Autorun Problema

Zephiron · #1 Vasaris 13, 2008, 23:35

Ei,
Turiu ta pačia problema kaip dgethin. I'll be parašėte combofix ir HJT Įrašai ryte.

**evilfantasy** · #2 Vasaris 14, 2008, 09:53

Prašome naudoti kenkėjiškų programų šalinimo siūlai ir neveikia nieko, išskyrus, jei prašoma.
http://www.computer-juice.com/forums...-posting-7476/

Zephiron · #3 Vasaris 16, 2008, 19:14

Aš išbandžiau visus dėl pokalbio įranga ir neturėjo jokių rezultatų. Paleidus XP, Sygate pasirodo sakydamas:

C: \\ Documents and Settings \\ Alex \\ Local Settings \\ Temp \\ ir_ext_temp_19 \\ autorun.exe bando prisijungti prie update.ath.cx [85.88.12.29], naudojant nuotolinio uosto 80 [HTTP - World Wide Web]. Ar norite leisti šią programą gauti prieigą prie tinklo?

Zephiron · #4 Vasaris 16, 2008, 19:37

Nepaisyti mano ankstesnį postą tuo metu, prašom.
Atrodo, kad sustojo po išbėgau SmitfraudFix.exe

**evilfantasy** · #5 Vasaris 17, 2008, 09:33

Be Įrašai nematau, kas vyksta. Prašome rašyti HijackThis.

Zephiron · #6 Vasaris 17, 2008, 10:40

Never mind, SmitfraudFix.exe nedirbo, bet paleidus SDFix, atrodo, kad sustojo.

