Results 1 to 25 of 39
Thread: Ãîëÿìà áîðáà ñ åäíà ãàäèíà
Hybrid View
-
18th July 2008 11:33 #1
Ãîëÿìà áîðáà ñ åäíà ãàäèíà
Îáåêò - C:\runmgr.exe ñúçäàâà ñå ïðè ñòàðòèðàíå íà óèíäîóñà (XP SP2, áåç íèêàêâè úïäåéòè
)íî ñàìî êîãàòî å ñâúðçàí êúì èíòåðíåò. Çàåäíî ñ íåãî ñå ñúçäàâàò è ôàéëîâå hosts â windows, windows\system32\drivers, windows\system32\drivers\etc (ïî ïðèíöèï òóê ñàìî å ìÿñòîòî íà ïîäîáåí ôàéë), è òðèòå õîñò ôàéëà ñ ãîëÿì áðîé çàïèñè âúòðå îò ðîäà íà :
Òîåñò àâòîðà íà ìèçåðèÿòà, å ðåøèë äà çàáðàíè äîñòúïà äî ñàéòîâåòå íà êàêâèòî àíòè ñïàì è àíòèâèðóñíè ñå å ñåòèë.Code:127.0.0.1 www.free-spyware.net 127.0.0.1 free-spyware.net 127.0.0.1 www.spyware-control.com 127.0.0.1 spyware-control.com 127.0.0.1 www.computerspywarecheck.com 127.0.0.1 computerspywarecheck.com 127.0.0.1 www.compare-spyware.com 127.0.0.1 compare-spyware.com 127.0.0.1 www.spywareremoval.ws 127.0.0.1 spywareremoval.ws ..........
Íÿìà àêòèâíè ñúìíèòåëíè ïðîöåñè, runmgr.exe è õîñòîâåòå ñå òðèÿò áåç ïðîáëåì, è ñëåä ðåñòàðò îòíîâî ñå ñúçäàâàò (äîêàòî ðàáîòè ñèñòåìàòà íÿìà ïðîáëåì, íÿìà ãè
). runmgr.exe ãî äàóíëîóäâà íåùî, íî êàêâî 
Ïî ïðèíöèï äî ñåãà âñè÷êè êîìïþòðè ñúñ ñïàì ñúì ÷èñòèë ðú÷íî è ðÿäêî ñ ïîìîùà íà ñîôòóåð çà öåëòà. Òîÿ ïúò ñå âèäÿõ â ÷óäî, èçïîëçâàõ âñè÷êè anti-malware, anti-spyware è àíòèâèðóñíè çà êîéòî ñå ñåòèõ (áîðÿ ñå ñ òîâà îò äíè), íÿìà îïðàâèÿ. Ïîâå÷åòî ãî ðàçïîçíàâàò êàòî Win32
elf-IFY[trj]. Òðèÿò êàêâîòî òðèÿò è ñëåä ðåñòàðò ðúí-ìàãàðåòî (èçìèñëèõ ìó è ïðÿêîð
) ïàê èçíèêâà.
Åòî ìàëêî èíôî - http://www.prevx.com/filenames/X2315...UNMGR.EXE.html
HijackThis íå ïîêàçâà íèùî ñúìíèòåëíî, â ñòàðòúï-à ñúùî íÿìà íèùî êîåòî äà å ñúìíèòåëíî èëè êîåòî äà íå ìè å èçâåñòíî. Ïóñíàõ åäèí Process Explorer çà ïî îáñòîéíà èíôîðìàöèÿ, îòíîâî íèùî.
Ñåãà äåéñòâàì åé ïî òàÿ òåìà. Áîðÿò ñå ñúñ ñúùîòî ÷óäî.
ComboFix ðåçóëòàòè -
Ïúðâîíà÷àëíî ñè ïîìèñëèõ ÷å òîâà ñà ôàéëîâåòå qmgr0 è qmgr1 êîéòî ñà âèíîâíè çà ìèçåðèÿòà, 3-4 ðåñòàðòà è íÿìà ñëåäà îò runmgr è hosts. Çàðàäâàõ ñå, âèêàì ñè áàñòèñàõ ãî. Ñëåä îêîëî 30 ìèí. "ìàãàðåòî" áåøå îòíîâî íà ëèíèÿ. Ìåæäóâðåìåíî èçòðèõ ñúäúðæàíèÿòà íà temp äèðåêòîðèòå, Temporary Internet Files, áèñêâèòêè, êåøîâå íà áðàóçúðè, è restore òî÷êèòå. Ðåãèñòðèòå, ñúùî ïî÷èñòèõ.Code:WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ADS - WINDOWS: deleted 108 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\autoexec.bat C:\WINDOWS\system32\ihhkj.ini2 C:\WINDOWS\system32\ihhkj.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\ntload.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\sys_dll.dll C:\WINDOWS\system32\ygbjfjya.ini .............
Îò÷àÿõ ñå, ïðîäúëæàâàì äà ãî áîðÿ, à ìåæäóâðåìåíî àêî íÿêîé ñå ñåòè íåùî ùå ñúì áëàãîäàðåí äà óäàðè ïî åäíî ðàìî.
È äðóãî, çà ñåãà íå ñúì ðàçáðàë, äà å ïðè÷èíèë íÿêàêâà ïîðàçèÿ, èëè èç÷àêâà íåùî äðóãî èëè è àç íå çíàì âå÷å
Last edited by MegatroniC; 18th July 2008 at 11:40.
Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...
-
18th July 2008 11:45 #2Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
Òðÿáâà ïðîñòî äà ðàçáåðåø êúì êîé ñàéò ñå ñâúðçâà ïðè ïóñêàíå íà èíòåðíåòà, ïðèìåðíî ñ ïîìîùòà íà åäèí äîáúð firewall, è ñëåä òîâà äà áëîêèðàø äîñòúïà äî òîçè ñàéò. Ñëåä òîâà ÷àêàø äîêàòî àíòèâèðóñíèòå ñå íàó÷àò äà ãî ðàçïîçíàâàò.
-
18th July 2008 12:22 #3
Åé ÒÓÊ ìàé ïèøàò çà òâîÿ ïðîáëåì è òâúðäÿò, ÷å ìîãàò äà èçòðîâÿò ãàäèíàòà. Ïðîáâàé.
Æèâîòúò å õóáàâ!
-
18th July 2008 12:49 #4
-
18th July 2008 12:58 #5
Òàì èìà è ëèíê ñ òóë, êîéòî áè òðÿáâàëî äà ñå ñïðàâè ñúñ çàðàçàòà. Íåùîòî, êîåòî èñêàõ äà äàì êàòî ëèíê, íî ñúì îïëåñêàë êîïè/ïàñòåòî.

ÒÎÂÀ èìàõ ïðåäâèä.
Æèâîòúò å õóáàâ!
-
18th July 2008 13:03 #6Registered User
Join Date: Oct:2003
Location: Ñîôèÿ
Posts: 4,317
Âñå ïàê ìîæå ëè ëîãîâå îò äèàãòíîñòè÷íèòå ïðîãðàìè îò ñîðòà íà HiJackThis, Autoruns è ïîäîáíè.
-
18th July 2008 13:53 #7
pimpirlit ïîëçâàõ ãî òîÿ òóóë, íàìåðè runmgr-òî, êàçà ìè ÷å èìàì è áëîêèðàíè ëèíêîâå â õîñòñ. Ñëåäâà òðèåíå, ðåäàêöèÿ, ðåñòàðò, 2 ìèí. è runmgr îòíîâî ïîíèêíà êàòî ãúáà ñëåä äúæä â Ñ:-òî
Òóé áåøå îíçè äåí îùå, äîðè íîäà îòêðè íÿêîëêî ôàéëà îò òîÿ òóóë êàòî ÷åðâåè 
vbdasc èäåÿòà å äîáðà è àç ÿ îáìèñëÿõ, ñëîæèõ åäíà ZoneAlarm, çàáðàíèõ âñè÷êî äå ùî èçëèçà íà âúí è ðåñòàðòèðàõ, ÷àêàõ ÷àêàõ è ïî åäíî âðåìå ãëåäàì runmgr.exe îò íîâî â Ñ:, äîðè íå óñåòè êàêâî ñòàâà. Çà òîâà îáâèíèõ ñòàðàòà âåðñèÿ êîÿòî èìàì è ñëåäâà äà ïðîáâàì ñ íàé-íîâàòà
èëè íåùî äðóãî.
