Page 1 of 2 12 LastLast
Results 1 to 25 of 39

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566

    Ãîëÿìà áîðáà ñ åäíà ãàäèíà

    Îáåêò - C:\runmgr.exe ñúçäàâà ñå ïðè ñòàðòèðàíå íà óèíäîóñà (XP SP2, áåç íèêàêâè úïäåéòè )íî ñàìî êîãàòî å ñâúðçàí êúì èíòåðíåò. Çàåäíî ñ íåãî ñå ñúçäàâàò è ôàéëîâå hosts â windows, windows\system32\drivers, windows\system32\drivers\etc (ïî ïðèíöèï òóê ñàìî å ìÿñòîòî íà ïîäîáåí ôàéë), è òðèòå õîñò ôàéëà ñ ãîëÿì áðîé çàïèñè âúòðå îò ðîäà íà :

    Code:
    127.0.0.1	www.free-spyware.net
    127.0.0.1	free-spyware.net
    127.0.0.1	www.spyware-control.com
    127.0.0.1	spyware-control.com
    127.0.0.1	www.computerspywarecheck.com
    127.0.0.1	computerspywarecheck.com
    127.0.0.1	www.compare-spyware.com
    127.0.0.1	compare-spyware.com
    127.0.0.1	www.spywareremoval.ws
    127.0.0.1	spywareremoval.ws
    
    ..........
    Òîåñò àâòîðà íà ìèçåðèÿòà, å ðåøèë äà çàáðàíè äîñòúïà äî ñàéòîâåòå íà êàêâèòî àíòè ñïàì è àíòèâèðóñíè ñå å ñåòèë.
    Íÿìà àêòèâíè ñúìíèòåëíè ïðîöåñè, runmgr.exe è õîñòîâåòå ñå òðèÿò áåç ïðîáëåì, è ñëåä ðåñòàðò îòíîâî ñå ñúçäàâàò (äîêàòî ðàáîòè ñèñòåìàòà íÿìà ïðîáëåì, íÿìà ãè ). runmgr.exe ãî äàóíëîóäâà íåùî, íî êàêâî
    Ïî ïðèíöèï äî ñåãà âñè÷êè êîìïþòðè ñúñ ñïàì ñúì ÷èñòèë ðú÷íî è ðÿäêî ñ ïîìîùà íà ñîôòóåð çà öåëòà. Òîÿ ïúò ñå âèäÿõ â ÷óäî, èçïîëçâàõ âñè÷êè anti-malware, anti-spyware è àíòèâèðóñíè çà êîéòî ñå ñåòèõ (áîðÿ ñå ñ òîâà îò äíè), íÿìà îïðàâèÿ. Ïîâå÷åòî ãî ðàçïîçíàâàò êàòî Win32elf-IFY[trj]. Òðèÿò êàêâîòî òðèÿò è ñëåä ðåñòàðò ðúí-ìàãàðåòî (èçìèñëèõ ìó è ïðÿêîð ) ïàê èçíèêâà.
    Åòî ìàëêî èíôî - http://www.prevx.com/filenames/X2315...UNMGR.EXE.html

    HijackThis íå ïîêàçâà íèùî ñúìíèòåëíî, â ñòàðòúï-à ñúùî íÿìà íèùî êîåòî äà å ñúìíèòåëíî èëè êîåòî äà íå ìè å èçâåñòíî. Ïóñíàõ åäèí Process Explorer çà ïî îáñòîéíà èíôîðìàöèÿ, îòíîâî íèùî.
    Ñåãà äåéñòâàì åé ïî òàÿ òåìà. Áîðÿò ñå ñúñ ñúùîòî ÷óäî.

    ComboFix ðåçóëòàòè -

    Code:
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
     ADS - WINDOWS: deleted 108 bytes in 1 streams. 
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\system32\autoexec.bat
    C:\WINDOWS\system32\ihhkj.ini2
    C:\WINDOWS\system32\ihhkj.tmp
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\ntload.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\sys_dll.dll
    C:\WINDOWS\system32\ygbjfjya.ini
    .............
    Ïúðâîíà÷àëíî ñè ïîìèñëèõ ÷å òîâà ñà ôàéëîâåòå qmgr0 è qmgr1 êîéòî ñà âèíîâíè çà ìèçåðèÿòà, 3-4 ðåñòàðòà è íÿìà ñëåäà îò runmgr è hosts. Çàðàäâàõ ñå, âèêàì ñè áàñòèñàõ ãî. Ñëåä îêîëî 30 ìèí. "ìàãàðåòî" áåøå îòíîâî íà ëèíèÿ. Ìåæäóâðåìåíî èçòðèõ ñúäúðæàíèÿòà íà temp äèðåêòîðèòå, Temporary Internet Files, áèñêâèòêè, êåøîâå íà áðàóçúðè, è restore òî÷êèòå. Ðåãèñòðèòå, ñúùî ïî÷èñòèõ.

    Îò÷àÿõ ñå, ïðîäúëæàâàì äà ãî áîðÿ, à ìåæäóâðåìåíî àêî íÿêîé ñå ñåòè íåùî ùå ñúì áëàãîäàðåí äà óäàðè ïî åäíî ðàìî.
    È äðóãî, çà ñåãà íå ñúì ðàçáðàë, äà å ïðè÷èíèë íÿêàêâà ïîðàçèÿ, èëè èç÷àêâà íåùî äðóãî èëè è àç íå çíàì âå÷å
    Last edited by MegatroniC; 18th July 2008 at 11:40.
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

  2. #2
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    Òðÿáâà ïðîñòî äà ðàçáåðåø êúì êîé ñàéò ñå ñâúðçâà ïðè ïóñêàíå íà èíòåðíåòà, ïðèìåðíî ñ ïîìîùòà íà åäèí äîáúð firewall, è ñëåä òîâà äà áëîêèðàø äîñòúïà äî òîçè ñàéò. Ñëåä òîâà ÷àêàø äîêàòî àíòèâèðóñíèòå ñå íàó÷àò äà ãî ðàçïîçíàâàò.

