22 D ---- ---- C: \ WINDOWS \ system32 \ N360_BACKUP
2008-10-16 10:48:03 DC ---- ---- C: \ WINDOWS \ system32 \ DRVSTORE
2008-10-16 10:47:42 D ---- ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24:37 D ---- ---- C: \ Program Files \ Windows Sidebar
2008-10-16 10:24:06 D ---- ---- C: \ Program Files \ Norton 360
2008-10-16 10:22:49 ---- ---- C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-10-15 17:26:20 D ---- ---- C: \ Program Files \ NoNAV
2008-10-15 16:41:28 D ---- ---- C: \ SymNoNav
2008-10-15 16:22:38 D ---- ---- C: \ WINDOWS \ LMI42.tmp
2008-10-15 15:10:33 D ---- ---- C: \ Program Files \ Trend Micro
2008-10-11 12:25:41 D ---- ---- C: \ WINDOWS \ Sek
2008-10-11 12:25:41 D ---- ---- C: \ Documents and Settings \ Owner \ Application Data \ Sun
2008-10-11 12:00:57 D ---- ---- C: \ Program Files \ CCleaner
2008-10-11 11:38:42 D ---- ---- C: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes
2008-10-11 11:38:37 D ---- ---- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-10-11 11:38:37 D ---- ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
====== Sąrašas files / folders kartą per pastaruosius mėnesius 1 ======
2008-10-16 15:44:12 D ---- ---- C: \ Program Files \ Common Files \ Symantec Shared
2008-10-16 15:43:38 D ---- ---- C: \ Windows \ Temp
2008-10-16 15:27:24 D ---- ---- C: \ WINDOWS \ system32 \? Catroot2
2008-10-16 15:25:42 ---- ---- C: \ WINDOWS \ SchedLgU.txt
2008-10-16 15:12:27 ---- ---- C: \ WINDOWS \ hpbafd.ini
2008-10-16 15:12:19 ---- ---- C: \ WINDOWS \ system32 \ NTS5CSET.INI
2008-10-16 15:05:13 D ---- ---- C: \ WINDOWS
2008-10-16 14:13:35 D ---- ---- C: \ WINDOWS \ system32 \ drivers
2008-10-16 14:07:16 RD ---- ---- C: \ Program Files
2008-10-16 14:07:16 HD ---- ---- C: \ WINDOWS \ inf
2008-10-16 14:06:35 SD ---- ---- C: \ WINDOWS \ Downloaded Program Files
2008-10-16 13:49:56 D ---- ---- C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-10-16 13:48:11 D ---- ---- C: \ WINDOWS \ system32
2008-10-16 12:26:10 SHD ---- ---- C: \ WINDOWS \ Installer
2008-10-16 12:25:12 D ---- ---- C: \ Program Files \ Common Files
2008-10-16 11:50:16 D ---- ---- C: \ Windows \ Minidump
2008-10-16 11:50:16 D ---- ---- C: \ WINDOWS \ Debug
2008-10-16 11:20:47 ---- RSHDC ---- C: \ WINDOWS \ system32 \ dllcache
2008-10-16 11:20:43 HD ---- ---- C: \ WINDOWS \ $ $ hf_mig
2008-10-16 11:20:07 D ---- ---- C: \ Program Files \ Internet Explorer
2008-10-16 11:19:54 D ---- ---- C: \ WINDOWS \ ie7updates
2008-10-16 11:19:07 ---- ---- C: \ WINDOWS \ win.ini
2008-10-16 11:08:11 D ---- ---- C: \ Documents and Settings \ Owner \ Application Data \ Symantec
2008-10-16 11:04:17 D ---- ---- C: \ Program Files \ Symantec
2008-10-16 11:01:12 D ---- ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-10-16 10:46:55 D ---- ---- C: \ WINDOWS \ prefetch
2008-10-15 17:42:01 D ---- ---- C: \ Documents and Settings
2008-10-15 15:38:45 D ---- ---- C: \ WINDOWS \ winSxS
2008-10-15 15:38:45 D ---- ---- C: \ Program Files \ Common Files \ Microsoft Shared
2008-10-15 14:55:27 D ---- ---- C: \ WINDOWS \ system32 \ restore
2008-10-15 13:23:32 ---- ---- C: \ WINDOWS \ PCW120.ini
2008-10-15 13:23:22 D ---- ---- C: \ SHAREDAT
2008-10-14 14:58:10 D ---- ---- C: \ Shardata
2008-10-11 11:30:23 SHD ---- ---- C: \ System Volume Information
2008-10-07 15:19:40 ---- ---- C: \ WINDOWS \ system32 \ MRT.exe
2008-10-03 13:41:15 ---- ---- C: \ WINDOWS \ system32 \ ieframe.dll
2008-09-24 08:36:56 D ---- ---- C: \ Program Files \ Common Files \ Persikų
====== Sąrašas tvarkykles (R = Bėgimas, S = Sustabdyta, 0 = boot, 1 = Sistema, 2 = Automobiliai, 3 = Paklausa, 4 = Disabled )======