Åòî è ëîã-à îò HijackThis
Çàáðàâèõ äà ñïîìåíà ÷å ïîïàäíàõ è íà òîâà - C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exeCode:Logfile of HijackThis v1.99.1 Scan saved at 13:37:16, on 18.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microchip\MPLAB IDE\Core\MPLAB.exe C:\Program Files\Labcenter Electronics\Proteus 7 Professional\BIN\ISIS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\Program Files\Avast4\ashWebSv.exe C:\Program Files\QIP\qip.exe C:\Program Files\Altium2004\DXP.exe C:\Program Files\Maxthon\Maxthon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe \Fileserver\install\Antivirus and spyware\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.169.51.152:3128 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{34FF773F-E17F-40A8-8259-9A88372ABE6A}: NameServer = 212.39.90.42,212.39.90.43 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe O23 - Service: Flexlm (lmgrd) - Macrovision Corporation - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Íå íàìèðàì äîñòàòú÷íî èíôîðìàöèÿ çà òîçè ôàéë, íî å "çàõàïàí" îò winlogon ïðîöåñà. Òðèõ ãî ïðåäè äà áóóòíå óèíäîóñà, ñëåä êîåòî ïàê ñå ñúçäàâà òàì.
Èçïîëçâàõ è öåëèÿ íàëè÷åí àðñåíàë è íà miniPE2, InfR@ íî ñà ìàëêî ñòàðè âåðñèéêè êîåòî ñè êàçâà äóìàòà.Last edited by MegatroniC; 18th July 2008 at 14:09.
Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...
-
18th July 2008 14:32 #8Banned
Join Date: Jul:2006
Location: noneofyourbiz
Posts: 483
ïóñêàé åäèí firewall, êàòî çàñå÷å êúì êîé ñàéò ñå âðúçâà, add-âàø site-à âúâ hosts file-à ñ ðåôåðåíöèÿ 127.0.0.1, è å äîòàì ñ download-âàíåòî íà unauthorized ëàéíà. è òîëêîç. äðóâ å âúïðîñà ÷å íå ñè èç÷èñòèë âñè÷êî ñëåä êàòî íà startup ñå execute-âà íåùî êîåòî äà èìà âëàñò äà invoke-âà äúðïàíå îò íåòà...
Àêî óìíèêà äåòî ãî å ïðàâèë ñå å ñåòèë connectionà ñúñ site-à äà bypass-âà hosts, êàòî ñå âðúçâà äèðåêòíî ñ IP à íå ñ host... worm? íÿêúâ flaw â ñèñòåìàòà êîÿòî ñå exploit-âà è çàòâà ñå ïëåñâà íåùî êîåòî ñëåä òîâà ñè òåãëè îùå ëàéíà...
-
18th July 2008 14:40 #9Registered User
Join Date: Aug:2006
Location: Sofia
Posts: 37
Àç èìàõ ïîäîáåí ïðîáëåì ñ åäíà äðóãà ãàä, êîÿòî èçïîëçâàøå firefox-à äà ïðàâè SYN flood êúì íÿêàêâî IP. Ïðîáâàõ íÿêîëêî àíòèâèðóñíè è àíòè-spyware ïðîãðàìè - íèòî åäíà íå íàìåðè ïðîáëåì. Íàêðàÿ ïðîáâàõ íàé-ïðîñòîòî - ñëåä ïîðåäíîòî èçòðèâàíå íà exe-òî, ðú÷íî ñúçäàäîõ ïðàçíî òàêîâà íà ñúùîòî ìÿñòî è ïðîáëåìà èç÷åçíà - ÿâíî "ïðè÷èíèòåëÿ" ðåøè, ÷å ùîì ôàéëà ñúùåñòâóâà òàì, çíà÷è âñè÷êî å íàðåä
. Îòäåëíî ñëåä òîâà ñè ñëîæèõ è firewall è áëîêèðàõ äîñòúïà äî òîçè ôàéë.
-
18th July 2008 16:04 #10
Oïààà íàìåðèõ íà åäíà ôëàøêà êîÿòî ïîëçâàìå åäèí àóòîðúí.èíô è ïàïêà recycler
È åòî êàêâî ïèøå â òîÿ àóòîðúí:
Ñ íåÿ ñìå ãî äîìúêíàëè òîÿ ÷åðâåé, è ñåãà ïðè èçòðèâàíå íà ôàéëà è ïàïêàòà îò ôëàøêàòà, òå ñå ñúçäàâàò îòíîâî, òîåñò çàðàçåíèÿ êîìïþòúð ÿ ïîäãîòâÿ äà ïðåíåñå ÷åðâåé÷åòî íà äðóã. Íà äðóã êîìïþòúð íå ãè ñúçäàâà ïðè èçòðèâàíå.Code:[autorun] open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe icon=%SystemRoot%\system32\SHELL32.dll,4 action=Open folder to view files shell\open=Open shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe shell\open\default=1
Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...
-
18th July 2008 16:09 #11Registered User
Join Date: Oct:2003
Location: Ñîôèÿ
Posts: 4,317
Ïðåäè ñåäìèöà-äâå ñå áîðèõ äúëãî âðåìå ñ åäèí rootkit, äîêàòî íàêðàÿ ãî îòêðè DrWeb. Ïðè òîâà ãî îòêðè äîñòàòú÷íî åëåìåíòàðíî - ïî òîâà, ÷å èçïúëíèìèÿò ôàéë å packed (íå ñå ñåùàì êàê å íà áúëãàðñêè).
Ïðåäëàãàì äà çàðåäèø îò CD, äà ñè ñâàëèø áåçïëàòíàòà âåðñèÿ íà DrWeb è äà ÿ ïóñíåø äà ñêàíèðà â îïðåäåëåíè äèðåêòîðèè (íå öåëèÿ äèñê, ïîíåæå å ñðàâíèòåëíî áàâíà). Windows, Documents And Settings, \, êîø÷åòàòà, System Volume Information.
À å äîáðå äà ñå ðàáîòè îò CD, çà äà ñå èçáåãíå çàðåæäàíåòî íà âúïðîñíèÿ malware, êîéòî ìîæå áè èçïîëçâà rootkit-òåõíèêè.
P.S. Ñåãà âèäÿõ êàêâî ñè íàïèñàë çà ôëàøà. Àç çàòîâà âå÷å êúäåòî ñåäíà, ñïèðàì Autorun íà âñè÷êè óñòðîéñòâà. Âñå ïàê ïðåïîðúêàòà ìè ñè îñòàâà â ñèëà - òðîÿíñêèòå êîíå íàëè çàòîâà ñà òðîÿíñêè êîíå, çà äà îòâàðÿò âðàòèòå êúì êàêâè ëè íå äðóãè ãàäîñòè. Ò. å. èç÷èñòâàíåòî íà åäíî íåùî íå îçíà÷àâà, ÷å ïðîáëåìúò å ðåøåí.
-
18th July 2008 21:35 #12Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Ïîãëåäíè òóê:
http://www.trendmicro.com/vinfo/viru...BOT.AQ&VSect=T
Ðàçãëåäàé âúïðîñíèòå êëþ÷îâå â ðåãèñòúðà, êàêòî è ïóñíè äåòàéëåí ëîã îò HJT-

ComboFix ñúùî ïîêàçâà è êîè ôàéëîâå ñà ñúçäàâàíè ïîñëåäíèòå 30 äíè ìàé. Ìîæåø ëè äà ïóñíåø è òàçè ÷àñò îò ëîãà ìó?
-
19th July 2008 12:54 #13
Çíà÷è, ãàäèíàòà ÿ èìàøå è íà ìîÿ êîìïþòúð â êúùè, ïðåíåñúì ñúì ÿ ñ ôëàøêàòà

Èç÷èñòèõ ÿ, íî ÿâíî å äàóíëîóäíàëà íåùî äðóãî, ñåãà ñëåä êàòî çàãàñÿ (ïðè ðåñòàðò íÿìà ïðîáëåì) íåùî ìè ïðîìåíÿ àäìèíèñòðàòîðñêàòà ïàðîëà, è ñå íàëàãà äà âðúùàì ðåãèñòðèòå, çàùîòî äîðè è äà óñïåÿ äà ÿ ñìåíÿ èìà äðóãè ïðîáëåìè.
Äàéòå èäåÿ êàê äà çàáðàíÿ ñìÿíàòà íà ïàðîëàòà ?
