Results 1 to 24 of 24
Hybrid View
-
1st December 2007 00:39 #1Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Êàê íå ìîãà äà ñå ñïðàâÿ ñ ãàäèíèòå
Áëàãîäàðÿ íà Èëêî çà ïîëåçíàòà òåìà!
Ñêîðî ïèïíàõ åäíè ãàäèíè, òà ïðî÷åòîõ íåãîâàòà òåìà è ñå îïèòàõ äà ñå î÷èñòÿ íî... íå ìîæàõ.
Êîãàòî èíñòàëèðàòå ãîðíèòå ïðîãðàìè ñå óâåðåòå ÷å ðåçèäåíòíèòå èì ìîäóëè ñà íåàêòèâíè èëè èçêëþ÷åíè, êàêòî è íà èíñòàëèðàíèòå ïðåäè àíòèâèðóñíè è àíòèøïèîíñêè ïðîãðàìè. Ìàé íå ìàõíàõ NOD-à, ïðåäè äà ãè èíñòàëèðàì.
Èíà÷å òðÿáâà äà ñúì ñïàçèë ïðîöåäóðàòà, íî èìà (îùå) ãàäèíè.
File: C:\WINDOWS\System32\ptdkuo.exe Threat: Poebot trojan
C:\WINDOWS\System32\ces.exe IRC/SdBot trojan
...://82.98.235.78/netob/po'ki20071106.exe?uid=4E3B12269D9011DCB9 21F68490ECFFF... Threat: Adware.Ezula applikation
C:\Documants and settings\pgp\Local Settings\Temporary Internet Files\Content...\poiu[1] Threat: Win32\TrojanDownloader.Tini.ID trojan
Commaent(NOD): Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
C:\Documants and settings\pgp\Locals..\Temp\bnspoalr.exe
Îùå Treats:
Win32/TrojanDownloader.Tini.ID trojan
Win32/Adware Virtumonde application
Win32/Adware Ezula Application
Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.

Òîâà óñïÿõ äà çàïèøà äîêàòî ìè èçëèçà ÷åðâåíèÿ ïðîçîðåö íà NOD-à
Çàáåëÿçàõ, ÷å ïðîáëåìèòå ñïèðàò êîãàòî äèðåêòíî ñå âúðæà çà ìîäåìà, äîêàòî êîãàòî ñúì êúì ëîêàëíàò ìðåæè÷êà (ìîäåì>êîìïþòúð>swich>ìîÿ êîìï+îùå åäèí) âåäíàãà NOD-à èçïëàêâà è/èëè íÿêàêúâ Messenger Service. È èçïëàêâàò äîñòà ÷åñòî.
Â÷åðà äîðè ìè èçêëþ÷è êîìïþòúðà è êàòî ñå îïèòâàõ ïîñëå äà ñå ëîãíà â Windows-à (êàêòî îáèêíîâåíî êàòî àäìèí :/) èçâåäå ñúîáùåíèå ÷å íÿêàêúâ ñúðâúð íåùî íå ìå äîïóñêàë... íå ñå ñåùàì òî÷íî. Íà ñóòðèíòà ñè òðúãíà (ïàê êúì swich-à).
Äíåñ ñè ñëîæèõ Netpeeker, íî è òîé íå ïîìîãíà. Êèë-íàõ explore.exe è ñåãà ñúì áåç "ëåíòàòà íà çàäà÷èòå".
Ñåãà ùå ðåñòàðòèðàì, è ïî-êúñíî àêî îùå ìè å æèâ êîìïà, ùå ïóñíà HiJackThis è ùå äîïúëíÿ ñ ëîãà îò íåãî.
Eòî ãî è íåãî:
Logfile of HijackThis v1.99.1
Scan saved at 15:19:50, on 30.11.2007 ã.
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\NetPeeker\NPGUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pgp\Desktop\Inst\antivirus\hija ckthis\MyScan.exe
O2 - BHO: (no name) - {17B88DF7-95AB-44DA-8ECD-5FF0B6CAEC67} - C:\WINDOWS\System32\awtqnkh.dll (file missing)
O2 - BHO: (no name) - {29456A27-BCCA-4E9A-9D79-9C5C37C250BF} - C:\WINDOWS\System32\oppqn.dll
O2 - BHO: {fbc81597-de68-3fa9-fd34-8238ec488654} - {456884ce-8328-43df-9af3-86ed79518cbf} - C:\WINDOWS\System32\dhretgto.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NetPeeker] C:\Program Files\NetPeeker\NPGUI.exe Minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
VundoFix íå íàìåðè íèùî.
À è ñëåä ïîñëåäíèÿ ðåñòàðò íèùî íå èçëèçà.
--------
Åòî êàêâî ìè èçêàðà Netpeeker-à çà 82.98.235.78:
Local Information:
Address: localhost
Port: 1321
Remote Information:
Address: 82.98.235.77
DNS name: iontrata.com
Port: 80 (http, World Wide Web HTTP)
Orgnization: Cyber Technology BV BA/SPRL
Belgium
Net Range: 82.98.235.0 - 82.98.235.255
Country: Netherlands
Comment: **************************************** ***
* Abuse contact: abuse@mycyberhosting.net *
**************************************** ***
Admin Contact:
Name: Oliver van Loven
Address: Cyber Technology BVBA/SPRL
56 Avenue du printemps
1410 Waterloo Brussels
Belgium
Phone: +32 2 479 87 16
Fax-no: +32 2 479 87 16
E-mail: leole@infonie.be
Tech Contact:
Other Contacts:
Domain Name Information:
Registrant:
Gerald Inc
Tas vezer u. 62.