R1 AmdPPM; AMD HwPState tvarkyklė, C: \ WINDOWS \ system32 \ drivers \ AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl; Symantec Eraser kontrolės vairuotojo; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ eeCtrl.sys []
R1 InCDPass; InCDPass, C: \ WINDOWS \ system32 \ drivers \ InCDPass.sys [2003-09-01 28528]
R1 incdrm; InCD EasyWrite Reader, C: \ WINDOWS \ system32 \ drivers \ incdrm.sys [2003-08-21 25520]
R1 SASDIFSV; SASDIFSV; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS []
R1 SASKUTIL; SASKUTIL; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.sys []
R1 SPBBCDrv; SPBBCDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCDrv.sys []
R1 SRTSPX; SRTSPX, C: \ WINDOWS \ System32 \ Drivers \ SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI; SYMTDI, C: \ WINDOWS \ System32 \ Drivers \ SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon; CO_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ CO_Mon.sys []
R2 mdmxsdk; mdmxsdk, C: \ WINDOWS \ system32 \ drivers \ mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm; tmcomm; \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys []
R3 ALCXWDM; tarnyba Realtek AC97 Audio (WDM), C: \ WINDOWS \ system32 \ drivers \ ALCXWDM.SYS [2004-11-18 2297664]
R3 Arp1394; 1.394 ARP protokolas klientų, C: \ WINDOWS \ system32 \ drivers \ arp1394.sys [2008-04-13 60800]
R3 ati2mtag; ati2mtag, C: \ WINDOWS \ system32 \ drivers \ ati2mtag.sys [2006-02-21 1505792]
R3 COH_Mon; COH_Mon; \? \ C: \ WINDOWS \ system32 \ drivers \ COH_Mon.sys []
R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys []
R3 GEARAspiWDM; GEAR ASPI filtro tvarkyklė, C: \ WINDOWS \ System32 \ Drivers \ GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP; HSF_DP, C: \ WINDOWS \ system32 \ drivers \ HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2; HSFHWBS2, C: \ WINDOWS \ system32 \ drivers \ HSFHWBS2.sys [2004-06-17 220032]
R3 NAVENG; NAVENG; \? \ C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2.008.101 6,004 \ NAVENG.SYS []
R3 NAVEX15; NAVEX15; \? \ C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ VIRUSD ~ 1 \ 2.008.101 6,004 \ NAVEX15.SYS []
R3 NIC1394; 1.394 Grynasis Vairuotojas, C: \ WINDOWS \ system32 \ drivers \ nic1394.sys [2008-04-13 61824]
R3 rtl8139; Realtek RTL8139 (A / B / C), pagrįsta PCI Fast Ethernet Adapter NT Driver, C: \ WINDOWS \ system32 \ drivers \ RTL8139.SYS [2004-08-04 20992]
R3 SASENUM; SASENUM; \? \ C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS []
R3 SRTSP; SRTSP, C: \ WINDOWS \ System32 \ Drivers \ SRTSP.SYS [2008-01-31 279088]
R3 SunkFilt; Alcor Mikro Corp Reader; \? \ C: \ WINDOWS \ System32 \ Drivers \ sunkfilt.sys []
R3 SYMDNS; SYMDNS, C: \ WINDOWS \ System32 \ Drivers \ SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent; SymEvent; \? \ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS []
R3 SYMFW; SYMFW, C: \ WINDOWS \ System32 \ Drivers \ SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS; SYMIDS, C: \ WINDOWS \ System32 \ Drivers \ SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO; SYMIDSCO; \? \ C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ SymcData \ ipsdefs \ 20081014,001 \ SymIDSCo.sys []
R3 SymIMMP; SymIMMP, C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008-06-13 31280]
R3 SYMNDIS; SYMNDIS, C: \ WINDOWS \ System32 \ Drivers \ SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV; SYMREDRV, C: \ WINDOWS \ System32 \ Drivers \ SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller miniprievado Driver, C: \ WINDOWS \ system32 \ drivers \ Usbehci.sys [2008-04-13 30208]
R3 usbhub; USB2 Įjungta Hub, C: \ WINDOWS \ system32 \ drivers \ Usbhub.sys [2008-04-13 59520]
R3 usbohci; Microsoft USB Open Host Controller miniprievado Driver, C: \ WINDOWS \ system32 \ drivers \ Usbohci.sys [2008-04-13 17152]
