Paspaudus, garso signalų ir paslėptas iexplore.exe procesas

ADHOC · #1 Spalis 6, 2008, 23:30

Labas,

Bet su šia problema labai apprecated padėti. SAS SSD ir Anti-Malware, atrodo, negalime rasti, ką dar turiu. Štai kas vyksta:

1) Jei nėra prijungtas prie mano modemo, nuolat paspaudę ateina iš mano kompiuterio (manau todėl, kad kažkas bando atidaryti IEXPLORER.EXE
2) kartais beebing (vienas skirtingai bet aš kada nors girdėjau) pypteli tris ar keturis kartus
3) Jei prijungtas prie modemo, IEXPLORER.EXE veikia (nors aš niekada nenaudokite Internet Explorer) ir kai aš uždarymo proceso teisę atidaryti atsarginę kopiją.

Labai ačiū už bet ir visiems padėti, čia HJT Prisijungti:

Logfile of HijackThis v1.99.1
Skaitymo išsaugotas 11:15:50, dėl 10/6/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ WINDOWS \ system32 \ DVDRAMSV.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ ARCGIS.exe
C: \ Program Files \ hotspot Shield \ bin \ openvpnas.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel apsaugos Server \ WINNT \ spnsrvnt.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Program Files \ TOSHIBA \ Touchpad \ TPTray.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ WINDOWS \ "Samsung \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ initio \ Button vadybininkas v1.836 \ inihid.exe
C: \ Program Files \ "ArcSoft \ TotalMedia Backup & Įrašų \ uBBMonitor.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ Program Files \ Real \ "RealPlayer \ RealPlay.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Program Files \ TOSHIBA \ Touchpad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ "Samsung \ PanelMgr \ ssmmgr.exe / autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% SystemRoot% \ System32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Program Files \ SpyNoMore \ SNM.exe / startup
O4 - HKCU \ .. \ Run: [Free Download Manager] "C: \ Program Files \ Free Download Manager \ fdm.exe-autorun
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_9-REBOOT 1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button vadybininkas v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LINKSYS EasyLink Advisor.exe
O4 - Global Startup: Pasakyk Time.lnk = C: \ Program Files \ Pasakykite valanda \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Program Files \ "ArcSoft \ TotalMedia Backup & Įrašų \ uBBMonitor.exe
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted IP: 206.161.125.149
O15 - ProtocolDefaults: 'http' protokolas Mano kompiuteris zona, turėtų būti interneto zona (HKLM)
O16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (Housecall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ Components \ hidinputmonitorx.ocx
O16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ Components \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (Housecall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Nuotraukos Easy open įrankis klasė) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: (E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
Ø20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ WINDOWS \ system32 \ WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC - C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree tarnybos (CFSvcs) - "Toshiba Corporation - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - "Executive Software International, Inc - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - "Matsushita Electric Industrial Co Ltd - C: \ WINDOWS \ system32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C: \ Program Files \ hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel serverio apsaugos (SentinelProtectionServer) - SafeNet Inc - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel apsaugos Server \ WINNT \ spnsrvnt.exe

**evilfantasy** · #2 Spalis 7, 2008, 00:28

Jūs naudojate pasenusią versiją HijackThis. Prašome įdiekite naują versiją HijackThis, bet neveiks, kol po SDFix baigė tai procesas.

Atsisiųsti TrendMicro HijackThis.exe (HJT) į Desktop.

Dukart spustelėkite HJTInstall.
Spauskite Įdiegti mygtuką.
Jis bus automatiškai vieta HJT į C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Po install, HijackThis turėtų atverti jums.
Spauskite Ar sistema nuskaito ir išsaugokite failą mygtukas
HijackThis bus nuskaityti ir tada žurnale bus atidaryta Notepad.
Nukopijuokite ir įklijuokite visą turinį Prisijunkite savo pranešimą.
Ne turi nustatyti HijackThis nieko nėra. Daugiausia, ką ji mano bus nekenksmingas ir netgi būtinas.

----------

Prašome atspausdinti šių nurodymų, nes jie bus reikalingi vėliau, kai interneto ryšys nėra.

Atsisiųsti SDFix pagal AndyManchesta ir išsaugokite jį savo kompiuteryje.

