Results 1 to 11 of 11

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Game Galactic Bagi's Avatar
    Join Date: Apr:2006
    Location: Ñîôèÿ
    Posts: 235

    100% ÖÏÓ-Hijackthis

    Çäðàâåéòå,èñêàì äà Âè ïîïèòàì îò íÿêîëêî äíè íàñàì êàòî ñè ïóñíà êîìïþòúðà è ñëåä îêîëî 5ìèí çàïî÷âà äà ñå òîâàðè íà 100% ïðîöåñîðà,äàâàì Òàñê Ìåíèäæúðà è âèäÿõ êàêâî ìè òîâàðè ïðîöåñîðà íà 100%,äàäîõ ìó åíä òàñê,è ñïðÿ äà ñå òîâàðè,ñëåä êîåòî êàòî ñè ðåñíàõ êîìïà è êàòî ãî ïóñíàõ ñëåä 5ìèíóòè ïàê ñå òîâàðåøå íà 100%,ïðåãëåäàõ çà âèðóñè èç÷èñòèõ âñè÷êèòå âèðóñè ñ ìíîãî äîáðà àíòèâèðóñòíà,ïîãëåäíàõ â msconfig íÿìàøå òàêàâà ïðîãðàìà,ïðåãëåäàõ àäðèìóâå ïðîãðàìñ è òàì íÿìàøå,à òîâà ìîíè.åõå ïðîäúëæàâà äà ñè ñåäè è íÿìà êàê äà ãî ìàõíà,ïðåãëåäàõ çà ñïàé èç÷èñòèõ ãè,è ïîñëå ïàê ìè ñå ïîÿâÿâà òîâà ìîíè.åõå è â íà÷àëîòî ñåäè íà 0% è ñëåä 5ìèí çàïî÷âà äà ñå ïîêà÷âà áàâíî äîêàòî ñòèãíå äî 100% è êîìïà ñòàâà ñòðàøíî áàâåí,íÿêîé ìîæå ëè äà ìè ïîìîãíå è äà ìè îáÿñíè êàêâî äà íàïðàâÿ

    Ïðåäâàðèòåëíî Âè Áëàãîäàðÿ.
    --------------------------------------------------------------------------

    Ïóñíàõ ïðîãðàìàòà hijackthis, íàòèñíàõ âúðõó Do a system scan and save a logfile, è ìè ñå ïîÿâè òîâà,ìîëÿ ïîìàãàéòå.


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Programs\F-PROT\fpavupdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Programs\QIP ICQ\QIP\qip.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\SERVER~2.SER\LOCALS~1\Temp\T emporary Directory 3 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D
    Last edited by Bagi; 20th February 2007 at 17:02.

  2. #2
    User evilution's Avatar
    Join Date: Oct:2004
    Location: Sofia
    Posts: 37,465
    O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\â
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScIns t.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET P.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET P.EXE /IMEName


    òèÿ â system32 àêî íå çíàåø îò êúäå ñà ãè ìàõàé. svchost íå å svhost.exe, èìà ñè c è íå ãî ïèøå òàì.
    àç ìàõàì è âñè÷êè toolbars íà google è icq îñâåí âñ÷èêî è ìàé ñå óñåùà
    Stability itself is nothing else than a more sluggish motiîn

  3. #3
    Game Galactic Bagi's Avatar
    Join Date: Apr:2006
    Location: Ñîôèÿ
    Posts: 235
    Quote Originally Posted by evilution View Post
    O4 - HKCU\..\Run: [svchost] C:\WINDOWS\system32\â
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScIns t.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET P.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSET P.EXE /IMEName


    òèÿ â system32 àêî íå çíàåø îò êúäå ñà ãè ìàõàé. svchost íå å svhost.exe, èìà ñè c è íå ãî ïèøå òàì.
    àç ìàõàì è âñè÷êè toolbars íà google è icq îñâåí âñ÷èêî è ìàé ñå óñåùà
    Ìíîãî òè áëàãîäàðÿ çà ïîìîùà,óñïÿ äà ìè ïîìîãíåø ìíîãî!
    Áëàãîäàðÿ
    Last edited by Bagi; 27th April 2007 at 14:41.

  4. #4
    Registered User jepeto's Avatar
    Join Date: May:2006
    Location: sofia
    Posts: 86
    ìèñëÿ ÷å òóê å óäîáíà òåìà çà äà ïîïèòàì:
    íåùî èìàì ÷óâñòâîòî ÷å ìíîãî ïðîãðàìè ñà ìè ñòàðòèðàíè â òàñê ìåíàæåðà,íî íå ñúì ñèãóðåí êàêâè ñà,ïîíåæå ïîâå÷åòî ñà ñèñòåìíè,òà èñêàì äà âè ïîïèòàì êàòî âèäèòå ñíèìêàòà-äàëè ñïîðåä âàñ å íîðìàëíî è äàëè èìà âèðóñè
    áëàãîäàðÿ ïðåäâàðèòåëíî

    http://vaseto-vtu.hit.bg/problem4e%20malko.JPG

  5. #5
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Task manager íå äàâà äîñòàòú÷íî èíôîðìàöèÿ íèòî êàêâî å ñòàðòèðàíî â ìîìåíòà, íèòî êàêâî ñå ñòàðòèðà ñ win-a. Ïîëçâàé HiJackThis è ïóñíè ëîãà òóê.

  6. #6
    Registered User jepeto's Avatar
    Join Date: May:2006
    Location: sofia
    Posts: 86
    ìåðñè èëêî ,ñàìî ÷å íå çíàì äàëè äà ãî ïóñíà öÿëîòî ñå ïàê å ìàëêî äúëãî íî ñúì çàäàëæåí:åòî ãî è ëîãà:

    Logfile of HijackThis v1.99.1
    Scan saved at Jepeto 8:24:48 Jepeto, on 3/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\windows styles\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    c:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\jepeto\LOCALS~1\Temp\Rar$EX0 0.359\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskb arInit
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
    O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
    O4 - Startup: skype.lnk = C:\Program Files\Skype\Phone\Skype.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm490YYBG
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D LL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://217.71.245.166/activex/AMC.cab
    O16 - DPF: {858B4F85-E945-4F0C-AF65-059E0AD9EEC0} (IntraLaunch.MainControl) - file://F:\Interface\IntraLaunch.CAB
    O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.easyaccesssite.com/11396-76.exe
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://85.112.113.74/activex/AMC.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E81D4 B19-B297-49BA-9AE3-6601F3611BF3}: NameServer = 172.23.232.1,217.9.224.2
    O20 - Winlogon Notify: drmvndde - C:\WINDOWS\system32\drmvndde.dll (file missing)
    O20 - Winlogon Notify: npptdpnm - C:\WINDOWS\system32\npptdpnm.dll (file missing)
    O20 - Winlogon Notify: sccsumdm - C:\WINDOWS\
    O20 - Winlogon Notify: WB - C:\Program Files\windows styles\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: xpspqdvd - C:\WINDOWS\
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

  7. #7
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
    O20 - Winlogon Notify: drmvndde - C:\WINDOWS\system32\drmvndde.dll (file missing)
    O20 - Winlogon Notify: npptdpnm - C:\WINDOWS\system32\npptdpnm.dll (file missing)
    O20 - Winlogon Notify: sccsumdm - C:\WINDOWS\
    O20 - Winlogon Notify: xpspqdvd - C:\WINDOWS\
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - (no file)
    Ñëîæè îòìåòêà íà òåçè è íàòèñíè FIX NOW.

    Èçãëåæäà ñè èìàë ïðîáëåìè è íÿêîÿ ïðîãðàìà å ïîèç÷èñòèëà, èëè ïúê rootkit êðèå ôàéëîâåòå èì. Ñëåä HJT ïóñíè ïîíå 2 îò anti rootkit ïðîãðàìèòå â ñòèêíàòàòà òåìà "êàê äà ñå ñïðàâèì ñ âèðóñè..." è êàæè ðåçóëòàòà. Ñúùî ñêàíèðàé ñ ewido micro è Kaspersky îíëàéí. Àêî íåùî èíòåðåñíî èçêî÷è îò òÿõ çàïàçè ëîãîâåòå è ãè ïîñòíè ñúñ ñëåäâàùèÿò òè ïîñò. Ñúùî ïóñíè Autoruns, íàòèñíè options-> hide microsoft entries è F5 èëè áóòîíà çà refresh. Êàòî çàâúðøè äà ñêàíèðà îò file->save as çàïèøè ëîãà êàòî òåêñòîâ ôàéë è ãî copy- paste öåëèÿò òóê.
    Last edited by ilko; 6th March 2007 at 21:29. Reason: ïðàâîïèñ

  8. #8
    Registered User jepeto's Avatar
    Join Date: May:2006
    Location: sofia
    Posts: 86
    ìåðñè èëêî òè ñè æåëåçåí ñåãà ñè ãè äðàïíàõ ïðîãðàìêèòå íî çà æàëîñò ùå ãëåäàì ìà÷à è ïîñëå ùå ñå îïðàâÿì,ïàê òè áëàãîäàðÿ
    ì/ó äðóãîòî èìàì åäèí âúïðîñ:çàùî íå ìîæå þðë ôàéëîâåòå äèðåêòíî äà ìè ñå îòâàðÿò ñ ÈÅ6,à ñåêè ïúò ìå ïèòà ñ êâî äà ãè îòâîðè-íåùî íå ìîæå äà ãè àñîöèèðà,è ãîðå â ïîëåòî ñ àäåñà ìè ñåäè íå "å"-òî íà åêñïëîðåðà à åòî òàêà:
    http://vaseto-vtu.hit.bg/oks.JPG

  9. #9
    Game Galactic Bagi's Avatar
    Join Date: Apr:2006
    Location: Ñîôèÿ
    Posts: 235
    Quote Originally Posted by jepeto View Post
    ìåðñè èëêî òè ñè æåëåçåí ñåãà ñè ãè äðàïíàõ ïðîãðàìêèòå íî çà æàëîñò ùå ãëåäàì ìà÷à è ïîñëå ùå ñå îïðàâÿì,ïàê òè áëàãîäàðÿ
    ì/ó äðóãîòî èìàì åäèí âúïðîñ:çàùî íå ìîæå þðë ôàéëîâåòå äèðåêòíî äà ìè ñå îòâàðÿò ñ ÈÅ6,à ñåêè ïúò ìå ïèòà ñ êâî äà ãè îòâîðè-íåùî íå ìîæå äà ãè àñîöèèðà,è ãîðå â ïîëåòî ñ àäåñà ìè ñåäè íå "å"-òî íà åêñïëîðåðà à åòî òàêà:
    http://vaseto-vtu.hit.bg/oks.JPG
    ßâíî òè ëèïñâà íåùî...

  10. #10
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Quote Originally Posted by jepeto View Post
    ...ì/ó äðóãîòî èìàì åäèí âúïðîñ:çàùî íå ìîæå þðë ôàéëîâåòå äèðåêòíî äà ìè ñå îòâàðÿò ñ ÈÅ6,à ñåêè ïúò ìå ïèòà ñ êâî äà ãè îòâîðè-íåùî íå ìîæå äà ãè àñîöèèðà,è ãîðå â ïîëåòî ñ àäåñà ìè ñåäè íå "å"-òî íà åêñïëîðåðà à åòî òàêà:
    http://vaseto-vtu.hit.bg/oks.JPG
    Îïèòàé òîâà: http://www.dougknox.com/xp/fileassoc...ortcut_fix.zip

    Àêî íå ñòàíå ïîãëåäíè â my computer->tools->folder options->file types è íàñòðîé ñ (None) URL è URL äà ñå îòâàðÿ ñ IE.

  11. #11
    Banned Danny's Avatar
    Join Date: Jan:2005
    Location: C:\BG\Sofia.zip
    Posts: 3,734
    jepeto, ïúðâî òîâà íå ñà ïðîãðàìè àìè ïðîöåñè, è âòîðî 29 ïðîöåñà âúîáùå íå ñà ìíîãî

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 Õàðäóåð ÁÃ. Âúçìîæíî å ñúäúðæàíèåòî íà òàçè ñòðàíèöà äà å îáåêò íà àâòîðñêè ïðàâà.
iskamPC.com | mobility.BG | Bloody's Techblog | Êðèïòîâàëóòè è ìàéíèíã | 3D Vision Blog | Ìàãàçèí çà åëåêòðîííè öèãàðè