R3 USBSTOR, USB Mass Storage Driver, C: \ WINDOWS \ system32 \ drivers \ USBSTOR.SYS [2008-04-13 26368]
R3 winachsf; winachsf, C: \ WINDOWS \ system32 \ drivers \ HSF_CNXT.sys [2004-06-17 685056]
R4 InCDfs; InCD File System, C: \ WINDOWS \ system32 \ drivers \ InCDfs.sys [2003-09-01 88800]
S1 P3 Intel PentiumIII tvarkyklė, C: \ WINDOWS \ system32 \ drivers \ p3.sys [2008-04-13 42752]
S3 Bridge; Mac tilto, C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008-04-13 71552]
S3 BridgeMP; Mac tiltas miniprievado, C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008-04-13 71552]
S3 mxnic; Macronix MX987xx Family Fast Ethernet NT Driver, C: \ WINDOWS \ system32 \ drivers \ mxnic.sys [2001-08-17 19968]
S3 NV, NV, C: \ WINDOWS \ system32 \ drivers \ nv4_mini.sys [2004-08-04 1897408]
S3 SRTSPL; SRTSPL, C: \ WINDOWS \ System32 \ Drivers \ SRTSPL.SYS [2008-01-31 317616]
S3 SymIM; Symantec Network Security Tarpinis filtras Paslaugos, C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008-06-13 31280]
S3 usbuhci; Microsoft USB Universal Host Controller miniprievado Driver, C: \ WINDOWS \ system32 \ drivers \ usbuhci.sys [2008-04-13 20608]
S3 VNUSB; V. Serija Device, C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003-12-15 38448]
S3 wanatw; WAN miniprievado (ATW), C: \ WINDOWS \ system32 \ drivers \ wanatw4.sys []
S3 WudfPf, Windows Driver fondas - User-mode Driver Framework platforma Driver, C: \ WINDOWS \ system32 \ drivers \ WudfPf.sys [2006-09-28 77568]
S3 WudfRd, Windows Driver fondas - User-mode Driver Framework reflector, C: \ WINDOWS \ system32 \ drivers \ wudfrd.sys [2006-09-28 82944]
S4 Sr; System Restore filtro tvarkyklė, C: \ WINDOWS \ system32 \ drivers \ sr.sys [2008-04-13 73472]
====== Paslaugų sąrašas (R = Bėgimas, S = Sustabdyta, 0 = boot, 1 = Sistema, 2 = Automobiliai, 3 = Paklausa, 4 = Disabled )======
R2 Ati HotKey Rinkėjas; Ati HotKey Rinkėjas, C: \ WINDOWS \ system32 \ Ati2evxx.exe [2006-02-21 405504]
R2 Automatinis LIVEUPDATE planavimo; Automatinis LIVEUPDATE planavimo, C: \ Program Files \ Symantec \ LIVEUPDATE \ aluschedulersvc.exe [2008-02-21 238968]
R2 ccEvtMgr; Symantec Event Manager, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 ccSetMgr; Symantec Settings Manager ", C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService; Symantec Lic NETCONNECT paslaugą, C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 gusvc; Google Updater Service, C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007-06-04 138680]
R2 InCDsrv; InCD failų sistemos tarnyba, C: \ Program Files \ Ahead \ InCD \ InCDsrv.exe [2003-09-01 798772]
R2 LIVEUPDATE skelbime; LIVEUPDATE pranešimas; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 MDM; Mdm.exe, C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE [2003-06-19 322120]
R2 PrismXL; PrismXL, C: \ Program Files \ Common Files \ Naujoji sienos \ PrismXL \ PRISMXL.SYS [2005-01-28 172032]
S3 aspnet_state; ASP.NET valstybės tarnybos, C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004-07-15 32768]
S3 comHost, COM Host; C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe [2007-08-22 55640]
S3 LIVEUPDATE; LIVEUPDATE, C: \ Program Files \ Symantec \ LIVEUPDATE \ LuComServer_3_4.EXE [2008-09-05 3220856]
S3 ose; Office Source Engine, C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC; Symantec Core aikštelė, C: \ PROGRA ~ 1 \ COMMON ~ 1 \ SYMANT ~ 1 \ CCPD-LC \ symlcsvc.exe [2008-10-16 1245064]
S3 WMPNetworkSvc, Windows Media Player "tinklo dalijimosi paslaugą, C: \ Program Files \ Windows Media Player \ WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc, Windows Driver fondas - User-mode Driver Framework, C: \ WINDOWS \ System32 \ svchost.exe [2008-04-13 14336]
EOF ----------------- -----------------

**evilfantasy** · #7 Spalis 16, 2008, 13:50

digestp.dll dar ne išėjo.

Pirma:

Atsisiųsti Išjungti / šalinti "Windows Messenger darbastalio pašalinti Windows Messenger.

Nepainiokite Windows Messenger su Messenger nes jie yra ne tas pats. Windows Messenger yra dažna priežastis iškylančių langų.

Rozpakuj failą darbalaukyje. Atidaryti MessengerDisable.exe ir pasirinkite apačioje langelis -- Šalinti Windows Messenger ir paspauskite Taikyti.

Išeiti iš MessengerDisable tada ištrinti du failus, kurie buvo pateikti į Desktop.

----------

Pastaba Toliau instrukcijos buvo sukurtas specialiai šiam vartotojui. Jei nėra šio vartotojo NĖRA laikytis šių nurodymų, nes jie gali sugadinti jūsų sistemos veikimą

Pereiti į Start> Run ir tipas notepad.exe tada Gerai

Nukopijuokite ir įklijuokite šį kodą į Notepad ir išsaugokite fixme.reg Jūsų Desktop

Kodas

REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ startupreg \ MSMSGS] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]

Raskite fixme.reg darbalaukyje ir du kartus spustelėkite jį. Atsakymas Taip Kai jus sujungti su registru.

Įsitikinkite, kad galite pasakyti, jei gausite pranešimą apie sėkmingą pridedant pirmiau į registrą. Jei nenorite gauti prane ¹ im ± sėkmė, it didn't work.

Ištrinti iš darbastalio fixme.reg.

----------

Java yra pasenusi.

Senesnės versijos turi silpnąsias vietas, kad kenkėjiškų svetainių galima naudoti užkrėsti savo sistemą.

Pirmiausia įdiekite naują Sun Java Runtime Environment

Būtinai uždaryti visus naršyklės langus, prieš pradedant diegti.

Pašalinti seną versiją (-ai)

Atsisiųsti JavaRa

Rozpakuj failą ir atidaryti JavaRa.exe
Spauskite Ištrinti senų versijų
JavaRa bus surasti ir pašalinti visas pasenusias versija Java ir pašalinti bet kokius, kad būtų rasti.
Spauskite Papildomos užduotys
Vieta varnelę Pašalinti useless JRE Failai ir paspauskite Eiti
Išeitis JavaRa
Ištrinti JavaRa failus iš darbalaukio

----------

Įtartinas failų skenavimas

Eikite į VirSCAN.org Free on-line nuskaitymo paslaugos
(Jei daugiau nei vienas failas turi nuskaityti turi būti daroma atskirai ir žurnalai Posted už kiekvieną)

