[di5a1n]

Tere!
Nimelt probleem järgmine, arvuti on viimasel ajal tihti kokku hakanud jooksma. Arvuti ei ole vana ja näitajad ei tohiks ka kõige kehvemate poolest olla.
Veel olen pannud tähele fakti, et kui teha samal ajal tuntud klahvide kombinatsiooni Ctrl+Alt+Del, siis ilmub kastike kirjaga " Task Manager has been disabled by your admistrator"
Ise kuna arvutitest jagan niivõrd kuivõrd, siis arvan et äkki mingi viirus? kas võib selline asi olla?


Terv. Egon

[JOKKER666]

Äkki sa lihtsalt ei ole administraatorina sisse logitud. Mis op süs on üldse.

[esc]

Kui sa arvad, et sul on probleem arvuti kokkujooksmisega, siis seda probleemi ju pole. Ilusasti jookseb kokku

Üldiselt kõlab jah nagu pahavara ehk viirus

[oswald]

nähtud sellise kirjaga pahalast. mis muud kui safe modes viirusi püüdma
kuidas sellest lahti sain, ei mäleta. õnneks ei olnud väga kõvasti masinas kinni minu mäletamist mööda.

[Betamax]

Netware?

[di5a1n]

mis netware?, muuseas tegin arvuti viiruse kaitsega puhtaks ja leidis ühe kahtlase faili, nii aga asi läheb järjest hullemaks :S, kaks kuud tagasi oli arvuti kiire, ei mingeid probleeme aga nüüd :S oskate äkki midagi pakkuda mida teha?

[Betamax]

Kas sul on ehk selline asi nagu Netware installitud. Uuri Add/remove porgrams alt.

[di5a1n]

Ei, kahjuks/õnneks ei ole sellist asja nagu Netware minu arvutisse installitud, kas see peaks olema? ja mis see annab?

[laurx]

millega sa neid viirusi püüdsid? ole hea ja tee sellsie programmiga nagu hijackthis "logi" ja pasteeri siia. on alust arvata, et su arvuti teeb muud ka peale selle, mida sina temalt tahad. selle muu tegemise kaitseks on kasutautud sinu arvuti maha keeramata ja paroolimata kontot " administrator" ja muditud natuke seadeid, nt task manager on keelatud selle p2rast 2ra ,et sa ei n2eks mis masinas toimub.

[di5a1n]

kust ma sellise programmi nagu hijackthis "logi" leida võin? viiruste püüdmiseks on mul kaspersky anti-virus 6.0

[Lord Ami]

http://taimar.pri.ee/spyware/hjt.php
Samuti võib abiks olla combofix log:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Käivita, vajuta NR 1 ja oota kuni logi salvestatakse C:/Combofix.txt või midagi sellist.Kleebi see siia.

[di5a1n]

ComboFix 08-01-11.3 - Eg 2008-01-12 17:18:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1257.1.1033.18.467 [GMT 2:00]
Running from: C:\Documents and Settings\Eg\Local Settings\Temporary Internet Files\Content.IE5\XDO24NXN\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\jetctrl.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 )))))))))))))))))))))))))))))))
.

2008-01-12 17:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 16:12 . 2008-01-12 16:12 386 --a------ C:\WINDOWS\ODBC.INI
2008-01-10 17:35 . 2002-08-08 06:11 319,488 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2008-01-07 19:00 . 2008-01-07 19:00 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-07 19:00 . 2008-01-07 19:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-01-07 19:00 . 2008-01-12 17:28 3,067,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-07 19:00 . 2008-01-12 02:04 42,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-07 19:00 . 2008-01-12 17:28 34,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-07 19:00 . 2008-01-12 02:04 4,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-05 14:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-05 13:38 . 2008-01-05 13:38 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-04 22:56 . 2008-01-04 22:56 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-03 15:34 . 2008-01-03 15:34 <DIR> d-------- C:\Program Files\Minu Stuff
2008-01-03 15:02 . 2008-01-03 15:02 <DIR> d-------- C:\Program Files\Autodesk
2008-01-03 15:01 . 2008-01-03 15:01 <DIR> d-------- C:\Program Files\AnswerWorks 4.0
2008-01-03 14:59 . 2008-01-03 15:02 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-01-03 14:59 . 2008-01-03 15:02 <DIR> d-------- C:\Program Files\AutoCAD 2005
2008-01-03 14:59 . 2008-01-03 15:10 <DIR> d-------- C:\Documents and Settings\Eg\Application Data\Autodesk
2008-01-03 14:59 . 2008-01-03 14:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2008-01-03 14:50 . 2008-01-03 14:50 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys
2008-01-03 14:48 . 2008-01-03 14:48 643,072 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-01-03 14:48 . 2008-01-03 14:48 96,256 --a------ C:\WINDOWS\system32\drivers\sptd7229.sys
2007-12-30 15:04 . 2007-06-15 10:49 19,840 -ra------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-12-30 15:03 . 2007-12-30 15:03 <DIR> d-------- C:\Program Files\TrekStor
2007-12-27 15:26 . 2007-12-27 15:26 61,074 --a------ C:\WINDOWS\system32\oemlogo.bmp
2007-12-27 15:25 . 2007-12-27 15:32 249 --a------ C:\WINDOWS\system32\oeminfo.ini
2007-12-25 20:42 . 2008-01-04 14:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 20:42 . 2007-12-25 20:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 20:40 . 2007-12-25 20:41 <DIR> d-------- C:\Program Files\QuickTime
2007-12-25 20:39 . 2007-12-25 20:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-25 20:39 . 2007-12-25 20:39 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-25 20:39 . 2007-12-25 20:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 13:04 --------- d-----w C:\Program Files\MSN Messenger
2008-01-05 12:24 --------- d-----w C:\Program Files\Java
2008-01-04 16:39 --------- d-----w C:\Program Files\Google
2008-01-04 15:34 --------- d-----w C:\Program Files\Winamp
2007-12-30 13:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 19:13 --------- d-----w C:\Documents and Settings\Eg\Application Data\LimeWire
2007-12-25 18:41 --------- d-----w C:\Documents and Settings\Eg\Application Data\Apple Computer
2007-12-25 18:41 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-08 14:49 --------- d-----w C:\Program Files\RichVideoCodec
2007-11-23 14:46 --------- d-----w C:\Program Files\Yahoo!
2007-11-23 14:04 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 15:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-20 15:49 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 544768 C:\WINDOWS\sm56hlpr.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 19:49 16269312 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"EstEID AIP switch"="C:\Program Files\IT Arendus\ID-kaart\\aipswitch 1" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 18:44 303104]
"track monitor"="C:\Program Files\MSN Track Monitor\msntrack.exe" [ ]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 11:03 94208 C:\WINDOWS\KHALMNPR.Exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 17:16 37376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-07-26 12:48 3305472]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28 155751]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\Eg\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 19:57:16]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 03:35:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 11:32]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 08:24]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2007-06-15 10:49]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-25 18:39:50 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 17:28:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 17:29:54
ComboFix-quarantined-files.txt 2008-01-12 15:29:43
.
2008-01-09 20:48:19 --- E O F ---

[Lord Ami]

C:\WINDOWS\system32\MafiaSetup.exe
Saada see fail:
http://kaspersky.ee/faq,6,1.htm#7
Start-Run paste:
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f