Легенда:
 новое сообщение
 закрытая нитка
 новое сообщение
 в закрытой нитке
 старое сообщение
|
- Напоминаю, что масса вопросов по функционированию форума снимается после прочтения его описания.
- Новичкам также крайне полезно ознакомиться с данным документом.
стер. выкладываю лог 25.11.04 19:42 Число просмотров: 4712
Автор: hex.sex <Computer-Hitler> Статус: Elderman
|
Logfile of HijackThis v1.97.7
Scan saved at 18:39:44, on 25.11.2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\kav\sygate\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files2k\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\Program Files2k\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\Ati2evxx.exe
D:\PROGRA~2\A-TOOLS\ATOOLS.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files2k\Logitech\MouseWare\system\em_exec.exe
D:\PROGRA~2\SYMANT~1\VPTray.exe
D:\Program Files2k\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe
C:\Program Files\Total Commander\Totalcmd.exe
D:\ff12\ff12.exe
D:\Program Files2k\AnVir Task Manager\AnVir.exe
D:\Program Files2k\ScanSpyware v3.6\Scanner.exe
D:\Program Files2k\UserGate\UserGate.exe
D:\Program Files2k\Advanced System Agent\Advanced System Agent.exe
C:\acolytes\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.naupoint.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.naupoint.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find.naupoint.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://find.naupoint.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://find.naupoint.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://find.naupoint.com
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,D:\PROGRA~2\A-TOOLS\ATOOLS.EXE,
O3 - Toolbar: DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - d:\Program Files2k\Download Master\dmbar.dll
O3 - Toolbar: DebugBar - {3E1201F4-1707-409F-BB45-A5F192381DA0} - D:\Program Files2k\Core Services\DebugBar\DebugToolBar.dll
O3 - Toolbar: &Радио - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SmcService] C:\kav\sygate\smc.exe -startgui
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~2\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files2k\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Type Pilot] "C:\Program Files\Invention Pilot\Type Pilot\TypePlt.exe"
O4 - HKCU\..\Run: [FF12] D:\ff12\ff12.exe
O4 - HKCU\..\Run: [AnVir Task Manager] "D:\Program Files2k\AnVir Task Manager\AnVir.exe" Minimized
O4 - HKCU\..\Run: [Scan Spyware] "D:\Program Files2k\ScanSpyware v3.6\Scanner.exe"
O4 - Global Startup: usergate.lnk = D:\Program Files2k\UserGate\UserGate.exe
O4 - Global Startup: ASA.lnk = D:\Program Files2k\Advanced System Agent\Advanced System Agent.exe
O8 - Extra context menu item: IE Booster Copy Meister - res://D:\Program Files2k\IE Booster 2\ieb.dll/copy-wiz.ieb
O8 - Extra context menu item: IE Booster Interactive HTML Detective - res://D:\Program Files2k\IE Booster 2\ieb.dll/contextmenu.ieb
O8 - Extra context menu item: IE Booster Open Frame In New Window - res://D:\Program Files2k\IE Booster 2\ieb.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: IE Booster Open Frame In This Window - res://D:\Program Files2k\IE Booster 2\ieb.dll/open-frame-in-new-window.ieb
O8 - Extra context menu item: IE Booster Web Page Analyzer - res://D:\Program Files2k\IE Booster 2\ieb.dll/element.ieb
O8 - Extra context menu item: Sothink SWF Decompiler - D:\Program Files2k\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - d:\Program Files2k\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - d:\Program Files2k\Download Master\dmie.htm
O8 - Extra context menu item: Режим редактирования - c:\Мои документы\edit.js
O9 - Extra button: SMS Express. Отправка SMS (HKLM)
O9 - Extra 'Tools' menuitem: SMS Express. Отправка SMS (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Download Master (HKLM)
O9 - Extra 'Tools' menuitem: &Download Master (HKLM)
O9 - Extra button: show/hide IEB Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: IE Booster Toolbar (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: SWFDecompiler (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler (HKLM)
O9 - Extra button: Page Analysis (HKCU)
O9 - Extra 'Tools' menuitem: IE Booster Web Page Analyzer (HKCU)
O9 - Extra button: HTML Detective (HKCU)
O9 - Extra 'Tools' menuitem: IE Booster Interactive HTML Detective (HKCU)
O12 - Plugin for .exe: D:\Program Files2k\Opera75\PLUGINS\npdm.dll
O12 - Plugin for .rar: D:\Program Files2k\Opera75\PLUGINS\npdm.dll
O12 - Plugin for .zip: D:\Program Files2k\Opera75\PLUGINS\npdm.dll
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
|
|
|
подробно о проекте
Анализ криптографических сетевых...
