Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Teii din fața casei

E-Mail in serie prin Excel si Out...

Modul alimentare rulou/jaluzea ex...

Recuperare fișiere dupa form...
 Aplicatii stress test RAM

Asigurare auto hibrid

Asus B550M - PC-ul nu porneste di...

Tzanca Uraganu - Inconjurat de Fe...
 explicatie montaj breadboard

3 Doors Down - Kryptonite

Semnalizati cand virati pe un dru...

Succesiune - mostenire apartament...
 Donez Siofor de 1000mg ( diabet t...

Izolatie intre parter si etaj

Hranirea pasarilor din orase -pro...

[unde] goarna tramvai
 

Am fost ... Spart...

- - - - -
  • Please log in to reply
126 replies to this topic

#19
Could_Fire

Could_Fire

    Junior Member

  • Grup: Members
  • Posts: 171
  • Înscris: 03.10.2010
Da am cam intles , stiu ca am fost prost , dar am un motiv, profesori mei sunt niste idioti care miau dat note degeaba si nu mau invatat nimic, acum vad si eu . De invatat sa iau bacu pot ...tocesc pana crap ... bani la liceu nu am dat nici la fondu clasei... Dar un liceu din Eforie  nu te invata prea multe , la romana ne jucam carti ... asa ca scuze de limba romana .......si da acum e 2-1 pentru hacker. Acum sa revin la oile mele , eu sincer la liceu am invatat ca nu prea mai merge treaba cu scam-page si keyloaggeri , dar se pare ca profesorul meu de informatica traieste in alta lume. Iar despre acea linie goala : este "Ceva" care lam gasit in msconfig la start-up , nu are comanda insa are o anumita locatie : ceva cu HKLM la inceput ... acum dupa ce iam dat disable si un restart nu mai apare ... Dar va rog  sa ma ajutati sa il gasesc , iau fiecare registru in parte fara sa il modific , dar dupa ce ar trebui sa ma uit ?
Si dupa deblocare pot sa imi recuperez emailul cu nr. de telefon ? acest numar poate fi schimbat , daca are aces la parola ,dar nu la telefon ?
PS. Ca securitate am win. XP , licentiat , cu update la zi , avasti internet security tot cu update la zi .... Din cate am vorbit cu hackeru a luat codul sursa dupa net si la modificat substantial , deci daca nu il da la tovarasi si il foloseste doar el .. greu de detectat .... Iar la potlitie o sa ma duc de oftica ca sunt mai slab ca el ) ... asta daca nu reusesc sa imi recuperez macar emailul ... finca bani nu am, de meditatii ,poate e baiat de treaba hackeru asta si ma mediteaza si pe mine ....ma ia ucenic ) .....macar sa stiu de unde si ce trebuie sa invat ...
PS. baieti stiu ca am fost prost , dar informatica nu se pupa cu limba romana, iar  devina pentru educatia mea  e societatea care plateste impozite sa aiba senatori vile si vacante in strainatate  , nu profesori care sa invete "copii viitoru tari", eu sincer chiar sunt foarte pasionat de informatica , dar nu am de la cine invata , cel putin aici la mine   ... Si daca este cineva care se pricepe cu adevarat eu o sa ii fiu recunoscator , ca desi am 19 ani pot sa zic ca am potential si vreau sa le fac pe toate chiar daca nu imi ies , oricum la varsta asta cred ca este o ralizare sa traiesc pe munca mea si sa imi si ajut parinti care mau ajutat pana acum , incat la varsta asta am si eu o firma si un bar care produc ceva ... imi pare rau ca nu am avut timp pana acum sa invat cea ce ma pasioneaza cu adevarat ,adica informatica
Iar daca nu reusesc sa imi recuperez pe calea "mentala" pierderile , nam ce sa fac decat sa devin idiot fara sperante de indreptare si sa ma duc la "militie" ...care se roaga de mine sa fac reclamatie dupa ce leam povestit cum sta treaba , saraci cica nu au avut un caz cu condamnare de mult ,nu prea au ce face  si vor si ei niste prime mai ales acum in martie , cica se ocupa de caz imediat si cu cea mai mare placere daca ma duc  si fac plangere ca , vor sa apara si ei la tv. cazurile cu hackeri sunt foarte mediatizate si "umflate" asa ca din heckarash" il fac astia ditamai hackeru......dar nu vreau sa le fac oole mari la militieni" ca si asa nu ii suport ....si dupa cum spuneam stiu unde am gresit , sitiu ca sunt prost  insa finca am constatat asta si nu vreau sa devin idiot iremediabil ,cred ca am o cale de indreptare si pot deveni chiar bun daca imi pun mintea la contrubutie
Scuze pentru dublu post ..dar si pc-ul meu e idiot la fel ca mine Posted Image Posted Image ....

Edited by Could_Fire, 12 March 2013 - 11:43.


#20
Gh3r0m

Gh3r0m

    Le Potato Master

  • Grup: Senior Members
  • Posts: 2,981
  • Înscris: 14.04.2008
Mai sunt 3 luni pana la bacalaureat, ai belit-o la romana. Posted Image
De vina esti tu ca ai frecat menta pana in clasa XII-a, unde se foloseste cratima si cate ii-uri sunt la diverse cuvinte trebuia sa stii din clasa a 5a.

Edited by Gh3r0m, 12 March 2013 - 11:57.


#21
driftking91

driftking91

    Freak on a leash

  • Grup: Senior Members
  • Posts: 19,727
  • Înscris: 28.12.2008
Când am citit titlul am zis că ai scăpat săpunul. :roflmaofast:

#22
Zygoth

Zygoth

    specimen

  • Grup: Senior Members
  • Posts: 3,074
  • Înscris: 29.04.2006

View PostCould_Fire, on 12 martie 2013 - 02:29, said:

E bunicel ...parea mea ... a avut profesor de informatica mai bun ca al meuPosted Image
Tu ai impresia ca hackerii invata ce stiu de la ora de informatica?

dumprep.exe este un proces legitim al sistemului de operare.

#23
eiffel

eiffel

    BusyWorm

  • Grup: Moderators
  • Posts: 68,356
  • Înscris: 15.06.2004
Pai daca zici ca nu poate fi detectat, reinstaleaza sistemul si gata, ai scapat de keylogger. ( da, stiu, e ultima solutie pe care o accept, dar e caz "special" ).
Ca la modul tau de a explica problemele ne ia durerea de cap doar sa citim ce scrii, darmite sa-ti mai explicam si ce sa faci.

#24
STARTREK1

STARTREK1

    cãutãtor pe gugãl

  • Grup: Senior Members
  • Posts: 11,145
  • Înscris: 27.06.2007
incepi cu un log HiJackThis ca sa vezi ce procese ruleaza si pune rezultatul aici

Edited by STARTREK1, 12 March 2013 - 13:20.


#25
Could_Fire

Could_Fire

    Junior Member

  • Grup: Members
  • Posts: 171
  • Înscris: 03.10.2010
In sfarsit un raspuns ajutator ...  Pai ma fratilor ce sa fac la romana daca nu mi se preda ...inafara de frecat menta .. Sa ma apuc sa invat singur ?
Tin sa precizez ca dupa ce am dezactivat programul fara nume,  din msconfi/startup , nu mai apare acolo , sa il bifez sau debifez...
Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 15:18:50, on 12.03.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\System32\WLTRYSVC.EXE
D:\WINDOWS\System32\bcmwltry.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\WINDOWS\system32\WLTRAY.exe
D:\Program Files\Dell Support Center\bin\sprtcmd.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
D:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
D:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe
D:\Program Files\Dell Support Center\bin\sprtsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\WINDOWS\system32\osk.exe
D:\WINDOWS\system32\MSSWCHX.EXE
D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Street.hacker\My Documents\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://http://www.ya...ilc=8.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.ya...ilc=8.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fpdownload.ad...h_player_ax.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - D:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - D:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - D:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast5] D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] D:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [dellsupportcenter] "D:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [ClearTemp] del D:\DOCUME~1\STREET~1.HAC\LOCALS~1\Temp\yupdate.exe-{C4B58948-C6AB-4AA8-A9D2-37DE7DD4EDBF}
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - D:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - D:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Avast Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - D:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Game Mouse Communication And Update Service V1 (KmGameMouseServiceV1) - UASSOFT.COM - D:\Program Files\Trust\GXT14 Mouse\GameMouseServiceApp.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - D:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - D:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - D:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9715 bytes

Edited by Could_Fire, 12 March 2013 - 15:32.


