Wimad-E virusas??

jonofisher · #1 Rugsėjis 21, 2008, 16:43

HI Evil Fantasy - Man panaši problema su kito vartotojo čia. Turiu atsisiųsti ir paleisti combofix, kurio išėjimas yra žemiau. Būsiu labai dėkingi už bet kokią pagalbą, jums galėtų suteikti. Žinau, kad byla Trojan atėjo - Aš bandė jį ištrinti, bet Windows won't let me - sako jis yra naudojamas. Bet mintis būtų labai sveikintina.

Ačiū

ComboFix 08-09-20.05 - administratorius 2008-09-22 0:29:51.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT 1:00]
Veikia nuo: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Sukurtas naujas atkūrimo taškas
ĮSPĖJIMAS-ši mašina neturi atkūrimo konsolę Installed!!
.
((((((((((((((((((((((((((((((((((((((( Kiti deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ Administrator \ Cookies \ administratorius @ 2o7 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ad.yi eldmanager [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratorius @ Adver tising [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-baa.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-discoverynetwork.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-mastercard.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-tfl.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratoriaus @ foxto ns.co [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratorius @ hitai. gureport.co [1]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratorius @ naujienų. uk.msn [2]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratoriaus @ revsc I [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratoriaus @ RTM [6]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratorius Servi @ ng-SYS [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratoriaus @ specifika ficclick [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratoriaus @ statc ounter [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ths.n ews.com [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratorius @ prekių doubler [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administratoriaus @ tsw0 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ww0.t imeout [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@www.r eed.co [2]. Txt
C: \ WINDOWS \ system32 \ lsprst7.dll
.
((((((((((((((((((((((((( Failus, sukurtus nuo 2008/08/21 iki 2008/09/21 ))))))))))) ))))))))))))))))))))
.
2008-09-22 00:28. 2008-09-16 01:03 <DIR> d -------- C: \ 32788R22FWJFW
2008-09-22 00:00. 2008-09-22 00:00 <DIR> d -------- C: \ Program Files \ Exterminate It!
2008-09-14 21:22. 2008-04-14 01:12 221.184 - ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ scripting
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ system32 \ LT
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ l2schemas
2008-09-14 20:27. 2008-04-13 18:28 2.940.928 --------- C: \ WINDOWS \ system32 \ dllcache \ wmploc.dll
2008-09-14 20:26. 2008-04-14 01:10 844.314 --------- C: \ WINDOWS \ system32 \ dllcache \ Msdxm.ocx
2008-09-13 18:04. 2008-09-13 18:04 <DIR> d -------- C: \ Program Files \ Java
2008-09-13 18:04. 2008-09-13 18:05 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ LimeWire
2008-09-13 18:04. 2008-06-10 02:32 73.728 - ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2008-09-13 18:03. 2008-09-13 18:03 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2008-09-13 18:00. 2008-09-13 18:00 <DIR> d -------- C: \ Program Files \ LimeWire
2008-09-13 12:43. 2008-09-13 12:43 <DIR> d -------- C: \ Program Files \ iDump
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-09-13 12:08. 2008-04-17 13:12 107.368 - ------ C: \ WINDOWS \ system32 \ GEARAspi.dll
2008-09-13 12:08. 2008-04-17 13:12 15.464 - ------ C: \ WINDOWS \ system32 \ drivers \ GEARAspiWDM.sys
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ QuickTime
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ Bonjour
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ WINDOWS \ system32 \ DRVSTORE
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Apple Software Update
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-09-06 15:09. 2008-09-06 15:09 90.112 - ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-08-29 10:18. 2008-08-29 10:18 87.336 - ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - ------ C: \ WINDOWS \ system32 \ dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 07:37 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM
2008-08-03 07:35 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype
2008-08-03 07:32 --------- d ----- w C: \ Program Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Program Files \ Common Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Skype
2008-07-18 21:10 94.920 ---- AW C: \ WINDOWS \ system32 \ dllcache \ cdm.dll