Logfile Trend Micro HijackThis v2.0.2
Skaitymo išsaugotas 12:38:28, on 2/17/2008
Platforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Veikia procesus:
C: \\ WINDOWS \\ System32 \\ smss.exe
C: \\ WINDOWS \\ system32 \\ winlogon.exe
C: \\ WINDOWS \\ system32 \\ services.exe
C: \\ WINDOWS \\ system32 \\ lsass.exe
C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ Program Files \\ Sygate \\ SPF \\ smc.exe
C: \\ WINDOWS \\ system32 \\ ACS.exe
C: \\ WINDOWS \\ system32 \\ Spoolsv.exe
C: \\ WINDOWS \\ explorer.exe
C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
C: \\ Program Files \\ Apoint2K \\ Apoint.exe
C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe
C: \\ WINDOWS \\ system32 \\ rundll32.exe
C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe
C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32x86 \\ 3 \\ E_FATIADA.EXE
C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe
C: \\ Program Files \\ NOD32 \\ nod32kui.exe
C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
C: \\ Program Files \\ iTunes \\ iTunesHelper.exe
C: \\ Program Files \\ Grisoft \\ AVG Anti-spyware 7,5 \\ avgas.exe
C: \\ WINDOWS \\ system32 \\ Ctfmon.exe
C: \\ WINDOWS \\ system32 \\ RAMASST.exe
C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe
C: \\ Program Files \\ Apoint2K \\ Apntex.exe
C: \\ Program Files \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
C: \\ Program Files \\ Grisoft \\ AVG Anti-spyware 7,5 \\ guard.exe
C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
C: \\ Program Files \\ NOD32 \\ nod32krn.exe
C: \\ Program Files \\ iPod \\ bin \\ iPodService.exe
C: \\ WINDOWS \\ System32 \\ svchost.exe
C: \\ WINDOWS \\ system32 \\ wuauclt.exe
C: \\ Program Files \\ Mozilla Thunderbird \\ thunderbird.exe
C: \\ PROGRA ~ 1 \\ MOZILL ~ 1 \\ FIREFOX.EXE
C: \\ Program Files \\ Trend Micro \\ HijackThis \\ sniper.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \\ Program Files \\ Common Files \\ Adobe \\ Acrobat \\ ActiveX \\ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \\ PROGRA ~ 1 \\ Spybot ~ 1 \\ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O4 - HKLM \\ .. \\ Run: [ATIPTA] C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe
O4 - HKLM \\ .. \\ Run: [Apoint] C: \\ Program Files \\ Apoint2K \\ Apoint.exe
O4 - HKLM \\ .. \\ Run: [CeEPOWER] C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe
O4 - HKLM \\ .. \\ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \\ .. \\ Run: [Adobe Reader Speed Launcher] "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe"
O4 - HKLM \\ .. \\ Run: [SmcService] C: \\ PROGRA ~ 1 \\ Sygate \\ SPF \\ smc.exe-startgui
O4 - HKLM \\ .. \\ Run: [\\ \\ TĖVAI \\ Epson Stylus CX4800 serija] C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32x86 \\ 3 \\ E_FATIADA.EXE / p. 36 "\\ \\ TĖVAI \\ Epson Stylus CX4800 serija" / O6 "USB001" / M "Stylus CX4800"
O4 - HKLM \\ .. \\ Run: [Auto Epson Stylus CX4800 serija tėvams] C: \\ WINDOWS \\ system32 \\ spool \\ drivers \\ W32x86 \\ 3 \\ E_FATIADA.EXE / P42 "Auto Epson Stylus CX4800 serija tėvams" / Ø17 " \\ \\ TĖVAI \\ spausdintuvas "/ M" Stylus CX4800 "
O4 - HKLM \\ .. \\ Run: [SunJavaUpdateSched] "C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe"
O4 - HKLM \\ .. \\ Run: [Auto Epson Stylus CX4800 serija tėvams (Copy 1)] C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32x86 \\ 3 \\ E_FATIADA.EXE / P51 "Auto Epson Stylus CX4800 serija tėvams (Copy 1) "/ O15" \\ \\ TĖVAI \\ "Epson" / M "Stylus CX4800"
O4 - HKLM \\ .. \\ Run: [nod32kui] "C: \\ Program Files \\ NOD32 \\ nod32kui.exe" / WAITSERVICE
O4 - HKLM \\ .. \\ Run: [(0228e555-4f9c-4e35-a3ec-b109a192b4c2)] "C: \\ Program Files \\ Google \\ Gmail Notifier \\ gnotify.exe
O4 - HKLM \\ .. \\ Run: [SansaDispatch] C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe
O4 - HKLM \\ .. \\ Run: [QuickTime Task] "C: \\ Program Files \\ QuickTime \\ QTTask.exe"-atboottime
O4 - HKLM \\ .. \\ Run: [iTunesHelper] "C: \\ Program Files \\ iTunes \\ iTunesHelper.exe"
O4 - HKLM \\ .. \\ Run: [! AVG Anti-Spyware] "C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7,5 \\ avgas.exe" / mažinimą
O4 - HKCU \\ .. \\ Run: [Ctfmon.exe] C: \\ WINDOWS \\ system32 \\ Ctfmon.exe
O4 - Startup: Last.fm Helper.lnk = C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe
O4 - Global Startup: RAMASST.lnk = C: \\ WINDOWS \\ system32 \\ RAMASST.exe
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ ssv.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ PROGRA ~ 1 \\ Spybot ~ 1 \\ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \\ PROGRA ~ 1 \\ Spybot ~ 1 \\ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ Xpsp3res.dll, -20.001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \\ WINDOWS \\ Network Diagnostic \\ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \\ Program Files \\ Messenger \\ msmsgs.exe
O16 - DPF: (644E432F-49D3-41A1-8DD5-E099162EEEC5) (Symantec RuFSI Utility Class) -- http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \\ PROGRA ~ 1 \\ COMMON ~ 1 \\ Skype \\ SKYPE4 ~ 1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \\ Program Files \\ Lavasoft \\ Ad-Aware 2007 \\ aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C: \\ WINDOWS \\ system32 \\ ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \\ Program Files \\ Common Files \\ Apple \\ Mobile Device Support \\ bin \\ AppleMobileDeviceService.exe
O23 - Service: ATI HotKey Rinkėjas - Unknown owner - C: \\ WINDOWS \\ system32 \\ Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Grisoft sro - C: \\ Program Files \\ Grisoft \\ AVG Anti-Spyware 7,5 \\ guard.exe
O23 - Service: CeEPwrSvc - Compal ELECTRONIC INC - C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - "Matsushita Electric Industrial Co Ltd - C: \\ WINDOWS \\ system32 \\ DVDRAMSV.exe
O23 - Service: EPSON V3 Service2 (03) (EPSON_PM_RPCV2_01) - Seiko Epson Corporation - C: \\ WINDOWS \\ system32 \\ E_S00RP1.EXE
O23 - Service: iPod Service - Apple Inc - C: \\ Program Files \\ iPod \\ bin \\ iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \\ Program Files \\ NOD32 \\ nod32krn.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc - C: \\ Program Files \\ Sygate \\ SPF \\ smc.exe

--
End of file - 6.838 baitų

**evilfantasy** · #7 Vasaris 17, 2008, 11:52

Atidaryti HijackThis ir pasirinkite Ar sistema nuskaito tik.