Naudojant šį įrankį, turite naudoti Administratoriaus paskyros ar sąskaitą Administracinės teisės

Dukart spustelėkite SDFix.exe ir jis bus išskleisti failus į% SystemDrive%
(tai yra diskas, kuriame yra Windows kataloge, paprastai tai C: \ SDFix).
Nenaudokite tik dar.

Perkraukite kompiuterį Safe Mode naudojant F8 metodas. Norėdami tai padaryti, paleiskite kompiuterį ir išklausęs kompiuteryje beep kartą paleisties metu (bet prieš "Windows", pasirodo piktograma) paspauskite klavišą F8 keletą kartų. Meniu bus rodomas keletą variantų. Naudokite rodyklių klavišus pereikite ir pasirinkite parinktį paleisti Windows "Safe Mode".

Atidaryti SDFix katalogą ir dukart paspauskite RunThis.bat paleisti scenarijų.

Rūšis Y pradėti valymo procesas.
Ji bus pašalinti Trojan Paslaugos ir registro įrašus rasti parinkti paspauskite bet kurį klavišą, kad paleisti.
Paspauskite bet kurį klavišą ir jis bus paleisti kompiuterį.
Kai kompiuteris paleidžiamas iš naujo, Fixtool vyks naujo ir pašalinimo procesas, tada ekrane Baigta, Paspauskite bet kurį mygtuką pabaigoje scenarijų ir įkelti savo darbalaukio piktogramos.
Po darbalaukio piktogramos įkelti SDFix ataskaita bus atidarytas ekrane, o taip pat išsaugoti į SDFix aplanką, Report.txt.
Nukopijuokite ir įklijuokite rezultatų Turinys failą Report.txt Jūsų kitą Reply kartu su nauja HijackThis.

ADHOC · #3 Spalis 7, 2008, 02:15

Thanks for your help,

Tai yra vienas bjaurus! Problema vis dar tęsiasi, nors mano kompiuteryje turiu apie 20 min ir atsikvėpti po paskelbimo SDFix.

SDFix ir HiJackThis Įrašai laikytis:

Ir vėl daug, labai ačiū

SD Fix:

SDFix: Versija 1,230
Pradėti savininkas Mon 10/06/2008 at 11:59

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \ SDFix

Tikrinimas Paslaugos :

Vardas :
tdssserv

Kelias :
\ SystemRoot \ System32 \ Drivers \ TDSSserv.sys

tdssserv - Panaikinta

Atkurti numatytąjį apsaugos vertybės
Atkūrimas Numatytasis Hosts File

Paleista

Tikrinimas Failai :

Trojos Failai Rasta:

C: \ WINDOWS \ SYSTEM32 \ CQVJNG.EXE - Panaikinta
C: \ WINDOWS \ SYSTEM32 \ FTPUPD.EXE - Panaikinta
C: \ WINDOWS \ SYSTEM32 \ NTBLTF.EXE - Panaikinta
C: \ WINDOWS \ SYSTEM32 \ PUOGNR.EXE - Panaikinta

Šalinama Temp failai

ADS keista :

Galutinis patikrinimas :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 00:20:58
Windows 5.1.2600 Service Pack 2 NTFS

skenavimo paslėptus procesus ...

skenavimo paslaugų paslėptas ir sistemos avilio ...

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ d346prt \ Cfg \ 0Jf40]

skenavimo paslėptas registro įrašus ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ (56CA5D3B-3002-4E7B-90FE-071D8FDF3814)]
"DisplayName" = "DAEMON Tools"

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus procesus: 0
paslėptas paslaugos: 0
paslėptus failus: 0

Kitų paslaugų :

Įgaliotas rakto taikymu eksportui:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ standartas profilis \ authorizedapplications \ list]
"% windir% \ \ System32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019"
"C: \ Program Files \ Internet Explorer \ \ iexplore.exe" = "C: \ Program Files \ Internet Explorer \ \ iexplore.exe: *: Disabled:" Internet Explorer "
"C: \ Program Files \ BitTorrent \ \ btdownloadgui.exe" = "C: \ Program Files \ BitTorrent \ \ btdownloadgui.exe: *: Enabled: btd ownloadgui"
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6.2"
"C: \ Program Files \ Messenger \ \ msmsgs.exe" = "C: \ Program Files \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ Program Files \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe" = "C: \ P rogram Files \ GameHouse \ \ TextTwist \ \ TextTwist.exe: *: Enabl ED: Super TextTwist"
"C: \ Program Files \ \ Hexacto žaidynės \ \ Lemonade Tycoon \ \ Lemonade.exe" = "C: \ Program Files \ \ Hexacto žaidynės \ \ Lemonade Tycoon \ \ Lemonade.exe: *: Disabled: Limonadas"
"C: \ Program Files \ Mozilla Firefox \ \ firefox.exe" = "C: \ Program Files \ Mozilla Firefox \ \ firefox.exe: *: Enabled: Firefox"
"C: \ Program Files \ \ Global Star \ \ Age of Sail II \ \ privateer.exe" = "C: \ Program Files \ \ Global Star \ \ Age of Sail II \ \ privateer.exe: *: Enabled : korsarski "
"C: \ Program Files \ Windows Media Player \ \ Wmplayer.exe" = "C: \ Program Files \ Windows Media Player \ \ Wmplayer.exe: *: Disabled: Windows Media Player"
"C: \ Program Files \ Real \ \" RealPlayer \ \ realplay.exe "=" C: \ progra m Files \ Real \ \ "RealPlayer \ \ realplay.exe: *: Enabled: Re alPlayer"
"C: \ Program Files \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe" = "C: \ Program Files \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe: *: Enabled: Civ ilization3X "
"C: \ Program Files \ BitTorrent \ \ bittorrent.exe" = "C: \ Program Files \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor nuoma"
"C: \ Program Files \ Kerio \ \ Personal Firewall \ \ PERSFW.exe" = "C: \ Program Files \ Kerio \ \ Personal Firewall \ \ PERSFW.exe: *: Enabled: Kerio Personal Firewall" Variklis "
"C: \ Program Files \ \ TVUPlayer \ \ TVUPlayer.exe" = "C: \ Program Files \ \ TVUPlayer \ \ TVUPlayer.exe: *: Enabled: TVU Player" komponentas "
"C: \ Program Files \ \ SopCast \ \ SopCast.exe" = "C: \ Program Files \ \ SopCast \ \ SopCast.exe: *: Enabled: SopCast"
"C: \ \ Documents and Settings \ \ Owner \ \ Application Data \ \ SopCast \ \ ADV \ \ SopAdver.exe" = "C: \ \ Documents and Settings \ \ Owner \ \ Application Data \ \ SopCast \ \ ADV \ \ SopAdver.exe: *: Enabled: SopAdve R "