  3. #3
    Çâåðî÷îâåêîïðèçðàê pimpirlit's Avatar
    Join Date: Mar:2004
    Location: Ñîôèÿ
    Posts: 21,712
    Åé ÒÓÊ ìàé ïèøàò çà òâîÿ ïðîáëåì è òâúðäÿò, ÷å ìîãàò äà èçòðîâÿò ãàäèíàòà. Ïðîáâàé.
    Æèâîòúò å õóáàâ!

  4. #4
    Nostrum IvO™'s Avatar
    Join Date: Jun:2008
    Location: HOME.WAD
    Posts: 1,334
    Quote Originally Posted by pimpirlit View Post
    Åé ÒÓÊ ìàé ïèøàò çà òâîÿ ïðîáëåì è òâúðäÿò, ÷å ìîãàò äà èçòðîâÿò ãàäèíàòà. Ïðîáâàé.

    ×îâåêúò å äàë àáñîëþòíî ñúùèÿò ëèíê â ïîñòà ñè.

  5. #5
    Çâåðî÷îâåêîïðèçðàê pimpirlit's Avatar
    Join Date: Mar:2004
    Location: Ñîôèÿ
    Posts: 21,712
    Quote Originally Posted by IvO™ View Post
    ×îâåêúò å äàë àáñîëþòíî ñúùèÿò ëèíê â ïîñòà ñè.
    Òàì èìà è ëèíê ñ òóë, êîéòî áè òðÿáâàëî äà ñå ñïðàâè ñúñ çàðàçàòà. Íåùîòî, êîåòî èñêàõ äà äàì êàòî ëèíê, íî ñúì îïëåñêàë êîïè/ïàñòåòî.

    ÒÎÂÀ èìàõ ïðåäâèä.
    Æèâîòúò å õóáàâ!

  6. #6
    Registered User
    Join Date: Oct:2003
    Location: Ñîôèÿ
    Posts: 4,317
    Âñå ïàê ìîæå ëè ëîãîâå îò äèàãòíîñòè÷íèòå ïðîãðàìè îò ñîðòà íà HiJackThis, Autoruns è ïîäîáíè.

  7. #7
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566
    pimpirlit ïîëçâàõ ãî òîÿ òóóë, íàìåðè runmgr-òî, êàçà ìè ÷å èìàì è áëîêèðàíè ëèíêîâå â õîñòñ. Ñëåäâà òðèåíå, ðåäàêöèÿ, ðåñòàðò, 2 ìèí. è runmgr îòíîâî ïîíèêíà êàòî ãúáà ñëåä äúæä â Ñ:-òî Òóé áåøå îíçè äåí îùå, äîðè íîäà îòêðè íÿêîëêî ôàéëà îò òîÿ òóóë êàòî ÷åðâåè

    vbdasc èäåÿòà å äîáðà è àç ÿ îáìèñëÿõ, ñëîæèõ åäíà ZoneAlarm, çàáðàíèõ âñè÷êî äå ùî èçëèçà íà âúí è ðåñòàðòèðàõ, ÷àêàõ ÷àêàõ è ïî åäíî âðåìå ãëåäàì runmgr.exe îò íîâî â Ñ:, äîðè íå óñåòè êàêâî ñòàâà. Çà òîâà îáâèíèõ ñòàðàòà âåðñèÿ êîÿòî èìàì è ñëåäâà äà ïðîáâàì ñ íàé-íîâàòà èëè íåùî äðóãî.

    Åòî è ëîã-à îò HijackThis

    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 13:37:16, on 18.07.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avast4\aswUpdSv.exe
    C:\Program Files\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microchip\MPLAB IDE\Core\MPLAB.exe
    C:\Program Files\Labcenter Electronics\Proteus 7 Professional\BIN\ISIS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\system32\lkcitdl.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\Program Files\Avast4\ashWebSv.exe
    C:\Program Files\QIP\qip.exe
    C:\Program Files\Altium2004\DXP.exe
    C:\Program Files\Maxthon\Maxthon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    \Fileserver\install\Antivirus and spyware\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.169.51.152:3128
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{34FF773F-E17F-40A8-8259-9A88372ABE6A}: NameServer = 212.39.90.42,212.39.90.43
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
    O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
    O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
    O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
    O23 - Service: Flexlm (lmgrd) - Macrovision Corporation - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    Çàáðàâèõ äà ñïîìåíà ÷å ïîïàäíàõ è íà òîâà - C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
    Íå íàìèðàì äîñòàòú÷íî èíôîðìàöèÿ çà òîçè ôàéë, íî å "çàõàïàí" îò winlogon ïðîöåñà. Òðèõ ãî ïðåäè äà áóóòíå óèíäîóñà, ñëåä êîåòî ïàê ñå ñúçäàâà òàì.
    Èçïîëçâàõ è öåëèÿ íàëè÷åí àðñåíàë è íà miniPE2, InfR@ íî ñà ìàëêî ñòàðè âåðñèéêè êîåòî ñè êàçâà äóìàòà.
    Last edited by MegatroniC; 18th July 2008 at 14:09.
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

