Login
где проверить?
94 просмотров
Перейти к просмотру всей ветки
привет,,вчера началось сегодня продолжаетца...проситца один процес в сеть и все..лезит и лезит уже сил нет,,,,я его блокирую фаэрволам,,но он лезит опять в нет,,проганял антивир ни че не нашел,,Ад.аваром тоже вс тихо,,, 
в процессах стоит <tftp.exe> че ета за беда?
даже вот прошол етим <Hijack>
<
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AlienGUIse\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\DU Meter\DUMeter.exe
C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Lexmark 3100 Series\lxbrbmon.exe
C:\Programme\Download Master\dmaster.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Windows NT\Zubehor\wordpad.exe
C:\DOKUME~1\sascha\LOKALE~1\Temp\Rar$EX03.828\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.50.166.11 www.google.com
O1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.11 www.google.co.uk
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 www.google.ca
O1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 www.google.de
O1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.11 www.google.fr
O1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11 www.google.com.au
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 www.yahoo.com
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.msn.com
O1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - C:\WINDOWS\system32\iasad.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\azesearch2.ocx
O3 - Toolbar: DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Programme\Download Master\dmbar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programme\ReGetDx\iebar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Блокировать все картинки с этого сервера - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Добавить в список блокируемой рекламы - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Открыть все ссылки с этой страницы... - C:\Programme\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Подсветка - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Поиск - C:\Programme\Avant Browser\Search.htm
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112205842134
O17 - HKLM\System\CCS\Services\Tcpip\..\{327CD2BF-665C-4A1A-94FE-5B25642F5AB1}: NameServer = 194.97.173.124 194.97.173.125
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B0C4FEC-81B4-4077-9DDB-C2AAD8A244D4}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{327CD2BF-665C-4A1A-94FE-5B25642F5AB1}: NameServer = 194.97.173.124 194.97.173.125
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Outpost Firewall Service - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
>што не по теме скажите?
в процессах стоит <tftp.exe> че ета за беда?даже вот прошол етим <Hijack>
<
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AlienGUIse\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Programme\FRITZ!DSL\Awatch.exe
C:\Programme\DU Meter\DUMeter.exe
C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Lexmark 3100 Series\lxbrbmon.exe
C:\Programme\Download Master\dmaster.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Windows NT\Zubehor\wordpad.exe
C:\DOKUME~1\sascha\LOKALE~1\Temp\Rar$EX03.828\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azesearch.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 69.50.166.11 www.google.com
O1 - Hosts: 69.50.166.11 google.com
O1 - Hosts: 69.50.166.11 www.google.co.uk
O1 - Hosts: 69.50.166.11 google.co.uk
O1 - Hosts: 69.50.166.11 www.google.ca
O1 - Hosts: 69.50.166.11 google.ca
O1 - Hosts: 69.50.166.11 www.google.es
O1 - Hosts: 69.50.166.11 google.es
O1 - Hosts: 69.50.166.11 www.google.de
O1 - Hosts: 69.50.166.11 google.de
O1 - Hosts: 69.50.166.11 www.google.fr
O1 - Hosts: 69.50.166.11 google.fr
O1 - Hosts: 69.50.166.11 www.google.com.au
O1 - Hosts: 69.50.166.11 google.com.au
O1 - Hosts: 69.50.166.14 www.yahoo.com
O1 - Hosts: 69.50.166.14 yahoo.com
O1 - Hosts: 66.218.75.184 mail.yahoo.com
O1 - Hosts: 69.50.166.12 www.msn.com
O1 - Hosts: 69.50.166.12 msn.com
O1 - Hosts: 69.50.166.12 search.msn.com
O1 - Hosts: 69.50.166.12 www.go.com
O1 - Hosts: 69.50.166.13 astalavista.com
O1 - Hosts: 69.50.166.13 www.astalavista.com
O1 - Hosts: 69.50.166.13 astalavista.box.sk
O1 - Hosts: 69.50.166.13 cracks.am
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AddressBar Class - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - C:\WINDOWS\system32\iasad.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Programme\Gemeinsame Dateien\ReGet Shared\Catcher.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\azesearch2.ocx
O3 - Toolbar: DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Programme\Download Master\dmbar.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Programme\ReGetDx\iebar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AWatch] C:\Programme\FRITZ!DSL\Awatch.exe
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Programme\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O8 - Extra context menu item: A&lles mit ReGet Deluxe herunterladen - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Herunterladen mit Re&Get Deluxe - C:\Programme\Gemeinsame Dateien\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Блокировать все картинки с этого сервера - C:\Programme\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Добавить в список блокируемой рекламы - C:\Programme\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Открыть все ссылки с этой страницы... - C:\Programme\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Подсветка - C:\Programme\Avant Browser\Highlight.htm
O8 - Extra context menu item: Поиск - C:\Programme\Avant Browser\Search.htm
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Programme\Download Master\dmaster.exe
O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\PROGRA~1\Agnitum\OUTPOS~1\TRASH.EXE (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1112205842134
O17 - HKLM\System\CCS\Services\Tcpip\..\{327CD2BF-665C-4A1A-94FE-5B25642F5AB1}: NameServer = 194.97.173.124 194.97.173.125
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B0C4FEC-81B4-4077-9DDB-C2AAD8A244D4}: NameServer = 192.168.122.252,192.168.122.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{327CD2BF-665C-4A1A-94FE-5B25642F5AB1}: NameServer = 194.97.173.124 194.97.173.125
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Outpost Firewall Service - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1\outpost.exe
>што не по теме скажите?