"C: \ Program Files \ QuickTime \ \ QuickTimePlayer.exe" = "C: \ progra m Files \ QuickTime \ \ QuickTimePlayer.exe: *: Enabled: Qu ickTime Player"
"C: \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "C: \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe: *: Enabled: Veoh klientas"
"C: \ \ Documents and Settings \ \ Owner \ \ Local Settings \ \ Temp \ \ Charon.exe" = "C: \ \ Documents and Settings \ \ Owner \ \ Local Settings \ \ Temp \ \ Charon.exe: * : Enabled: Charonas - tarpinio patikrinimo / nuskaitymo programa.
"C: \ ruby \ \ bin \ \ ruby.exe" = "C: \ ruby \ \ bin \ \ ruby.exe: *: Enabled: ruby interpretatoriaus"
"C: \ Program Files \ \ Azureus \ \ Azureus.exe" = "C: \ Program Files \ \ Azureus \ \ Azureus.exe: *: Enabled: Azureus (2)"
"C: \ Program Files \ VideoLAN \ \ VLC \ \ vlc.exe" = "C: \ Program Files \ VideoLAN \ \ VLC \ \ vlc.exe: *: Enabled: VLC media player"
"C: \ Program Files \ Google \ \ Google Talk \ \ googletalk.exe" = "C: \ Program Files \ Google \ \ Google Talk \ \ googletalk.exe: *: Enabled: Google Talk"
"C: \ Program Files \ \ SopCast \ \ ADV \ \ SopAdver.exe" = "C: \ Program Files \ \ SopCast \ \ ADV \ \ SopAdver.exe: *: Enabled: SopCas T Adver"
"C: \ \ Documents and Settings \ \ Owner \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ \ Documents and Settings \ \ Owner \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ Program Files \ Common Files \ \ SafeNet Sentinel \ \ Sentinel apsaugos Server \ \ WINNT \ \ spnsrvnt.exe" = "C: \ Program Files \ Common Files \ \ SafeNet Sentinel \ \ Sentinel serverio apsaugos \ \ WINNT \ \ spnsrvnt.exe: *: Disabled: Sentinel apsaugos Server "
"C: \ Program Files \ \ NHL 2008 \ \ nhl2008.exe" = "C: \ Program Files \ \ NHL 2008 \ \ nhl2008.exe: *: Enabled: nhl2008"
"C: \ Program Files \ iTunes \ \ iTunes.exe" = "C: \ Program Files \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ Program Files \ \ KONAMI \ \ Pro Evolution Soccer 2008 JAV \ \ PES2008.exe" = "C: \ Program Files \ \ KONAMI \ \ Pro Evolution Soccer 2008 JAV \ \ PES2008.exe: *: Enabled Pro Evolution Soccer 2008 "
"C: \ \ WINDOWS \ \ System32 \ \ drivers \ \ svchost.exe" = "C: \ \ WINDOWS \ \ System32 \ \ drivers \ \ svchost.exe: *: Išjungti D: Svchost"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Servic es \ SharedAccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ System32 \ \ sessmgr.exe" = "% windir% \ \ syste M32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22.019"
"C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6.2"