Tolnanemedi, Tolnanemedi 7083
HU
Domain name: IONTRATA.COM
Administrative Contact:
E. Parris, Gerald no_name_inc@yahoo.com
Tas vezer u. 62.
Tolnanemedi, Tolnanemedi 7083
HU
+1.416555112251234
Technical Contact:
E. Parris, Gerald no_name_inc@yahoo.com
Tas vezer u. 62.
Tolnanemedi, Tolnanemedi 7083
HU
+1.416555112251234
Registrar of Record: TUCOWS, INC.
Record last updated on 11-Sep-2007.
Record expires on 10-Sep-2008.
Record created on 10-Sep-2007.
Registrar Domain Name Help Center:
http://domainhelp.tucows.com
Domain servers in listed order:
NS1.IONTRATA.COM 89.188.16.12
NS2.IONTRATA.COM 82.98.235.155
Domain status: ok
The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
for information purposes only, and may be used to assist you in obtaining
information about or related to a domain name's registration record.
Tucows makes this information available "as is," and does not guarantee its
accuracy.
By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (b) enable high volume, automated, electronic processes that
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.
The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of Tucows.
Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this
policy.
Tucows reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
Last edited by qtech; 1st December 2007 at 02:23.
-
1st December 2007 03:19 #2Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Ðåñòàðòèðàé â Safe Mode, ïóñíè HiJackThis è ñëîæè îòìåòêè íà ñëåäíèòå:
Íàòèñíè Fix Checked.O2 - BHO: (no name) - {17B88DF7-95AB-44DA-8ECD-5FF0B6CAEC67} - C:\WINDOWS\System32\awtqnkh.dll (file missing)
O2 - BHO: (no name) - {29456A27-BCCA-4E9A-9D79-9C5C37C250BF} - C:\WINDOWS\System32\oppqn.dll
O2 - BHO: {fbc81597-de68-3fa9-fd34-8238ec488654} - {456884ce-8328-43df-9af3-86ed79518cbf} - C:\WINDOWS\System32\dhretgto.dll
O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
Êàòî çàâúðøè ðåñòàðòèðàé íîðìàëíî.
Ïóñíè SmitFraudFix, è ïóñíè ëîãà ìó êàòî çàâúðøè.
Äðúïíè ïîñëåäíàòà âåðñèÿ íà HiJackThis îò òóê è ïóñíè íîâ ëîã.
Äðúïíè ComboFix, çàïèøè ãî íà äåñêòîïà è ãî ïóñíè, àêî ïîèñêà äà ðåñòàðòèðà ìó ðàçðåøè èëè íå ñå ó÷óäâàé àêî ãî íàïðàâè ñàì. Ñëåä êàòî ñâúðøè â C:\ ùå èìàø combofix.txt èëè .log, çàêà÷è ãî â ñëåäâàùèÿò òè ïîñò.
-
1st December 2007 06:02 #3Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Show must go on
Ïúðâî äà äîáàâÿ ÷å çàáðàâèõ: ÎÑ: WIN XP pro SP1
 safe mode îñâåí íÿêîëêîòî ïðåäóïðåæäåíèÿ ÷å ñúì â òîçè ðåæèì, ìè îñòàâàøå ÷åðåí åêðàí ñàìî ñ íàäïèñèòå safe mode ïî úãëèòå. Äàâàøå ìè ìàëêî âðåìå íîðìàëíà ðàáîòà (â safe mode) Òà, â íîðìàëåí ðåæèì ñè íàïðàâèõ ïðåïðàòêè íà äåñêòîïà è ïîñëå â safe mode óñïÿõ äà ãè ñòàðòèðàì, ìàêàð ÷å ïàê ìè èç÷åçâàøå äîëó ëåíòàòà íà çàäà÷èòå.
È òàêà åòî è ëîãîâåòå:
SmitFraudFix v2.256
Scan done at 19:26:00,39, 30.11.2007 £.
Run from C:\Documents and Settings\pgp\Desktop\Inst\antivirus\Smit fraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\NetPeeker\NPGUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 mpa.one.microsoft.com
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pgp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pgp\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pgp\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8215F AEF-9904-4FF1-844A-6B14F8B5BF79}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8215F AEF-9904-4FF1-844A-6B14F8B5BF79}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8215F AEF-9904-4FF1-844A-6B14F8B5BF79}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameter s: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameter s: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameter s: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:43, on 30.11.2007 ã.
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\NetPeeker\NPGUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\pgp\Desktop\Inst\antivirus\HiJa ckThis2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {AB7337F9-F898-4B75-AF8E-41D8AFF142BD} - C:\WINDOWS\System32\oppqn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NetPeeker] C:\Program Files\NetPeeker\NPGUI.exe Minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
--
End of file - 1863 bytes
ComboFix 07-11-19.4C - pgp 2007-11-30 19:33:28.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.1.1251.1.1033.18.74 [GMT -8:00]
Running from: C:\Documents and Settings\pgp\Desktop\Inst\antivirus\Comb oFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
C:\WINDOWS\system32\nqppo.bak1
C:\WINDOWS\system32\nqppo.bak2
C:\WINDOWS\system32\nqppo.ini
C:\WINDOWS\system32\nqppo.ini2
C:\WINDOWS\system32\nqppo.tmp
C:\WINDOWS\system32\oppqn.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.