#26
eiffel

eiffel

    BusyWorm

  • Grup: Moderators
  • Posts: 68,356
  • Înscris: 15.06.2004
Pai.. domnu' Hackeru strazii ce-mi esti, ai si gauri de securitate serioase si inviti si hackerii la tine ?
Internet Explorer 6, Avast 5... Sa inteleg ca nu ai auzit de IE 8 sau Avast 8...
Gandeste-te ca IE 6 nu a mai fost actualizat de peste 2 ani si se cunosc toate gaurile de securitate din el. Iar fara update e vulnerabil si sistemul, intrucat e dependent de IE.

In rest in afara de ceva spyware - gen Ask nu se vede nimic ciudat.

#27
Dragos-020578

Dragos-020578

    Member

  • Grup: Validating
  • Posts: 245
  • Înscris: 11.03.2013
Zici ca Avast nu a detectat nici un keylogger.
Instaleaza si ruleaza HitmanPro...momentan este cea mai buna solutie de pe piata in detectia de keylogger.
http://www.surfright.nl/en/home/

#28
Could_Fire

Could_Fire

    Junior Member

  • Grup: Members
  • Posts: 171
  • Înscris: 03.10.2010
Pai "hakeru strazii " sunt ... Dar credeam ca sistemul nu are treaba cu IE , deoarece folosesc doar gogle chrome si mozila firefox  , chiar nu aveam habar ca Internet Explorer 8 are vreo treaba cu chrome , de acea nici nu iam facut update , credeam ca daca nu il folosesc nu am treaba cu el ... Da  cred ca keyloageru sa "stricat" din cauza acelei dezactivari din msconfig , si acum cred ca e inactiv, insa sper sa il gasesc cu acel program ..  Se poate gasi keylogger-ul inactiv ? Se poate pastra ,pentru a vedea adresa la care trimite ?
Multumesc de ajutorul dat pana acum Posted Image  .... Iar cu emailul se poate face ceva ?  tinand cont si de faptul ca sar putea sa imi stie intrebarile secrete  si sa le fi schimbat ... Sa imi fac sperante ca o sa pot recupera emailul prin telefon ?

#29
f300

f300

    30k si ma duc

  • Grup: Senior Members
  • Posts: 30,000
  • Înscris: 27.09.2008

View Posteiffel, on 12 martie 2013 - 13:03, said:

Pai daca zici ca nu poate fi detectat, reinstaleaza sistemul si gata, ai scapat de keylogger. ( da, stiu, e ultima solutie pe care o accept, dar e caz "special" ).

Reinstalarea (evident de pe un mediu curat) este prima, de fapt singura solutie prin care obtii siguranta dupa o problema de genul asta. Singura solutie alternativa ar fi daca ai avea vreun sistem care sa-ti garanteze integritatea, gen tripwire, dar este o chestie imposibila la windows cu registry-ul care se schimba constant. Da, in mod normal lumea prefera sa lanseze un arsenal de anti-virus/spyware/rootkit/etc si sa stearga tot ce intilneste in cale dar nu mai poti avea incredere in sistemul ala nici din punct de vedere al securitatii (cine stie ce altceva a fost instalat si NU a fost descoperit) cit si din punct de vedere al stabilitatii (sint programe "de firma" care dupa instalare si dezinstalare lasa "bube", darmite dupa instalarea vreunui spyware care nu respecta nici o regula si stergerea lui cu un "anti-").

#30
Could_Fire

Could_Fire

    Junior Member

  • Grup: Members
  • Posts: 171
  • Înscris: 03.10.2010
Multumesc de sfat .. asa  am sa fac ... acest keylogger vreau sa il gasesc doar pentru a afla unde trimite mesajele ... dupa acea voi face o curatenie totala in sistem.
Insa marea mea problema este mailul... se poate face ceva ?  tinand cont si de faptul ca sar putea sa imi stie intrebarile secrete  si sa le fi schimbat ... Sa imi fac sperante ca o sa pot recupera emailul prin telefon ?
Nu apare keyloggeru ! Se poate sa dispara asa fara urma ?

Uitati ce mi-a gasit Hitman-Pro :
HitmanPro 3.7.2.190
www.hitmanpro.com
   Computer name . . . . : booot
   Windows . . . . . . . : 5.1.3.2600.X86/2
   User name . . . . . . : bot\Street.hacker
   License . . . . . . . : XXXXXXXXXXXXXXXXXXXXXXXXXX
   Scan date . . . . . . : 2013-03-12 17:23:31
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 29m 11s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 2
   Traces  . . . . . . . : 104
   Objects scanned . . . : 569.685
   Files scanned . . . . : 21.740
   Remnants scanned  . . : 125.517 files / 422.428 keys

Potential Unwanted Programs _________________________________________________
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\AskToolbar\ (AskBar)
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\AskToolbar\APNU\ (AskBar)
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\AskToolbar\APNU\config.xml (AskBar)
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\AskToolbar\APNU\extensions.sqlite (AskBar)
   D:\Documents and Settings\Street.hacker\Local Settings\Temp\AskSearch\ (AskBar)
   D:\Program Files\Ask.com\ (AskBar)
   D:\Program Files\Ask.com\assets\oobe\ (AskBar)
   D:\Program Files\Ask.com\assets\oobe\b.png (AskBar)
   D:\Program Files\Ask.com\assets\oobe\bl.png (AskBar)
   D:\Program Files\Ask.com\assets\oobe\br.png (AskBar)
   D:\Program Files\Ask.com\assets\oobe\l.png (AskBar)
   D:\Program Files\Ask.com\assets\oobe\pointer.png (AskBar)
   D:\Program Files\Ask.com\assets\oobe\r.png (AskBar)
   D:\Program Files\Ask.com\assets\oobe\t.png (AskBar)
   D:\Program Files\Ask.com\assets\oobe\tl.png (AskBar)
   D:\Program Files\Ask.com\assets\oobe\tr.png (AskBar)
   D:\Program Files\Ask.com\cobrand.ico (AskBar)
   D:\Program Files\Ask.com\config.xml (AskBar)
   D:\Program Files\Ask.com\favicon.ico (AskBar)
   D:\Program Files\Ask.com\fv_77f.ico (AskBar)
   D:\Program Files\Ask.com\GenericAskToolbar.dll (AskBar)
	  Size . . . . . . . : 1.519.304 bytes
	  Age  . . . . . . . : 223.8 days (2012-07-31 23:17:44)
	  Entropy  . . . . . : 6.8
	  SHA-256  . . . . . : 6D027164C6FEBDA59662DA1C6D494A69A7477BD3AECE8E066E6FBC28DEF830EF
	  Product  . . . . . : Toolbar
	  Publisher  . . . . : Ask
	  Description  . . . : Ask Toolbar
	  Version  . . . . . : 5.15.4.23821
	  Copyright  . . . . : (c) Ask.  All rights reserved.
	  RSA Key Size . . . : 2048
	  Authenticode . . . : Valid
	  Fuzzy  . . . . . . : -15.0
	  Startup
		 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}
		 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\
		 HKU\S-1-5-21-1202660629-1958367476-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
	  References
		 HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
		 HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\
		 HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\
		 HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\
		 HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\
   D:\Program Files\Ask.com\mupcfg.xml (AskBar)
   D:\Program Files\Ask.com\precache.exe (AskBar)
	  Size . . . . . . . : 70.856 bytes
	  Age  . . . . . . . : 223.8 days (2012-07-31 23:17:45)
	  Entropy  . . . . . : 6.4
	  SHA-256  . . . . . : 69A6378F25A2B289771C454178890C53662F89B8D4C91972623D19C1502F15D9
	  RSA Key Size . . . : 2048
	  Authenticode . . . : Valid
	  Fuzzy  . . . . . . : -9.0
   D:\Program Files\Ask.com\SaUpdate.exe (AskBar)
	  Size . . . . . . . : 196.808 bytes
	  Age  . . . . . . . : 223.8 days (2012-07-31 23:17:46)
	  Entropy  . . . . . : 6.6
	  SHA-256  . . . . . : 3633F7015DE1A099A1E59884F6503EE3E4A243BA0DC74906B8EE334FB9DCE1F7
	  RSA Key Size . . . : 2048
	  Authenticode . . . : Valid
	  Fuzzy  . . . . . . : -9.0
   D:\Program Files\Ask.com\Updater\ (AskBar)
   D:\Program Files\Ask.com\Updater\config.xml (AskBar)
   D:\Program Files\Ask.com\Updater\Updater.exe (AskBar)
	  Size . . . . . . . : 1.564.872 bytes
	  Age  . . . . . . . : 223.8 days (2012-07-31 23:17:44)
	  Entropy  . . . . . : 6.1
	  SHA-256  . . . . . : 8D76E5AB31B4F3E12054F7EF1DF9FC553E708F1126AF5E6A5CA6433393CD40D3
	  Product  . . . . . : Updater
	  Publisher  . . . . : Ask
	  Description  . . . : Ask Updater
	  Version  . . . . . : 5.15.4.23821
	  Copyright  . . . . : (c) Ask.  All rights reserved.
	  RSA Key Size . . . : 2048
	  Authenticode . . . : Valid
	  Fuzzy  . . . . . . : -19.0
	  References
		 HKU\S-1-5-21-1202660629-1958367476-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\D:\Program Files\Ask.com\Updater\Updater.exe
   D:\Program Files\Ask.com\UpdateTask.exe (AskBar)
	  Size . . . . . . . : 135.368 bytes
	  Age  . . . . . . . : 223.8 days (2012-07-31 23:17:46)
	  Entropy  . . . . . : 6.5
	  SHA-256  . . . . . : CE7BB9DB8CAAC6B0EF032E0861466B4613FA85C7884E2D9008308FC34F9890FB
	  RSA Key Size . . . : 2048
	  Authenticode . . . : Valid
	  Fuzzy  . . . . . . : -11.0
	  Startup
		 D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
   D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1033.MST (AskBar)
   D:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe (AskBar)
	  Size . . . . . . . : 102.400 bytes
	  Age  . . . . . . . : 223.8 days (2012-07-31 23:17:51)
	  Entropy  . . . . . : 6.1
	  SHA-256  . . . . . : 092D64E5DB4FA21D6719B3A6A30AD06A2CB0E1F897357CD4935BECA52E921274
	  Product  . . . . . : InstallShield
	  Publisher  . . . . : Acresso Software Inc.
	  Description  . . . : InstallShield
	  Version  . . . . . : 16.0.328
	  Copyright  . . . . : Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
	  Fuzzy  . . . . . . : 0.0
   D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   HKU\S-1-5-21-1202660629-1958367476-1801674531-1003\Software\Ask.com\ (AskBar)
   HKU\S-1-5-21-1202660629-1958367476-1801674531-1003\Software\AskToolbar\ (AskBar)
   HKU\S-1-5-21-1202660629-1958367476-1801674531-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
Cookies _____________________________________________________________________
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:ad.360yield.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:ad.yieldmanager.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:adbrite.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:adinterax.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:ads.crakmedia.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:ads.creative-serving.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:ads.p161.net
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:ads.pointroll.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:ads.tradeads.eu
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:advertising.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:apmebf.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:atdmt.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:casalemedia.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:doubleclick.net
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:engine.phn.doublepimp.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:exoclick.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:invitemedia.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:media6degrees.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:pointroll.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:ru4.com
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:track.adform.net
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:yadro.ru
   D:\Documents and Settings\Street.hacker\Application Data\Mozilla\Firefox\Profiles\nahd6ha2.default\cookies.sqlite:yieldmanager.net
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ads.tradeads.eu
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:adtech.de
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:advertising.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:atdmt.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:ru4.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:track.adform.net
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:xiti.com
   D:\Documents and Settings\Street.hacker\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies:yadro.ru



Edited by Could_Fire, 12 March 2013 - 18:09.


#31
JayBird

JayBird

    IT Professional

  • Grup: Senior Members
  • Posts: 2,511
  • Înscris: 15.09.2009
De unde stii ca ai avut keylogger? Poate ala ti-a facut reset la parole si asa ti-a luat conturile fara sa-ti stie parola ta...