Likęs Failai :

Atsargines failų kopijas: - C: \ SDFix \ backups \ backups.zip

Failai su Hidden atributus :

Thu Oct 2004 13 1.694.208 .. SH. --- "C: \ Program Files \ Messenger \ msmsgs.exe"
Pr rugsėjis 15, 2008 1.562.960 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll"
Pr 7 liepa 2008 1.429.840 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe"
Pr 7 liepa 2008 4.891.472 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe"
An 16 rugsėjis 2008 1.833.296 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe"
Pn 27 sausis 2006 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Št birželis 14, 2008 50.688 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL0001.tmp"
Št birželis 14, 2008 50.176 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL1778.tmp"
Pr 3 kovas 2008 176.128 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ Interop.NetworkCore.dll"
Pr 3 kovas 2008 36.864 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LelaAccount.dll"
Pr 3 kovas 2008 200.704 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LelaNetwork.dll"
Pr 3 kovas 2008 143.360 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LelaNetworkLib.dll"
Pr 3 kovas 2008 20.480 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LelaPrint.dll"
Pr 3 kovas 2008 176.128 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LelaResource.dll"
Pr 3 kovas 2008 151.552 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LelaServices.dll"
Pr 3 kovas 2008 110.592 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LINKSYS EasyLink Advisor.exe"
Pr 3 kovas 2008 18.879.808 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LinksysUpdaterSetup.exe"
Pr 3 kovas 2008 270.336 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ log4net.dll"
Pr 3 kovas 2008 8.353.080 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ PlatformSetup.exe"
Pr balandis 23, 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Kt rugpjūtis 16, 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv02.tmp"
Kt rugpjūtis 16, 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv03.tmp"
Št 20 spalis 2007 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv04.tmp"
Sk 21 spalis 2007 87.552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL0029.tmp"
Sk 21 spalis 2007 85.504 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL0207.tmp"
Sk 21 spalis 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL0362.tmp"
Sk 21 spalis 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL1369.tmp"
Sk 21 spalis 2007 81.920 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL1945.tmp"
Sk 21 spalis 2007 84.992 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL2108.tmp"
Sk 21 spalis 2007 88.576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL2659.tmp"
Sk 21 spalis 2007 87.552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL2779.tmp"
Sk 21 spalis 2007 86.016 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analitikas oct2007 \ ~ WRL2918.tmp"
Št 9 birželis 2007 33.280 ... H. --- "C: \ Documents and Settings \ jen \ Local Settings \ Temp \ ~ WRL1284.tmp"
Tue 27 gruodis 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0003.tmp"
Tue 27 gruodis 2005 33.792 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0774.tmp"
Tue 27 gruodis 2005 34.816 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0804.tmp"
Tue 27 gruodis 2005 33.792 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL1393.tmp"
Tue 27 gruodis 2005 36.864 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL1707.tmp"
Tue 27 gruodis 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL2134.tmp"
Tue 27 gruodis 2005 35.840 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL2768.tmp"
Tue 27 gruodis 2005 33.280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL3330.tmp"
Tue 27 gruodis 2005 36.352 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL3500.tmp"
Pr 3 sausis 2005 25.088 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ My Skandinavijos \ ~ WRL2003.tmp"
Pr 3 sausis 2005 25.088 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ My Skandinavijos \ ~ WRL3264.tmp"
Pr 17 balandis 2006 40.960 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ~ WRL2617.tmp"
Pr rugsėjis 25, 2006 38.400 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ~ WRL2726.tmp"
Sk rugsėjis 24, 2006 30.720 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ~ WRL3228.tmp"
Sk 16 balandis 2006 38.912 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ~ WRL3396.tmp"
Pr 3 kovas 2008 81.920 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ ar \ LelaResource.resources.dll"
Pr 3 kovas 2008 69.632 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ da \ LelaResource.resources.dll"
Pr 3 kovas 2008 73.728 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ de \ LelaResource.resources.dll"
Pr 3 kovas 2008 94.208 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ el \ LelaResource.resources.dll"
Pr 3 kovas 2008 77.824 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ lt \ LelaAccount.resources.dll"
Pr 3 kovas 2008 446.464 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ lt \ LelaNetwork.resources.dll"
Pr 3 kovas 2008 11.407.360 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ lt \ LelaResource.resources.dll"
Pr 3 kovas 2008 1.916.928 A. SHR --- "C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ lt \ LINKSYS EasyLink Advisor.resources.dll"
Tue 25 kovas 2008 26.112 ... H. --- "C: \ Documents and Settings \ All Users \ Documents \ Happy House info \ 2008 \ ~ WRL0454.tmp"
Kt 27 kovas 2008 22.016 ... H. --- "C: \ Documents and Settings \ All Users \ Documents \ Happy House info \ 2008 \ ~ WRL1118.tmp"
Pn 7 balandis 2006 3.595.264 ... H. --- "C: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL2168.tmp"
Pn 7 balandis 2006 3.593.728 ... H. --- "C: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL2962.tmp"