1. Nukopijuokite ir įklijuokite šį failą į kelias Įtartinas failų skenavimas laukelyje puslapio viršuje.

Kodas

C: \ WINDOWS \ system32 \ CF23987.exe

2. Tuo įkelti puslapį, paspauskite vieną kartą lango viduje šalia Žmonės.
3. Spauda Ctrl + V klaviatūra (ir tuo pačiu metu), įrašykite kelią iki failo į langą.
4. Spauskite Įkelti mygtuką.
Tai atliks nuskaitymo daugelyje skirtingų virusų skanavimo sistemos.
Jūsų byla greičiausiai bus įrašytas į eilę, kuri paprastai trunka mažiau nei minutę, aišku.
Svarbu: Palaukite, visos skanavimo variklių užpildyti.
5. Kai nuskaitymas baigiamas slinkite žemyn ir pasirinkite Kopijuoti į mainų sritį mygtuką. Tai bus nukopijuoti į mainų sritį ataskaitos nuorodą.
6. Įklijuoti mainų srities turinį į kitą atsakymą.

----------

Po parašėte VirSCAN.org rezultatus.

Atsisiųsti ATF Cleaner pagal Atribune darbalaukyje.

Pakaitinis parsisiuntimo nuorodą

Pastaba Vista vartotojai turi naudoti Vykdyti kaip administratorius

Po Atsakingas komitetas: Pasirinkite failus į Ištrinti Pasirinkite: Select All.
Spauskite Tuščias Rinktiniai mygtuką.
Jei naudojate Firefox naršyklę Spauskite Firefox viršuje ir pasirinkti: Select All
Spauskite Tuščias Rinktiniai mygtuką.
Jei norite išsaugoti savo išsaugotus slaptažodžius paspauskite Ne į eilutę.
Jei naudojate Opera naršyklę Spauskite Opera viršuje ir pasirinkti: Select All
Spauskite Tuščias Rinktiniai mygtuką.
Jei norite išsaugoti savo išsaugotus slaptažodžius paspauskite Ne į eilutę.
Spauskite Atsijungti pagrindiniame meniu, jei norite uždaryti programą.

Atkreipkite dėmesį, kad jūsų sistema veiks lėčiau, dėl sistemos perkrovimo ar dvi po to, kai ši priemonė naudojama taip nesijaudinkite.

Svarbu: Perkraukite kompiuterį, prieš tęsiant.

**redsowwer** · #8 Spalis 16, 2008, 14:39

1. Sėkmė Fixme.reg

2. Tai čia yra 2 failus jūs norite man atsiųsti

A. JavaRa 1,11 išbraukimas Prisijungti.
Pranešimas taip po linija.
------------------------------------
JavaRa pašalinimo procesas buvo pradėtas spalis 16 Kt 17:23:09 2008
Rasti ir pašalinti: C: \ Windows \ System32 \ jpicpl32.cpl
Rasti ir pašalinti: C: \ Windows \ Installer \ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Rasti ir pašalinti: Software \ Javasoft \ Java Runtime Environment \ 1,4
Rasti ir pašalinti: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstal L \ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Rasti ir pašalinti: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA)
Rasti ir pašalinti: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB)
Rasti ir pašalinti: SOFTWARE \ Classes \ Installer \ Products \ 8A0F841731866D 117AB7000B0D410200
Rasti ir pašalinti: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installe r \ UserData \ S-1-5-18 \ Products \ 8A0F841731866D117AB7000B0D410200
Rasti ir pašalinti: SOFTWARE \ Classes \ JavaPlugin.142
Rasti ir pašalinti: Software \ Javasoft \ Java Plug-in \ 1.4.2
Rasti ir pašalinti: Software \ Javasoft \ Java Runtime Environment \ 1.4.2
Rasti ir pašalinti: Software \ Javasoft \ Java Web Start \ 1.4.2
Rasti ir pašalinti: Software \ Javasoft \ Java Web Start \ 1.0.1
Rasti ir pašalinti: Software \ Javasoft \ Java Web Start \ 1.0.1_02
Rasti ir pašalinti: Software \ Javasoft \ Java Web Start \ 1.0.1_03
Rasti ir pašalinti: Software \ Javasoft \ Java Web Start \ 1.0.1_04
Rasti ir pašalinti: Software \ Javasoft \ Java Web Start \ 1,2
Rasti ir pašalinti: Software \ Javasoft \ Java Web Start \ 1.2.0_01
------------------------------------
Baigta ataskaitas.

JavaRa 1,11 išbraukimas Prisijungti.
Pranešimas taip po linija.
------------------------------------
JavaRa pašalinimo procesas buvo pradėtas spalis 16 Kt 17:23:18 2008
------------------------------------
Baigta ataskaitas.

