Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Open WRT nu sincronizeaza ceasul ...

salariu plafonat

sistem actionare electrica pentru...

Sfaturi achizitie auto ~10k€
 ICC/ICM soft monitorizare si cont...

Recomandare ipad

Ce fel de disc pentru acest circu...

Windows 11 24H2 pe release?
 Intrebare motor auto

Opel Astra K

Romania - tara formelor fara fond?

Probleme sistem audio mașina
 Radio care se incinge

problema -amplificator cu tranzis...

Retragere bani din cont inainte d...

Plata cu cardul si bacsisul
 

Problema cu internetul

- - - - -
Last Updated: Mar 13 2008 19:53, Started by bogdan2z , Mar 02 2008 09:15  
  ·  
  • Please log in to reply
6 replies to this topic

#1
bogdan2z
Posted 02 March 2008 - 09:15

bogdan2z

    Junior Member

  • Grup: Members
  • Posts: 64
  • Înscris: 20.12.2007
Intr`un interval de 1 luna am fost deconectat de 2 ori de la net (crearea pe calculator personal a unui server PPPOE, si de aceea sv lor m`a deconectat automat).Acuma imi pun problema ca ceva nu e ok si chiar nu vreau sa mai fiu deconectat.
Am scanat cu SUPERAntiSpyware - clean, Avira antivirus - clean.Am scanat si cu HiJackThis si pun logul aici, este o chestie cu
"Broken internet acces" care habar nu am ce reprezinta.De asemenea am scanat cu un soft AntiRootkit si a gasit niste chestii, dar nu stiu ce semnifica(pun si logul de la ele).Va multumesc daca vreti sa va uitati peste ele. :)

Logfile of HijackThis v1.99.1
Scan saved at 6:07:50 PM, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2008\Integrator.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\Program Files\WinAce\WinAce.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FuSsY
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [VistaDriveIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - Startup: RDS.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202117174078
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.super****...ivex/sabspx.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - AppInit_DLLs: sockspy.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Filezilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: GUB - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GUB.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe




+----------------------------------------------------
| Trend Micro RootkitBuster 1.6 Beta.
| Module version: 1.6.0.1049
+----------------------------------------------------