Treč 5 balandis 2006 4.252.160 ... H. --- "C: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL3217.tmp"
Pn 27 sausis 2006 4.348 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ My Music \ License Backup \ drmv1key.bak"
Št rugsėjis 30, 2006 20 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ My Music \ License Backup \ drmv1lic.bak"
Pn 27 sausis 2006 400 A.SH. --- "C: \ Documents and Settings \ Owner \ My Documents \ My Music \ License Backup \ drmv2key.bak"
Pr rugsėjis 18, 2006 32.256 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Biotech 206b \ ~ WRL0004.tmp"
An spalis 31, 2006 114.688 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Biotech 206b \ ~ WRL1340.tmp"
Sk rugsėjis 17, 2006 30.720 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Biotech 206b \ ~ WRL2439.tmp"
Pr rugsėjis 18, 2006 32.256 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Biotech 206b \ ~ WRL3767.tmp"
Tr rugsėjis 21, 2005 26.624 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ ~ WRL0005.tmp"
Sat 26 Nov 2005 27.136 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ ~ WRL3662.tmp"
Pr 13 birželis 2005 30.208 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL0386.tmp"
Sk 5 birželis 2005 25.088 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL0788.tmp"
Sk 5 birželis 2005 25.600 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL0794.tmp"
Pr 13 birželis 2005 30.208 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL1533.tmp"
Tr 1 birželis 2005 24.064 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL1817.tmp"
Pr 13 birželis 2005 31.232 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL2720.tmp"
An birželis 14, 2005 35.840 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL2966.tmp"
An birželis 14, 2005 36.864 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL3073.tmp"
Kt 9 birželis 2005 28.160 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Eng 150 \ ~ WRL3453.tmp"
Kt 2 vasaris 2006 382.464 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL0003.tmp"
Pn 7 balandis 2006 3.594.240 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL0004.tmp"
Treč 5 balandis 2006 4.243.968 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL0010.tmp"
Treč 5 balandis 2006 4.254.720 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL0303.tmp"
Št 4 vasaris 2006 928.256 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL0501.tmp"
Sk 5 vasaris 2006 591.360 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL0928.tmp"
Treč 5 balandis 2006 4.254.720 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL1029.tmp"
Treč 5 balandis 2006 24.064 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL1104.tmp"
Št 4 vasaris 2006 384,000 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL1259.tmp"
Treč 5 balandis 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL1375.tmp"
Treč 5 balandis 2006 4.244.992 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL1969.tmp"
Sun 6 balandis 2006 710.656 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL2066.tmp"
Pn 31 kovas 2006 35.840 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL2175.tmp"
Tue 28 kovas 2006 185.856 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL2368.tmp"
Pn 31 kovas 2006 65.024 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL2573.tmp"
Tue 4 balandis 2006 4.242.944 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL2686.tmp"
Sk 5 vasaris 2006 891.904 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL2700.tmp"
Št 4 vasaris 2006 507.392 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL2881.tmp"
Treč 5 balandis 2006 4.244.480 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL2992.tmp"
Treč 5 balandis 2006 24.576 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL3160.tmp"
Treč 5 balandis 2006 4.242.432 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL3277.tmp"
Št 4 vasaris 2006 928.768 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL3387.tmp"
Treč 5 balandis 2006 4.251.648 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL3591.tmp"
Št 4 vasaris 2006 383.488 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL3770.tmp"
Treč 5 balandis 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL3900.tmp"
Treč 5 balandis 2006 4.243.456 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL3905.tmp"
Št 4 vasaris 2006 382.976 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ ENVR 253 \ ~ WRL4065.tmp"
Kt 23 kovas 2006 27.648 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Envrionmental \ ~ WRL3569.tmp"
Št lapkritis 25, 2006 20.480 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Geog 220 \ ~ WRL1016.tmp"
Pr 4 gruodis 2006 27.648 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Geog 220 \ ~ WRL2705.tmp"
Sek 6 kovas 2005 56.832 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Fizika 11 \ ~ WRL3235.tmp"
Sk 20 vasaris 2005 36.864 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Fizika 11 \ ~ WRL3307.tmp"
Sk 13 lapkritis 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ Chemija teorija \ ~ WRL0952.tmp"
Sk 13 lapkritis 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ Chemija teorija \ ~ WRL1162.tmp"
Sk 13 lapkritis 2005 26.112 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ Chemija teorija \ ~ WRL1539.tmp"
Sk 13 lapkritis 2005 24.576 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ Chemija teorija \ ~ WRL1964.tmp"
Sk 13 lapkritis 2005 27.136 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ Chemija teorija \ ~ WRL2068.tmp"
Sk 13 lapkritis 2005 28.672 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ Chemija teorija \ ~ WRL3230.tmp"
Sk 13 lapkritis 2005 27.648 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ mokykla \ Chemija 120 Labs \ Chemija teorija \ ~ WRL3512.tmp"

Pavyko!

Hijack Tai:

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 2:12:20 dėl 10/7/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Veikia procesus:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ ARCGIS.exe
C: \ WINDOWS \ system32 \ DVDRAMSV.exe
C: \ Program Files \ hotspot Shield \ bin \ openvpnas.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel apsaugos Server \ WINNT \ spnsrvnt.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
C: \ Program Files \ TOSHIBA \ Touchpad \ TPTray.exe
C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ WINDOWS \ "Samsung \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ initio \ Button vadybininkas v1.836 \ inihid.exe
C: \ Program Files \ "ArcSoft \ TotalMedia Backup & Įrašų \ uBBMonitor.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ PROGRA ~ 1 \ WinZip \ winzip32.exe
C: \ Documents and Settings \ Owner \ Local Settings \ Temp \ HijackThis.exe
C: \ Program Files \ Windows NT \ Accessories \ WORDPAD.EXE

R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Žiniasklaida ernet Nustatymai, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ TOSHIBA \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Program Files \ TOSHIBA \ Touchpad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ SYMANT ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ "Samsung \ PanelMgr \ ssmmgr.exe / autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Program Files \ SpyNoMore \ SNM.exe / startup
O4 - HKCU \ .. \ Run: [Free Download Manager] "C: \ Program Files \ Free Download Manager \ fdm.exe-autorun
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" AcRdB7_0_9-REBOOT 1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Button vadybininkas v1.836.lnk =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Program Files \ LINKSYS \ LINKSYS EasyLink patarėjas \ LINKSYS EasyLink Advisor.exe
O4 - Global Startup: Pasakyk Time.lnk = C: \ Program Files \ Pasakykite valanda \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Program Files \ "ArcSoft \ TotalMedia Backup & Įrašų \ uBBMonitor.exe
O8 - Extra kontekstinio meniu punktą: E & Eksportuoti į "Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll
O15 - Trusted IP: 206.161.125.149
O15 - ProtocolDefaults: 'http' protokolas Mano kompiuteris zona, turėtų būti interneto zona (HKLM)
O16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (Housecall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ Components \ hidinputmonitorx.ocx
O16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ Components \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (Housecall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Nuotraukos Easy open įrankis klasė) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: (E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ PROGRA ~ 1 \ ESRI \ License \ arcgis9x \ lmgrd.exe
O23 - Service: ATI HotKey Rinkėjas - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ WINDOWS \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC - C: \ Program Files \ TOSHIBA \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree tarnybos (CFSvcs) - "Toshiba Corporation - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Diskeeper - "Executive Software International, Inc - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - "Matsushita Electric Industrial Co Ltd - C: \ WINDOWS \ system32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C: \ Program Files \ hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver lentelė Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: PML Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: Sentinel serverio apsaugos (SentinelProtectionServer) - SafeNet Inc - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel apsaugos Server \ WINNT \ spnsrvnt.exe

--
End of file - 9.148 baitų

**evilfantasy** · #4 Spalis 7, 2008, 09:48

Išjungti Spybot TeaTimer

Nors TeaTimer yra puikus įrankis šnipinėjimo prevencija, taip pat gali trukdyti HijackThis pataisymai. Išjunkite TeaTimer dabar, kol yra švarus.

1. Dešiniuoju pelės mygtuku spustelėkite Spybot į dėklą (atrodo su Spynos simbolis kalendorių). Pasirinkti Išeitis Spybot-S & D Imbuvys
2. Bėgti Spybot-S & D
3. Pereiti į Mode meniuIr įsitikinkite, Išplėstinis režimas yra pasirinktas.
4. Kairėje pusėje pasirinkti Įrankiai > Imbuvys
nužymėti Imbuvys TeaTimer ir Gerai bet greitai ir Restart kompiuteryje.

Pastaba Jei TeaTimer suteikia jums po įspėjimą, kad kai kurie pakeitimai buvo padaryti, tai leidžia, o ne blokuoti jį.

Jei TeaTimer bus ne išjungti, tada pašalinkite Spybot kol mes padaryti valymas.

----------

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik.

Vieta varnelė prie šių įrašų: (jei yra)

O15 - Trusted IP: 206.161.125.149
O15 - ProtocolDefaults: 'http' protokolas Mano kompiuteris zona, turėtų būti interneto zona (HKLM)

Svarbu: Uždarykite visus atidarytus langus, išskyrus HijackThis ir spustelėkite Fix patikrinta.

Kai baigtas, išėjimas HijackThis.

----------

Parsisiųsti ComboFix iki einantys iš vienos iš žemiau nuorodų. Būtinai įrašykite jį į viršų Desktop.

Link # 1
Link # 2

** Pastaba: Svarbu, kad ji yra saugomi tiesiai darbalaukyje

Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant ComboFix.

Laikinai daryti nepajėgų tavo AntivirusIr bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo. Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti.

Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
Baigę ComboFix gamins žurnalas Jums.
Skelbti ComboFix Prisijungti Jūsų kitą atsakymą.

Svarbu: Don't mouseclick ComboFix lango kol jis veikia. Tai gali sukelti ją gardas.

Atminkite, kad vėl įjungti antivirusinės ir apsaugos nuo šnipinėjimo programų, kai ComboFix baigtas.

