Премини към съдържанието

bebsito

Потребител
  • Публикации

    38
  • Регистрация

  • Последно онлайн

Всичко публикувано от bebsito

  1. Благодаря на всички които се отзоваха.Ще послушам krassleto.
  2. Malwarebytes Anti-Malware (Пробна версия) 1.61.0.1400 www.malwarebytes.org Версия на базата от данни: v2012.05.09.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 dita :: DITA-52F573A113 [администратор] Защита: изключена 09.5.2012 г. 18:28:24 mbam-log-2012-05-09 (18-28-24).txt Тип сканиране: Бързо сканиране Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 199872 Изминало време: 8 минута(и), 56 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 1 HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Поставен под карантина и изтрит успешно. Открити стойности в системния регистър: 0 (Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0 (Не бяха открити зловредни обекти) Открити папки: 0 (Не бяха открити зловредни обекти) Открити файлове: 0 (Не бяха открити зловредни обекти) (край) Натиснах премахни избраните,но пак е същото положението.
  3. С поверително сърфиране резултата е същия.Оказа се ,че не само facebook не се отваря,същото е и за you tube,което ме навежда на мисълта ,че няма да са само те. не Gmail е
  4. Ами просто не зарежда страницата.Например в Мозила пише: "Връзката беше прекъсната Връзката със сървъра беше прекъсната по време на зареждане на страницата. Сайтът може да е временно недостъпен или твърде зает. Опитайте пак след малко. Ако не можете да заредите коя да е страница, проверете хардуера на компютъра. Ако компютърът или мрежата са зад защитна стена или прокси, проверете дали на Firefox е разрешен достъпът до Интернет. А този host файл къде да го търся?
  5. Здравейте! Имам проблем с влизането във facebook.com,Опитах през Mozilla,Google Chrome и Internet Explorer и навсякъде същото.Никъде не ми зарежда. Моля за помощ!
  6. Да,като преди това спрях интернета,антивирусната и защитната стена.
  7. Здравейте!Изпълних препоръките.Компютъра се рестартира.Обаче като стигнах до задачата " Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK",отговора беше следния: --------------------------- Combofix --------------------------- Windows не може да намери "Combofix". Уверете се, че сте въвели името правилно, и след това опитайте отново. За да потърсите някой файл, щракнете върху бутона "Старт" и след това изберете "Търси". --------------------------- OK --------------------------- След това изтеглих OTCleanIt и го стартирах,но иконите са си тук. Може би грешката е в мен.
  8. Здравейте отново.Исках да попитам дали приключихме с поправката на проблема или има още какво да се прави.Компютъра се държи нормално,имам си вече и антивирусна,но ми е необходимо потвърждение от специалист.Единственото което мисля че не е както трябва е това,че имам пет икони за DVD устройство в "Моят компютър" и не мога да ги махна.
  9. Здравейте! изпълних указанията надявам се правилно.Ето и резултата: Encode.exe Submission date: 2010-10-18 06:23:35 (UTC) Current status: finished Result: 0 /42 (0.0%) По отношение на ComboFix,не го открих. След рестарта на компютъра мисля,че всичко е наред. Благодаря ви от сърце !!! Благодаря,че има хора като вас!!!