  8. #8
    Banned
    Join Date: Jul:2006
    Location: noneofyourbiz
    Posts: 483
    ïóñêàé åäèí firewall, êàòî çàñå÷å êúì êîé ñàéò ñå âðúçâà, add-âàø site-à âúâ hosts file-à ñ ðåôåðåíöèÿ 127.0.0.1, è å äîòàì ñ download-âàíåòî íà unauthorized ëàéíà. è òîëêîç. äðóâ å âúïðîñà ÷å íå ñè èç÷èñòèë âñè÷êî ñëåä êàòî íà startup ñå execute-âà íåùî êîåòî äà èìà âëàñò äà invoke-âà äúðïàíå îò íåòà...

    Àêî óìíèêà äåòî ãî å ïðàâèë ñå å ñåòèë connectionà ñúñ site-à äà bypass-âà hosts, êàòî ñå âðúçâà äèðåêòíî ñ IP à íå ñ host... worm? íÿêúâ flaw â ñèñòåìàòà êîÿòî ñå exploit-âà è çàòâà ñå ïëåñâà íåùî êîåòî ñëåä òîâà ñè òåãëè îùå ëàéíà...

  9. #9
    Registered User
    Join Date: Aug:2006
    Location: Sofia
    Posts: 37
    Àç èìàõ ïîäîáåí ïðîáëåì ñ åäíà äðóãà ãàä, êîÿòî èçïîëçâàøå firefox-à äà ïðàâè SYN flood êúì íÿêàêâî IP. Ïðîáâàõ íÿêîëêî àíòèâèðóñíè è àíòè-spyware ïðîãðàìè - íèòî åäíà íå íàìåðè ïðîáëåì. Íàêðàÿ ïðîáâàõ íàé-ïðîñòîòî - ñëåä ïîðåäíîòî èçòðèâàíå íà exe-òî, ðú÷íî ñúçäàäîõ ïðàçíî òàêîâà íà ñúùîòî ìÿñòî è ïðîáëåìà èç÷åçíà - ÿâíî "ïðè÷èíèòåëÿ" ðåøè, ÷å ùîì ôàéëà ñúùåñòâóâà òàì, çíà÷è âñè÷êî å íàðåä . Îòäåëíî ñëåä òîâà ñè ñëîæèõ è firewall è áëîêèðàõ äîñòúïà äî òîçè ôàéë.

  10. #10
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566
    Oïààà íàìåðèõ íà åäíà ôëàøêà êîÿòî ïîëçâàìå åäèí àóòîðúí.èíô è ïàïêà recycler
    È åòî êàêâî ïèøå â òîÿ àóòîðúí:

    Code:
    [autorun]
    open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
    icon=%SystemRoot%\system32\SHELL32.dll,4
    action=Open folder to view files
    shell\open=Open
    shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe
    shell\open\default=1
    Ñ íåÿ ñìå ãî äîìúêíàëè òîÿ ÷åðâåé, è ñåãà ïðè èçòðèâàíå íà ôàéëà è ïàïêàòà îò ôëàøêàòà, òå ñå ñúçäàâàò îòíîâî, òîåñò çàðàçåíèÿ êîìïþòúð ÿ ïîäãîòâÿ äà ïðåíåñå ÷åðâåé÷åòî íà äðóã. Íà äðóã êîìïþòúð íå ãè ñúçäàâà ïðè èçòðèâàíå.
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

  11. #11
    Registered User
    Join Date: Oct:2003
    Location: Ñîôèÿ
    Posts: 4,317
    Ïðåäè ñåäìèöà-äâå ñå áîðèõ äúëãî âðåìå ñ åäèí rootkit, äîêàòî íàêðàÿ ãî îòêðè DrWeb. Ïðè òîâà ãî îòêðè äîñòàòú÷íî åëåìåíòàðíî - ïî òîâà, ÷å èçïúëíèìèÿò ôàéë å packed (íå ñå ñåùàì êàê å íà áúëãàðñêè).
    Ïðåäëàãàì äà çàðåäèø îò CD, äà ñè ñâàëèø áåçïëàòíàòà âåðñèÿ íà DrWeb è äà ÿ ïóñíåø äà ñêàíèðà â îïðåäåëåíè äèðåêòîðèè (íå öåëèÿ äèñê, ïîíåæå å ñðàâíèòåëíî áàâíà). Windows, Documents And Settings, \, êîø÷åòàòà, System Volume Information.
    À å äîáðå äà ñå ðàáîòè îò CD, çà äà ñå èçáåãíå çàðåæäàíåòî íà âúïðîñíèÿ malware, êîéòî ìîæå áè èçïîëçâà rootkit-òåõíèêè.

    P.S. Ñåãà âèäÿõ êàêâî ñè íàïèñàë çà ôëàøà. Àç çàòîâà âå÷å êúäåòî ñåäíà, ñïèðàì Autorun íà âñè÷êè óñòðîéñòâà. Âñå ïàê ïðåïîðúêàòà ìè ñè îñòàâà â ñèëà - òðîÿíñêèòå êîíå íàëè çàòîâà ñà òðîÿíñêè êîíå, çà äà îòâàðÿò âðàòèòå êúì êàêâè ëè íå äðóãè ãàäîñòè. Ò. å. èç÷èñòâàíåòî íà åäíî íåùî íå îçíà÷àâà, ÷å ïðîáëåìúò å ðåøåí.

  12. #12
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Ïîãëåäíè òóê:
    http://www.trendmicro.com/vinfo/viru...BOT.AQ&VSect=T

    Ðàçãëåäàé âúïðîñíèòå êëþ÷îâå â ðåãèñòúðà, êàêòî è ïóñíè äåòàéëåí ëîã îò HJT-


    ComboFix ñúùî ïîêàçâà è êîè ôàéëîâå ñà ñúçäàâàíè ïîñëåäíèòå 30 äíè ìàé. Ìîæåø ëè äà ïóñíåø è òàçè ÷àñò îò ëîãà ìó?

  13. #13
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566
    Çíà÷è, ãàäèíàòà ÿ èìàøå è íà ìîÿ êîìïþòúð â êúùè, ïðåíåñúì ñúì ÿ ñ ôëàøêàòà
    Èç÷èñòèõ ÿ, íî ÿâíî å äàóíëîóäíàëà íåùî äðóãî, ñåãà ñëåä êàòî çàãàñÿ (ïðè ðåñòàðò íÿìà ïðîáëåì) íåùî ìè ïðîìåíÿ àäìèíèñòðàòîðñêàòà ïàðîëà, è ñå íàëàãà äà âðúùàì ðåãèñòðèòå, çàùîòî äîðè è äà óñïåÿ äà ÿ ñìåíÿ èìà äðóãè ïðîáëåìè.
    Äàéòå èäåÿ êàê äà çàáðàíÿ ñìÿíàòà íà ïàðîëàòà ?

    åòî ëîãà îò combofix:

    Code:
    ComboFix 08-07-18.1 - Administrator 2008-07-19 12:20:34.1 - NTFSx86
    Microsoft Windows XP Professional  5.1.2600.2.1251.1.1033.18.626 [GMT 3:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
     * Created a new restore point
    
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    C:\Documents and Settings\All Users.\documents\settings
    C:\Documents and Settings\All Users.\documents\settings\desktop.ini
    C:\Documents and Settings\LocalService\Application Data\wsnpoem
    C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
    C:\Documents and Settings\NetworkService\Application Data\wsnpoem
    C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
    C:\WINDOWS\msettings.ini
    C:\WINDOWS\system\msvbvm60.dll
    C:\WINDOWS\system32\pskill.exe
    C:\WINDOWS\system32\sys_dll.dll
    
    .
    (((((((((((((((((((((((((   Files Created from 2008-06-19 to 2008-07-19  )))))))))))))))))))))))))))))))
    .
    
    2008-07-19 02:56 . 2008-07-19 12:20	284	--a------	C:\WINDOWS\system32\winsdck.dat
    2008-07-19 02:56 . 2008-07-19 12:20	284	--a------	C:\WINDOWS\system32\kbdmncmx.dat
    2008-07-19 02:56 . 2008-07-19 12:19	0	--a------	C:\WINDOWS\system32\elsjngv.dat
    2008-07-19 02:23 . 2008-07-19 02:23	<DIR>	d--h-----	C:\$AVG8.VAULT$
    2008-07-19 02:05 . 2008-07-19 12:09	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
    2008-07-19 02:05 . 2008-07-19 02:05	<DIR>	d--------	C:\Program Files\AVG
    2008-07-19 02:05 . 2008-07-19 12:06	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\avg8
    2008-07-19 02:05 . 2008-07-19 02:05	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-19 02:05 . 2008-07-19 02:05	76,040	--a------	C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-07-19 02:05 . 2008-07-19 02:05	12,936	--a------	C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-07-19 02:05 . 2008-07-19 02:05	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
    2008-07-18 23:47 . 2008-07-18 23:53	<DIR>	d--------	C:\WINDOWS\CAVTemp
    2008-07-18 23:31 . 2008-07-18 23:54	<DIR>	d--------	C:\WINDOWS\Internet Logs
    2008-07-18 23:12 . 2008-07-19 12:24	6,501	--a------	C:\WINDOWS\system32\msafd.dat
    2008-07-18 23:12 . 2008-07-19 12:24	2,269	--a------	C:\WINDOWS\system32\d3dx9F34.dat
    2008-07-18 23:12 . 2008-07-19 12:11	390	--a------	C:\WINDOWS\system32\mshtzled.dat
    2008-07-18 23:12 . 2008-07-19 12:23	0	--a------	C:\WINDOWS\system32\w3ssJQ.dat
    2008-07-18 20:32 . 2008-07-18 20:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\ESET
    2008-07-17 20:45 . 2008-07-17 20:45	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-07-17 20:45 . 2008-07-17 20:45	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-07-09 23:38 . 2008-03-05 15:56	3,786,760	--a------	C:\WINDOWS\system32\D3DX9_37.dll
    2008-07-09 23:38 . 2008-03-05 15:56	1,420,824	--a------	C:\WINDOWS\system32\D3DCompiler_37.dll
    2008-07-09 23:38 . 2008-03-05 16:03	479,752	--a------	C:\WINDOWS\system32\XAudio2_0.dll
    2008-07-09 23:38 . 2008-02-05 23:07	462,864	--a------	C:\WINDOWS\system32\d3dx10_37.dll
    2008-07-09 23:38 . 2008-03-05 16:03	238,088	--a------	C:\WINDOWS\system32\xactengine3_0.dll
    2008-07-09 23:38 . 2008-03-05 16:00	25,608	--a------	C:\WINDOWS\system32\X3DAudio1_3.dll
    2008-07-04 21:07 . 2008-07-04 21:08	<DIR>	d--------	C:\Program Files\Microchip
    2008-07-02 23:31 . 2008-07-02 23:31	2,560	--a------	C:\WINDOWS\system32\bitcometres.dll
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-19 09:20	---------	d-----w	C:\Program Files\FlashGet
    2008-07-17 19:56	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-16 21:28	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Skype
    2008-07-16 19:16	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\skypePM
    2008-07-08 16:43	---------	d-----w	C:\Program Files\SpeedFan
    2008-07-04 18:48	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-07-04 18:09	---------	d--h--w	C:\Program Files\InstallShield Installation Information
    2008-07-02 22:19	---------	d-----w	C:\Program Files\BitComet
    2008-07-02 15:01	135,168	----a-w	C:\WINDOWS\uninst194.exe
    2008-06-29 19:01	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Autodesk
    2008-06-06 17:42	---------	d-----w	C:\Program Files\Skype
    2008-06-06 17:42	---------	d-----w	C:\Program Files\Common Files\Skype
    2008-06-06 17:42	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Skype
    2008-05-31 17:57	---------	d-----w	C:\Program Files\Common Files\Autodesk Shared
    2008-05-31 17:53	---------	d-----w	C:\Program Files\Autodesk
    2008-05-31 17:53	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Autodesk
    2008-05-21 20:57	---------	d-----w	C:\Program Files\F-Prot
    2008-05-05 12:25	409,600	----a-w	C:\WINDOWS\system32\wrap_oal.dll
    2008-05-05 12:25	114,688	----a-w	C:\WINDOWS\system32\OpenAL32.dll
    2008-04-25 06:59	770,048	----a-w	C:\WINDOWS\TMUninst.exe
    2006-11-09 16:35	108	-csha-r	C:\WINDOWS\neoqaz2.dll
    .
    
    Code:
    <pre>
    -c--a-w           504,808 2005-06-11 09:15:06  C:\Downloads\software\UTILITY\BySoft FreeRAM v4.0.4.161 .exe
    </pre>
    ------- Sigcheck ------- 2004-08-03 22:59 2027008 789a67335f801d6d429ae49ad82c5e57 C:\WINDOWS\system32\ntkrnlpa.exe 2004-08-03 22:59 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe 2004-08-03 23:18 2160128 5d0f5b34f58a6869b297228ef2405282 C:\WINDOWS\system32\ntoskrnl.exe 2004-08-03 23:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\system32\VITrans\ntoskrnl.exe 2004-08-04 00:56 1422336 cd7ee0e0b4c778c3df22f8dbb9f855b4 C:\WINDOWS\explorer.exe 2004-08-04 00:56 1402880 a30b376c46c7b99d679571199b363d0f C:\WINDOWS\system32\VITrans\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mshtzled] @="{0CA32392-230C-C009-EF24-864E71242C82}" [HKEY_CLASSES_ROOT\CLSID\{0CA32392-230C-C009-EF24-864E71242C82}] 2004-08-04 00:56 98304 --a------ C:\WINDOWS\system32\mshtzled.dIl [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-19 02:05 1232152] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.VP31"= vp31vfw.dll "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMab488731 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvGraphicsInterface [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ComStart] --a------ 2007-04-26 21:00 244224 C:\Tools\Trojan Guarder Gold Version\Trojan Guarder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-04-04 01:29 165784 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load Bib] C:\DOCUME~1\ADMINI~1\APPLIC~1\BIRDBO~1\Prociso.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerManagerII] C:\WINDOWS\system32\NeroCheck.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a--c--- 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] C:\Program Files\Styler\Styler.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a--c--- 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit] C:\WINDOWS\system32\ntos.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] cmicnfg.cpl [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Tools\\BORGChat\\BORGChat.exe"= "C:\\Program Files\\QIP\\qip.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\LowRateVoip\\LowRateVoip.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Tools\\LDC++\\LDCPlusPlus.exe"= "C:\\Tools\\eMule0.47c\\emule.exe"= "C:\\Tools\\utorrent.exe"= "C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "E:\\Games\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "E:\\Games\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "E:\\Games\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "E:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "E:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10530:TCP"= 10530:TCP:BitComet 10530 TCP "10530:UDP"= 10530:UDP:BitComet 10530 UDP R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-07-19 02:05] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-19 02:05] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-19 02:05] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-19 02:05] R2 PMService;PMService;C:\Program Files\richcomm\WinstarPro\PMService.exe [2005-07-22 23:11] R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 12:15] S1 kbd;kbd;C:\WINDOWS\system32\drivers\kbd.sys [] S3 GPU-Z;GPU-Z;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GPU-Z.sys [] S3 ntportio;ntportio;C:\Documents and Settings\Administrator\Desktop\GSM\DIV_8[1].4_cracked\ntportio.sys [] . - - - - ORPHANS REMOVED - - - - Notify-WgaLogon - (no file) Notify-wvUmjjgF - wvUmjjgF.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-19 12:23:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** "ImagePath"="\??\C:\Documents and Settings\Administrator\Desktop\GSM\DIV_8 [1].4_cracked\ntportio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ntportio] "ImagePath"="\??\C:\Documents and Settings\Administrator\Desktop\GSM\DIV_8 . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\mshtzled.dIl . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-07-19 12:26:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-19 09:26:46 Pre-Run: 6,047,227,904 bytes free Post-Run: 5,993,598,976 bytes free 213
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