Vieta varnelė prie šių įrašų: (jei yra)

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)

Svarbu: Uždaryti visus išskyrus HijackThis langai ir spustelėkite Fix patikrinta.

Išeitis HijackThis.

----------

Atsisiųskite Combofix iki einantys iš vienos iš žemiau nuorodų.
(Pabandykite visi trys, jei reikia)

Svarbu! Combofix.exe TURI išsaugota ir bėgo nuo Desktop.

Uždarykite visus atidarytus interneto naršyklių. (Firefox, Internet Explorer, ir tt) prieš pradedant Combofix.
Svarbu! Laikinai daryti nepajėgų tavo Antivirus, script blokavimas ir bet Antispyware realaus laiko apsauga prieš atlikti nuskaitymo.
- Spauskite šį saitą matyti saugumo programų sąrašą, kuris turėtų būti išjungtas ir kaip juos išjungti.
- Jei Jūsų nėra šiame sąraše, ir jūs nežinote, kaip ją išjungti, kreipkitės.
Įspėjimas: Combofix atjungia kompiuterį nuo interneto. Ry ¹ ys automati ¹ kai atkurtas iki Combofix baigia paleisti.
Dukart spustelėkite combofix.exe ir vykdykite ekrane pateikiamas instrukcijas.
- Iš klaviatūros pasirinkite 1 paspauskite Registracija
Kai bus baigta, bus pateikti žurnalas Jums.
Skelbti kad Prisijungti kitą atsakymą.

Įspėjimas: Don't mouseclick combofix lango kol jis veikia. Tai gali sukelti jį gardas

Jei Combofix eina į sunkumus ir baigiasi anksčiau, ryšys gali būti rankiniu būdu atstatyta iš naujo paleisti kompiuterį.
Svarbu: Atminkite, kad vėl įjungti antivirusinę ir šnipinėjimo prieš prisijungti prie interneto.

----------

Eikite į C: \\ SDFix ir po Report.txt Atgal Čia kartu su Combofix Prisijungti.

Zephiron · #8 Vasaris 17, 2008, 13:38

ComboFix 08-02-17.2 - Alex 2008-02-17 15:33:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.984 [GMT -5:00]
Veikia nuo: C: \\ Documents and Settings \\ Alex \\ Desktop \\ ComboFix.exe
* Sukurtas naujas atkūrimo taškas
.

((((((((((((((((((((((((( Failus, sukurtus nuo 2008/01/17 iki 2008/02/17 ))))))))))) ))))))))))))))))))))
.