2007-11-30 19:26 1,358 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-30 17:22 1,600 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2007-11-30 15:28 <DIR> d-------- C:\VundoFix Backups
2007-11-30 12:04 200,788 --a------ C:\WINDOWS\system32\drivers\NetPeeker.sy s
2007-11-30 12:03 <DIR> d-------- C:\Program Files\NetPeeker
2007-11-29 23:29 0 --a------ C:\WINDOWS\system32\Tilecomfree.com
2007-11-28 23:33 69 --a------ C:\WINDOWS\system32\i
2007-11-28 23:33 0 --a------ C:\WINDOWS\system32\eraseme_64782.exe
2007-11-28 22:11 38,400 --a------ C:\WINDOWS\system32\SSQOOLK.VDLL
2007-11-28 19:56 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-28 19:56 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-28 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-28 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-28 15:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-28 13:38 17,720 --a------ C:\Documents and Settings\pgp\Application Data\GDIPFONTCACHEV1.DAT
2007-11-28 00:51 61,440 --a------ C:\WINDOWS\system32\zrcr.exe
2007-11-28 00:51 61,440 --------- C:\WINDOWS\system32\wbmry.exe
2007-11-28 00:49 61,440 --------- C:\WINDOWS\system32\yrfjk.exe
2007-11-28 00:49 61,440 --------- C:\WINDOWS\system32\cfrpn.exe
2007-11-28 00:43 61,440 --------- C:\WINDOWS\system32\yqsr.exe
2007-11-28 00:43 61,440 --------- C:\WINDOWS\system32\olive.exe
2007-11-28 00:41 61,440 --------- C:\WINDOWS\system32\umvhid.exe
2007-11-28 00:41 61,440 --------- C:\WINDOWS\system32\ftask.exe
2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\vzfh.exe
2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\vxrku.exe
2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\pdrs.exe
2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\nhydhe.exe
2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\jxdw.exe
2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\hdbj.exe
2007-11-21 21:50 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-11-21 21:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-11-19 12:41 <DIR> d-------- C:\Program Files\Foxit Software
2007-11-15 12:38 126,976 --a------ C:\WINDOWS\system32\hpgt34tk.dll
2007-11-15 12:38 126,976 --a------ C:\WINDOWS\system32\dllcache\hpgt34tk.dl l
2007-11-15 12:38 101,376 --a------ C:\WINDOWS\system32\hpgt34.dll
2007-11-15 12:38 101,376 --a------ C:\WINDOWS\system32\dllcache\hpgt34.dll
2007-11-15 12:38 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-11-15 12:38 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dl l
2007-11-15 12:38 32,768 --a------ C:\WINDOWS\system32\hpgtmcro.dll
2007-11-15 12:38 32,768 --a------ C:\WINDOWS\system32\dllcache\hpgtmcro.dl l
2007-11-15 12:38 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-15 12:38 14,208 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-12 15:41 <DIR> d-------- C:\Program Files\SA Dictionary 2005 T2
2007-11-12 15:41 299,520 --a------ C:\WINDOWS\uninst.exe
2007-11-12 14:07 <DIR> d-------- C:\Program Files\Winamp
2007-11-12 13:02 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\Skype
2007-11-12 13:01 <DIR> d-------- C:\Program Files\Skype
2007-11-12 13:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-11-12 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-12 13:00 <DIR> d--hs---- C:\Recycled
2007-11-12 12:06 <DIR> d-------- C:\Program Files\uTorrent
2007-11-12 12:05 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\uTorrent
2007-11-12 11:46 <DIR> d-------- C:\Program Files\QIP
2007-11-12 11:39 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\Talkback
2007-11-12 11:39 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-11-12 11:39 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-12 11:34 3,769 --a------ C:\WINDOWS\mozver.dat
2007-11-12 09:48 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-12 09:48 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-11-12 09:28 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-11-12 09:28 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-11-12 09:28 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-11-12 09:28 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-11-12 09:28 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-11-12 09:21 <DIR> d---s---- C:\Documents and Settings\pgp\UserData
2007-11-11 22:27 <DIR> d-------- C:\WUTemp
2007-11-11 22:26 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2007-11-11 22:26 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-11 22:26 24,960 --a------ C:\WINDOWS\system32\dllcache\usbprint.sy s
2007-11-11 22:23 <DIR> d--h----- C:\Program Files\Zenographics
2007-11-11 22:23 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-11-11 22:23 143,360 -ra------ C:\WINDOWS\apptune1020.exe
2007-11-11 22:23 86,016 -ra------ C:\WINDOWS\system32\ZLhp1020.dll
2007-11-11 08:16 313,344 --a------ C:\WINDOWS\system\OLE2.DLL
2007-11-11 08:16 298,240 --a------ C:\WINDOWS\system\MFC250.DLL
2007-11-11 08:16 157,184 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-11-11 08:16 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-11-11 08:16 142,592 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-11-11 08:16 102,400 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-11-11 08:16 99,200 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-11-11 08:16 90,144 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-11-11 08:16 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-11-11 08:15 <DIR> d-------- C:\Documents and Settings\pgp\WINDOWS
2007-11-11 08:15 <DIR> d-------- C:\COREL50
2007-11-11 08:15 55,808 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-11-11 08:15 24,598 --a------ C:\WINDOWS\system\OLE2.REG
2007-11-11 08:15 21,648 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-11-11 08:15 16,752 --a------ C:\WINDOWS\system\REGLOAD.EXE
2007-11-11 07:45 21,760 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-11 07:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-11 07:13 <DIR> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2007-11-30 19:24 78,912 ----a-w C:\WINDOWS\system32\kbctendg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon .exe" [2002-08-29 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-12 09:47]
"NetPeeker"="C:\Program Files\NetPeeker\NPGUI.exe" [2007-09-09 22:44]
C:\Documents and Settings\pgp\Start Menu\Programs\Startup\
QIP 2005.lnk - C:\Program Files\QIP\qip.exe [2007-07-15 02:43:26]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 16:01:04]
[HKEY_LOCAL_MACHINE\system\currentcontrol set\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\oppqn.dll
R1 NetPeeker;NetPeeker;C:\WINDOWS\System32\ Drivers\NetPeeker.sys
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
**************************************** **********************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 19:37:35
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************** **********************************
.