--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API     : ZwClose
Image Path      : d347bus.sys
OriginalHandler : 0x80566d49
CurrentHandler  : 0xf85fb818
ServiceNumber   : 0x19
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwCreateFile
Image Path      : C:\WINDOWS\system32\windrvNT.sys
OriginalHandler : 0x8056fbf8
CurrentHandler  : 0xf896936a
ServiceNumber   : 0x25
ModuleName      : windrvNT.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwCreateKey
Image Path      : d347bus.sys
OriginalHandler : 0x8056e7a9
CurrentHandler  : 0xf85fb7d0
ServiceNumber   : 0x29
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwCreatePagingFile
Image Path      : d347bus.sys
OriginalHandler : 0x805baf48
CurrentHandler  : 0xf85efa20
ServiceNumber   : 0x2d
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwCreateThread
Image Path      :
OriginalHandler : 0x8057c4a1
CurrentHandler  : 0xf8d641b4
ServiceNumber   : 0x35
ModuleName      :
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwEnumerateKey
Image Path      : d347bus.sys
OriginalHandler : 0x8056eeb0
CurrentHandler  : 0xf85f02a8
ServiceNumber   : 0x47
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwEnumerateValueKey
Image Path      : d347bus.sys
OriginalHandler : 0x8057fb78
CurrentHandler  : 0xf85fb910
ServiceNumber   : 0x49
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwOpenFile
Image Path      : C:\WINDOWS\system32\windrvNT.sys
OriginalHandler : 0x8056fb93
CurrentHandler  : 0xf8969cd8
ServiceNumber   : 0x74
ModuleName      : windrvNT.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwOpenKey
Image Path      : d347bus.sys
OriginalHandler : 0x80567cfb
CurrentHandler  : 0xf85fb794
ServiceNumber   : 0x77
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwOpenProcess
Image Path      :
OriginalHandler : 0x80572d06
CurrentHandler  : 0xf8d641a0
ServiceNumber   : 0x7a
ModuleName      :
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwOpenThread
Image Path      :
OriginalHandler : 0x8058c806
CurrentHandler  : 0xf8d641a5
ServiceNumber   : 0x80
ModuleName      :
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwQueryDirectoryFile
Image Path      : C:\WINDOWS\system32\windrvNT.sys
OriginalHandler : 0x80573515
CurrentHandler  : 0xf8969842
ServiceNumber   : 0x91
ModuleName      : windrvNT.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwQueryInformationProcess
Image Path      : C:\WINDOWS\system32\windrvNT.sys
OriginalHandler : 0x8056bc7c
CurrentHandler  : 0xf89661e0
ServiceNumber   : 0x9a
ModuleName      : windrvNT.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwQueryKey
Image Path      : d347bus.sys
OriginalHandler : 0x8056ebb9
CurrentHandler  : 0xf85f02c8
ServiceNumber   : 0xa0
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwQueryValueKey
Image Path      : d347bus.sys
OriginalHandler : 0x8056b103
CurrentHandler  : 0xf85fb866
ServiceNumber   : 0xb1
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwSetInformationFile
Image Path      : C:\WINDOWS\system32\windrvNT.sys
OriginalHandler : 0x80576e9c
CurrentHandler  : 0xf896a142
ServiceNumber   : 0xe0
ModuleName      : windrvNT.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwSetSystemPowerState
Image Path      : d347bus.sys
OriginalHandler : 0x80665827
CurrentHandler  : 0xf85fb0b0
ServiceNumber   : 0xf1
ModuleName      : d347bus.sys
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwTerminateProcess
Image Path      :
OriginalHandler : 0x80584740
CurrentHandler  : 0xf8d641af
ServiceNumber   : 0x101
ModuleName      :
SDTType         : 0x0
[HOOKED_SERVICE_API]:
Service API     : ZwWriteVirtualMemory
Image Path      :
OriginalHandler : 0x8057a697
CurrentHandler  : 0xf8d641aa
ServiceNumber   : 0x115
ModuleName      :
SDTType         : 0x0




+----------------------------------------------------
| Trend Micro RootkitBuster 1.6 Beta.
| Module version: 1.6.0.1049
+----------------------------------------------------


--== Dump Hidden File on C:\ ==--
[HIDDEN_FILE]:
FullPath      : C:\sccfg.sys
FullPathLength: 12
DesiredAccess : 0x0
Options       : 0x0
Attributes    : 0x20
ShareAccess   : 0x0
Type          : 0x0
1 hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath   : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Root      : 0
SubKey    : 0Jf40
ValueName : khjeh
Data      : 20 02 00 00 9C 6F 3C D6 ...
ValueType : 3
AccessType: 0
FullLength: 0x46
DataSize  : 0x220
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath   : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Root      : 0
SubKey    : 0Jf41
ValueName : khjeh
Data      : 20 02 00 00 F6 23 CE D8 ...
ValueType : 3
AccessType: 0
FullLength: 0x46
DataSize  : 0x220
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath   : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Root      : 0
SubKey    : 0Jf41
ValueName : hj34z0
Data      : DA 25 B5 1F 4D 38 79 47 ...
ValueType : 3
AccessType: 0
FullLength: 0x46
DataSize  : 0x19c
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath   : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
Root      : 0
SubKey    : 0Jf42
ValueName : khjeh
Data      : 20 02 00 00 53 1A 5C 36 ...
ValueType : 3
AccessType: 0
FullLength: 0x46
DataSize  : 0x220
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath   : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
Root      : 0
SubKey    : 0Jf42
ValueName : hj34z0
Data      : AF 53 85 69 5A 33 FD C6 ...
ValueType : 3
AccessType: 0
FullLength: 0x46
DataSize  : 0x19c
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath   : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43
Root      : 0
SubKey    : 0Jf43
ValueName : khjeh
Data      : 20 02 00 00 88 19 5C 36 ...
ValueType : 3
AccessType: 0
FullLength: 0x46
DataSize  : 0x220
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath   : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43
Root      : 0
SubKey    : 0Jf43
ValueName : hj34z0
Data      : D7 EA 25 C4 02 58 A4 A6 ...
ValueType : 3
AccessType: 0
FullLength: 0x46
DataSize  : 0x19c
7 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