#32
Could_Fire

Could_Fire

    Junior Member

  • Grup: Members
  • Posts: 171
  • Înscris: 03.10.2010
Cum sa imi faca reset ? daca el nu ma cunostea de nici un fel ... mia si zis ca el cu keylogger mia furat parola data trecuta .. atunci am recuperato cu intrebarile secrete ... si a doua oara a zis ca keylogeru e inca activ .. mia stiut toate parolele ..din prima ... mia schibat parola la emailul principal .. am apucat so resetez eu dupa cu emailu alternativ apoi mia resetat el la ambele emailuri parola ..  Si cand am incarcat din nou intrebarile secrete .. nu a mai mers .. nu cred ca le tin minte ... insa am apucat sa trec numarul meu de telefon la a doua resetare si sper sa pot sa resetez din nou parola cand mi so debloca emailul..

#33
dan_slack

dan_slack

    Senior Member

  • Grup: Senior Members
  • Posts: 2,790
  • Înscris: 22.07.2006
Doamne, e o aiureala in capul tau... aaaa, pardon, in sistemul tau, ca nu reusesc sa inteleg nimic din treaba cu resetatul parolelor si intrebarilor din yahoo mail, cu keyloger-ul care este, cu hacker-u' lu' peste prajit, cu nu stiu ce concursuri de penetrare faci cu vecinul procuror care-i aresteaza pe alti vecini... Posted Image

Calmeaza-te, omule!

Asta e primul pas!!!
Daca esti deja hack-uit, nu mai are rost sa te ambalezi acum!

2. Deconecteaza computerul de la net.
3. Pana una, alta, foloseste un alt computer, care nu e compromis.
4. Asa cum spuneau mai sus colegii de forum, salveaza documentele importante si faci apoi un clean install pe sistemul compromis. Instalezi un sistem original, cu licenta, instalezi un antivirus bun (recomand Bitdefender - cu plata, sau AVG 2013 free), faci apoi toate update-urile la zi.
5. Copiezi la loc documentele, nu inainte de a le scana de virusi.

Succes!

PS. In locul tau n-as merge pe presupunerea ca mi-a fost spart mailul la yahoo. Dupa ce te calmezi, iei frumos la citit help-ul de pe Yahoo cu privire la recuperarea de parole pierdute, si urmezi instructiunile pas cu pas. Parerea mea!

Edited by dan_slack, 12 March 2013 - 21:45.


#34
ryco0984

ryco0984

    Member

  • Grup: Members
  • Posts: 560
  • Înscris: 16.08.2009
Titlul este varza.
Am fost spart: in vene, in c#r, in M#|3, de gabori cu bastoane etc.

#35
Could_Fire

Could_Fire

    Junior Member

  • Grup: Members
  • Posts: 171
  • Înscris: 03.10.2010
Emailul stiu ca mi-a intrat in el , deoarece mi-a schimbat adresa de email si parola la Steam , care nu se pot schimba decat cu emailul .  As mai avea o nedumerire : Keyloageri pot inregistra ce se scrie pe tastatura virtuala ,din windows(on screen keyboard)  ?
Imi cer scuze pentru titlu ... nu gandeam deloc din cauza nervilor .... laptopul a suferit si el ..are display-ul spart ...

Iar keyloageru lu peste , e inca activ ... Mia furat parola si la a 3-ia adresa de email ... E clar ce bune sunt asa zisele scanere de spyware ...

Edited by Could_Fire, 12 March 2013 - 22:03.


#36
dan_slack

dan_slack

    Senior Member

  • Grup: Senior Members
  • Posts: 2,790
  • Înscris: 22.07.2006
Poate ar trebui sa te scuzam si ptr. alte exprimari nefericite... cum e cazul mai sus.
Dar n-o (mai) putem face, ca vad ca recidivezi in draci!

Off topic,
Mai exista si solutia finala:
Arunca laptopul pe geam.
Dar ai grija sa-l arunci in sus...

Scuze, nu m-am putut abtine sa fiu rautacios!

Edited by dan_slack, 12 March 2013 - 22:11.


Anunturi

Bun venit pe Forumul Softpedia!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate