Results 1 to 16 of 16

Thread:

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User ThuGANGel's Avatar
    Join Date: Jul:2003
    Location: /.
    Posts: 277


    Internet Explorer- ;(



    f-prot ( )
    Ad-aware 6.0 ( )
    HiJackThis...
    :(
    Ad-aware



    ... ad-aware- 10



    ;)

  2. #2
    Will It Blend? :) Kiko's Avatar
    Join Date: Jun:2002
    Location:
    Posts: 606
    -!
    Spywareblaster Spybot!
    1. Spybot-a .
    2. , .
    3. Spywareblaster-a All Protection.
    4. Ad-watch-a Ad-aware-a .
    5. Spywareblaster-a Tools - Browser Pages . about:blank! , .

    .

    : F-prot, NOD32
    Last edited by Kiko; 29th August 2004 at 00:01.

  3. #3
    chuck norris primetime's Avatar
    Join Date: Jan:2003
    Location: Sofia
    Posts: 4,717
    ... ...
    @ThuGANGel - .
    , HiJackThis ... , . , 2 , ... "search & destroy".
    safe mode.
    regedit :
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run
    - 2, , , .
    ... vjfvjk (jkvjfkv)... . , - attle , ... ... .
    -
    . ... . Search - More Advanced Options --> Search Hidden Files and Folders.
    - c:\windows c:\windows\system(32). , - ... .
    .
    safe mode - .. .
    ( ).
    - .

  4. #4
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    Spy Sweeper Hijackthis

  5. #5
    Kobaiashi San ivkony's Avatar
    Join Date: Sep:2003
    Posts: 174
    ,
    Ad-aware, Spy Boot, SpySweeper - , , 1 !
    , ?
    ! !

  6. #6
    Registered User entium's Avatar
    Join Date: May:2003
    Location:
    Posts: 1,426
    about:buster
    EP43-DS3|E5200@3.33|ASUS EN9800GT HB /HTDI/ 512MB|2X2GB 800MHZ CL5 A-DATA|WD2500JB|NEC 4750A|BELINEA 1980S2

  7. #7
    12 Roshav's Avatar
    Join Date: Oct:2002
    Location:
    Posts: 7,897
    Spy Sweeper - ...........................
    , .

    Ad-aware - Spy Sweeper . primetime ( *- - oapb.exe cfpmhvta.exe), ,

    [Mod. Edit] (GIPSON) - , Edit-a.
    Last edited by GIPSON; 3rd September 2004 at 19:08.
    , , , . .

  8. #8
    Boyman's Avatar
    Join Date: Apr:2004
    Location: In the Source
    Posts: 384
    , ... .



  9. #9
    Kobaiashi San ivkony's Avatar
    Join Date: Sep:2003
    Posts: 174
    CWShredder !!!

  10. #10
    Kobaiashi San ivkony's Avatar
    Join Date: Sep:2003
    Posts: 174
    , !!!
    !

  11. #11
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    Hijackthis .

  12. #12
    Kobaiashi San ivkony's Avatar
    Join Date: Sep:2003
    Posts: 174
    :

    Logfile of HijackThis v1.98.2
    Scan saved at 13:42:14, on 06.9.2004 .
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\FSI\F-Prot\F-StopW.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\Datecs\Flex2K.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\ICQLite\ICQLite.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Admin\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - Default URLSearchHook is missing
    O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Global Startup: 3 Mega Digital Camera Monitor.lnk = ?
    O4 - Global Startup: Erinnerungen fur Microsoft Works-Kalender.lnk
    O4 - Global Startup: FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094303369984
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab

  13. #13
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    Hijackthis => scan => fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Admin\LOCALS~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
    R3 - Default URLSearchHook is missing
    O16 - DPF: {706F3805-27D7-478D-80E5-E25D2BB030B3} (VacPro.internazionale_ver3) - http://www.advnt01.com/dialer/internazionale_ver3.CAB
    Trojan Clicker
    - ,

  14. #14
    12 Roshav's Avatar
    Join Date: Oct:2002
    Location:
    Posts: 7,897
    A
    Logfile of HijackThis v1.98.2
    Scan saved at 08:46:45, on 07.9.2004 .
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\SYSTEM32\DNTUS26.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
    C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
    C:\WINNT\LogWatNT.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\system32\RunDll32.exe
    C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\Datecs\Flex2K.exe
    C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    C:\CKWire10\CKWIN.EXE
    C:\Program Files\ICQLite\ICQLite.exe
    \Cad_server1\TEMP\Y???????\HijackThis.ex e
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\system32\cfpmhvta.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dir.bg
    R1 - HKCU\Software\Microsoft\Windows\CurrentV ersion\Internet Settings,ProxyServer = 1??.??.??.?:????
    R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
    O1 - Hosts: ??.??.??.?? login.icq.com
    O2 - BHO: (no name) - {6AFB6E0D-9443-749D-8500-6D5509DC201C} - C:\WINNT\system32\yaam.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Global Startup: FlexType 2K.lnk = C:\WINNT\Datecs\Flex2K.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchmiracle.com
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AE2A0 8DB-87CC-4CAF-B643-845B43A19E3E}: NameServer = 170.???.???.??,170.???.??.???

    - - -
    , , , . .

  15. #15
    Banned
    Join Date: Jan:2004
    Location: Montreal
    Posts: 373
    Roshav -, - ?
    C:\WINNT\system32\cfpmhvta.exe , 90% .

    R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8a29296baabe1d6
    - Blazefind Adaware
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchmiracle.com
    T .
    100% , .
    config => backups => restore
    , ISP-
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AE2A0 8DB-87CC-4CAF-B643-845B43A19E3E}: NameServer = 170.???.???.??,170.???.??.???

  16. #16
    12 Roshav's Avatar
    Join Date: Oct:2002
    Location:
    Posts: 7,897
    !
    , . . .
    , , , . .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |