Results 1 to 24 of 24

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46

    Êàê íå ìîãà äà ñå ñïðàâÿ ñ ãàäèíèòå

    Áëàãîäàðÿ íà Èëêî çà ïîëåçíàòà òåìà!

    Ñêîðî ïèïíàõ åäíè ãàäèíè, òà ïðî÷åòîõ íåãîâàòà òåìà è ñå îïèòàõ äà ñå î÷èñòÿ íî... íå ìîæàõ.
    Êîãàòî èíñòàëèðàòå ãîðíèòå ïðîãðàìè ñå óâåðåòå ÷å ðåçèäåíòíèòå èì ìîäóëè ñà íåàêòèâíè èëè èçêëþ÷åíè, êàêòî è íà èíñòàëèðàíèòå ïðåäè àíòèâèðóñíè è àíòèøïèîíñêè ïðîãðàìè. Ìàé íå ìàõíàõ NOD-à, ïðåäè äà ãè èíñòàëèðàì.

    Èíà÷å òðÿáâà äà ñúì ñïàçèë ïðîöåäóðàòà, íî èìà (îùå) ãàäèíè.

    File: C:\WINDOWS\System32\ptdkuo.exe Threat: Poebot trojan
    C:\WINDOWS\System32\ces.exe IRC/SdBot trojan
    ...://82.98.235.78/netob/po'ki20071106.exe?uid=4E3B12269D9011DCB9 21F68490ECFFF... Threat: Adware.Ezula applikation
    C:\Documants and settings\pgp\Local Settings\Temporary Internet Files\Content...\poiu[1] Threat: Win32\TrojanDownloader.Tini.ID trojan
    Commaent(NOD): Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
    C:\Documants and settings\pgp\Locals..\Temp\bnspoalr.exe

    Îùå Treats:
    Win32/TrojanDownloader.Tini.ID trojan
    Win32/Adware Virtumonde application
    Win32/Adware Ezula Application
    Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.



    Òîâà óñïÿõ äà çàïèøà äîêàòî ìè èçëèçà ÷åðâåíèÿ ïðîçîðåö íà NOD-à

    Çàáåëÿçàõ, ÷å ïðîáëåìèòå ñïèðàò êîãàòî äèðåêòíî ñå âúðæà çà ìîäåìà, äîêàòî êîãàòî ñúì êúì ëîêàëíàò ìðåæè÷êà (ìîäåì>êîìïþòúð>swich>ìîÿ êîìï+îùå åäèí) âåäíàãà NOD-à èçïëàêâà è/èëè íÿêàêúâ Messenger Service. È èçïëàêâàò äîñòà ÷åñòî.
    Â÷åðà äîðè ìè èçêëþ÷è êîìïþòúðà è êàòî ñå îïèòâàõ ïîñëå äà ñå ëîãíà â Windows-à (êàêòî îáèêíîâåíî êàòî àäìèí :/) èçâåäå ñúîáùåíèå ÷å íÿêàêúâ ñúðâúð íåùî íå ìå äîïóñêàë... íå ñå ñåùàì òî÷íî. Íà ñóòðèíòà ñè òðúãíà (ïàê êúì swich-à).
    Äíåñ ñè ñëîæèõ Netpeeker, íî è òîé íå ïîìîãíà. Êèë-íàõ explore.exe è ñåãà ñúì áåç "ëåíòàòà íà çàäà÷èòå".

    Ñåãà ùå ðåñòàðòèðàì, è ïî-êúñíî àêî îùå ìè å æèâ êîìïà, ùå ïóñíà HiJackThis è ùå äîïúëíÿ ñ ëîãà îò íåãî.

    Eòî ãî è íåãî:
    Logfile of HijackThis v1.99.1
    Scan saved at 15:19:50, on 30.11.2007 ã.
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\NetPeeker\NPGUI.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\QIP\qip.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\pgp\Desktop\Inst\antivirus\hija ckthis\MyScan.exe

    O2 - BHO: (no name) - {17B88DF7-95AB-44DA-8ECD-5FF0B6CAEC67} - C:\WINDOWS\System32\awtqnkh.dll (file missing)
    O2 - BHO: (no name) - {29456A27-BCCA-4E9A-9D79-9C5C37C250BF} - C:\WINDOWS\System32\oppqn.dll
    O2 - BHO: {fbc81597-de68-3fa9-fd34-8238ec488654} - {456884ce-8328-43df-9af3-86ed79518cbf} - C:\WINDOWS\System32\dhretgto.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NetPeeker] C:\Program Files\NetPeeker\NPGUI.exe Minimize
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe


    VundoFix íå íàìåðè íèùî.
    À è ñëåä ïîñëåäíèÿ ðåñòàðò íèùî íå èçëèçà.
    --------
    Åòî êàêâî ìè èçêàðà Netpeeker-à çà 82.98.235.78:

    Local Information:
    Address: localhost
    Port: 1321


    Remote Information:
    Address: 82.98.235.77
    DNS name: iontrata.com
    Port: 80 (http, World Wide Web HTTP)
    Orgnization: Cyber Technology BV BA/SPRL
    Belgium
    Net Range: 82.98.235.0 - 82.98.235.255
    Country: Netherlands
    Comment: **************************************** ***
    * Abuse contact: abuse@mycyberhosting.net *
    **************************************** ***

    Admin Contact:
    Name: Oliver van Loven
    Address: Cyber Technology BVBA/SPRL
    56 Avenue du printemps
    1410 Waterloo Brussels
    Belgium
    Phone: +32 2 479 87 16
    Fax-no: +32 2 479 87 16
    E-mail: leole@infonie.be

    Tech Contact:
    Other Contacts:


    Domain Name Information:
    Registrant:
    Gerald Inc
    Tas vezer u. 62.
    Tolnanemedi, Tolnanemedi 7083
    HU

    Domain name: IONTRATA.COM

    Administrative Contact:
    E. Parris, Gerald no_name_inc@yahoo.com
    Tas vezer u. 62.
    Tolnanemedi, Tolnanemedi 7083
    HU
    +1.416555112251234
    Technical Contact:
    E. Parris, Gerald no_name_inc@yahoo.com
    Tas vezer u. 62.
    Tolnanemedi, Tolnanemedi 7083
    HU
    +1.416555112251234


    Registrar of Record: TUCOWS, INC.
    Record last updated on 11-Sep-2007.
    Record expires on 10-Sep-2008.
    Record created on 10-Sep-2007.