2008-02-16 22:53. 2008-02-16 22:53 <DIR> d -------- C: \\ WINDOWS \\ ERUNT
2008-02-16 21:19. 2008-02-16 21:25 4.706 - ------ C: \\ WINDOWS \\ system32 \\ tmp.reg
2008-02-14 21:38. 2008-02-14 21:38 <DIR> d -------- C: \\ Program Files \\ Shareaza
2008-02-14 21:38. 2008-02-14 21:38 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Shareaza
2008-02-14 18:39. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Grisoft
2008-02-14 18:39. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Grisoft
2008-02-14 18:39. 2007-05-30 07:10 10.872 - ------ C: \\ WINDOWS \\ system32 \\ drivers \\ AvgAsCln.sys
2008-02-14 18:38. 2008-02-14 18:39 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\. SunDownloadManager
2008-02-14 18:00. 2008-02-14 18:00 <DIR> d -------- C: \\ Program Files \\ Lavasoft
2008-02-14 18:00. 2008-02-14 18:01 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Lavasoft
2008-02-14 17:08. 2008-02-14 17:08 <DIR> d -------- C: \\ Program Files \\ Trend Micro
2008-02-14 17:00. 2008-02-14 17:00 <DIR> d -------- C: \\ Program Files \\ vs Revo grupė
2008-02-14 16:26. 2008-02-14 16:26 <DIR> d -------- C: \\ Program Files \\ CCleaner
2008-02-14 01:27. 2008-02-14 01:27 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ DoctorWeb
2008-02-12 01:17. 2007-11-05 16:34 15.760 - ------ C: \\ WINDOWS \\ system32 \\ iviaspi.sys
2008-02-12 00:58. 2008-02-14 16:23 <DIR> d -------- C: \\ Program Files \\ Bet Video Converter
2008-02-12 00:58. 2008-02-14 16:23 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Bet Video Converter
2008-02-12 00:44. 2008-02-14 16:24 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ Upių Pastarieji G5
2008-02-12 00:44. 2008-02-14 16:24 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Upių Pastarieji G5
2008-02-12 00:34. 2008-02-12 00:34 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ "ArcSoft
2008-02-12 00:16. 2008-02-14 16:24 <DIR> d -------- C: \\ Program Files \\ NCH Software
2008-02-12 00:16. 2008-02-12 00:16 <DIR> d -------- C: \\ Documents and Settings \\ All Users \\ Application Data \\ NCH Software
2008-02-11 23:21. 2008-02-11 23:21 <DIR> d -------- C: \\ Program Files \\ iPod
2008-02-11 23:21. 2008-02-17 15:18 54.156 - Ah ----- C: \\ WINDOWS \\ QTFont.qfn
2008-02-11 23:21. 2008-02-11 23:21 1.409 - ------ C: \\ WINDOWS \\ QTFont.for
2008-02-11 23:20. 2008-02-11 23:21 <DIR> d -------- C: \\ Program Files \\ iTunes
2008-02-11 23:18. 2008-02-11 23:19 <DIR> d -------- C: \\ Program Files \\ QuickTime
2008-02-08 19:38. 2008-02-08 19:38 <DIR> d -------- C: \\ Program Files \\ Mp3tag
2008-02-08 19:38. 2008-02-08 19:48 <DIR> d -------- C: \\ Documents and Settings \\ Alex \\ Application Data \\ Mp3tag
2008-02-05 07:30. 2008-02-05 23:28 23.392 - ------ C: \\ WINDOWS \\ system32 \\ nscompat.tlb
2008-02-05 07:30. 2008-02-05 23:28 16.832 - ------ C: \\ WINDOWS \\ system32 \\ amcompat.tlb
2008-02-05 00:40. 2008-02-05 23:34 <DIR> d -------- C: \\ bin
2008-02-04 18:48. 2008-02-04 18:48 870.128 - ------ C: \\ WINDOWS \\ system32 \\ mcs.rma
2008-02-04 18:48. 2008-02-04 18:48 4 - ------ C: \\ WINDOWS \\ system32 \\ C3F1F0
2008-02-04 18:46. 2008-02-04 18:46 <DIR> d -------- C: \\ Program Files \\ Common Files \\ Real
2008-02-04 18:46. 2008-02-04 18:46 8.413 - ------ C: \\ WINDOWS \\ system32 \\ drivers \\ mcstrm.sys