B. VirSCAN. Org scanned Pranešimas:
Nuskaitomi laikas: 2008/10/16 17:27:59 (CET)
Scanner results: Visos Skaitytuvai pranešė nerandate kenkėjiška!
Failo vardas: CF23987.exe
Failo dydis: 389.120 baitų
Failo tipas: PE32 executable MS Windows (console) "Intel" 80386 32-bit
MD5: b65faf059812f22a1058ecfcb520e47b
SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Tinkle: http://virscan.org/report/36cd3be0f2...66947033e.html
Skeneris Variklio Ver Sig Ver Sig Data Laikas Ieškoti rezultatų
-squared 4.0.0.16 2008.10.15 2008-10-15 1,54 --
AhnLab V3, ... .. - 0,18 --
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 --
Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 --
Arcavir 1.0.5 200810161244 2008-10-16 1,23 --
Authentium 5.1.1 200810150216 2008-10-15 1,17 --
Avast! 3.0.1 081015-0 2008-10-15 0,72 --
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 --
BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 --
CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 --
ClamAV 0,94 8435 2008 -10-17 0,13 --
Comodo 2,11 2.0.0.678 2008-10-16 0,44 --
KP Saugoma 1.1.0.715 2008.10.17 2008-10-17 6,26 --
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 --
Ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 --
F-Prot 4.4.4.56 20081016 2008-10-16 1,19 --
F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 --
Fortinet 2.81-3.113 9,647 2008-10-15 0,23 --
GData 19.1058/19.65 20081016 2008-10-16 2,65 --
ViRobot 20081016 2008.10.16 2008-10-16 0,40 --
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 --
JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 --
Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 --
KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 --
McAfee 5.3.00 5406 2008-10-15 2,13 --
Microsoft 1,4005 2008.10.16 2008-10-16 3,93 --
mks_vir 2,01 2008.10.16 2008-10-16 2,75 --
Norman 5.93.01 5.93.00 2008-10-16 5,21 --
Panda 9.05.01 2008.10.16 2008-10-16 2,28 --
Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 --
Quick HEAL 9,50 2008.10.16 2008-10-16 1,99 --
Augančios 20,0 20.66.32.00 2008-10-16 0,77 --
Sophos 2.79.0 4,34 2008-10-17 1,86 --
Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 --
Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 --
nProtect 2008-10-16.00 2247055 2008-10-16 4,22 --
Hacker 6.3.1.0 v00116 2008-10-16 0,45 --
VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 --
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 --

**evilfantasy** · #9 Spalis 16, 2008, 14:41

Parsisiųsti ComboFix iki einantys iš vienos iš žemiau nuorodų. Būtinai įrašykite jį į viršų Desktop.

Link # 1
Link # 2

** Pastaba: Svarbu, kad ji yra saugomi tiesiai darbalaukyje

Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant ComboFix.

Laikinai daryti nepajėgų tavo AntivirusIr bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo. Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti.

Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
Baigę ComboFix gamins žurnalas Jums.
Skelbti ComboFix Prisijungti Jūsų kitą atsakymą.

Svarbu: Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti ją gardas.

Atminkite, kad vėl įjungti antivirusinės ir apsaugos nuo šnipinėjimo programų, kai ComboFix baigtas.