#2
pykko
Posted 02 March 2008 - 15:26

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,229
  • Înscris: 10.02.2006
bogdan, pentru a putea sa-ti dau un raspuns corect te rog foloseste ultima versiune de HiJackThis. Vezi in semnatura mea de unde sa-l obtii.

#3
bogdan2z
Posted 02 March 2008 - 18:23

bogdan2z

    Junior Member

  • Grup: Members
  • Posts: 64
  • Înscris: 20.12.2007
k, last version

Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 6:21:24 PM, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FuSsY
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [VistaDriveIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RDS.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202117174078
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.super****...ivex/sabspx.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B059AD39-BEC5-48E3-A240-998375F78EB4}: NameServer = 86.124.48.82 86.124.48.66
O20 - AppInit_DLLs: sockspy.dll  C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Filezilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: GUB - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GUB.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 7017 bytes

#4
pykko
Posted 03 March 2008 - 17:30

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,229
  • Înscris: 10.02.2006
bogdan, du-te la Start-> Run si scrie asa: regsvr32 /u c:\program files\bonjour\mdnsnsp.dll, apoi da-i Enter.
Apoi descarca LspFix de aici: http://cexx.org/lspfix.zip , ruleaza-l bifeaza 'I know what I'm doing' si selecteaza in stanga mdnsnsp.dll. Apasa apoi pe sageata care indica dreapta si apasa Finished.
Apoi bifeaza urmatoarea intrare in log:

O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
Cauta apoi folderul C:\program files\bonjour si daca exista sterge-l.


Intrarea aceasta este suspecta:
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
Stii ce reprezinta acea poza de la sfarsit ? Ai adaugat-o tu ca element pe Desktop? Daca nu bifeaza si fixeaza intrarea de mai sus.

apoi bifeaza si fixeaza si urmatoarea intrare:
O23 - Service: GUB - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GUB.exe (file missing)

Edited by pykko, 03 March 2008 - 17:33.

#5
bogdan2z
Posted 03 March 2008 - 18:22

bogdan2z

    Junior Member

  • Grup: Members
  • Posts: 64
  • Înscris: 20.12.2007
Am facut chestia cu lspfix si a disparut mdnsnsp`ul(oricum stersesem folderul de mult).Pe de alta parte a disparut aia cu gub service din logul hijack.Daca ma uit in services.msc vad GUB, care habar nu am ce e si de asemenea DBWVC, care iar nu stiu de la ce este.Le`am pus pe disabled deocamdata.Poza e pusa de energize, deci e ok.

Edited by bogdan2z, 03 March 2008 - 18:23.

#6
rootkit
Posted 04 March 2008 - 16:30

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
si lasa alea dezactivate...pana vedem despre ce e vorba...

#7
bogdan2z
Posted 13 March 2008 - 19:53

bogdan2z

    Junior Member

  • Grup: Members
  • Posts: 64
  • Înscris: 20.12.2007
Nu mai are nimeni idei ?

Anunturi

Bun venit pe Forumul Softpedia!
Back to Dezbateri despre securitatea IT

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Forumul Softpedia
  2. Soft Related / OS
  3. Antivirus & Security
  4. Dezbateri despre securitatea IT
Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate