zna4i pro4etox kak da si maxna turkish bota ... oba4e sled vsi4kite tezi neshta koito .. vidqx otidox do taka zare4enata direktoriq v Runedita.. i nqma takova neshto kato ... Там ще откриете ред с име "Tamer" и стойност "C:\\WINDOWS\\system32\\mirc.exe". Изтрийте само този ред (десен клик - delete) и затворете прозореца.
I nemoga da vlqza v Surverite na MIrc .... kato mi izpisva syobshtenieto 4e imam ban i syotvetno turkish spambot ... q help plz kak da go maxna tva neshto..
Пълна версия: Turkish spam bot !!??
Свали това: http://216.180.233.162/~merijn/files/HijackThis.exe
и paste output loga.
и paste output loga.
mai za tova stava duma 
Logfile of HijackThis v1.99.1
Scan saved at 17:04:38, on 12.5.2006 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2936A015-0F5D-42B3-9678-BE10109CC75D}: NameServer = 212.116.136.2,212.116.128.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2936A015-0F5D-42B3-9678-BE10109CC75D}: NameServer = 212.116.136.2,212.116.128.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2936A015-0F5D-42B3-9678-BE10109CC75D}: NameServer = 212.116.136.2,212.116.128.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Logfile of HijackThis v1.99.1
Scan saved at 17:04:38, on 12.5.2006 г.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2936A015-0F5D-42B3-9678-BE10109CC75D}: NameServer = 212.116.136.2,212.116.128.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{2936A015-0F5D-42B3-9678-BE10109CC75D}: NameServer = 212.116.136.2,212.116.128.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{2936A015-0F5D-42B3-9678-BE10109CC75D}: NameServer = 212.116.136.2,212.116.128.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
pokazvam kakvo stava ve4e ot ... 4 dena ...
* Connecting to irc.omega.bg (6667)
-
-irc.omega.bg- *** Processing connection to irc.omega.bg
-
-irc.omega.bg- *** Looking up your hostname...
-
-irc.omega.bg- *** Checking Ident
-
-irc.omega.bg- *** Found your hostname
-
-irc.omega.bg- *** No Ident response
-
-irc.omega.bg- *** Banned turkish spam-bot
-
Closing Link: 127.0.0.1 (*** Banned )
-
* Connecting to irc.omega.bg (6667)
-
-irc.omega.bg- *** Processing connection to irc.omega.bg
-
-irc.omega.bg- *** Looking up your hostname...
-
-irc.omega.bg- *** Checking Ident
-
-irc.omega.bg- *** Found your hostname
-
-irc.omega.bg- *** No Ident response
-
-irc.omega.bg- *** Banned turkish spam-bot
-
Closing Link: 127.0.0.1 (*** Banned )
-
Това какво е: O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE ?
QUOTE(DeStRuCti0N @ May 12 2006, 05:32 PM)
Това какво е: O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\S4TSR.EXE ?
Nqmam predstava?!? Da go delna li?
Не, влез в #vh , за да не флудим форума :>
А, вярно, че си с глайн, забравих :>
А, вярно, че си с глайн, забравих :>
Прати ми тоя файл (S4TSR.EXE )
virushelp@abv.bg
virushelp@abv.bg
done 
Файла е "чист".
Той беше единствения "странен" от лога.
Проблема явно не е при теб.
10x nqkoi drug ako znae kak da go opravq da pishe
Кажи си ип-то.
Ще видим какво можем да направим по въпроса.
p.s.
Като се базирам на ника ти: YoZone ( ако си със същия и в IRC)
от твоя хост има разни clones.
hberkanT^^z (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:32:19 ago
SBaaD__-Boys__t (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:32:42 ago
^^_ALmira-2R (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:34:45 ago
ZcmTy (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:35:44 ago
izmirli_m_xv (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:37:22 ago
Да имаш някаква идея ?
Ще видим какво можем да направим по въпроса.
p.s.
Като се базирам на ника ти: YoZone ( ако си със същия и в IRC)
от твоя хост има разни clones.
hberkanT^^z (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:32:19 ago
SBaaD__-Boys__t (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:32:42 ago
^^_ALmira-2R (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:34:45 ago
ZcmTy (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:35:44 ago
izmirli_m_xv (~ist27_mwx@lms.thenetbg.com) was last on IRC 2d 09:37:22 ago
Да имаш някаква идея ?
Mda nika mi e YoZone reg.. sym ot 5g i neshto .. ne znam kvi sa tiq clones.
nqmam si nikakwa predstava .. IP: vij si lichnite saobshtenia
nqmam si nikakwa predstava .. IP: vij si lichnite saobshtenia
Това е семпла версия на форума. За да видиш пълната версия, която има повече информация, по-добра подредба и снимки, натисни тук.