Completion time: 2007-11-30 19:38:12 - machine was rebooted
.
--- E O F ---
Àìè òîâà å. Âñå îùå íå ìè èçïëàêâà NOD-à è äðóãèÿ òàì, messenger.
Ïàê áëàãîäàðíîñòè íà Èëêî! Èëêî, òè íå ñè ÷îâåê - òè ñè çëàòî. Íåçàâèñèìî äàëè ùå ñè î÷èñòÿ èëè íå ìàøèíàòà.
Çàáðàâèõ äà êàæà, ÷å ïðåäè ñåãà äà ïóñíà ãîðíèòå ïðîãðàìêè, áÿõ ïóñíàë è VundoFix åòî è íåãîâîòî ëîã÷å:
VundoFix V6.6.2
Checking Java version...
Sun Java not detected
Scan started at 15:28:17 30.11.2007 ã.
Listing files found while scanning....
No infected files were found.
Beginning removal...Last edited by qtech; 1st December 2007 at 06:14.
-
1st December 2007 06:48 #4Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Èçêëþ÷è âðåìåííî àíòèâèðóñíàòà, íÿêîè îò ïðîãðàìêèòå êîèòî ïîëçâàìå áèÿò ôàëøèâà àëàðìà è àíòèâèðóñíàòà ìîæå äà ïîïðå÷è.
Çàïèøè äâàòà ïðèëîæåíè ôàéëà â ïàïêàòà íà ComboFix, ïðîâëà÷è CFScript.txt âúðõó èêîíêàòà íà ComboFix è èç÷àêàé äà çàâúðøè, ïðåäïîëàãàì ùå ðåñòàðòèðà.

Ñëåä ðåñòàðòà ïðåèìåíóâàé LSA.txt íà LSA.reg, íàòèñíè äâà ïúòè âúðõó LSA.reg è êàæè äàëè ùå êàæå íåùî êàòî "the information was successfully imported into registry".
Ïóñíè íîâèÿò C:\combofix.txt è ñëåä íåãî íîâ ëîã îò HiJackThis.
Ìîëÿ òå íåäåé ñìåíÿ øðèôòà íà ëîãîâåòå, íà ñâåòúë ñêèí åäâàì ñå ÷åòå.
edit: LSA.txt å òóê:
http://www.hardwarebg.com/forum/atta...0&d=1194810531
edit2: Âèäÿõ ÷å ñè ñúñ SP1, îñòàâèë ñúì òîâà ñëåä êàòî ïðèêëþ÷èì, èìàìå è messenger ñúðâèçà äà ñïðåì.
Áëàãîäàðÿ çà òîïëèòå äóìè, ôîðóìà å ïúëåí ñ õîðà, êîèòî ñà äîñòà ïî- çëàòíè.Last edited by ilko; 1st December 2007 at 06:56.