2008-07-18 21:10 94.920 ---- AW C: \ WINDOWS \ system32 \ cdm.dll
2008-07-18 21:10 53.448 ---- AW C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-18 21:10 53.448 ---- AW C: \ WINDOWS \ system32 \ dllcache \ wuauclt.exe
2008-07-18 21:10 45.768 ---- AW C: \ WINDOWS \ system32 \ wups2.dll
2008-07-18 21:10 36.552 ---- AW C: \ WINDOWS \ system32 \ wups.dll
2008-07-18 21:10 36.552 ---- AW C: \ WINDOWS \ system32 \ dllcache \ wups.dll
2008-07-18 21:09 563.912 ---- AW C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-18 21:09 563.912 ---- AW C: \ WINDOWS \ system32 \ dllcache \ wuapi.dll
2008-07-18 21:09 325.832 ---- AW C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-18 21:09 325.832 ---- AW C: \ WINDOWS \ system32 \ dllcache \ wucltui.dll
2008-07-18 21:09 205.000 ---- AW C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-18 21:09 205.000 ---- AW C: \ WINDOWS \ system32 \ dllcache \ wuweb.dll
2008-07-18 21:09 1.811.656 ---- AW C: \ WINDOWS \ system32 \ wuaueng.dll
2008-07-18 21:09 1.811.656 ---- AW C: \ WINDOWS \ system32 \ dllcache \ wuaueng.dll
2008-07-07 20:26 253.952 ---- AW C: \ WINDOWS \ system32 \ es.dll
2008-07-07 20:26 253.952 ------ w C: \ WINDOWS \ system32 \ dllcache \ es.dll
2008-06-26 08:15 619.520 ------ w C: \ WINDOWS \ system32 \ dllcache \ Urlmon.dll
2008-06-26 08:15 1.499.136 ------ w C: \ WINDOWS \ system32 \ dllcache \ Shdocvw.dll
2008-06-24 16:43 74.240 ---- AW C: \ WINDOWS \ system32 \ mscms.dll
2008-06-24 16:43 74.240 ------ w C: \ WINDOWS \ system32 \ dllcache \ mscms.dll
2008-06-23 15:09 666.112 ---- AW C: \ WINDOWS \ system32 \ wininet.dll
2008-06-23 15:09 666.112 ------ w C: \ WINDOWS \ system32 \ dllcache \ wininet.dll
2008-06-23 15:09 3.067.392 ------ w C: \ WINDOWS \ system32 \ dllcache \ Mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2008-04-14 15360]
"SWG" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2008-04-21 68856]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-06-27 580096]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe" = "C: \ WINDOWS \ system32 \ bgsmsnd.exe" [2007-11-19 160136]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"S3TRAY2" = "S3Tray2.exe" [2001/10/11 C: \ WINDOWS \ system32 \ S3Tray2.exe]
"AGRSMMSG" = "AGRSMMSG.exe" [2003/06/27 C: \ WINDOWS \ AGRSMMSG.exe]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/04 C: \ WINDOWS \ system32 \ Ati2mdxx.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-04-19 219136]
[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ System32 \ \ sessmgr.exe" =
"C: \ Program Files \ Messenger \ \ msmsgs.exe" =
"C: \ Program Files \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ iTunes \ \ iTunes.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ network diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ Skype \ \ Phone \ \ Skype.exe" =
R3 Tp4Track; IBM PS / 2 trackpoint Driver, C: \ WINDOWS \ system32 \ drivers \ tp4track.sys [2003-05-15 13904]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntversion \ Explorer \ mountpoints2 \ (f1882860-11dd-129d-89b6-000d60cb61ce)]
\ Shell \ Autorun \ command - E: \ LaunchU3.exe
* Naujai sukurta tarnyba * - PROCEXP90
.
Turinys "Scheduled Tasks" katalogą
.
.
------- Papildomos Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.co.uk/
R0 -: HKCU-Main, Search Page = hxxp: / / www.google.com
R0 -: HKCU-Main, Search Bar = hxxp: / / www.google.com / lt
R1 -: HKCU-Internet Settings, ProxyOverride = *. vietos
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & Eksportuoti į "Microsoft Excel - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O16 - (2DAD3559-2923-4935-AD49-B673D2539944) - hxxp: / / www-307.ibm.com/pc/support/acpir.cab
C: \ WINDOWS \ Downloaded Program Files \ acpir.inf
C: \ WINDOWS \ system32 \ capicom.dll
C: \ WINDOWS \ Downloaded Program Files \ acpir2.dll
O16 - (483EB14D-AF1C-4951-81B0-4E2B41829FF6) - hxxps: / / www.select2perform.eu/cabs/QOLCheck.ocx
C: \ WINDOWS \ Downloaded Program Files \ QOLCheck.ocx
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:32:33
Windows 5.1.2600 Service Pack 3 RIEBALŲ NTAPI
skenavimo paslėptus procesus ...
skenavimo paslėptas autostart entries ...
skenavimo paslėptus failus ...
skenavimas baigtas sėkmingai
paslėptus failus: 0
************************************************** ************************
.
--------------------- DLL Loaded Pagal aktyvūs procesai ---------------------
Procesą: C: \ WINDOWS \ system32 \ winlogon.exe
-> C: \ WINDOWS \ system32 \ Ati2evxx.dll
.
Atlikimo laikas: 2008-09-22 0:33:07
ComboFix-karantine-files.txt 2008-09-21 23:33:06
Pre-Rida: 9484075008 bytes nemokamai
Post-Rida: 9686056960 bytes nemokamai
167 --- EOF --- 2008-09-16 07:01:45

**evilfantasy** · #2 Rugsėjis 21, 2008, 17:37

Atsisiųsti TrendMicro HijackThis.exe (HJT) į Desktop.

Dukart spustelėkite HJTInstall.
Spauskite Įdiegti mygtuką.
Jis bus automatiškai vieta HJT į C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Po install, HijackThis turėtų atverti jums.
Spauskite Ar sistema nuskaito ir išsaugokite failą mygtukas
HijackThis bus nuskaityti ir tada žurnale bus atidaryta Notepad.
Nukopijuokite ir įklijuokite visą turinį Prisijunkite savo pranešimą.
Ne turi nustatyti HijackThis nieko nėra. Daugiausia, ką ji mano bus nekenksmingas ir netgi būtinas.

jonofisher · #3 Rugsėjis 21, 2008, 23:43

Ačiū už pagalbą. produkcijos failą žemiau:

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 07:40:46, on 22/09/2008
Platforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ ibmpmsvc.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ WINDOWS \ system32 \ bgsmsnd.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = *. vietos
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Skype add-on (Mastermind) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ GoogleToolbar1.dll
O3 - Toolbar: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ WINDOWS \ system32 \ bgstb.dll
O4 - HKLM \ .. \ Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / autostart
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [bgsmsnd.exe] C: \ WINDOWS \ system32 \ bgsmsnd.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (2DAD3559-2923-4935-AD49-B673D2539944) (IASRunner klasė) -- http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) (QOLCheck Control) -- https: / / www.select2perform.eu/cabs/QOLCheck.ocx
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMMON ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ATI HotKey Rinkėjas - Unknown owner - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Grisoft, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C: \ WINDOWS \ system32 \ ibmpmsvc.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1.150 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
--
End of file - 6.502 baitų

**evilfantasy** · #4 Rugsėjis 22, 2008, 07:42

Aš nematau jokių kenkėjiškų programų, kokios problemos atsiranda?

Galite paleisti skenuoja čia http://www.computer-juice.com/forums...-posting-7476/ ir po Įrašai kai baigta. Pažvelkite Vid. Jums reikia atnaujinti savo.

jonofisher · #5 Rugsėjis 22, 2008, 10:38

Hi Evilfantasy - ačiū. Problema yra tokia: įtariamasis mp3 buvo paimtas iš LimeWire. Manau, kad jis buvo dukart paspaudėte, ir, žinoma, buvo bandoma įkelti į iTunes. (Tačiau ji nebuvo paleisti su Media Player - Nenaudoti, kad - tai, kad klausimas, kaip aš perskaičiau kažkur, kad wimad naudoja Windows MediaPlayer pažeidžiamumas). Aš tada nuskaityti su AVG failą, kurį paėmė Wimad E. Bet tai įprotis, atrodo, leiskite jį pašalinti arba karantino jį toliau, jei aš tiesiog pabandyti ištrinti failą, langų sako failas yra naudojamas, todėl negali būti išbraukta .

Aš pereiti per visus veiksmus galite pasiūlyti tą kitą puslapį.

Ačiū

**evilfantasy** · #6 Rugsėjis 22, 2008, 10:41

Rašyti Prisijungti nuo Malwarebytes. Jei tai nepadeda rasti mes naudosime kitą skaitytuvo jį rasti.