åòî ëîãà îò combofix:
Code:ComboFix 08-07-18.1 - Administrator 2008-07-19 12:20:34.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.626 [GMT 3:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\LocalService\Application Data\wsnpoem C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll C:\Documents and Settings\NetworkService\Application Data\wsnpoem C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll C:\WINDOWS\msettings.ini C:\WINDOWS\system\msvbvm60.dll C:\WINDOWS\system32\pskill.exe C:\WINDOWS\system32\sys_dll.dll . ((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))) . 2008-07-19 02:56 . 2008-07-19 12:20 284 --a------ C:\WINDOWS\system32\winsdck.dat 2008-07-19 02:56 . 2008-07-19 12:20 284 --a------ C:\WINDOWS\system32\kbdmncmx.dat 2008-07-19 02:56 . 2008-07-19 12:19 0 --a------ C:\WINDOWS\system32\elsjngv.dat 2008-07-19 02:23 . 2008-07-19 02:23 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-19 02:05 . 2008-07-19 12:09 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-19 02:05 . 2008-07-19 02:05 <DIR> d-------- C:\Program Files\AVG 2008-07-19 02:05 . 2008-07-19 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-07-19 02:05 . 2008-07-19 02:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-19 02:05 . 2008-07-19 02:05 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-19 02:05 . 2008-07-19 02:05 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-07-19 02:05 . 2008-07-19 02:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-18 23:47 . 2008-07-18 23:53 <DIR> d-------- C:\WINDOWS\CAVTemp 2008-07-18 23:31 . 2008-07-18 23:54 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-07-18 23:12 . 2008-07-19 12:24 6,501 --a------ C:\WINDOWS\system32\msafd.dat 2008-07-18 23:12 . 2008-07-19 12:24 2,269 --a------ C:\WINDOWS\system32\d3dx9F34.dat 2008-07-18 23:12 . 2008-07-19 12:11 390 --a------ C:\WINDOWS\system32\mshtzled.dat 2008-07-18 23:12 . 2008-07-19 12:23 0 --a------ C:\WINDOWS\system32\w3ssJQ.dat 2008-07-18 20:32 . 2008-07-18 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-07-17 20:45 . 2008-07-17 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-17 20:45 . 2008-07-17 20:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-07-09 23:38 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-07-09 23:38 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll 2008-07-09 23:38 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll 2008-07-09 23:38 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll 2008-07-09 23:38 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll 2008-07-09 23:38 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll 2008-07-04 21:07 . 2008-07-04 21:08 <DIR> d-------- C:\Program Files\Microchip 2008-07-02 23:31 . 2008-07-02 23:31 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-19 09:20 --------- d-----w C:\Program Files\FlashGet 2008-07-17 19:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-16 21:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype 2008-07-16 19:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM 2008-07-08 16:43 --------- d-----w C:\Program Files\SpeedFan 2008-07-04 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-04 18:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-02 22:19 --------- d-----w C:\Program Files\BitComet 2008-07-02 15:01 135,168 ----a-w C:\WINDOWS\uninst194.exe 2008-06-29 19:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Autodesk 2008-06-06 17:42 --------- d-----w C:\Program Files\Skype 2008-06-06 17:42 --------- d-----w C:\Program Files\Common Files\Skype 2008-06-06 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-05-31 17:57 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-05-31 17:53 --------- d-----w C:\Program Files\Autodesk 2008-05-31 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk 2008-05-21 20:57 --------- d-----w C:\Program Files\F-Prot 2008-05-05 12:25 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-05-05 12:25 114,688 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-04-25 06:59 770,048 ----a-w C:\WINDOWS\TMUninst.exe 2006-11-09 16:35 108 -csha-r C:\WINDOWS\neoqaz2.dll .
------- Sigcheck ------- 2004-08-03 22:59 2027008 789a67335f801d6d429ae49ad82c5e57 C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-03 22:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe 2004-08-03 23:18 2160128 5d0f5b34f58a6869b297228ef2405282 C:\WINDOWS\system32\ntoskrnl.exe 2004-08-03 23:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\system32\VITrans\ntoskrnl.exe 2004-08-04 00:56 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\explorer.exe 2004-08-04 00:56 1402880 a30b376c46c7b99d679571199b363d0f C:\WINDOWS\system32\VITrans\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mshtzled] @="{0CA32392-230C-C009-EF24-864E71242C82}" [HKEY_CLASSES_ROOT\CLSID\{0CA32392-230C-C009-EF24-864E71242C82}] 2004-08-04 00:56 98304 --a------ C:\WINDOWS\system32\mshtzled.dIl [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-19 02:05 1232152] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP31"= vp31vfw.dll "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMab488731 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvGraphicsInterface [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComStart] --a------ 2007-04-26 21:00 244224 C:\Tools\Trojan Guarder Gold Version\Trojan Guarder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-04 01:29 165784 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load Bib] C:\DOCUME~1\ADMINI~1\APPLIC~1\BIRDBO~1\Prociso.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerManagerII] C:\WINDOWS\system32\NeroCheck.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] C:\Program Files\Styler\Styler.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit] C:\WINDOWS\system32\ntos.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] cmicnfg.cpl [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Tools\\BORGChat\\BORGChat.exe"= "C:\\Program Files\\QIP\\qip.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Tools\\LDC++\\LDCPlusPlus.exe"= "C:\\Tools\\eMule0.47c\\emule.exe"= "C:\\Tools\\utorrent.exe"= "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "E:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "E:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "E:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "E:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "E:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10530:TCP"= 10530:TCP:BitComet 10530 TCP "10530:UDP"= 10530:UDP:BitComet 10530 UDP R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-19 02:05] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-19 02:05] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-19 02:05] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 02:05] R2 PMService;PMService;C:\Program Files\richcomm\WinstarPro\PMService.exe [2005-07-22 23:11] R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 12:15] S1 kbd;kbd;C:\WINDOWS\system32\drivers\kbd.sys [] S3 GPU-Z;GPU-Z;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GPU-Z.sys [] S3 ntportio;ntportio;C:\Documents and Settings\Administrator\Desktop\GSM\DIV_8[1].4_cracked\ntportio.sys [] . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) Notify-wvUmjjgF - wvUmjjgF.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-19 12:23:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ImagePath"="\??\C:\Documents and Settings\Administrator\Desktop\GSM\DIV_8 [1].4_cracked\ntportio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ntportio] "ImagePath"="\??\C:\Documents and Settings\Administrator\Desktop\GSM\DIV_8 . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\mshtzled.dIl . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-07-19 12:26:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-19 09:26:46 Pre-Run: 6,047,227,904 bytes free Post-Run: 5,993,598,976 bytes free 213Code:<pre> -c--a-w 504,808 2005-06-11 09:15:06 C:\Downloads\software\UTILITY\BySoft FreeRAM v4.0.4.161 .exe </pre>
Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...
-
19th July 2008 14:59 #14
Îòòóê íå ñòàâà ëè äà ÿ èçêëþ÷èø?
Start -> Run -> control userpasswords2
Äîñòà "óÿçâèì" Windows. Òî÷íî îòïðåäè 4 ãîäèíè. Àêî íå èñêàø äà ñëîæèø äèðåêòíî SP3 îòãîðå, ïîíå äà çàêúðïèø îãðîìíîòî ìíîæåñòâî îò äóïêè â ñèãóðíîñòòà, áèõ òè ïðåïîðú÷àë äà ïóñíåø "Advanced WindowsCare Personal":
http://www.iobit.com/advancedwindows...l?Str=download
Êîëêîòî äà òè èçïîçàòâîðè è ôèêñíå ñóìà òè ñëàáè ìåñòà â ñèñòåìàòà, çàùîòî ÿâíî íå ñå çíàå îò êîÿ "äóïêà" âëèçà ïòè÷åòî.
-
19th July 2008 18:20 #15Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
MegatroniC
Ïóñíè è ïîäðîáíèÿò ëîã îò HJT.
-
20th July 2008 21:29 #16
Ìèñëÿ, ÷å îòêðèõ ïðîáëåìà çà òîâà ÷å ìè ñëàãà ïàðîëà êîÿòî íå çíàì íà àäìèíèñòðàòîðñêèÿ àêàóíò, íå ñå èçïúëíÿâàøå ïðîâåðêàòà íà autochk. Ñåãà óæ âñè÷êî å íàðåä, îñâåí íÿêîëêî ôàéëà êîèòî ìè ñà íåèçâåñòíè â system32. Åòî è ëîãà îò hijackthis (íå çíàì êîëêî ïî ïîäðîáåí èìà
)
Logfile of HijackThis v1.99.1
Scan saved at 21:18:54, on 20.7.2008 ã.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\richcomm\WinstarPro\PMService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Tools\BORGChat\BORGChat.exe
C:\Tools\Maxthon\Maxthon.exe
C:\Downloads\software\Antivirus and SpyAware\Spy Aware\HijackThis v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.2 8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb arInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Ñ&âàëÿíå &ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &Ñ&âàëÿíå âñè÷êè âèäåî ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &Ñ&âàëÿíå âñè÷êè ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Ñâàëÿíå íà âñè÷êè ñ FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ñâàëÿíå ñ FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.D LL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\M SOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32s erver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMService - Unknown owner - C:\Program Files\richcomm\WinstarPro\PMService.exeÒîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...