-
1st December 2007 08:55 #5Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Åòî è íîâèÿ combofix.txt: (êîìïà íå ðåñòàðòèðà ñëåä êàòî ñâúðøè combofix-à, è àç íå ãî ðåñòàðòèðàõ; ïúê è êîìïà ñå äúðæè êàòî ÷èñò, íèùî íå èçïëàêâà)
ComboFix 07-11-19.4C - pgp 2007-11-30 22:41:38.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.1.1251.1.1033.18.76 [GMT -8:00]
Running from: C:\Documents and Settings\pgp\Desktop\Inst\antivirus\Comb oFix\ComboFix.exe
Command switches used :: C:\Documents and Settings\pgp\Desktop\Inst\antivirus\Comb oFix\CFScript.txt
FILE
C:\WINDOWS\system32\cfrpn.exe
C:\WINDOWS\system32\eraseme_64782.exe
C:\WINDOWS\system32\ftask.exe
C:\WINDOWS\system32\hdbj.exe
C:\WINDOWS\system32\jxdw.exe
C:\WINDOWS\system32\nhydhe.exe
C:\WINDOWS\system32\nqppo.bak1
C:\WINDOWS\system32\nqppo.bak2
C:\WINDOWS\system32\nqppo.ini
C:\WINDOWS\system32\nqppo.ini2
C:\WINDOWS\system32\nqppo.tmp
C:\WINDOWS\system32\olive.exe
C:\WINDOWS\system32\oppqn.dll
C:\WINDOWS\system32\pdrs.exe
C:\WINDOWS\system32\SSQOOLK.VDLL
C:\WINDOWS\system32\Tilecomfree.com
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\umvhid.exe
C:\WINDOWS\system32\vxrku.exe
C:\WINDOWS\system32\vzfh.exe
C:\WINDOWS\system32\wbmry.exe
C:\WINDOWS\system32\yqsr.exe
C:\WINDOWS\system32\yrfjk.exe
C:\WINDOWS\system32\zrcr.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
C:\WINDOWS\system32\cfrpn.exe
C:\WINDOWS\system32\eraseme_64782.exe
C:\WINDOWS\system32\ftask.exe
C:\WINDOWS\system32\hdbj.exe
C:\WINDOWS\system32\jxdw.exe
C:\WINDOWS\system32\nhydhe.exe
C:\WINDOWS\system32\olive.exe
C:\WINDOWS\system32\pdrs.exe
C:\WINDOWS\system32\SSQOOLK.VDLL
C:\WINDOWS\system32\Tilecomfree.com
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\umvhid.exe
C:\WINDOWS\system32\vxrku.exe
C:\WINDOWS\system32\vzfh.exe
C:\WINDOWS\system32\wbmry.exe
C:\WINDOWS\system32\yqsr.exe
C:\WINDOWS\system32\yrfjk.exe
C:\WINDOWS\system32\zrcr.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.
2007-11-30 12:04 200,788 --a------ C:\WINDOWS\system32\drivers\NetPeeker.sy s
2007-11-30 12:03 <DIR> d-------- C:\Program Files\NetPeeker
2007-11-30 11:24 78,912 --a------ C:\WINDOWS\system32\kbctendg.dll
2007-11-28 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-28 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-28 15:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-28 13:38 17,720 --a------ C:\Documents and Settings\pgp\Application Data\GDIPFONTCACHEV1.DAT
2007-11-19 12:41 <DIR> d-------- C:\Program Files\Foxit Software
2007-11-15 12:38 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-12 15:41 <DIR> d-------- C:\Program Files\SA Dictionary 2005 T2
2007-11-12 15:41 299,520 --a------ C:\WINDOWS\uninst.exe
2007-11-12 14:07 <DIR> d-------- C:\Program Files\Winamp
2007-11-12 13:02 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\Skype
2007-11-12 13:01 <DIR> d-------- C:\Program Files\Skype
2007-11-12 13:01 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-11-12 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-11-12 13:00 <DIR> d--hs---- C:\Recycled
2007-11-12 12:06 <DIR> d-------- C:\Program Files\uTorrent
2007-11-12 12:05 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\uTorrent
2007-11-12 11:46 <DIR> d-------- C:\Program Files\QIP
2007-11-12 11:39 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\Talkback
2007-11-12 11:39 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-11-12 11:39 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-12 11:34 3,769 --a------ C:\WINDOWS\mozver.dat
2007-11-12 09:48 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-11-12 09:48 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-11-12 09:28 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-11-12 09:21 <DIR> d---s---- C:\Documents and Settings\pgp\UserData
2007-11-11 22:27 <DIR> d-------- C:\WUTemp
2007-11-11 22:26 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2007-11-11 22:26 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-11 22:23 <DIR> d--h----- C:\Program Files\Zenographics
2007-11-11 22:23 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-11-11 22:23 143,360 -ra------ C:\WINDOWS\apptune1020.exe
2007-11-11 08:16 313,344 --a------ C:\WINDOWS\system\OLE2.DLL
2007-11-11 08:16 298,240 --a------ C:\WINDOWS\system\MFC250.DLL
2007-11-11 08:16 157,184 --a------ C:\WINDOWS\system\STORAGE.DLL
2007-11-11 08:16 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
2007-11-11 08:16 142,592 --a------ C:\WINDOWS\system\TYPELIB.DLL
2007-11-11 08:16 102,400 --a------ C:\WINDOWS\system\COMPOBJ.DLL
2007-11-11 08:16 99,200 --a------ C:\WINDOWS\system\OLE2NLS.DLL
2007-11-11 08:16 90,144 --a------ C:\WINDOWS\system\OLE2DISP.DLL
2007-11-11 08:16 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
2007-11-11 08:15 <DIR> d-------- C:\Documents and Settings\pgp\WINDOWS
2007-11-11 08:15 <DIR> d-------- C:\COREL50
2007-11-11 08:15 55,808 --a------ C:\WINDOWS\system\OLE2PROX.DLL
2007-11-11 08:15 24,598 --a------ C:\WINDOWS\system\OLE2.REG
2007-11-11 08:15 21,648 --a------ C:\WINDOWS\system\CTL3DV2.DLL
2007-11-11 08:15 16,752 --a------ C:\WINDOWS\system\REGLOAD.EXE
2007-11-11 07:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-11 07:13 <DIR> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon .exe" [2002-08-29 12:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-12 09:47]
"NetPeeker"="C:\Program Files\NetPeeker\NPGUI.exe" [2007-09-09 22:44]
C:\Documents and Settings\pgp\Start Menu\Programs\Startup\
QIP 2005.lnk - C:\Program Files\QIP\qip.exe [2007-07-15 02:43:26]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 16:01:04]
R1 NetPeeker;NetPeeker;C:\WINDOWS\System32\ Drivers\NetPeeker.sys
*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
*Newly Created Service* - SHAREDACCESS
.