  14. #14
    Nostrum IvO™'s Avatar
    Join Date: Jun:2008
    Location: HOME.WAD
    Posts: 1,334
    Quote Originally Posted by MegatroniC View Post
    Çíà÷è, ãàäèíàòà ÿ èìàøå è íà ìîÿ êîìïþòúð â êúùè, ïðåíåñúì ñúì ÿ ñ ôëàøêàòà
    Èç÷èñòèõ ÿ, íî ÿâíî å äàóíëîóäíàëà íåùî äðóãî, ñåãà ñëåä êàòî çàãàñÿ (ïðè ðåñòàðò íÿìà ïðîáëåì) íåùî ìè ïðîìåíÿ àäìèíèñòðàòîðñêàòà ïàðîëà, è ñå íàëàãà äà âðúùàì ðåãèñòðèòå, çàùîòî äîðè è äà óñïåÿ äà ÿ ñìåíÿ èìà äðóãè ïðîáëåìè.
    Äàéòå èäåÿ êàê äà çàáðàíÿ ñìÿíàòà íà ïàðîëàòà ?

    Îòòóê íå ñòàâà ëè äà ÿ èçêëþ÷èø?

    Start -> Run -> control userpasswords2


    Quote Originally Posted by MegatroniC View Post
    Îáåêò - C:\runmgr.exe ñúçäàâà ñå ïðè ñòàðòèðàíå íà óèíäîóñà (XP SP2, áåç íèêàêâè úïäåéòè )íî ñàìî êîãàòî å ñâúðçàí êúì èíòåðíåò.

    Äîñòà "óÿçâèì" Windows. Òî÷íî îòïðåäè 4 ãîäèíè. Àêî íå èñêàø äà ñëîæèø äèðåêòíî SP3 îòãîðå, ïîíå äà çàêúðïèø îãðîìíîòî ìíîæåñòâî îò äóïêè â ñèãóðíîñòòà, áèõ òè ïðåïîðú÷àë äà ïóñíåø "Advanced WindowsCare Personal":

    http://www.iobit.com/advancedwindows...l?Str=download

    Êîëêîòî äà òè èçïîçàòâîðè è ôèêñíå ñóìà òè ñëàáè ìåñòà â ñèñòåìàòà, çàùîòî ÿâíî íå ñå çíàå îò êîÿ "äóïêà" âëèçà ïòè÷åòî.

  15. #15
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    MegatroniC

    Ïóñíè è ïîäðîáíèÿò ëîã îò HJT.

  16. #16
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566
    Ìèñëÿ, ÷å îòêðèõ ïðîáëåìà çà òîâà ÷å ìè ñëàãà ïàðîëà êîÿòî íå çíàì íà àäìèíèñòðàòîðñêèÿ àêàóíò, íå ñå èçïúëíÿâàøå ïðîâåðêàòà íà autochk. Ñåãà óæ âñè÷êî å íàðåä, îñâåí íÿêîëêî ôàéëà êîèòî ìè ñà íåèçâåñòíè â system32. Åòî è ëîãà îò hijackthis (íå çíàì êîëêî ïî ïîäðîáåí èìà )

    Logfile of HijackThis v1.99.1
    Scan saved at 21:18:54, on 20.7.2008 ã.
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\richcomm\WinstarPro\PMService.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Tools\BORGChat\BORGChat.exe
    C:\Tools\Maxthon\Maxthon.exe
    C:\Downloads\software\Antivirus and SpyAware\Spy Aware\HijackThis v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.2 8.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb arInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Ñ&âàëÿíå &ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &Ñ&âàëÿíå âñè÷êè âèäåî ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &Ñ&âàëÿíå âñè÷êè ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Ñâàëÿíå íà âñè÷êè ñ FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Ñâàëÿíå ñ FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.D LL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\M SOXMLMF.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\F-Prot\fpavupdm.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32s erver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PMService - Unknown owner - C:\Program Files\richcomm\WinstarPro\PMService.exe
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

  17. #17
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Òåçè ñà íàé- âåðîÿòíî ÷àñò îò âèðóñà, çàáåëåæè DIL ðàçøèðåíèåòî, êîåòî ïðè íÿêîè øðèôòîâå òðóäíî ñå çàáåëÿçâà, õèòðî:

    Code:
    C:\WINDOWS\system32\mshtzled.dIl
    C:\WINDOWS\system32\mshtzled.dat
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mshtzled]
    @="{0CA32392-230C-C009-EF24-864E71242C82}"
    [HKEY_CLASSES_ROOT\CLSID\{0CA32392-230C-C009-EF24-864E71242C82}]
    2004-08-04 00:56	98304	--a------	C:\WINDOWS\system32\mshtzled.dIl
    êàêòî è íÿêîëêî îò DAT ôàéëîâåòå èçìåæäó òåçè, ñêàíèðàé ãè åäèí ïî åäèí â www.virustotal.com:
    Code:
    ((((((((((((((((((((((((   Files Created from 2008-06-19 to 2008-07-19  )))))))))))))))))))))))))))))))
    .
    
    2008-07-19 02:56 . 2008-07-19 12:20	284	--a------	C:\WINDOWS\system32\winsdck.dat
    2008-07-19 02:56 . 2008-07-19 12:20	284	--a------	C:\WINDOWS\system32\kbdmncmx.dat
    2008-07-19 02:56 . 2008-07-19 12:19	0	--a------	C:\WINDOWS\system32\elsjngv.dat
    2008-07-19 02:23 . 2008-07-19 02:23	<DIR>	d--h-----	C:\$AVG8.VAULT$
    2008-07-19 02:05 . 2008-07-19 12:09	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
    2008-07-19 02:05 . 2008-07-19 02:05	<DIR>	d--------	C:\Program Files\AVG
    2008-07-19 02:05 . 2008-07-19 12:06	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\avg8
    2008-07-19 02:05 . 2008-07-19 02:05	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-19 02:05 . 2008-07-19 02:05	76,040	--a------	C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-07-19 02:05 . 2008-07-19 02:05	12,936	--a------	C:\WINDOWS\system32\drivers\avgrkx86.sys
    2008-07-19 02:05 . 2008-07-19 02:05	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
    2008-07-18 23:47 . 2008-07-18 23:53	<DIR>	d--------	C:\WINDOWS\CAVTemp
    2008-07-18 23:31 . 2008-07-18 23:54	<DIR>	d--------	C:\WINDOWS\Internet Logs
    2008-07-18 23:12 . 2008-07-19 12:24	6,501	--a------	C:\WINDOWS\system32\msafd.dat
    2008-07-18 23:12 . 2008-07-19 12:24	2,269	--a------	C:\WINDOWS\system32\d3dx9F34.dat
    2008-07-18 23:12 . 2008-07-19 12:11	390	--a------	C:\WINDOWS\system32\mshtzled.dat
    2008-07-18 23:12 . 2008-07-19 12:23	0	--a------	C:\WINDOWS\system32\w3ssJQ.dat
    Çà ïîäðîáíèÿò ëîã- ñâàëè íîâàòà âåðñèÿ íà HJT, â ïîñò #12 ñúì òè ïóñíàë è ñêðèéíøîò êúäå òî÷íî äà íàòèñíåø

  18. #18
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566
    Åòî ãî ïîäðîáíèÿ ëîã îò íîâàòà âåðñèÿ:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:07:45, on 20.7.2008 ã.
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\richcomm\WinstarPro\PMService.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Tools\BORGChat\BORGChat.exe
    C:\Tools\Maxthon\Maxthon.exe
    C:\PROGRA~1\FlashGet\flashget.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Downloads\software\Antivirus and SpyAware\Spy Aware\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.2 8.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb arInit
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: &Ñ&âàëÿíå &ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &Ñ&âàëÿíå âñè÷êè âèäåî ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &Ñ&âàëÿíå âñè÷êè ñ BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Ñâàëÿíå íà âñè÷êè ñ FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Ñâàëÿíå ñ FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.D LL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\F-Prot\fpavupdm.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32s erver.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PMService - Unknown owner - C:\Program Files\richcomm\WinstarPro\PMService.exe

    --
    End of file - 5368 bytes
    Òåçè dat ôàéëîâå è ìåí ìå ñúìíÿâàõà, ñïîðåä ñàéòà virustotal, ðåçóëòàòèòå íà âñåêè åäèí îò òÿõ å 0. À DIL ôàéëà å 2/33 "Suspicious File". Íî ïúê å ñ äàòà íà ñúçäàâàíå è ìîäèôèöèðàíå 2004
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

  19. #19
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    mshtzled.dIl 99.9% ãàðàíöèÿ ÷å å âèðóñ. Ïðåèìåíóâàé íåãî è mshtzled.dat ñ Unlocker íàïðèìåð ñ ðåñòàðòèðàíå.

    HJT ëîãà ïàê íå å êîéòî òðÿáâà. Íå ñå ëè âèæäà íà ñêðèéøîòà êúäå òî÷íî äà îòìåòíåø è êúäå äà íàòèñíåø? Ïóñêàø HJT, íà ïúðâèÿ åêðàí èçáèðàø OPEN MISC TOOLS SECTION, òàì îòìÿòàø LIST ALSO MINOR SECTIONS(FULL) è íàòèñêàø GENERATE STARTUPLIST LOG.

  20. #20
    Banned
    Join Date: Sep:2004
    Location: ñîôèÿ
    Posts: 2,168
    àç áèõ íàïðàâèë òàêà.
    èçêëþ÷âàíå íà "System Restore" ïîñëå - SafeMode - ïîñëå "HiJackThisR, åäèí "LSP Fix" è ïîñëå S&D.

  21. #21
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566
    Âèäÿõ ñêðèéíøîòà íî íåùî ÿâíî íå ñå ïîëó÷è çàùîòî âêëþ÷èõ ôóë êàòî èçáðàõ config ñëåä êàòî âå÷å âåäíúæ å íàïðàâèë ïðîâåðêà à íå ïðåç open misc tools section ïðåäè òîâà. Êàêòî è äà å åòî ãî ëîãà:

    Code:
    StartupList report, 21.7.2008 ã., 15:20:10
    StartupList version: 1.52.2
    Started from : C:\Downloads\software\Antivirus and SpyAware\Spy Aware\HiJackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Unable to get Internet Explorer version!
    * Using default options
    * Showing rarely important sections
    ==================================================
    
    Running processes:
    
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\richcomm\WinstarPro\PMService.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Tools\BORGChat\BORGChat.exe
    C:\PROGRA~1\FlashGet\flashget.exe
    C:\Tools\Maxthon\Maxthon.exe
    C:\Downloads\software\Antivirus and SpyAware\Spy Aware\HiJackThis.exe
    
    --------------------------------------------------
    
    Checking Windows NT UserInit:
    
    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    
    --------------------------------------------------
    
    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
    
    --------------------------------------------------
    
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    
    --------------------------------------------------
    
    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    
    [AdobeUpdater]
     = 
    
    --------------------------------------------------
    
    File association entry for .SCR:
    HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command
    
    (Default) = "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
    
    --------------------------------------------------
    
    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command
    
    (Default) = Notepad.exe %1
    
    --------------------------------------------------
    
    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)
    
    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    
    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
    
    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
    
    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    
    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll
    
    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = %SystemRoot%\system32\ie4uinit.exe
    
    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    
    --------------------------------------------------
    
    Load/Run keys from C:\WINDOWS\WIN.INI:
    
    load=*INI section not found*
    run=*INI section not found*
    
    Load/Run keys from Registry:
    
    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=avgrsstx.dll
    
    --------------------------------------------------
    
    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
    
    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*
    
    Shell & screensaver key from Registry:
    
    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*
    
    Policies Shell key:
    
    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*
    
    --------------------------------------------------
    
    Checking for EXPLORER.EXE instances:
    
    C:\WINDOWS\Explorer.exe: PRESENT!
    
    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present
    
    --------------------------------------------------
    
    Checking for superhidden extensions:
    
    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden
    
    --------------------------------------------------
    
    Enumerating Browser Helper Objects:
    
    (no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}
    BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
    WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - C:\Program Files\FlashGet\getflash.dll - {F156768E-81EF-470C-9057-481BA8380DBA}
    
    --------------------------------------------------
    
    Enumerating Download Program Files:
    
    [{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
    CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    
    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
    CODEBASE = http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
    
    --------------------------------------------------
    
    Enumerating Windows NT/2000/XP services
    
    atksgt: system32\DRIVERS\atksgt.sys (autostart)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (autostart)
    AVG8 WatchDog: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (autostart)
    AVG8 Network Redirector: \SystemRoot\System32\Drivers\avgtdix.sys (autostart)
    Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    lirsgt: system32\DRIVERS\lirsgt.sys (autostart)
    mental ray 3.5 Satellite (32-bit): "C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" (autostart)
    NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    PMService: C:\Program Files\richcomm\WinstarPro\PMService.exe -service (autostart)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    Schedule: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    
    
    --------------------------------------------------
    
    Enumerating ShellServiceObjectDelayLoad items:
    
    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll
    
    --------------------------------------------------
    End of report, 10*773 bytes
    Report generated in 0,188 seconds
    
    Command line options:
       /verbose  - to add additional info on each section
       /complete - to include empty sections and unsuspicious data
       /full     - to include several rarely-important sections
       /force9x  - to include Win9x-only startups even if running on WinNT
       /forcent  - to include WinNT-only startups even if running on Win9x
       /forceall - to include all Win9x and WinNT startups, regardless of platform
       /history  - to list version history only
    mshtzled è äâàòà ãè èçòðèõ äîðè áåç ïîìîùà íà Unlocker, íÿìà ïðîáëåì ñëåä ðåñòàðò òà äà âèäèì.
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

  22. #22
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Íèùî èíòåðåñíî íå âèæäàì â ëîãà, íÿêàêâè îïëàêâàíèÿ?

    Äâàòà ôàéëà íå ãè ëè çàïàçè íàêúäå? Èäåÿòà ìè çà ïðåèìåíóâàíå áåøå äà ãè ïðàòÿ íà Kaspersky.

  23. #23
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566
    Çàïàçèë ñúì ãè, äà ãè êà÷à ëè íÿêúäå
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

  24. #24
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Ñëîæè ãè â àðõèâ ñ ïàðîëà è ìè äàé ëèíêà íà ë.ñ. çà ïî- áåçîïàñíî, ìåðñè.
    Ãëåäàé ñàìî âðåìåòî çà ðåàêöèÿ íà ïè÷îâåòå îò Êàñïåðñêè- îáèêíîâåíî äî ÷àñ- ÷àñ è ïîëîâèíà ìè âðúùàò îòãîâîð è äî 3-4 ÷. å â äåôèíèöèèòå.

    ï.ñ. Èìà ëè ïàöèåíòúò îïëàêâàíèÿ îùå?

  25. #25
    the system controls you MegatroniC's Avatar
    Join Date: Jun:2005
    Location: Áóðãàñ
    Posts: 3,566
    Eé ñåãà ùå òè ãè ïðàòÿ.
    Îïëàêâàíèÿ òîÿ â êúùè íÿìà âå÷å 2 äåíà.
    Êàòî èäà íà ðàáîòà ùå âèäèì äðóãèÿ Áè òðÿáâàëî è ïðè íåãî äà íÿìà
    Ñåãà ðàçáðàõ êîå ìè å èçòðèëî çàïèñà â ðåãèñòðèòå çà autochk è ìè èñêàøå ïàðîëà êîÿòî íå çíàì ñëåä âêëþ÷âàíå íà ðñ-òî. Áàò NOD32
    Òîçè, êîéòî èìà äîñòàòú÷íî õðàáðîñò è òúðïåíèå äà ñå âãëåæäà öÿë æèâîò â ìðàêà, ïðúâ ùå âèäè ïðîáëÿñúêà ñâåòëèíà â íåãî.
    Äàðè íàäåæäà...

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 Õàðäóåð ÁÃ. Âúçìîæíî å ñúäúðæàíèåòî íà òàçè ñòðàíèöà äà å îáåêò íà àâòîðñêè ïðàâà.
iskamPC.com | mobility.BG | Bloody's Techblog | Êðèïòîâàëóòè è ìàéíèíã | 3D Vision Blog | Ìàãàçèí çà åëåêòðîííè öèãàðè