**redsowwer** · #10 Spalis 16, 2008, 15:11

ComboFix 08-10-16.01 - Owner 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Veikia nuo: C: \ Documents and Settings \ Owner \ Desktop \ ComboFix.exe
* Sukurtas naujas atkūrimo taškas
.
((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ jestertb.dll
D: \ Autorun.inf
.
((((((((((((((((((((((((( Failus, sukurtus nuo 2008/09/16 iki 2008/10/16 ))))))))))) ))))))))))))))))))))
.
2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip
2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \ rsit
2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \ _OTMoveIt
2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \ Program Files \ Panda Security
2008-10-16 14:07. 2008-06-19 17:24 28.544 - ------ C: \ WINDOWS \ system32 \ drivers \ pavboot.sys
2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \ VundoFix atsarginiai
2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com
2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \ WINDOWS \ system32 \ N360_BACKUP
2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- C --- C: \ WINDOWS \ system32 \ DRVSTORE
2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \ Program Files \ Windows Sidebar
2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \ Program Files \ Norton 360
2008-10-16 10:22. 2008-10-16 11:04 123.952 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-10-16 10:22. 2008-10-16 11:04 60.800 - ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-10-16 10:22. 2008-10-16 11:04 10.671 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.CAT
2008-10-16 10:22. 2008-10-16 11:04 805 - ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.INF
2008-10-16 10:16. 2008-09-08 06:41 333.824 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ srv.sys
2008-10-16 10:15. 2008-08-14 06:11 2.189.184 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntoskrnl.exe
2008-10-16 10:15. 2008-08-14 06:09 2.145.280 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrnlpa.exe
2008-10-16 10:15. 2008-08-14 05:33 2.023.936 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Ntkrpamp.exe
2008-10-16 10:15. 2008-09-15 08:12 1.846.400 ----- --- C C: \ WINDOWS \ system32 \ dllcache \ Win32k.sys
2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6
2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SampleView
2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ McAfee
2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \ Documents and Settings \ Administrator
2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \ Program Files \ NoNAV
2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \ SymNoNav
2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \ WINDOWS \ LMI42.tmp
2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-10-11 13:05. 2008-10-11 12:33 102.664 - ------ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys
2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \ Documents and Settings \ Owner \. Housecall6.6
2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \ WINDOWS \ Sek
2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \ Program Files \ CCleaner
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-10-11 11:38. 2008-09-10 00:04 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-10-11 11:38. 2008-09-10 00:03 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-23 13:17. 2008-09-23 13:17 133 - ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:53 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-10-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-10-16 15:08 --------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ Symantec
2008-10-16 15:04 --------- d ----- w C: \ Program Files \ Symantec
2008-10-16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-09-24 12:36 --------- d ----- w C: \ Program Files \ Common Files \ Persikų
2008-09-08 10:41 333.824 ---- AW C: \ WINDOWS \ system32 \ drivers \ srv.sys
2008-08-19 10:32 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2005-10-20 18:06 76-C ---- w C: \ Documents and Settings \ Owner \ Application Data \ wklnhst.dat
2005-05-27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys
2008-05-24 13:39 32.768-csha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ History \ History.IE5 \ MSHist012008052420080 525 \ Index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
2004-08-04 15:00 105984 - ------ C: \ Windows \ system32 \ digestp.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayExcluded]
@ = "(4433A54A-1AC8-432F-90FC-85F045CF383C)"
[HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432F-90FC-85F045CF383C)]
2008-02-26 04:34 576352 - ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayPending]
@ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)"
[HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)]
2008-02-26 04:34 576352 - ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayProtected]
@ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)"
[HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)]
2008-02-26 04:34 576352 - ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2005-01-28 98304]
"Adobe Photo Downloader" = "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-04-19 185896]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe" [2008-02-18 51048]
"osCheck" = "C: \ Program Files \ Norton 360 \ osCheck.exe" [2008-02-26 988512]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Device Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe [2007-06-27 114688]
Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe [2007-06-04 125624]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe [2000-01-21 65588]
WinZip Quick Pick.lnk - C: \ Program Files \ WinZip \ WZQKPICK.EXE [2008-09-11 525664]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA) "=" C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL "[2008-05-13 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]
2004-08-04 15:00 105984 C: \ WINDOWS \ system32 \ digestp.dll
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ Paleidimas BigFix.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ BigFix.lnk
Backup = C: \ WINDOWS \ PSS \ BigFix.lnkCommon Paleidimas
[HKLM \ ~ \ startupfolder \ C: Documents and Settings ^ ^ ^ All Users Start Menu Programs ^ ^ ^ paleisties Microsoft Office.lnk]
PATH = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk
Backup = C: \ WINDOWS \ PSS \ Microsoft Office.lnkCommon Paleidimas
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ATIPTA]
- A - C --- 2004-11-12 01:10 344064 C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ccApp]
- ------ 2008-02-18 15:37 51048 C: \ Program Files \ Common Files \ Symantec Shared \ ccapp.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Ctfmon.exe]
- ------ 2008-04-13 20:12 15360 C: \ WINDOWS \ system32 \ Ctfmon.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ InCD]
- ------ 2003-09-01 09:32 1200178 C: \ Program Files \ Ahead \ InCD \ InCD.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroCheck]
- ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ NeroFilterCheck]
- ------ 2001-07-09 15:50 155648 C: \ WINDOWS \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ Recguard]
- A - C --- 2002-09-13 16:42 212992 C: \ WINDOWS \ SMINST \ Recguard.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ RemoteControl]
- A - C --- 2003-10-31 23:42 32768 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SunKistEM]
- A - C --- 2004-11-15 19:04 135168 C: \ Program Files \ Digital Media Reader \ shwiconEM.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ UpdateManager]
- A - C --- 2003-08-19 01:01 110592 C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ CHotkey]
- A - C --- 2004-05-17 22:30 543232 C: \ WINDOWS \ zHotkey.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ ShowWnd]
- A - C --- 2003-09-19 13:09 36864 C: \ WINDOWS \ ShowWnd.exe
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Shared Tools \ msconfig \ startupreg \ SoundMan]
- A - C --- 2004-11-15 23:20 77824 C: \ WINDOWS \ SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Stebėsena \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
R0 pavboot; pavboot, C: \ WINDOWS \ system32 \ drivers \ pavboo t.sys [2008-06-19 28544]
R0 shsizubv; shsizubv, C: \ WINDOWS \ system32 \ drivers \ shsi zubv.sys [2004-08-04 23424]
S3 COH_Mon; COH_Mon, C: \ WINDOWS \ system32 \ drivers \ COH_Mo n.sys [2008-07-30 23888]
S3 VNUSB; V. Serija Device, C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003-12-15 38448]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - netsvcs
qfbydciq
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)]
\ Shell \ Autorun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-B301-806d6172696f)]
\ Shell \ Autorun \ command - C: \ WINDOWS \ system32 \ rundll32.exe shell32.dll, ShellExec_RunDLL Info.exe folder.htt 480 480
* Naujai sukurta tarnyba * - COMHOST
* Naujai sukurta tarnyba * - PROCEXP90
.
Turinys "Scheduled Tasks" katalogą
2008/10/12 C: \ WINDOWS \ Uždaviniai \ Automatinis Visas Backup.job
- C: \ Program Files \ stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
2008/10/15 C: \ WINDOWS \ Uždaviniai \ Dienos Changed Files.job
- C: \ Program Files \ stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
2008/10/11 C: \ WINDOWS \ Uždaviniai \ PEACTREE SAVAITĖS GRĮŽTI UP.job
- C: \ Program Files \ stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
.
- - - - Orphans nuimti - - - --
Įrankinės ID - (no file)

.
------- Papildomos Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/
R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q searchTerms = () & sourceid = ie7 & RLS = com.micros oft: en-us & ie = utf8 & oe = utf8
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
skenavimo paslėptus procesus ...
skenavimo paslėptas autostart entries ...
skenavimo paslėptus failus ...
skenavimas baigtas sėkmingai
paslėptus failus: 0
************************************************** ************************
.
Atlikimo laikas: 2008-10-16 17:56:31
ComboFix-karantine-files.txt 2008-10-16 21:56:27
Pre-Rida: 142.914.838.528 baitų nemokamai
Post-Rida: 142.911.078.400 baitų nemokamai
WindowsXP-KB310994-SP2-Home-BOOTDISK-LTH.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[operating systems]
C: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect
208 --- EOF --- 2008-10-16 15:20:49

Panašios Temos
Siūlas	Thread Starter	Forumas	Atsakymai	Last Post
Trojos Vundo.H neišnyks.	jbrac25	Virus, Spyware & Security	6	Gegužė 15, 2009 13:12
Need Help ... Can't Get atsikratyti TROJAN.VUNDO.H.	sukun	Virus, Spyware & Security	1	2 gegužė 2009 16:27
I Can't Get atsikratyti TROJAN.VUNDO.H iš savo kompiuterio	theprodigycmb	Virus, Spyware & Security	13	Kovas 16, 2009 16:40
Need help w / Trojan.Vundo H!	Nicholas02	Virus, Spyware & Security	22	22 gruodis 2008 17:59
Trojan.vundo.h, Trojan.Agent, adware.mirar + MORE! : (	sillyarfer	Virus, Spyware & Security	1	14 gruodis 2008 09:59