**************************************** **********************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 22:45:28
Windows 5.1.2600 Service Pack 1 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************** **********************************
.
Completion time: 2007-11-30 22:47:06
C:\ComboFix2.txt ... 2007-11-30 19:38
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 22:56:54, on 30.11.2007 ã.
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\nod32kui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\pgp\Desktop\Inst\antivirus\hija ckthis\MyScan.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NetPeeker] C:\Program Files\NetPeeker\NPGUI.exe Minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
===================================Last edited by qtech; 1st December 2007 at 09:04.
-
1st December 2007 20:00 #6Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Èçãëåæäà íàðåä, çà ïîñëåäíî äðúïíè SilentRunners.vbs, ëèíê èìà â ñòèêíàòàòà òåìà, ïóñíè ãî è èç÷àêàé 2-3 ìèíóòè äà çàâúðøè. Ïóñíè íîâèÿò ëîã òóê, íàé- äîáðå êàòî ïðèêðåïåí ôàéë.
Ñêàíèðàé îíëàéí - http://usa.kaspersky.com/products_se...us-scanner.php
è èçòðèé ðú÷íî àêî íàìåðè íåùî. Ñêàíèðàé ñúùî ñ http://downloads.ewido.net/ewido_micro.exe
Ñëîæè SP2, êàêòî è ñëåäâàùèòå úïäåéòè. Çàìèñëè ñå è äà ñìåíèø àíòèâèðóñíàòà òè ïðîãðàìà.
-
1st December 2007 22:35 #7Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Íå çíàì êàê ñå ïóñêà òîâà íåùî SilentRunners.vbs. Ìàé å visual basic script, íî íå çíàì êàêâî äà ãî ïðàâÿ :/ .
Êàñïåðñêè - â àòà÷ìåíòà
-
1st December 2007 22:49 #8Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Êàòî öúêíåø 2 ïúòè âúðõó íåãî íå òðúãâà ëè? Àêî íå- äåñåí áóòîí îòãîðå->open with->Microsift Windows Based Script Host
Èçòðèé ðú÷íî òîçè ôàéë:
C:\WINDOWS\system32\i
êàêòî è öÿëàòà ïàïêà C:\qoobox
Èçêëþ÷è è âêëþ÷è îáðàòíî System Restore:
http://www.hardwarebg.com/forum/show...51&postcount=1
1) 4) è 6)
-
2nd December 2007 02:18 #9Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Çíà÷è ïðîáëåìà ñúñ .vbs áèë ÷å ìîçèëàòà ìè ãî èçêàðâà íà ìîíèòîðà, à íå ãî äúðïà. Äðúïíàõ ãî äå, è ñè òðúãíà.
Ïîñëå, íåíàìåðèõ òàçè ïàïêà "i". Ñïåöèàëíî ïîãëåäíàõ äà íå áè ñêðèâàùèòå îïöè íå ñà âêëþ÷åíè, ïóñíàõ âñè÷êî íà ñâåòëî, íî íå ÿ íàìåðèõ.
Èçòðèõ "qoobox" îáà÷å.
Íå çíàì äàëè ìîãà ñúñ äèñê íà WIN XP SP2 äà úïãðåéäíà ñåãàøíèÿ ìè Win? èëè òðÿáâà ÷èñòà èíñòàëàöèÿ? Ùîòî íÿìàì ñàìî SP2.
Òå íå ñè ÷îâåê Èëêî, çëàòî ñè!
-
2nd December 2007 02:24 #10Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Òîâà íàïðàâè ëè?Èçêëþ÷è è âêëþ÷è îáðàòíî System Restore:
Ñ ewido micro ñêàíèðà ëè?
Èçòðèé ðú÷íî òîçè ôàéë:
C:\WINDOWS\system32\iSP2 äèðåêòíî îò èçâîðà:äðúïíè SilentRunners.vbs, ëèíê èìà â ñòèêíàòàòà òåìà, ïóñíè ãî è èç÷àêàé 2-3 ìèíóòè äà çàâúðøè. Ïóñíè íîâèÿò ëîã òóê, íàé- äîáðå êàòî ïðèêðåïåí ôàéë.
http://www.microsoft.com/downloads/i...35-SP2-ENU.exe
Ïðåäè äà ãî èíñòàëèðàø òðÿáâà äà ñìå ñèãóðíè, ÷å ñè 100% ÷èñò, ñúùî âñÿêàêâè àíòèâèðóñíè äà ñà ñïðÿíè.
Íå ÷îâåê, à ñòîìàíà
-
2nd December 2007 09:35 #11Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Èçêëþ÷èõ è âêëþ÷èõ System Restore. äîðè è åäíà òî÷êà íàïðàâèõ.
Ñ ewido micro ñêàíèðàõ: èçêàðà êúì 40-50 çàãëàâèÿ 5-10 îò êîèòî â ñèíüî. Íàòèñíàõ áóòîíà çà ... àêî ïîìíÿ âå÷å... ñïðàâÿíå ñ ãàäîâåòå è òî ìàõíà íåùàòà äåòî ãè ïîêàçà.
C:\WINDOWS\system32\i íå ãî íàìåðèõ! íÿìà ãî è òîëêîç. Äà íå áè ewido-òî, èëè íåùî äðóãî äåòî ñúì ïóñêàë äà ÿ å ìàõíàëî !??!