2008-02-04 18:45. 2008-02-04 18:45 <DIR> d -------- C: \\ Program Files \\ Real
2008-02-04 18:11. 2008-02-12 01:16 <DIR> d -------- C: \\ Program Files \\ SANDISK
2008-02-04 17:47. 2004-08-03 18:56 221.184 - ------ C: \\ WINDOWS \\ system32 \\ wmpns.dll
2008-02-04 17:39. 2008-02-05 23:32 <DIR> d -------- C: \\ WINDOWS \\ system32 \\ drivers \\ umdf
2008-02-01 14:42. 2008-02-01 14:40 691.545 - ------ C: \\ WINDOWS \\ unins000.exe
2008-02-01 14:42. 2008-02-01 14:42 3.440 - ------ C: \\ WINDOWS \\ unins000.dat
2008-01-31 23:13. 2008-01-31 23:13 90.112 - ------ C: \\ WINDOWS \\ system32 \\ QuickTimeVR.qtx
2008-01-31 23:13. 2008-01-31 23:13 57.344 - ------ C: \\ WINDOWS \\ system32 \\ QuickTime.qts
2008-01-26 20:11. 2008-02-16 16:49 <DIR> d -------- C: \\ Program Files \\ Steam
2008-01-25 17:25. 2008-01-28 20:17 <DIR> d -------- C: \\ Program Files \\ Common Files \\ Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Pranešimas )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 17:46 --------- d ----- w C: \\ Program Files \\ Mozilla Thunderbird
2008-02-17 04:53 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\. Purpurinė
2008-02-15 03:05 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ LimeWire
2008-02-14 22:59 --------- d ----- w C: \\ Program Files \\ Common Files \\ Wise Installation Wizard
2008-02-12 06:16 --------- D - h - w C: \\ Program Files \\ InstallShield įrengimas Informacija
2008-02-12 04:20 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Apple Computer
2008-02-11 12:37 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ openoffice.org2
2008-02-09 00:12 --------- d ----- w C: \\ Program Files \\ NOD32
2008-02-06 04:17 --------- d ----- w C: \\ Program Files \\ Windows Media Connect 2
2008-02-04 22:55 --------- d ----- w C: \\ Program Files \\ Last.fm
2008-02-01 19:44 --------- d ----- w C: \\ Documents and Settings \\ All Users \\ Application Data \\ Spybot - Search & Destroy
2008-02-01 19:43 --------- d ----- w C: \\ Program Files \\ Spybot - Search & Destroy
2008-02-01 01:29 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ gtk-2.0
2008-01-19 02:24 --------- d ----- w C: \\ Program Files \\ DIVX
2008-01-07 00:47 --------- d ----- w C: \\ Program Files \\ NCsoft
2008-01-07 00:45 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ InstallShield
2007-12-26 19:43 --------- d ----- w C: \\ Program Files \\ Guitar Pro 5
2007-12-26 19:02 715.248 ---- AW C: \\ WINDOWS \\ system32 \\ drivers \\ sptd.sys
2007-12-25 04:58 --------- d ----- w C: \\ Documents and Settings \\ Alex \\ Application Data \\ Apple Computer
2007-12-25 04:56 --------- d ----- w C: \\ Program Files \\ Common Files \\ Apple
2007-12-18 09:51 179.584 ---- AW C: \\ WINDOWS \\ system32 \\ drivers \\ mrxdav.sys
2007-12-14 16:32 12.632 ---- AW C: \\ WINDOWS \\ system32 \\ lsdelete.exe
2007-12-07 02:21 824.832 ---- AW C: \\ WINDOWS \\ system32 \\ wininet.dll
2007-12-04 18:38 550.912 ---- AW C: \\ WINDOWS \\ system32 \\ Oleaut32.dll
2007-11-29 22:30 200.704 ---- AW C: \\ WINDOWS \\ system32 \\ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- AW C: \\ WINDOWS \\ system32 \\ libdivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Kraunasi Taškai )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Pastaba: * tuščių įrašų ir teisėtu default įrašai nerodoma
REGEDIT4

[HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"Ctfmon.exe" = "C: \\ WINDOWS \\ system32 \\ Ctfmon.exe" [2004-08-03 18:56 15360]

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"ATIPTA" = "C: \\ Program Files \\ ATI Technologies \\ ATI Control Panel \\ atiptaxx.exe" [2004-04-21 20:10 335872]
"Apoint" = "C: \\ Program Files \\ Apoint2K \\ Apoint.exe" [2003-10-30 15:46 192512]
"CeEPOWER" = "C: \\ Program Files \\ TOSHIBA \\ Power Management \\ CePMTray.exe" [2004-05-20 09:21 135168]
"BluetoothAuthenticationAgent" = "bthprops.cpl" [2004-08-03 23:56 110592 C: \\ WINDOWS \\ system32 \\ bthprops.cpl]
"Adobe Reader Speed Launcher" = "C: \\ Program Files \\ Adobe \\ Reader 8.0 \\ Reader \\ Reader_sl.exe" [2007-10-10 19:51 39792]
"SmcService" = "C: \\ PROGRA ~ 1 \\ Sygate \\ SPF \\ smc.exe" [2004-10-15 18:40 2577632]
"\\ \\ TĖVAI \\ Epson Stylus CX4800 serija" = "C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32x86 \\ 3 \\ E_FATIADA.exe" [2005-02-01 14:00 98304]
"Auto" Epson Stylus CX4800 serija tėvams "=" C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32x86 \\ 3 \\ E_FATIADA.exe "[2005-02-01 14:00 98304]
"SunJavaUpdateSched" = "C: \\ Program Files \\ Java \\ jre1.6.0_03 \\ bin \\ jusched.exe" [2007-09-25 00:11 132496]
"Auto" Epson Stylus CX4800 serija tėvams (Copy 1) "=" C: \\ WINDOWS \\ System32 \\ spool \\ drivers \\ W32x86 \\ 3 \\ E_FATIADA.exe "[2005-02-01 14:00 98304]
"nod32kui" = "C: \\ Program Files \\ NOD32 \\ nod32kui.exe" [2007-09-22 19:28 949376]
(0228e555-4f9c-4e35-a3ec-b109a192b4c2) "=" C: \\ Program Files \\ Google \\ Gmail Notifier \\ gnotify.exe "[2005-07-15 16:48 479232]
"SansaDispatch" = "C: \\ Program Files \\ SanDisk \\ Sansa Updater \\ SansaDispatch.exe" [2007-10-22 12:52 75584]
"QuickTime Task" = "C: \\ Program Files \\ QuickTime \\ QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper" = "C: \\ Program Files \\ iTunes \\ iTunesHelper.exe" [2008-02-04 14:18 267048]
"! AVG Anti-spyware" = "C: \\ Program Files \\ Grisoft \\ AVG Anti-spyware 7,5 \\ avgas.exe" [2007-06-11 04:25 6731312]

C: \\ Documents and Settings \\ Alex \\ Start Menu \\ Programs \\ Startup \\
Last.fm Helper.lnk - C: \\ Program Files \\ Last.fm \\ LastFMHelper.exe [2007-11-23 20:41:24 106496]

C: \\ Documents and Settings \\ All Users \\ Start Menu \\ Programs \\ Startup \\
RAMASST.lnk - C: \\ WINDOWS \\ system32 \\ RAMASST.exe [2007-05-17 19:28:25 155648]

[HKEY_LOCAL_MACHINE \\ Software \\ Microsoft \\ Shared Tools \\ msconfig \\ startupreg \\ iTunesHelper]
- ------ 2008-02-04 14:18 267048 C: \\ Program Files \\ iTunes \\ iTunesHelper.exe

R1 ECioctl; ECioctl, C: \\ WINDOWS \\ system32 \\ drivers \\ ECioctl.sys [2004-05-06 12:40]

.
Turinys "Scheduled Tasks" katalogą
"2008-02-12 04:12:01 C: \\ WINDOWS \\ Uždaviniai \\ AppleSoftwareUpdate.job"
- C: \\ Program Files \\ Apple Software Update \\ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:36:26
Windows 5.1.2600 Service Pack 2 NTFS

skenavimo paslėptus procesus ...

skenavimo paslėptas autostart entries ...

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus failus: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Run]
"\\ \\ \\ \\ \\ TĖVAI \\ \\ Epson Stylus CX4800 serija" = "C: \\ \\ WINDOWS \\ \\ System32 \\ \\ spool \\ \\ Drivers \\ \\ W32x86 \\ \\ 3 \\ \\ E_FATIADA.EXE / p. 36 \\" \\ \\ \\ \\ \\ TĖVAI \\ \\ Epson Stylus CX4800 serija \\ "/ O6 \\" USB001 \\ "/ M \\" Stylus CX4800 \\ ""
.
Atlikimo laikas: 2008-02-17 15:37:28
ComboFix-karantine-files.txt 2008-02-17 20:37:03
ComboFix2.txt 2008-02-01 18:40:13
.
2008-02-12 22:03:35 --- EOF ---

SDFix: Versija 1,143

Run by Alex on Thu 02/16/2008 at 10:55

Microsoft Windows XP [Version 5.1.2600]
Running From: C: \\ DOCUME ~ 1 \\ Alex \\ Desktop \\ SDFix

Tikrinimas Paslaugos:

Restoring Windows registro vertybės
Restoring Windows nutylėjimą Hosts File

Paleista ...

Tikrinimas Failai:

Nr Trojos failus iš katalogo

Šalinama temp failus ...

ADS keista:

Galutinis patikrinimas:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit / Stealth kenkėjiškų detektorius pagal Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 23:03:09
Windows 5.1.2600 Service Pack 2 NTFS

skenavimo paslėptus procesus ...

skenavimo paslaugų paslėptas ir sistemos avilio ...

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ controlset001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ controlset001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, AB, 4e, CB, 87 dB, 38,85, B9, 06,40, EB, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ controlset001 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: F3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, DC, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ controlset001 \\ Services \\ sptd \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"p0" = "C: \\ Program Files \\ Alcohol Soft \\ Alcohol 120 \\"
"H0" = dword: 00000000
"ujdew" = hex: 71,01,87,6, A3, BF, skelbimas, CA, 49,9 B, DC, E8, D8, 47, A7, 01, fa, 07,8 f, 86,2 d, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, AB, 4e, CB, 87 dB, 38,85, B9, 06,40, EB, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: F3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, DC, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sptd \\ Cfg]
"S1" = dword: 6f80447f
"S2" = dword: a6a05479
"H0" = dword: 00000001

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ sptd \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"H0" = dword: 00000000
"ujdew" = hex: 91, B0, 10,47,0 b, 98,1 B, EF, 71, B1, DC, 9f, 73, d5, 38, E7, D8, B4, 7b, CE, CC, ..
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 0400ea440ad8]
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1000aa440ad8]
"0016cff28996" = hex: 08,4, AB, 4e, CB, 87 dB, 38,85, B9, 06,40, EB, 97,25,75
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ BTHPORT \\ Parameters \\ Keys \\ 1020e84408d8]
"001963092cc5" = hex: F3, 31,90,9 f, 77,92,3, 67, C8, C7, 14, DC, 15,5 d, 94, F8
[HKEY_LOCAL_MACHINE \\ SYSTEM \\ ControlSet004 \\ Services \\ sptd \\ Cfg \\ 0D79C293C1ED61418462E24595C90D04]
"H0" = dword: 00000000
"ujdew" = hex: 91, B0, 10,47,0 b, 98,1 B, EF, 71, B1, DC, 9f, 73, d5, 38, E7, D8, B4, 7b, CE, CC, ..

skenavimo paslėptas registro įrašus ...

[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ Atstatyti \\% \\ xe3 \\ xce \\ 21 \\ xbf \\ XC1 \\ b]
"DisplayName" = ""
"DeviceDesc" = ""
"ProviderName" = ""
"MFG" = "\\ x435c \\ x6e6f \\ x7274 \\ x6c6f \\ x435c \\ x616c \\ x7373 \\ x745c \\ 2"
"ReinstallString" = "C: \\ WINDOWS \\ system32 \\ ReinstallBackups \\ \\ xe325 \\ x11ce \\ xc1bf \\ b \\ DriverFiles \\ \\ x49c8 \\ 23 \\ x5a00 \\ x7c91 \\ x48b4 \\ 23 \\ x4a54 \\ 23 \\ 1.INF"
"DeviceInstanceIds" = str (7): "\\ Temp \\ wzse0.tmp \\ SMBus \\ smbusati.inf"
[HKEY_LOCAL_MACHINE \\ SOFTWARE \\ Microsoft \\ Windows \\ CurrentVersion \\ WindowsUpdate \\ Auto Update]
"ScheduledInstallDate" = "2008-02-15 22:00:00"

skenavimo paslėptus failus ...

skenavimas baigtas sėkmingai
paslėptus procesus: 0
paslėptas paslaugos: 0
paslėptus failus: 0

Kitų paslaugų:

Įgaliotas rakto taikymu eksportui:

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SharedAccess \\ Parameters \\ firewallpolicy \\ standardprofile \\ authorizedapplications \\ list]
"C: \\ Program Files \\ iTunes \\ \\ iTunes.exe" = "C: \\ Program Files \\ iTunes \\ \\ iTunes.exe: *: Enabled: iTunes"