    Registrar Domain Name Help Center:
    http://domainhelp.tucows.com

    Domain servers in listed order:
    NS1.IONTRATA.COM 89.188.16.12
    NS2.IONTRATA.COM 82.98.235.155


    Domain status: ok

    The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
    for information purposes only, and may be used to assist you in obtaining
    information about or related to a domain name's registration record.

    Tucows makes this information available "as is," and does not guarantee its
    accuracy.

    By submitting a WHOIS query, you agree that you will use this data only for
    lawful purposes and that, under no circumstances will you use this data to:
    a) allow, enable, or otherwise support the transmission by e-mail,
    telephone, or facsimile of mass, unsolicited, commercial advertising or
    solicitations to entities other than the data recipient's own existing
    customers; or (b) enable high volume, automated, electronic processes that
    send queries or data to the systems of any Registry Operator or
    ICANN-Accredited registrar, except as reasonably necessary to register
    domain names or modify existing registrations.

    The compilation, repackaging, dissemination or other use of this Data is
    expressly prohibited without the prior written consent of Tucows.

    Tucows reserves the right to terminate your access to the Tucows WHOIS
    database in its sole discretion, including without limitation, for excessive
    querying of the WHOIS database or for failure to otherwise abide by this
    policy.

    Tucows reserves the right to modify these terms at any time.

    By submitting this query, you agree to abide by these terms.

    NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
    RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
    Last edited by qtech; 1st December 2007 at 02:23.

  2. #2
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Ðåñòàðòèðàé â Safe Mode, ïóñíè HiJackThis è ñëîæè îòìåòêè íà ñëåäíèòå:
    O2 - BHO: (no name) - {17B88DF7-95AB-44DA-8ECD-5FF0B6CAEC67} - C:\WINDOWS\System32\awtqnkh.dll (file missing)
    O2 - BHO: (no name) - {29456A27-BCCA-4E9A-9D79-9C5C37C250BF} - C:\WINDOWS\System32\oppqn.dll
    O2 - BHO: {fbc81597-de68-3fa9-fd34-8238ec488654} - {456884ce-8328-43df-9af3-86ed79518cbf} - C:\WINDOWS\System32\dhretgto.dll
    O20 - Winlogon Notify: awtqnkh - awtqnkh.dll (file missing)
    Íàòèñíè Fix Checked.
    Êàòî çàâúðøè ðåñòàðòèðàé íîðìàëíî.

    Ïóñíè SmitFraudFix, è ïóñíè ëîãà ìó êàòî çàâúðøè.

    Äðúïíè ïîñëåäíàòà âåðñèÿ íà HiJackThis îò òóê è ïóñíè íîâ ëîã.

    Äðúïíè ComboFix, çàïèøè ãî íà äåñêòîïà è ãî ïóñíè, àêî ïîèñêà äà ðåñòàðòèðà ìó ðàçðåøè èëè íå ñå ó÷óäâàé àêî ãî íàïðàâè ñàì. Ñëåä êàòî ñâúðøè â C:\ ùå èìàø combofix.txt èëè .log, çàêà÷è ãî â ñëåäâàùèÿò òè ïîñò.

  3. #3
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46

    Show must go on

    Ïúðâî äà äîáàâÿ ÷å çàáðàâèõ: ÎÑ: WIN XP pro SP1

     safe mode îñâåí íÿêîëêîòî ïðåäóïðåæäåíèÿ ÷å ñúì â òîçè ðåæèì, ìè îñòàâàøå ÷åðåí åêðàí ñàìî ñ íàäïèñèòå safe mode ïî úãëèòå. Äàâàøå ìè ìàëêî âðåìå íîðìàëíà ðàáîòà (â safe mode) Òà, â íîðìàëåí ðåæèì ñè íàïðàâèõ ïðåïðàòêè íà äåñêòîïà è ïîñëå â safe mode óñïÿõ äà ãè ñòàðòèðàì, ìàêàð ÷å ïàê ìè èç÷åçâàøå äîëó ëåíòàòà íà çàäà÷èòå.

    È òàêà åòî è ëîãîâåòå:

    SmitFraudFix v2.256

    Scan done at 19:26:00,39, 30.11.2007 £.
    Run from C:\Documents and Settings\pgp\Desktop\Inst\antivirus\Smit fraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\NetPeeker\NPGUI.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\QIP\qip.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    hosts file corrupted !

    127.0.0.1 mpa.one.microsoft.com

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pgp


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\pgp\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\pgp\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.0.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8215F AEF-9904-4FF1-844A-6B14F8B5BF79}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8215F AEF-9904-4FF1-844A-6B14F8B5BF79}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{8215F AEF-9904-4FF1-844A-6B14F8B5BF79}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameter s: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameter s: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameter s: DhcpNameServer=192.168.0.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:29:43, on 30.11.2007 ã.
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\NetPeeker\NPGUI.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\QIP\qip.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\pgp\Desktop\Inst\antivirus\HiJa ckThis2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: (no name) - {AB7337F9-F898-4B75-AF8E-41D8AFF142BD} - C:\WINDOWS\System32\oppqn.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NetPeeker] C:\Program Files\NetPeeker\NPGUI.exe Minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    --
    End of file - 1863 bytes



    ComboFix 07-11-19.4C - pgp 2007-11-30 19:33:28.1 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.1.1251.1.1033.18.74 [GMT -8:00]
    Running from: C:\Documents and Settings\pgp\Desktop\Inst\antivirus\Comb oFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
    .

    C:\WINDOWS\system32\nqppo.bak1
    C:\WINDOWS\system32\nqppo.bak2
    C:\WINDOWS\system32\nqppo.ini
    C:\WINDOWS\system32\nqppo.ini2
    C:\WINDOWS\system32\nqppo.tmp
    C:\WINDOWS\system32\oppqn.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
    .

    2007-11-30 19:26 1,358 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-30 17:22 1,600 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
    2007-11-30 15:28 <DIR> d-------- C:\VundoFix Backups
    2007-11-30 12:04 200,788 --a------ C:\WINDOWS\system32\drivers\NetPeeker.sy s
    2007-11-30 12:03 <DIR> d-------- C:\Program Files\NetPeeker
    2007-11-29 23:29 0 --a------ C:\WINDOWS\system32\Tilecomfree.com
    2007-11-28 23:33 69 --a------ C:\WINDOWS\system32\i
    2007-11-28 23:33 0 --a------ C:\WINDOWS\system32\eraseme_64782.exe
    2007-11-28 22:11 38,400 --a------ C:\WINDOWS\system32\SSQOOLK.VDLL
    2007-11-28 19:56 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-11-28 19:56 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2007-11-28 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-28 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-28 15:15 <DIR> d-------- C:\Program Files\Lavasoft
    2007-11-28 13:38 17,720 --a------ C:\Documents and Settings\pgp\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-28 00:51 61,440 --a------ C:\WINDOWS\system32\zrcr.exe
    2007-11-28 00:51 61,440 --------- C:\WINDOWS\system32\wbmry.exe
    2007-11-28 00:49 61,440 --------- C:\WINDOWS\system32\yrfjk.exe
    2007-11-28 00:49 61,440 --------- C:\WINDOWS\system32\cfrpn.exe
    2007-11-28 00:43 61,440 --------- C:\WINDOWS\system32\yqsr.exe
    2007-11-28 00:43 61,440 --------- C:\WINDOWS\system32\olive.exe
    2007-11-28 00:41 61,440 --------- C:\WINDOWS\system32\umvhid.exe
    2007-11-28 00:41 61,440 --------- C:\WINDOWS\system32\ftask.exe
    2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\vzfh.exe
    2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\vxrku.exe
    2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\pdrs.exe
    2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\nhydhe.exe
    2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\jxdw.exe
    2007-11-28 00:40 61,440 --------- C:\WINDOWS\system32\hdbj.exe
    2007-11-21 21:50 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
    2007-11-21 21:50 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2007-11-19 12:41 <DIR> d-------- C:\Program Files\Foxit Software
    2007-11-15 12:38 126,976 --a------ C:\WINDOWS\system32\hpgt34tk.dll
    2007-11-15 12:38 126,976 --a------ C:\WINDOWS\system32\dllcache\hpgt34tk.dl l
    2007-11-15 12:38 101,376 --a------ C:\WINDOWS\system32\hpgt34.dll
    2007-11-15 12:38 101,376 --a------ C:\WINDOWS\system32\dllcache\hpgt34.dll
    2007-11-15 12:38 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
    2007-11-15 12:38 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dl l
    2007-11-15 12:38 32,768 --a------ C:\WINDOWS\system32\hpgtmcro.dll
    2007-11-15 12:38 32,768 --a------ C:\WINDOWS\system32\dllcache\hpgtmcro.dl l
    2007-11-15 12:38 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-11-15 12:38 14,208 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2007-11-12 15:41 <DIR> d-------- C:\Program Files\SA Dictionary 2005 T2
    2007-11-12 15:41 299,520 --a------ C:\WINDOWS\uninst.exe
    2007-11-12 14:07 <DIR> d-------- C:\Program Files\Winamp
    2007-11-12 13:02 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\Skype
    2007-11-12 13:01 <DIR> d-------- C:\Program Files\Skype
    2007-11-12 13:01 <DIR> d-------- C:\Program Files\Common Files\Skype
    2007-11-12 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-11-12 13:00 <DIR> d--hs---- C:\Recycled
    2007-11-12 12:06 <DIR> d-------- C:\Program Files\uTorrent
    2007-11-12 12:05 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\uTorrent
    2007-11-12 11:46 <DIR> d-------- C:\Program Files\QIP
    2007-11-12 11:39 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\Talkback
    2007-11-12 11:39 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
    2007-11-12 11:39 0 --a------ C:\WINDOWS\nsreg.dat
    2007-11-12 11:34 3,769 --a------ C:\WINDOWS\mozver.dat
    2007-11-12 09:48 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2007-11-12 09:48 270,336 --a------ C:\WINDOWS\system32\imon.dll
    2007-11-12 09:28 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-11-12 09:28 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
    2007-11-12 09:28 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-11-12 09:28 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2007-11-12 09:28 33,624 --a------ C:\WINDOWS\system32\wups.dll
    2007-11-12 09:21 <DIR> d---s---- C:\Documents and Settings\pgp\UserData
    2007-11-11 22:27 <DIR> d-------- C:\WUTemp
    2007-11-11 22:26 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
    2007-11-11 22:26 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-11-11 22:26 24,960 --a------ C:\WINDOWS\system32\dllcache\usbprint.sy s
    2007-11-11 22:23 <DIR> d--h----- C:\Program Files\Zenographics
    2007-11-11 22:23 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-11-11 22:23 143,360 -ra------ C:\WINDOWS\apptune1020.exe
    2007-11-11 22:23 86,016 -ra------ C:\WINDOWS\system32\ZLhp1020.dll
    2007-11-11 08:16 313,344 --a------ C:\WINDOWS\system\OLE2.DLL
    2007-11-11 08:16 298,240 --a------ C:\WINDOWS\system\MFC250.DLL
    2007-11-11 08:16 157,184 --a------ C:\WINDOWS\system\STORAGE.DLL
    2007-11-11 08:16 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
    2007-11-11 08:16 142,592 --a------ C:\WINDOWS\system\TYPELIB.DLL
    2007-11-11 08:16 102,400 --a------ C:\WINDOWS\system\COMPOBJ.DLL
    2007-11-11 08:16 99,200 --a------ C:\WINDOWS\system\OLE2NLS.DLL
    2007-11-11 08:16 90,144 --a------ C:\WINDOWS\system\OLE2DISP.DLL
    2007-11-11 08:16 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
    2007-11-11 08:15 <DIR> d-------- C:\Documents and Settings\pgp\WINDOWS
    2007-11-11 08:15 <DIR> d-------- C:\COREL50
    2007-11-11 08:15 55,808 --a------ C:\WINDOWS\system\OLE2PROX.DLL
    2007-11-11 08:15 24,598 --a------ C:\WINDOWS\system\OLE2.REG
    2007-11-11 08:15 21,648 --a------ C:\WINDOWS\system\CTL3DV2.DLL
    2007-11-11 08:15 16,752 --a------ C:\WINDOWS\system\REGLOAD.EXE
    2007-11-11 07:45 21,760 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
    2007-11-11 07:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-11-11 07:13 <DIR> d-------- C:\WINDOWS\ShellNew

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
    .
    2007-11-30 19:24 78,912 ----a-w C:\WINDOWS\system32\kbctendg.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon .exe" [2002-08-29 12:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-12 09:47]
    "NetPeeker"="C:\Program Files\NetPeeker\NPGUI.exe" [2007-09-09 22:44]

    C:\Documents and Settings\pgp\Start Menu\Programs\Startup\
    QIP 2005.lnk - C:\Program Files\QIP\qip.exe [2007-07-15 02:43:26]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 16:01:04]

    [HKEY_LOCAL_MACHINE\system\currentcontrol set\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\System32\oppqn.dll

    R1 NetPeeker;NetPeeker;C:\WINDOWS\System32\ Drivers\NetPeeker.sys

    *Newly Created Service* - ALG
    *Newly Created Service* - IPNAT
    *Newly Created Service* - SHAREDACCESS
    .
    **************************************** **********************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-30 19:37:35
    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************** **********************************
    .
    Completion time: 2007-11-30 19:38:12 - machine was rebooted
    .
    --- E O F ---


    Àìè òîâà å. Âñå îùå íå ìè èçïëàêâà NOD-à è äðóãèÿ òàì, messenger.
    Ïàê áëàãîäàðíîñòè íà Èëêî! Èëêî, òè íå ñè ÷îâåê - òè ñè çëàòî. Íåçàâèñèìî äàëè ùå ñè î÷èñòÿ èëè íå ìàøèíàòà.

    Çàáðàâèõ äà êàæà, ÷å ïðåäè ñåãà äà ïóñíà ãîðíèòå ïðîãðàìêè, áÿõ ïóñíàë è VundoFix åòî è íåãîâîòî ëîã÷å:

    VundoFix V6.6.2

    Checking Java version...

    Sun Java not detected
    Scan started at 15:28:17 30.11.2007 ã.

    Listing files found while scanning....

    No infected files were found.


    Beginning removal...
    Last edited by qtech; 1st December 2007 at 06:14.

  4. #4
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Èçêëþ÷è âðåìåííî àíòèâèðóñíàòà, íÿêîè îò ïðîãðàìêèòå êîèòî ïîëçâàìå áèÿò ôàëøèâà àëàðìà è àíòèâèðóñíàòà ìîæå äà ïîïðå÷è.

    Çàïèøè äâàòà ïðèëîæåíè ôàéëà â ïàïêàòà íà ComboFix, ïðîâëà÷è CFScript.txt âúðõó èêîíêàòà íà ComboFix è èç÷àêàé äà çàâúðøè, ïðåäïîëàãàì ùå ðåñòàðòèðà.


    Ñëåä ðåñòàðòà ïðåèìåíóâàé LSA.txt íà LSA.reg, íàòèñíè äâà ïúòè âúðõó LSA.reg è êàæè äàëè ùå êàæå íåùî êàòî "the information was successfully imported into registry".

    Ïóñíè íîâèÿò C:\combofix.txt è ñëåä íåãî íîâ ëîã îò HiJackThis.

    Ìîëÿ òå íåäåé ñìåíÿ øðèôòà íà ëîãîâåòå, íà ñâåòúë ñêèí åäâàì ñå ÷åòå.

    edit: LSA.txt å òóê:
    http://www.hardwarebg.com/forum/atta...0&d=1194810531

    edit2: Âèäÿõ ÷å ñè ñúñ SP1, îñòàâèë ñúì òîâà ñëåä êàòî ïðèêëþ÷èì, èìàìå è messenger ñúðâèçà äà ñïðåì.
    Áëàãîäàðÿ çà òîïëèòå äóìè, ôîðóìà å ïúëåí ñ õîðà, êîèòî ñà äîñòà ïî- çëàòíè.
    Attached Files
    Last edited by ilko; 1st December 2007 at 06:56.

  5. #5
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    Åòî è íîâèÿ combofix.txt: (êîìïà íå ðåñòàðòèðà ñëåä êàòî ñâúðøè combofix-à, è àç íå ãî ðåñòàðòèðàõ; ïúê è êîìïà ñå äúðæè êàòî ÷èñò, íèùî íå èçïëàêâà)

    ComboFix 07-11-19.4C - pgp 2007-11-30 22:41:38.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.1.1251.1.1033.18.76 [GMT -8:00]
    Running from: C:\Documents and Settings\pgp\Desktop\Inst\antivirus\Comb oFix\ComboFix.exe
    Command switches used :: C:\Documents and Settings\pgp\Desktop\Inst\antivirus\Comb oFix\CFScript.txt

    FILE
    C:\WINDOWS\system32\cfrpn.exe
    C:\WINDOWS\system32\eraseme_64782.exe
    C:\WINDOWS\system32\ftask.exe
    C:\WINDOWS\system32\hdbj.exe
    C:\WINDOWS\system32\jxdw.exe
    C:\WINDOWS\system32\nhydhe.exe
    C:\WINDOWS\system32\nqppo.bak1
    C:\WINDOWS\system32\nqppo.bak2
    C:\WINDOWS\system32\nqppo.ini
    C:\WINDOWS\system32\nqppo.ini2
    C:\WINDOWS\system32\nqppo.tmp
    C:\WINDOWS\system32\olive.exe
    C:\WINDOWS\system32\oppqn.dll
    C:\WINDOWS\system32\pdrs.exe
    C:\WINDOWS\system32\SSQOOLK.VDLL
    C:\WINDOWS\system32\Tilecomfree.com
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\umvhid.exe
    C:\WINDOWS\system32\vxrku.exe
    C:\WINDOWS\system32\vzfh.exe
    C:\WINDOWS\system32\wbmry.exe
    C:\WINDOWS\system32\yqsr.exe
    C:\WINDOWS\system32\yrfjk.exe
    C:\WINDOWS\system32\zrcr.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
    .

    C:\WINDOWS\system32\cfrpn.exe
    C:\WINDOWS\system32\eraseme_64782.exe
    C:\WINDOWS\system32\ftask.exe
    C:\WINDOWS\system32\hdbj.exe
    C:\WINDOWS\system32\jxdw.exe
    C:\WINDOWS\system32\nhydhe.exe
    C:\WINDOWS\system32\olive.exe
    C:\WINDOWS\system32\pdrs.exe
    C:\WINDOWS\system32\SSQOOLK.VDLL
    C:\WINDOWS\system32\Tilecomfree.com
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\umvhid.exe
    C:\WINDOWS\system32\vxrku.exe
    C:\WINDOWS\system32\vzfh.exe
    C:\WINDOWS\system32\wbmry.exe
    C:\WINDOWS\system32\yqsr.exe
    C:\WINDOWS\system32\yrfjk.exe
    C:\WINDOWS\system32\zrcr.exe

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
    .

    2007-11-30 12:04 200,788 --a------ C:\WINDOWS\system32\drivers\NetPeeker.sy s
    2007-11-30 12:03 <DIR> d-------- C:\Program Files\NetPeeker
    2007-11-30 11:24 78,912 --a------ C:\WINDOWS\system32\kbctendg.dll
    2007-11-28 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-28 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-28 15:15 <DIR> d-------- C:\Program Files\Lavasoft
    2007-11-28 13:38 17,720 --a------ C:\Documents and Settings\pgp\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-19 12:41 <DIR> d-------- C:\Program Files\Foxit Software
    2007-11-15 12:38 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2007-11-12 15:41 <DIR> d-------- C:\Program Files\SA Dictionary 2005 T2
    2007-11-12 15:41 299,520 --a------ C:\WINDOWS\uninst.exe
    2007-11-12 14:07 <DIR> d-------- C:\Program Files\Winamp
    2007-11-12 13:02 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\Skype
    2007-11-12 13:01 <DIR> d-------- C:\Program Files\Skype
    2007-11-12 13:01 <DIR> d-------- C:\Program Files\Common Files\Skype
    2007-11-12 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-11-12 13:00 <DIR> d--hs---- C:\Recycled
    2007-11-12 12:06 <DIR> d-------- C:\Program Files\uTorrent
    2007-11-12 12:05 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\uTorrent
    2007-11-12 11:46 <DIR> d-------- C:\Program Files\QIP
    2007-11-12 11:39 <DIR> d-------- C:\Documents and Settings\pgp\Application Data\Talkback
    2007-11-12 11:39 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
    2007-11-12 11:39 0 --a------ C:\WINDOWS\nsreg.dat
    2007-11-12 11:34 3,769 --a------ C:\WINDOWS\mozver.dat
    2007-11-12 09:48 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2007-11-12 09:48 270,336 --a------ C:\WINDOWS\system32\imon.dll
    2007-11-12 09:28 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-11-12 09:21 <DIR> d---s---- C:\Documents and Settings\pgp\UserData
    2007-11-11 22:27 <DIR> d-------- C:\WUTemp
    2007-11-11 22:26 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
    2007-11-11 22:26 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-11-11 22:23 <DIR> d--h----- C:\Program Files\Zenographics
    2007-11-11 22:23 <DIR> d-------- C:\Program Files\Hewlett-Packard
    2007-11-11 22:23 143,360 -ra------ C:\WINDOWS\apptune1020.exe
    2007-11-11 08:16 313,344 --a------ C:\WINDOWS\system\OLE2.DLL
    2007-11-11 08:16 298,240 --a------ C:\WINDOWS\system\MFC250.DLL
    2007-11-11 08:16 157,184 --a------ C:\WINDOWS\system\STORAGE.DLL
    2007-11-11 08:16 146,976 --a------ C:\WINDOWS\system\MFCOLEUI.DLL
    2007-11-11 08:16 142,592 --a------ C:\WINDOWS\system\TYPELIB.DLL
    2007-11-11 08:16 102,400 --a------ C:\WINDOWS\system\COMPOBJ.DLL
    2007-11-11 08:16 99,200 --a------ C:\WINDOWS\system\OLE2NLS.DLL
    2007-11-11 08:16 90,144 --a------ C:\WINDOWS\system\OLE2DISP.DLL
    2007-11-11 08:16 57,328 --a------ C:\WINDOWS\system\OLE2CONV.DLL
    2007-11-11 08:15 <DIR> d-------- C:\Documents and Settings\pgp\WINDOWS
    2007-11-11 08:15 <DIR> d-------- C:\COREL50
    2007-11-11 08:15 55,808 --a------ C:\WINDOWS\system\OLE2PROX.DLL
    2007-11-11 08:15 24,598 --a------ C:\WINDOWS\system\OLE2.REG
    2007-11-11 08:15 21,648 --a------ C:\WINDOWS\system\CTL3DV2.DLL
    2007-11-11 08:15 16,752 --a------ C:\WINDOWS\system\REGLOAD.EXE
    2007-11-11 07:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2007-11-11 07:13 <DIR> d-------- C:\WINDOWS\ShellNew