È SilentRunners.vbs ïóñíàõ. Ðàáîòè, ðàáîòè è ñïðÿ. Íå çíàì êàêâî å ïðàâèë.
-
2nd December 2007 20:38 #12Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Äîáðå ñè ñå ñïðàâèë, SilentRunners ïðàâè ëîã ôàéë â ñúùàòà ïàïêà, íåùî îò ñîðòà íà StartUp Programs èìåòî è ÷àñúò.txt. Òîçè ôàéë ìè òðÿáâà, ïðèëîæè ãî êàòî àòà÷ìúíò.
C:\WINDOWS\system32\i âåðîÿòíî íÿêîÿ ïðîãðàìà ãî å çàáúðñàëà.
Çà âñåêè ñëó÷àé ïóñíè òîçè CFscript.txt â ComboFix, êàêòî íàïðàâè ïúðâèÿò ïúò, ìîæå äà ïóñíåø è ëîã ôàéëà çàåäíî ñ äðóãèÿò.
-
2nd December 2007 21:26 #13Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
ïóñíàõ òîçè CFscript.txt â ComboFix.
Åãî ãè ëîãîâåòå! ïðèêà÷åíè.
Âèäÿõ ÷å ComboFix çàáúðñâà C:\WINDOWS\system32\i. úúúúLast edited by qtech; 2nd December 2007 at 21:32.
-
2nd December 2007 21:56 #14Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Âñè÷êî èçãëåæäà íàðåä, ìèñëÿ ÷å ìîæåø äà ñëàãàø SP2 ñïîêîéíî. Íå çàáðàâÿé äà èçêëþ÷èø àíòèâèðóñíàòà äîêàòî èíñòàëèðàø.
Àêî ñè ñ ïèðàòñêè êëþ÷ çà ÕÐ, SP2 ìîæå è äà çàïî÷íå äà ìðúíêà ÷å ñè ïèðàò, íå çíàì êàêâî ñà ñúòâîðèëè MS â ïîñëåäíèòå ìó èçäàíèÿ.
-
2nd December 2007 22:05 #15Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Æèâ è Çäðàâ äà ñè Èëêî!
-
2nd December 2007 22:06 #16
Äîêîëêîòî ðàçáèðàì ïðîáëåìà å ðåøåí.
Ìîãà ëè äà çàäàì íÿêîëêî âúïðîñà:
- çàùî Windows íå å áèë úïäåéòâàí?
- êàêâà àíòèâèðóñíà (è ïî-òî÷íî âåðñèÿ), çàùèòíè ñòåíè, antispyware-è è ò.í. ñà áèëè èçïîëçâàíè ÏÐÅÄÈ äà ñå ïèïíàò ãàäèíêèòå?
Ïðåäïîëàãàì îòãîâîðèòå ùå ñà èíòåðåñíè íå ñàìî çà ìåí..
-
2nd December 2007 22:45 #17Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Ñåãààà,
Òîâà å êîìï, êîéòî ìè å äàäåí çà ïîëçâàíå "êàêòî å".
Ìàëêè÷úê å è ìîæå áè çàòîâà ñîáñòâåíèêà ðåøè äà íå ìó ñëàãà SP2.
Àíòèâèðóñíàòà å NOD32. Õóáàâà, ëîøà, òîé å äîâîëåí, íÿìàë å ïðîáëåìè.
ÎÑÍÎÂÍÎ íà òîçè êîìï ñå ïîëçâà Ìîçèëà, Ñêàéï è ICQ/QIP
Íî àç ðåøèõ äà ñå ïîçàáàâëÿâàì è îòâîðèõ åäíà ñòðàíè÷êà...
È ïðîáëåìèòå ñè äîéäîõà
Îùå ñå ÷óäÿ äîðè, äàëè äà ñëàãàì SP2 èëè íå?!
Ìîæå áè ùå ñëîæà è AVGas êàòî äîïúëíèòåëíà ìÿðêà.
ñ 3GB HD ñúì è èìàì îùå 650MB ñâîáîäíè. Ùå âèäèì êàêâî ùå ïàâÿ.
ÏÑ Èíòåðåñíî ÷å äîñòà òðóäíî ãî èíñòàëíàõìå ÕÐ-òî. ñòèãà äîíÿêúäå è çàïåöâà, è òàêà íÿêîëêî ïúòè, ñ ðàçëè÷íè ïàêåòè. Íî íàêðàÿ òðúãíà è ñè âúðâè äîñòà ñòàáèëíî. È ÒÈÕÎ, ìíîãî å òèõ, äà å æèâ è çäðàâ.Last edited by qtech; 2nd December 2007 at 22:51.
-
2nd December 2007 22:51 #18
Çàùî íå ñè íàïðàâèø ñîáñòâåí èíñòàëàöèîíåí äèñê ñ nLite:
WinXP+SP2+Âñè÷êè Êðèòè÷íè Úïäåéòè.
Òàêà õåì ùå ñïåñòèø ìíîãî ìÿñòî íà ìàëêèÿ òâúðä äèñê, õåì ùå áúäåø ìíîãî ïî-äîáðå çàùèòåí.
Áåç úïäåéòè, êàêâèòî è çàùèòè äà ñëàãàø - óìðÿëà ðàáîòà.
Ñúâåòâàì òå äà èçïîëçâàø Acronis True Image, òàêà ÍÈÊÎÃÀ íÿìà äà ãóáèø ïîâå÷å îò 5 ìèí. àêî ñå çàðàçèø ñ íåùî â áúäåùå..
-
2nd December 2007 23:42 #19Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
Àìè... ïðîñòî íå ñúì íàÿñíî êàê ñå ïîëçâà òîâà íåùî nLite.
Çíàì ÷å ãî èìà íÿêúä èç íåòà, íî òî ìîæå ëè âñè÷êî äà çíàì...
Àêî íÿêîé ìå ñâåòíå íàêðàòêî êàê ñå ïîëçâà òîâà íåùî, èëè äà ïîäõâúðëè ëèíê ùå ñúì áëàãîäàðåí!
-
3rd December 2007 01:00 #20
-
3rd December 2007 01:34 #21
Èìàé ïîä ðúêà åäèí AVAST, òîé ñêàíèðà ïðè boot-âàíå íà ñèñòåìàòà è òðèå áåç ãàäèíèòå äà ìîãàò äà çàêëþ÷àò ôàéëîâåòå. Ñ êàêâàòî àíòèâèðóñíà äà ñè, àêî íÿìàø ãðèæà êúì êîìïþòúðà ñè, ùå ñå çàðàçÿâàø. À SP2 å ïîâå÷å îò çàäúëæèòåëåí. Ñúùî òàêà ñå íàäÿâàì è ÷å HTTP ñêåíåðà íà Nod32 å âêëþ÷åí, çàùîòî ïî ìîå ìíåíèå ñå ñïðàâÿ äîáðå ñúñ çàäà÷èòå ñè. Íî âñå ïàê - ïúðâàòà çàùèòà îò ãàäèíà å update-íàòàòà ñèñòåìà, ñëåäâàùàòà å Firewall-à è ÷àê íàêðàÿ àíòèâèðóñà (äà íå ñòèãàø äî íåÿ !) . Ðàçáèðà ñå òè êîíòðîëèðàø òåçè ïðîöåñè, òàêà ÷å îòãîâîðíîñòòà å â òâîè ðúöå.
-
3rd December 2007 02:32 #22Registered User
Join Date: Apr:2006
Location: Str
Posts: 46
îò ïðî÷åòåíîòî â http://hardwarebg.com/forum/showthread.php?t=88451
(ìàëêî ìíîæêî ìè äîéäå òîëêîâà èíôîðìàöèÿ íàêóï)
òà äîòóê ðàçáðàõ ÷å îñâåí nLight ùå òðÿáâà îùå äîñòà íåùà äà ïîíàó÷à, addon-è, ïàêåòè êëþ÷îâå è ïð.
à äàëè íÿìà ïðîãðàìêà, êîÿòî äà ìè ïðàâè ÑÄ, êîåòî ïðîñòî äà ìè âúçñòàíîâè win-à àêî íåùî ñå ñ÷óïè. Ìîæå áè òîâà äà ñà òåçè èìèäæè äåòî ñå ïðàâÿò êàòî Ghost íàïð. (äàíî íå áúðêàì ñ ïèñàíåòî)
è ïîñëå êàêâà å ðàçëèêàòà ìåæäó òîâà äåòî ïðàâè èìèäæèòå ñ nLight !?
-
3rd December 2007 04:28 #23Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Ñ òîâà ñâîáîäíî ìÿñòî- àáñóðä. Íàé- äîáðå å êàêòî Ðàäî òå ïîñúâåòâà åäèí äèñê ñ âñè÷êè úïäåéòè è äà çàïî÷íåòå íà ÷èñòî.
À çàùî ÕÐ, àìè íå 2000?
Ñ òîçè ìàëúê äèñê âåðîÿòíî èìèäæà ùå ñå ñúáèðà è íà 1 CD ïðè âèñîêà êîìïðåñèÿ. Ïîçàèíòåðåñóâàé ñå çà èìèäæ ïðîãðàìèòå è êàòî ñå îðèåíòèðàø ìàëêî ïèòàé êúäåòî ñå ñïúíåø.
-
3rd December 2007 04:31 #24
1. Ïðîãðàìàòà ñå êàçâà nLite è ïðîìåíÿ èíñòàëàöèîííèÿ òè äèñê (CD) íà Windows.
2. Ìîæå äà ðàçãëåäàø âèäåî ìàòåðèàëèòå, êîèòî ñà â ïîñëåäíèÿ ïîñò íà òåìàòà çà nLite è äà ïðåöåíèø âåäíàãà äàëè å çà òåá èëè íå. Êàêâî ïðàâè ïðîãðàìàòà, êàêâè ñà ïðåäèìñòâàòà è ò.í. ñè ïèøå â íà÷àëîòî.
3. Norton Ghost è Acronis True Image èìàò äðóãà öåë: òå ïðàâÿò òî÷íî êîïèå íà äÿëà, íà êîéòî å èíñòàëèðàíà îïåðàöèîííàòà ñèñòåìà. Àêî íåùî ñå ñêàïå, âðúùàò èíôîðìàöèÿòà òî÷íî òàêà, êàêòî å áèëà êàòî å áúë ñúçäàâàí image-à.
Äàíî ñúì áèë ïîëåçåí
.




Reply With Quote

Ïðîáëåìíà R9 280, àðòåôàêòè
7th May 2023, 21:28 in Âèäåîêàðòè