ADHOC · #5 Spalis 7, 2008, 18:34

Ačiū EF You rock,

Combofix žurnale yra didžiulis, todėl tai yra pridedamas kaip zip failas:
combofixlog.zip

**evilfantasy** · #6 Spalis 7, 2008, 18:44

[*] Paspauskite PRADŽIA tada RUN[*] Dabar tipo Combofix / u į runbox [*] Įsitikinkite, kad yra skirtumas tarp Combofix ir kosmosas / u [*], tada paspauskite Registracija.

----------

Atsisiųsti OTMoveIt2 iki Oldtimer ir išsaugokite jį savo Desktop.

Pastaba Jei dirbate su Vista, paspauskite dešiniuoju pelės klavišu ir pasirinkti OTMoveIt2.exe Vykdyti kaip administratorius.

1. Dukart spustelėkite OTMoveIt2.exe paleisti.
2. Kopijuoti ir codebox žemiau linijos.

Kodas

[nužudyti Explorer] "C: \ WINDOWS \ system32 \ xVB47F7a.exe C: \ DOCUME ~ 1 \ Owner \ locals ~ 1 \ Temp \ RGI5.tmp EmptyTemp [Start Explorer]

3. Atgal į OTMoveIt2 dešiniuoju pelės mygtuku spustelėkite Nukopijuokite sąrašas files / folders judėti langas (pagal geltoname juostoje) ir pasirinkite Pasta
4. Spauskite raudoną Moveit! mygtuką.
5. Kopijuoti viską Rezultatų langas (pagal žalia juosta) ir įklijuokite jį į kitą atsakymą.
6. Uždaryti OTMoveIt2

Pastaba: Jei failo arba aplanko negalima perkelti iš karto jums gali tekti iš naujo paleisti kompiuterį, kad būtų baigti pereiti procesą. Jei prašoma iš naujo paleisti kompiuterį, pasirinkite Taip. Jei ne, perkraukite anyway.

----------

Po parašėte OTMoveIt2 žurnalas.

1. Dukart spustelėkite OTMoveIt2.exe ją pradėti.
Vista vartotojai, spragtelėkite dešiniu klavišu ir pasirinkite Vykdyti kaip administratorius
2. Spauskite Clean! mygtuką.
3. OTMoveIt2 atsisiųsti iš interneto, sąrašą, jei jūsų ugniasienės ar kitų apsauginių programų įspėtų, kad ji gauti.
4. Spauskite TAIP į kitą eilutę (sąrašas atsisiųsti, Ar norite pradėti valymo procesas?)

Baigę išeiti iš OTMoveIt2

----------

Pradėti CCleaner.

----------

Pradėti šios internetinės skenavimas.

Šis skaitytuvas reikalauja Internet Explorer

Naudokite ESET NOD32 Skaitytuvas online

1. Pažymėkite langelį Taip, aš sutinku su Naudojimosi sąlygomis.
2. Spauskite Pradžia
3. Paklaustas, leisti ActiveX įdiegti
4. Spauskite Pradžia
5. Įsitikinkite, kad galimybė Pašalinti nustatyta grėsmė ir galimybe Skaitymo nepageidaujamas programas yra patikrinti pažymėti.
6. Spauskite Scan
7. Palaukite skenavimas apdaila
8. Naudoti Notepad atidarykite LOGFILE adresu C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Pridėti C: \ Program Files \ EsetOnlineScanner \ log.txt prisijungti prie savo kitą atsakymą.

Panašios Temos
Siūlas	Thread Starter	Forumas	Atsakymai	Last Post
Virus: iexplore.exe kaip sistemos procesas	mkjuan	Virus, Spyware & Security	14	7 lapkritis 2008 00:14
Kompiuterių neveikia-tai garso signalų!	PyroTails	General Hardware Chat	8	15 rugsėjis 2008 13:08
Strange garso signalų triukšmo	sam182666	General Hardware Chat	6	Balandis 26, 2008 12:23
Problemos su langų ir Iexplore rodyti procesas	1carly1	Virus, Spyware & Security	3	15 vasaris 2008 10:36
Garso signalų dėl Boot Up	nuteck	CPU, Pagrindinės plokštės & RAM	11	21 sausis 2008 05:55