-
20th July 2008 22:15 #17Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Òåçè ñà íàé- âåðîÿòíî ÷àñò îò âèðóñà, çàáåëåæè DIL ðàçøèðåíèåòî, êîåòî ïðè íÿêîè øðèôòîâå òðóäíî ñå çàáåëÿçâà, õèòðî:
êàêòî è íÿêîëêî îò DAT ôàéëîâåòå èçìåæäó òåçè, ñêàíèðàé ãè åäèí ïî åäèí â www.virustotal.com:Code:C:\WINDOWS\system32\mshtzled.dIl C:\WINDOWS\system32\mshtzled.dat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mshtzled] @="{0CA32392-230C-C009-EF24-864E71242C82}" [HKEY_CLASSES_ROOT\CLSID\{0CA32392-230C-C009-EF24-864E71242C82}] 2004-08-04 00:56 98304 --a------ C:\WINDOWS\system32\mshtzled.dIl
Çà ïîäðîáíèÿò ëîã- ñâàëè íîâàòà âåðñèÿ íà HJT, â ïîñò #12 ñúì òè ïóñíàë è ñêðèéíøîò êúäå òî÷íî äà íàòèñíåøCode:(((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))) . 2008-07-19 02:56 . 2008-07-19 12:20 284 --a------ C:\WINDOWS\system32\winsdck.dat 2008-07-19 02:56 . 2008-07-19 12:20 284 --a------ C:\WINDOWS\system32\kbdmncmx.dat 2008-07-19 02:56 . 2008-07-19 12:19 0 --a------ C:\WINDOWS\system32\elsjngv.dat 2008-07-19 02:23 . 2008-07-19 02:23 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-07-19 02:05 . 2008-07-19 12:09 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-19 02:05 . 2008-07-19 02:05 <DIR> d-------- C:\Program Files\AVG 2008-07-19 02:05 . 2008-07-19 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-07-19 02:05 . 2008-07-19 02:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-19 02:05 . 2008-07-19 02:05 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-07-19 02:05 . 2008-07-19 02:05 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-07-19 02:05 . 2008-07-19 02:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-18 23:47 . 2008-07-18 23:53 <DIR> d-------- C:\WINDOWS\CAVTemp 2008-07-18 23:31 . 2008-07-18 23:54 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-07-18 23:12 . 2008-07-19 12:24 6,501 --a------ C:\WINDOWS\system32\msafd.dat 2008-07-18 23:12 . 2008-07-19 12:24 2,269 --a------ C:\WINDOWS\system32\d3dx9F34.dat 2008-07-18 23:12 . 2008-07-19 12:11 390 --a------ C:\WINDOWS\system32\mshtzled.dat 2008-07-18 23:12 . 2008-07-19 12:23 0 --a------ C:\WINDOWS\system32\w3ssJQ.dat
-
20th July 2008 23:19 #18
Åòî ãî ïîäðîáíèÿ ëîã îò íîâàòà âåðñèÿ:
Òåçè dat ôàéëîâå è ìåí ìå ñúìíÿâàõà, ñïîðåä ñàéòà virustotal, ðåçóëòàòèòå íà âñåêè åäèí îò òÿõ å 0. À DIL ôàéëà å 2/33 "Suspicious File". Íî ïúê å ñ äàòà íà ñúçäàâàíå è ìîäèôèöèðàíå 2004Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:45, on 20.7.2008 ã.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\richcomm\WinstarPro\PMService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Tools\BORGChat\BORGChat.exe
C:\Tools\Maxthon\Maxthon.exe
C:\PROGRA~1\FlashGet\flashget.exe
C:\WINDOWS\system32\rundll32.exe
C:\Downloads\software\Antivirus and SpyAware\Spy Aware\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.2 8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb arInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Ñ&âàëÿíå &ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &Ñ&âàëÿíå âñè÷êè âèäåî ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &Ñ&âàëÿíå âñè÷êè ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Ñâàëÿíå íà âñè÷êè ñ FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Ñâàëÿíå ñ FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.D LL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32s erver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PMService - Unknown owner - C:\Program Files\richcomm\WinstarPro\PMService.exe
--
End of file - 5368 bytes
Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...
-
20th July 2008 23:43 #19Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
mshtzled.dIl 99.9% ãàðàíöèÿ ÷å å âèðóñ. Ïðåèìåíóâàé íåãî è mshtzled.dat ñ Unlocker íàïðèìåð ñ ðåñòàðòèðàíå.
HJT ëîãà ïàê íå å êîéòî òðÿáâà. Íå ñå ëè âèæäà íà ñêðèéøîòà êúäå òî÷íî äà îòìåòíåø è êúäå äà íàòèñíåø? Ïóñêàø HJT, íà ïúðâèÿ åêðàí èçáèðàø OPEN MISC TOOLS SECTION, òàì îòìÿòàø LIST ALSO MINOR SECTIONS(FULL) è íàòèñêàø GENERATE STARTUPLIST LOG.
-
21st July 2008 11:40 #20Banned
Join Date: Sep:2004
Location: ñîôèÿ
Posts: 2,168
àç áèõ íàïðàâèë òàêà.
èçêëþ÷âàíå íà "System Restore" ïîñëå - SafeMode - ïîñëå "HiJackThisR, åäèí "LSP Fix" è ïîñëå S&D.
-
21st July 2008 15:30 #21
Âèäÿõ ñêðèéíøîòà íî íåùî ÿâíî íå ñå ïîëó÷è çàùîòî âêëþ÷èõ ôóë êàòî èçáðàõ config ñëåä êàòî âå÷å âåäíúæ å íàïðàâèë ïðîâåðêà à íå ïðåç open misc tools section ïðåäè òîâà. Êàêòî è äà å åòî ãî ëîãà:
mshtzled è äâàòà ãè èçòðèõ äîðè áåç ïîìîùà íà Unlocker, íÿìà ïðîáëåì ñëåä ðåñòàðò òà äà âèäèì.Code:StartupList report, 21.7.2008 ã., 15:20:10 StartupList version: 1.52.2 Started from : C:\Downloads\software\Antivirus and SpyAware\Spy Aware\HiJackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Unable to get Internet Explorer version! * Using default options * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\richcomm\WinstarPro\PMService.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Tools\BORGChat\BORGChat.exe C:\PROGRA~1\FlashGet\flashget.exe C:\Tools\Maxthon\Maxthon.exe C:\Downloads\software\Antivirus and SpyAware\Spy Aware\HiJackThis.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdobeUpdater] = -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command (Default) = "C:\WINDOWS\system32\NOTEPAD.EXE" "%1" -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = Notepad.exe %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=avgrsstx.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA} -------------------------------------------------- Enumerating Download Program Files: [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx CODEBASE = http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Windows NT/2000/XP services atksgt: system32\DRIVERS\atksgt.sys (autostart) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (autostart) AVG8 WatchDog: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (autostart) AVG8 Network Redirector: \SystemRoot\System32\Drivers\avgtdix.sys (autostart) Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Event Log: %SystemRoot%\system32\services.exe (autostart) Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) lirsgt: system32\DRIVERS\lirsgt.sys (autostart) mental ray 3.5 Satellite (32-bit): "C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (autostart) NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart) Plug and Play: %SystemRoot%\system32\services.exe (autostart) PMService: C:\Program Files\richcomm\WinstarPro\PMService.exe -service (autostart) Protected Storage: %SystemRoot%\system32\lsass.exe (autostart) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) Schedule: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart) System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 10*773 bytes Report generated in 0,188 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history onlyÒîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...
-
21st July 2008 18:43 #22Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Íèùî èíòåðåñíî íå âèæäàì â ëîãà, íÿêàêâè îïëàêâàíèÿ?
Äâàòà ôàéëà íå ãè ëè çàïàçè íàêúäå? Èäåÿòà ìè çà ïðåèìåíóâàíå áåøå äà ãè ïðàòÿ íà Kaspersky.
-
21st July 2008 22:40 #23
Çàïàçèë ñúì ãè, äà ãè êà÷à ëè íÿêúäå
Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...
-
21st July 2008 22:47 #24Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
Ñëîæè ãè â àðõèâ ñ ïàðîëà è ìè äàé ëèíêà íà ë.ñ. çà ïî- áåçîïàñíî, ìåðñè.
Ãëåäàé ñàìî âðåìåòî çà ðåàêöèÿ íà ïè÷îâåòå îò Êàñïåðñêè- îáèêíîâåíî äî ÷àñ- ÷àñ è ïîëîâèíà ìè âðúùàò îòãîâîð è äî 3-4 ÷. å â äåôèíèöèèòå.
ï.ñ. Èìà ëè ïàöèåíòúò îïëàêâàíèÿ îùå?
-
22nd July 2008 10:57 #25
Eé ñåãà ùå òè ãè ïðàòÿ.
Îïëàêâàíèÿ òîÿ â êúùè íÿìà âå÷å 2 äåíà.
Êàòî èäà íà ðàáîòà ùå âèäèì äðóãèÿ
Áè òðÿáâàëî è ïðè íåãî äà íÿìà 
Ñåãà ðàçáðàõ êîå ìè å èçòðèëî çàïèñà â ðåãèñòðèòå çà autochk è ìè èñêàøå ïàðîëà êîÿòî íå çíàì ñëåä âêëþ÷âàíå íà ðñ-òî. Áàò NOD32
Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
Äàðè íàäåæäà...




Reply With Quote

Ïðîáëåìíà R9 280, àðòåôàêòè
7th May 2023, 21:28 in Âèäåîêàðòè