[HKEY_LOCAL_MACHINE \\ SYSTEM \\ CurrentControlSet \\ Services \\ SharedAccess \\ Parameters \\ firewallpolicy \\ domainprofile \\ authorizedapplications \\ list]

Likęs Failai:

Failai su Hidden atributus:

Kt 6 rugsėjis 2007 4 A. SHR --- "C: \\ WINOS.SYS"
Pr 28 sausis 2008 1.404.240 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ SDUpdate.exe"
Pr 28 sausis 2008 5.146.448 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ SpybotSD.exe"
Pr 28 sausis 2008 2.097.488 A. SHR --- "C: \\ Program Files \\ Spybot - Search & Destroy \\ TeaTimer.exe"
An 5 vasaris 2008 0 A.SH. --- "C: \\ Documents and Settings \\ All Users \\ DRM \\ Cache \\ Indiv01.tmp"
Pn 1 vasaris 2008 0 A.. H. --- "C: \\ Windows \\ SoftwareDistribution \\ Parsisiųsti \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT1B.tmp"
Tr 23 sausis 2008 0 A.. H. --- "C: \\ Windows \\ SoftwareDistribution \\ Parsisiųsti \\ 585dc2612ebcefc90e7dee4c276ee95e \\ BIT23.tmp"

Pavyko!

**evilfantasy** · #9 Vasaris 17, 2008, 14:05

SDFix nepanaikino nieko, bet ji atkurti Windows nutylėjimą Hosts File, kad galėjo būti problemos šaltinį.

Aš nematau jokių Įrašai kenkėjiškų programų.

Jūs norite pradėti Spybot ir jį atnaujinti ir vykdyti imunizacijos.

Laikas padaryti tam valymas ir saugų darbą tu padarei su šiuo klausimu.

Spauskite PRADŽIA tada RUN
Dabar tipo Combofix / u į runbox
Įsitikinkite, kad yra skirtumas tarp Combofix ir kosmosas / u
Tada spauskite Registracija.

Anksčiau apibūdinta procedūra taip:

Ištrinti:
- ComboFix ir su juo susijusius failus ir aplankus.
- VundoFix atsargines kopijas, jeigu šios
- C: \\ Deckard aplanką, jei yra
- C: _OtMoveIt aplanką, jei yra
Anuliuoti laikrodžio nustatymus.
Slėpti failų, jeigu to reikia.
Slėpti sistemos / Hidden failus, jei reikia.
Nustatyti naujos, švarios atkūrimo tašką.

Parsisiųsti OTMoveIt2 iki Oldtimer OTMoveIt2.exe ir padėkite jį ant stalo. (jei jau turite ji)

1. Dukart spustelėkite OTMoveIt2.exe ją pradėti.
2. Spauskite Clean! mygtuką.
3. OTMoveIt2 atsisiųsti iš interneto, sąrašą, jei jūsų ugniasienės ar kitų apsauginių programų įspėtų, kad ji gauti.
4. Spauskite TAIP į kitą eilutę (sąrašas atsisiųsti, Ar norite pradėti valymo procesas?)

Baigę išeiti iš OTMoveIt2

Išvykimo Išlaikyti Yourself saugiam internete Patarimai ir nemokamus įrankius, norint išlaikyti saugų ateityje.

Taip pat žiūrėkite Lėtas kompiuterio? Ji negali būti kenkėjiškų programų nemokamai valymo / priežiūros priemones, padedančias išsaugoti savo kompiuteryje, kuriame veikia sklandžiai.

Zephiron · #10 Vasaris 17, 2008, 14:26

Alright, padaryta. Dėkojame už pagalbą!

Panašios Temos
Siūlas	Thread Starter	Forumas	Atsakymai	Last Post
Autorun kenkėjiškų programų?	sungod000	Virus, Spyware & Security	5	Birželis 23, 2009 12:14
Panda USB ir Autorun skiepų 1.0.0.19 Beta	evilfantasy	Virus, Spyware & Security	0	Kovas 7, 2009 12:47
CD autorun	severntales	Drives & Removable Media	2	13 gruodis 2008 00:28
Sygate Personal Firewall (Autorun problema)	dgethin	Virus, Spyware & Security	16	7 sausis 2008 14:09
CD nebus autorun / autostart	rigisme	Drives & Removable Media	11	18 gruodis 2007 14:37