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\System32\ctfmon .exe" [2002-08-29 12:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-11-12 09:47]
    "NetPeeker"="C:\Program Files\NetPeeker\NPGUI.exe" [2007-09-09 22:44]

    C:\Documents and Settings\pgp\Start Menu\Programs\Startup\
    QIP 2005.lnk - C:\Program Files\QIP\qip.exe [2007-07-15 02:43:26]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-12 16:01:04]

    R1 NetPeeker;NetPeeker;C:\WINDOWS\System32\ Drivers\NetPeeker.sys

    *Newly Created Service* - ALG
    *Newly Created Service* - IPNAT
    *Newly Created Service* - SHAREDACCESS
    .
    **************************************** **********************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-30 22:45:28
    Windows 5.1.2600 Service Pack 1 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************** **********************************
    .
    Completion time: 2007-11-30 22:47:06
    C:\ComboFix2.txt ... 2007-11-30 19:38
    .
    --- E O F ---





    Logfile of HijackThis v1.99.1
    Scan saved at 22:56:54, on 30.11.2007 ã.
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\QIP\qip.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\ESET\nod32kui.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\pgp\Desktop\Inst\antivirus\hija ckthis\MyScan.exe

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NetPeeker] C:\Program Files\NetPeeker\NPGUI.exe Minimize
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: QIP 2005.lnk = C:\Program Files\QIP\qip.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    ===================================
    Last edited by qtech; 1st December 2007 at 09:04.

  6. #6
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Èçãëåæäà íàðåä, çà ïîñëåäíî äðúïíè SilentRunners.vbs, ëèíê èìà â ñòèêíàòàòà òåìà, ïóñíè ãî è èç÷àêàé 2-3 ìèíóòè äà çàâúðøè. Ïóñíè íîâèÿò ëîã òóê, íàé- äîáðå êàòî ïðèêðåïåí ôàéë.
    Ñêàíèðàé îíëàéí - http://usa.kaspersky.com/products_se...us-scanner.php

    è èçòðèé ðú÷íî àêî íàìåðè íåùî. Ñêàíèðàé ñúùî ñ http://downloads.ewido.net/ewido_micro.exe

    Ñëîæè SP2, êàêòî è ñëåäâàùèòå úïäåéòè. Çàìèñëè ñå è äà ñìåíèø àíòèâèðóñíàòà òè ïðîãðàìà.

  7. #7
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    Íå çíàì êàê ñå ïóñêà òîâà íåùî SilentRunners.vbs. Ìàé å visual basic script, íî íå çíàì êàêâî äà ãî ïðàâÿ :/ .

    Êàñïåðñêè - â àòà÷ìåíòà
    Attached Files

  8. #8
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Quote Originally Posted by qtech View Post
    Íå çíàì êàê ñå ïóñêà òîâà íåùî SilentRunners.vbs. Ìàé å visual basic script, íî íå çíàì êàêâî äà ãî ïðàâÿ :/ .

    Êàñïåðñêè - â àòà÷ìåíòà
    Êàòî öúêíåø 2 ïúòè âúðõó íåãî íå òðúãâà ëè? Àêî íå- äåñåí áóòîí îòãîðå->open with->Microsift Windows Based Script Host

    Èçòðèé ðú÷íî òîçè ôàéë:
    C:\WINDOWS\system32\i

    êàêòî è öÿëàòà ïàïêà C:\qoobox

    Èçêëþ÷è è âêëþ÷è îáðàòíî System Restore:
    http://www.hardwarebg.com/forum/show...51&postcount=1
    1) 4) è 6)

  9. #9
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    Çíà÷è ïðîáëåìà ñúñ .vbs áèë ÷å ìîçèëàòà ìè ãî èçêàðâà íà ìîíèòîðà, à íå ãî äúðïà. Äðúïíàõ ãî äå, è ñè òðúãíà.

    Ïîñëå, íåíàìåðèõ òàçè ïàïêà "i". Ñïåöèàëíî ïîãëåäíàõ äà íå áè ñêðèâàùèòå îïöè íå ñà âêëþ÷åíè, ïóñíàõ âñè÷êî íà ñâåòëî, íî íå ÿ íàìåðèõ.
    Èçòðèõ "qoobox" îáà÷å.

    Íå çíàì äàëè ìîãà ñúñ äèñê íà WIN XP SP2 äà úïãðåéäíà ñåãàøíèÿ ìè Win? èëè òðÿáâà ÷èñòà èíñòàëàöèÿ? Ùîòî íÿìàì ñàìî SP2.

    Òå íå ñè ÷îâåê Èëêî, çëàòî ñè!

  10. #10
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Èçêëþ÷è è âêëþ÷è îáðàòíî System Restore:
    Òîâà íàïðàâè ëè?
    Ñ ewido micro ñêàíèðà ëè?

    Èçòðèé ðú÷íî òîçè ôàéë:
    C:\WINDOWS\system32\i
    äðúïíè SilentRunners.vbs, ëèíê èìà â ñòèêíàòàòà òåìà, ïóñíè ãî è èç÷àêàé 2-3 ìèíóòè äà çàâúðøè. Ïóñíè íîâèÿò ëîã òóê, íàé- äîáðå êàòî ïðèêðåïåí ôàéë.
    SP2 äèðåêòíî îò èçâîðà:
    http://www.microsoft.com/downloads/i...35-SP2-ENU.exe
    Ïðåäè äà ãî èíñòàëèðàø òðÿáâà äà ñìå ñèãóðíè, ÷å ñè 100% ÷èñò, ñúùî âñÿêàêâè àíòèâèðóñíè äà ñà ñïðÿíè.

    Íå ÷îâåê, à ñòîìàíà

  11. #11
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    Èçêëþ÷èõ è âêëþ÷èõ System Restore. äîðè è åäíà òî÷êà íàïðàâèõ.
    Ñ ewido micro ñêàíèðàõ: èçêàðà êúì 40-50 çàãëàâèÿ 5-10 îò êîèòî â ñèíüî. Íàòèñíàõ áóòîíà çà ... àêî ïîìíÿ âå÷å... ñïðàâÿíå ñ ãàäîâåòå è òî ìàõíà íåùàòà äåòî ãè ïîêàçà.

    C:\WINDOWS\system32\i íå ãî íàìåðèõ! íÿìà ãî è òîëêîç. Äà íå áè ewido-òî, èëè íåùî äðóãî äåòî ñúì ïóñêàë äà ÿ å ìàõíàëî !??!

    È SilentRunners.vbs ïóñíàõ. Ðàáîòè, ðàáîòè è ñïðÿ. Íå çíàì êàêâî å ïðàâèë.

  12. #12
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Äîáðå ñè ñå ñïðàâèë, SilentRunners ïðàâè ëîã ôàéë â ñúùàòà ïàïêà, íåùî îò ñîðòà íà StartUp Programs èìåòî è ÷àñúò.txt. Òîçè ôàéë ìè òðÿáâà, ïðèëîæè ãî êàòî àòà÷ìúíò.
    C:\WINDOWS\system32\i âåðîÿòíî íÿêîÿ ïðîãðàìà ãî å çàáúðñàëà.
    Çà âñåêè ñëó÷àé ïóñíè òîçè CFscript.txt â ComboFix, êàêòî íàïðàâè ïúðâèÿò ïúò, ìîæå äà ïóñíåø è ëîã ôàéëà çàåäíî ñ äðóãèÿò.
    Attached Files

  13. #13
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    ïóñíàõ òîçè CFscript.txt â ComboFix.

    Åãî ãè ëîãîâåòå! ïðèêà÷åíè.

    Âèäÿõ ÷å ComboFix çàáúðñâà C:\WINDOWS\system32\i. úúúú
    Attached Files
    Last edited by qtech; 2nd December 2007 at 21:32.

  14. #14
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Âñè÷êî èçãëåæäà íàðåä, ìèñëÿ ÷å ìîæåø äà ñëàãàø SP2 ñïîêîéíî. Íå çàáðàâÿé äà èçêëþ÷èø àíòèâèðóñíàòà äîêàòî èíñòàëèðàø.
    Àêî ñè ñ ïèðàòñêè êëþ÷ çà ÕÐ, SP2 ìîæå è äà çàïî÷íå äà ìðúíêà ÷å ñè ïèðàò, íå çíàì êàêâî ñà ñúòâîðèëè MS â ïîñëåäíèòå ìó èçäàíèÿ.

  15. #15
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    Æèâ è Çäðàâ äà ñè Èëêî!

  16. #16
    Registered User [Rado]'s Avatar
    Join Date: May:2006
    Location: :
    Posts: 2,662
    Äîêîëêîòî ðàçáèðàì ïðîáëåìà å ðåøåí.

    Ìîãà ëè äà çàäàì íÿêîëêî âúïðîñà:
    - çàùî Windows íå å áèë úïäåéòâàí?
    - êàêâà àíòèâèðóñíà (è ïî-òî÷íî âåðñèÿ), çàùèòíè ñòåíè, antispyware-è è ò.í. ñà áèëè èçïîëçâàíè ÏÐÅÄÈ äà ñå ïèïíàò ãàäèíêèòå?

    Ïðåäïîëàãàì îòãîâîðèòå ùå ñà èíòåðåñíè íå ñàìî çà ìåí.
    .

  17. #17
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    Ñåãààà,

    Òîâà å êîìï, êîéòî ìè å äàäåí çà ïîëçâàíå "êàêòî å".
    Ìàëêè÷úê å è ìîæå áè çàòîâà ñîáñòâåíèêà ðåøè äà íå ìó ñëàãà SP2.
    Àíòèâèðóñíàòà å NOD32. Õóáàâà, ëîøà, òîé å äîâîëåí, íÿìàë å ïðîáëåìè.
    ÎÑÍÎÂÍÎ íà òîçè êîìï ñå ïîëçâà Ìîçèëà, Ñêàéï è ICQ/QIP

    Íî àç ðåøèõ äà ñå ïîçàáàâëÿâàì è îòâîðèõ åäíà ñòðàíè÷êà...
    È ïðîáëåìèòå ñè äîéäîõà

    Îùå ñå ÷óäÿ äîðè, äàëè äà ñëàãàì SP2 èëè íå?!
    Ìîæå áè ùå ñëîæà è AVGas êàòî äîïúëíèòåëíà ìÿðêà.

    ñ 3GB HD ñúì è èìàì îùå 650MB ñâîáîäíè. Ùå âèäèì êàêâî ùå ïàâÿ.

    ÏÑ Èíòåðåñíî ÷å äîñòà òðóäíî ãî èíñòàëíàõìå ÕÐ-òî. ñòèãà äîíÿêúäå è çàïåöâà, è òàêà íÿêîëêî ïúòè, ñ ðàçëè÷íè ïàêåòè. Íî íàêðàÿ òðúãíà è ñè âúðâè äîñòà ñòàáèëíî. È ÒÈÕÎ, ìíîãî å òèõ, äà å æèâ è çäðàâ.
    Last edited by qtech; 2nd December 2007 at 22:51.

  18. #18
    Registered User [Rado]'s Avatar
    Join Date: May:2006
    Location: :
    Posts: 2,662
    Çàùî íå ñè íàïðàâèø ñîáñòâåí èíñòàëàöèîíåí äèñê ñ nLite:
    WinXP+SP2+Âñè÷êè Êðèòè÷íè Úïäåéòè.

    Òàêà õåì ùå ñïåñòèø ìíîãî ìÿñòî íà ìàëêèÿ òâúðä äèñê, õåì ùå áúäåø ìíîãî ïî-äîáðå çàùèòåí.
    Áåç úïäåéòè, êàêâèòî è çàùèòè äà ñëàãàø - óìðÿëà ðàáîòà.

    Ñúâåòâàì òå äà èçïîëçâàø Acronis True Image, òàêà ÍÈÊÎÃÀ íÿìà äà ãóáèø ïîâå÷å îò 5 ìèí. àêî ñå çàðàçèø ñ íåùî â áúäåùå.
    .

  19. #19
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    Àìè... ïðîñòî íå ñúì íàÿñíî êàê ñå ïîëçâà òîâà íåùî nLite.
    Çíàì ÷å ãî èìà íÿêúä èç íåòà, íî òî ìîæå ëè âñè÷êî äà çíàì...
    Àêî íÿêîé ìå ñâåòíå íàêðàòêî êàê ñå ïîëçâà òîâà íåùî, èëè äà ïîäõâúðëè ëèíê ùå ñúì áëàãîäàðåí!

  20. #20
    Registered User [Rado]'s Avatar
    Join Date: May:2006
    Location: :
    Posts: 2,662
    .

  21. #21
    no brain no pain baracuda's Avatar
    Join Date: Aug:2006
    Location: Sofia
    Posts: 35,843
    Èìàé ïîä ðúêà åäèí AVAST, òîé ñêàíèðà ïðè boot-âàíå íà ñèñòåìàòà è òðèå áåç ãàäèíèòå äà ìîãàò äà çàêëþ÷àò ôàéëîâåòå. Ñ êàêâàòî àíòèâèðóñíà äà ñè, àêî íÿìàø ãðèæà êúì êîìïþòúðà ñè, ùå ñå çàðàçÿâàø. À SP2 å ïîâå÷å îò çàäúëæèòåëåí. Ñúùî òàêà ñå íàäÿâàì è ÷å HTTP ñêåíåðà íà Nod32 å âêëþ÷åí, çàùîòî ïî ìîå ìíåíèå ñå ñïðàâÿ äîáðå ñúñ çàäà÷èòå ñè. Íî âñå ïàê - ïúðâàòà çàùèòà îò ãàäèíà å update-íàòàòà ñèñòåìà, ñëåäâàùàòà å Firewall-à è ÷àê íàêðàÿ àíòèâèðóñà (äà íå ñòèãàø äî íåÿ !) . Ðàçáèðà ñå òè êîíòðîëèðàø òåçè ïðîöåñè, òàêà ÷å îòãîâîðíîñòòà å â òâîè ðúöå.

  22. #22
    Registered User
    Join Date: Apr:2006
    Location: Str
    Posts: 46
    îò ïðî÷åòåíîòî â http://hardwarebg.com/forum/showthread.php?t=88451
    (ìàëêî ìíîæêî ìè äîéäå òîëêîâà èíôîðìàöèÿ íàêóï)

    òà äîòóê ðàçáðàõ ÷å îñâåí nLight ùå òðÿáâà îùå äîñòà íåùà äà ïîíàó÷à, addon-è, ïàêåòè êëþ÷îâå è ïð.

    à äàëè íÿìà ïðîãðàìêà, êîÿòî äà ìè ïðàâè ÑÄ, êîåòî ïðîñòî äà ìè âúçñòàíîâè win-à àêî íåùî ñå ñ÷óïè. Ìîæå áè òîâà äà ñà òåçè èìèäæè äåòî ñå ïðàâÿò êàòî Ghost íàïð. (äàíî íå áúðêàì ñ ïèñàíåòî)

    è ïîñëå êàêâà å ðàçëèêàòà ìåæäó òîâà äåòî ïðàâè èìèäæèòå ñ nLight !?

  23. #23
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Quote Originally Posted by qtech View Post
    ...Îùå ñå ÷óäÿ äîðè, äàëè äà ñëàãàì SP2 èëè íå?!..
    Ñ òîâà ñâîáîäíî ìÿñòî- àáñóðä. Íàé- äîáðå å êàêòî Ðàäî òå ïîñúâåòâà åäèí äèñê ñ âñè÷êè úïäåéòè è äà çàïî÷íåòå íà ÷èñòî.
    À çàùî ÕÐ, àìè íå 2000?
    Ñ òîçè ìàëúê äèñê âåðîÿòíî èìèäæà ùå ñå ñúáèðà è íà 1 CD ïðè âèñîêà êîìïðåñèÿ. Ïîçàèíòåðåñóâàé ñå çà èìèäæ ïðîãðàìèòå è êàòî ñå îðèåíòèðàø ìàëêî ïèòàé êúäåòî ñå ñïúíåø.

  24. #24
    Registered User [Rado]'s Avatar
    Join Date: May:2006
    Location: :
    Posts: 2,662
    1. Ïðîãðàìàòà ñå êàçâà nLite è ïðîìåíÿ èíñòàëàöèîííèÿ òè äèñê (CD) íà Windows.

    2. Ìîæå äà ðàçãëåäàø âèäåî ìàòåðèàëèòå, êîèòî ñà â ïîñëåäíèÿ ïîñò íà òåìàòà çà nLite è äà ïðåöåíèø âåäíàãà äàëè å çà òåá èëè íå. Êàêâî ïðàâè ïðîãðàìàòà, êàêâè ñà ïðåäèìñòâàòà è ò.í. ñè ïèøå â íà÷àëîòî.

    3. Norton Ghost è Acronis True Image èìàò äðóãà öåë: òå ïðàâÿò òî÷íî êîïèå íà äÿëà, íà êîéòî å èíñòàëèðàíà îïåðàöèîííàòà ñèñòåìà. Àêî íåùî ñå ñêàïå, âðúùàò èíôîðìàöèÿòà òî÷íî òàêà, êàêòî å áèëà êàòî å áúë ñúçäàâàí image-à.

    Äàíî ñúì áèë ïîëåçåí
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 Õàðäóåð ÁÃ. Âúçìîæíî å ñúäúðæàíèåòî íà òàçè ñòðàíèöà äà å îáåêò íà àâòîðñêè ïðàâà.
iskamPC.com | mobility.BG | Bloody's Techblog | Êðèïòîâàëóòè è ìàéíèíã | 3D Vision Blog | Ìàãàçèí çà åëåêòðîííè öèãàðè