  10. Всъщност успях да се справя с проблема с Internet Explorer и направих необходимото,програмата не я направих на руски. virusinfo_syscure.zip virusinfo_syscheck.zip
  11. Здравейте!Този път мисля,че направих каквото трябва по въпроса с Malwarebytes' Anti-Malware Free След това изтеглих AVZ 4.35,но се получи един проблем.Настройките на браузърите,незнам как се бяха променили и нямах никаква връзка с Интернет.Мозилата я въстанових,но Internet Explorer не мога какви ли не варианти пробвах и не знам как да оправя връзката.Поради тая причина не иска може би и да се обнови базата данни на тази програма и с една дума не мога да продължа. По въпроса с Avast5 мисля,че всичко е наред изтри всичко което не искаше да се премахне,ще мога вече да си сваля нова нали? mbam-log-2010-10-15 (18-30-59).txt
  12. "Уверете се, че на всички редове има отметки, и кликнете на Remove Selected."-Това май го пропуснах,но после от бутона карантина го изтрих,дано да не е грешка.Изпращам ви един лог файл дано да е правилният. И другите два файла изпращам. mbam-log-2010-10-15 (16-17-39).txt DDS.txt Attach.txt
  13. Здравейте! За пореден път се обръщам към вас за помощ,защото от тук получавам най-компетентната. Като го включа получавам съобщение от някакъв Smart Security,който явно децата са инсталирали,че има доста троянски коне които 80% от тях са критична заплаха.Антивирусната ми беше Аваст и явно е изтекъл лиценза,но сега по никакъв начин не мога да я премахна от компютъра,а като инсталирам нова такава въобще не иска да тръгне.И ми изписва това: C:\Program Files\Alwil Software\Avast5\AvastUI.exe --------------------------- C:\Program Files\Alwil Software\Avast5\AvastUI.exe This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem. Ако е възможна да ми помогнете добре,ако не ще се наложи май да го преинсталираме
  14. Здравейте пак. Не знам как да ви благодаря,защото сега антивирусната наистина нищо не намери.Макар че докато я пусна малко се озорих/нямала някаква риза,която така и не можа да се изтегли-свалих няколко но не изкаха да действат/Но аз стартирах програмата с обикновен потребителски интерфейс и след като приключи нямаше заразени файлове. Може ли все пак да попитам какъв беше точно проблема и коя е била причината да се появи/е сигурно аз съм причината ,но ако може ми кажете/? Още веднъж ви благодаря от сърце! Желая ви много лични и професионални успехи!
  15. http://rapidshare.de/files/48573225/__1053___1086___1074__WinRAR_archive.rar.html това е копие от GMER: GMER 1.0.15.15163 - http://www.gmer.net Rootkit quick scan 2009-10-24 16:13:24 Windows 5.1.2600 Service Pack 2 Running: gmer.exe; Driver: C:\DOCUME~1\dita\LOCALS~1\Temp\uxncraob.sys ---- System - GMER 1.0.15 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74912A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF749C910] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84583548 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Modules - GMER 1.0.15 ---- Module _________ F73F3000-F740B000 (98304 bytes) ---- EOF - GMER 1.0.15 ---- Сега ще сканирам с антивирусната и после ще ви кажа
  16. Ето: ComboFix 09-10-23.01 - dita 10.2009 г. 15:36.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.185 [GMT 3:00] Running from: c:\documents and settings\dita\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\dita\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\documents and settings\dita\Start Menu\Programs\Startup\zavupd32.exe" "c:\windows\ifetudebor.dat" "c:\windows\nisiv.com" "c:\windows\ufyso.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\McAfee Security Scan c:\documents and settings\All Users\Application Data\McAfee Security Scan\ftstate.ini c:\documents and settings\All Users\Application Data\McAfee c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\Common\McUICnt\McUICnt000.log c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log c:\documents and settings\dita\Application Data\ArcaMicroScan c:\documents and settings\dita\Application Data\ArcaMicroScan\as_20091023_161409.as c:\documents and settings\dita\Application Data\ArcaVirMicroScan c:\documents and settings\dita\Application Data\ArcaVirMicroScan\ArcaVirMicroScan.cfg c:\documents and settings\dita\Start Menu\Programs\Startup\zavupd32.exe c:\program files\ESET c:\program files\ESET\ESET Online Scanner\esets_apiA.dll c:\program files\ESET\ESET Online Scanner\esets_apiW.dll c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe c:\program files\ESET\ESET Online Scanner\log.txt c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod27EA.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2DE8.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3030.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod323A.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod33B7.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod355E.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod457A.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod472D.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4792.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5690.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod581E.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5ADF.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod67FE.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6B0C.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6F00.nup c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat c:\program files\ESET\ESET Online Scanner\Modules\mod_comp.dat c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe c:\program files\ESET\ESET Online Scanner\OnlineScanner.cab c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe c:\program files\ESET\ESET Online Scanner\unicows.dll c:\program files\Panda Security c:\windows\ifetudebor.dat c:\windows\nisiv.com c:\windows\ufyso.dat . ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 ))))))))))))))))))))))))))))))) . 2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\dita\Application Data\Malwarebytes 2009-10-24 08:07 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-24 08:07 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-21 08:39 . 2009-10-21 08:39 -------- d-----w- c:\program files\CCleaner 2009-10-07 09:34 . 2009-10-07 09:34 -------- d-----w- c:\program files\SkyCode 2009-09-28 10:19 . 2009-09-28 10:27 -------- d-----w- c:\documents and settings\dita\Local Settings\Application Data\Temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-24 12:10 . 2009-05-12 09:26 -------- d-----w- c:\documents and settings\dita\Application Data\Skype 2009-10-24 09:23 . 2009-05-12 09:13 -------- d-----w- c:\documents and settings\dita\Application Data\skypePM 2009-10-23 07:46 . 2009-06-03 06:40 -------- d-----w- c:\program files\Easy Cash Manager 2009-10-15 09:37 . 2009-05-12 12:00 -------- d-----w- c:\documents and settings\dita\Application Data\uTorrent 2009-09-07 15:43 . 2009-09-07 13:16 -------- d-----w- c:\program files\Yahoo! 2009-09-07 13:38 . 2009-09-07 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-09-07 13:17 . 2009-09-07 13:17 -------- d-----w- c:\documents and settings\dita\Application Data\Yahoo! 2009-08-28 12:13 . 2009-08-28 10:43 -------- d-----w- c:\program files\Belltech Business Card Designer Pro 2009-08-28 06:32 . 2009-05-11 13:26 42168 -c--a-w- c:\documents and settings\dita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 16:10 . 2009-05-11 13:45 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-05-11 13:45 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-05-11 13:45 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-05-11 13:45 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-05-11 13:45 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-05-11 13:45 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-05-11 13:45 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-05-11 13:45 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-05-11 13:45 97480 ----a-w- c:\windows\system32\AvastSS.scr . ((((((((((((((((((((((((((((( SnapShot@2009-10-24_12.05.41 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-24 12:39 . 2009-10-24 12:39 16384 c:\windows\temp\Perflib_Perfdata_60c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-09-18 503808] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\SUPDSvc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53:UDP"= 53:UDP:Promo R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.5.2009 г. 16:45 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.5.2009 г. 16:45 20560] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [11.5.2009 г. 16:57 127656] . Contents of the 'Scheduled Tasks' folder 2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34] 2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003Core.job - c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19] 2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003UA.job - c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mebelidita.dir.bg/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\dita\Application Data\Mozilla\Firefox\Profiles\iuk247jw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - qtl FF - prefs.js: browser.startup.homepage - hxxp://abv.bg FF - plugin: c:\documents and settings\dita\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\dita\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-24 15:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2932) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\combofix\CF14086.exe c:\windows\system32\wdfmgr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-24 15:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-24 12:42 ComboFix2.txt 2009-10-24 12:06 Pre-Run: 12 620 529 664 bytes free Post-Run: 12 574 777 344 bytes free - - End Of File - - 25A6E2D39BEADECABDA988E454B5B611
  17. Ето това се получи сега: ComboFix 09-10-23.01 - dita 10.2009 г. 15:03.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.195 [GMT 3:00] Running from: c:\documents and settings\dita\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\xybaqebak.bat c:\documents and settings\All Users\Documents\adoxim.vbs c:\documents and settings\All Users\Documents\epar.scr c:\documents and settings\All Users\Documents\japen.pif c:\documents and settings\All Users\Documents\kyxapehi.com c:\documents and settings\dita\Application Data\ewicewutu.dll c:\documents and settings\dita\Application Data\ifisikijyc.bat c:\documents and settings\dita\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\dita\Application Data\seres.exe c:\documents and settings\dita\Application Data\svcst.exe c:\documents and settings\dita\Application Data\usegagisax.bin c:\documents and settings\dita\Application Data\wiaserva.log c:\documents and settings\dita\Application Data\ypeze.com c:\documents and settings\dita\Cookies\kysyfobut.inf c:\documents and settings\dita\Cookies\qebolexe.dat c:\documents and settings\dita\Local Settings\Application Data\emusiqeqy._dl c:\documents and settings\dita\Local Settings\Application Data\ukegele.reg c:\documents and settings\dita\Local Settings\Application Data\wezotepi.bat c:\documents and settings\dita\Local Settings\Temporary Internet Files\upaqyba.com c:\documents and settings\dita\Local Settings\Temporary Internet Files\ynyzumy.scr c:\documents and settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\dita\restorer64_a.exe c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010 c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg c:\program files\AntivirusPro_2010\AVEngn.dll c:\program files\AntivirusPro_2010\data\daily.cvd c:\program files\AntivirusPro_2010\htmlayout.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\AntivirusPro_2010\pthreadVC2.dll c:\program files\AntivirusPro_2010\Uninstall.exe c:\program files\AntivirusPro_2010\wscui.cpl c:\program files\Common Files\zabyb._dl c:\windows\aneras.dl c:\windows\mugibypab.bat c:\windows\nodum._dl c:\windows\system32\_scui.cpl c:\windows\system32\acogut.bat c:\windows\system32\restorer64_a.exe c:\windows\system32\zyci.sys c:\windows\xoqohem.inf . ---- Previous Run ------- . c:\documents and settings\dita\Application Data\wiaserva.log c:\documents and settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\dita\restorer64_a.exe c:\program files\AskSearch\bin\DefaultSearch.dll c:\program files\WinPCap\rpcapd.exe c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\restorer64_a.exe c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 ))))))))))))))))))))))))))))))) . 2009-10-24 11:20 . 2009-10-24 11:20 15327 ----a-w- c:\windows\nisiv.com 2009-10-24 11:20 . 2009-10-24 11:20 13772 ----a-w- c:\windows\ufyso.dat 2009-10-24 11:20 . 2009-10-24 11:20 11994 ----a-w- c:\windows\ifetudebor.dat 2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\dita\Application Data\Malwarebytes 2009-10-24 08:07 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-24 08:07 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-23 13:14 . 2009-10-23 13:14 -------- d-----w- c:\documents and settings\dita\Application Data\ArcaMicroScan 2009-10-23 13:11 . 2009-10-23 13:11 -------- d-----w- c:\documents and settings\dita\Application Data\ArcaVirMicroScan 2009-10-23 12:47 . 2009-10-23 13:10 -------- d-----w- c:\program files\Panda Security 2009-10-23 10:48 . 2009-10-23 10:48 -------- d-----w- c:\program files\ESET 2009-10-21 08:39 . 2009-10-21 08:39 -------- d-----w- c:\program files\CCleaner 2009-10-07 09:34 . 2009-10-07 09:34 -------- d-----w- c:\program files\SkyCode 2009-09-28 10:19 . 2009-09-28 10:27 -------- d-----w- c:\documents and settings\dita\Local Settings\Application Data\Temp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-24 12:05 . 2009-05-12 09:26 -------- d-----w- c:\documents and settings\dita\Application Data\Skype 2009-10-24 09:23 . 2009-05-12 09:13 -------- d-----w- c:\documents and settings\dita\Application Data\skypePM 2009-10-23 07:46 . 2009-06-03 06:40 -------- d-----w- c:\program files\Easy Cash Manager 2009-10-15 09:37 . 2009-05-12 12:00 -------- d-----w- c:\documents and settings\dita\Application Data\uTorrent 2009-09-10 11:05 . 2009-09-10 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-10 11:04 . 2009-09-10 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2009-09-07 15:43 . 2009-09-07 13:16 -------- d-----w- c:\program files\Yahoo! 2009-09-07 13:38 . 2009-09-07 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-09-07 13:17 . 2009-09-07 13:17 -------- d-----w- c:\documents and settings\dita\Application Data\Yahoo! 2009-08-28 12:13 . 2009-08-28 10:43 -------- d-----w- c:\program files\Belltech Business Card Designer Pro 2009-08-28 06:32 . 2009-05-11 13:26 42168 -c--a-w- c:\documents and settings\dita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 16:10 . 2009-05-11 13:45 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2009-05-11 13:45 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2009-05-11 13:45 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2009-05-11 13:45 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2009-05-11 13:45 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2009-05-11 13:45 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2009-05-11 13:45 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2009-05-11 13:45 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2009-05-11 13:45 97480 ----a-w- c:\windows\system32\AvastSS.scr . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584] "Google Update"="c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-28 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-09-18 503808] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\dita\Start Menu\Programs\Startup\ zavupd32.exe [2004-8-4 26112] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\SUPDSvc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53:UDP"= 53:UDP:Promo R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.5.2009 г. 16:45 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.5.2009 г. 16:45 20560] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [11.5.2009 г. 16:57 127656] . Contents of the 'Scheduled Tasks' folder 2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34] 2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003Core.job - c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19] 2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003UA.job - c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mebelidita.dir.bg/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\dita\Application Data\Mozilla\Firefox\Profiles\iuk247jw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - qtl FF - prefs.js: browser.startup.homepage - hxxp://abv.bg FF - plugin: c:\documents and settings\dita\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\dita\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-restorer64_a - c:\windows\system32\restorer64_a.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-24 15:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-10-24 15:06 ComboFix-quarantined-files.txt 2009-10-24 12:06 Pre-Run: 12 648 841 216 bytes free Post-Run: 12 624 756 736 bytes free - - End Of File - - 4EE718F05C4685D5F9A7F3EFBCA65211 Забравих да кажа,че пак не ми се даде възможност да подам никаква команда защата като отворих файла веднага се отвори син прозорец който започна да сканира.И този път системата не поиска сканиране. Много се извинавам,ако съм досадна.
  18. Докато ви пишех последния път пак се задейства антивирусната и започнаха да искачат вируси Опитах се да я спра и тогава автоматично ми излезе Antivirus Pro 2010 и започна да сканира. Това е нейното сканиране: File name Malware name HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}\InProcServer32, Apartment Registry item HKEY_LOCAL_MACHINE\Software\Classes\Interface\{7F7E1C5D-4D91-48C9-B09E-3E45D502FFA0}, IASUTaskScheduler Registry item HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\4.0\ISAM Formats\HTML Export, HTML Registry item C:\WINDOWS\system32\zyci.sys BackWebLite C:\WINDOWS\mugibypab.bat BackWebLite C:\Documents and Settings\All Users\Documents\adoxim.vbs BackWebLite C:\WINDOWS\ifetudebor.dat A-Trojan 2.0 C:\WINDOWS\epemuli.lib AceBot C:\WINDOWS\nisiv.com MPower C:\WINDOWS\nodum._dl BackWebLite C:\WINDOWS\system32\acogut.bat Msiebho C:\Documents and Settings\dita\Cookies\qebolexe.dat AceBot C:\Documents and Settings\dita\Application Data\ifisikijyc.bat A-Trojan 2.0 C:\Documents and Settings\dita\Application Data\ypeze.com BackWebLite C:\Documents and Settings\dita\Local Settings\Application Data\jomugozi.db Adware.IpWins C:\WINDOWS\cakidobuqe.lib Adware.IpWins C:\Documents and Settings\All Users\Documents\kyxapehi.com BackWebLite C:\Documents and Settings\All Users\Application Data\xybaqebak.bat AceBot C:\Documents and Settings\dita\Local Settings\Application Data\ukegele.reg Adware.IpWins C:\Program Files\Common Files\zabyb._dl A-Trojan 2.0 C:\Documents and Settings\dita\Application Data\ewicewutu.dll AceBot C:\Documents and Settings\dita\Cookies\kysyfobut.inf A-Trojan 2.0 C:\Documents and Settings\dita\Local Settings\Temporary Internet Files\upaqyba.com Adware.IpWins C:\Documents and Settings\dita\Local Settings\Application Data\wezotepi.bat Msiebho C:\Documents and Settings\All Users\Documents\japen.pif Adlogix C:\WINDOWS\aneras.dl MPower C:\Documents and Settings\dita\Local Settings\Application Data\emusiqeqy._dl Advware.Adstart.b C:\Documents and Settings\All Users\Documents\epar.scr Advware.Adstart.b C:\Documents and Settings\dita\Application Data\usegagisax.bin Adlogix C:\Documents and Settings\dita\Local Settings\Temporary Internet Files\ynyzumy.scr NavExcel C:\WINDOWS\xoqohem.inf NavExcel C:\WINDOWS\ufyso.dat Backdoor.IRCBot Точно така наименуван текстови докемент няма Има ComboFix-той е ComboFix 09-10-23.01 - dita 10.2009 г. 13:27:08.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00] Running from: C:\Documents and Settings\dita\My Documents\Изтегляния\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\dita\Application Data\wiaserva.log C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd C:\Documents and Settings\dita\restorer64_a.exe C:\Program Files\AskSearch\bin\DefaultSearch.dll C:\Program Files\WinPCap C:\Program Files\WinPCap\rpcapd.exe C:\WINDOWS\Downloaded Program Files\popcaploader.inf C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\restorer64_a.exe C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 ))))))))))))))))))))))))))))))) . другото име е-ConEnv s/^%ActiveX%/C:\\WINDOWS\\Downloaded Program Files/I; s/^%ALLUSERSPROFILE%/C:\\Documents and Settings\\All Users/I; s/^%APPDATA%/C:\\Documents and Settings\\dita\\Application Data/I; s/^%Cache%/C:\\Documents and Settings\\dita\\Local Settings\\Temporary Internet Files/I; s/^%CDBurning%/C:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Microsoft\\CD Burning/I; s/^%CommonAdministrativeTools%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Administrative Tools/I; s/^%CommonAppData%/C:\\Documents and Settings\\All Users\\Application Data/I; s/^%CommonDesktop%/C:\\Documents and Settings\\All Users\\Desktop/I; s/^%CommonDocuments%/C:\\Documents and Settings\\All Users\\Documents/I; s/^%CommonFavorites%/C:\\Documents and Settings\\All Users\\Favorites/I; s/^%CommonProgramFiles%/C:\\Program Files\\Common Files/I; s/^%CommonPrograms%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs/I; s/^%CommonStartMenu%/C:\\Documents and Settings\\All Users\\Start Menu/I; s/^%CommonStartup%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup/I; s/^%CommonTemplates%/C:\\Documents and Settings\\All Users\\Templates/I; s/^%Cookies%/C:\\Documents and Settings\\dita\\Cookies/I; s/^%DefaultAppData%/C:\\Documents and Settings\\NetworkService\\Application Data/I; s/^%DefaultCache%/C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files/I; s/^%DefaultCookies%/C:\\Documents and Settings\\LocalService\\Cookies/I; s/^%DefaultFonts%/C:\\WINDOWS\\Fonts/I; s/^%DefaultHistory%/C:\\Documents and Settings\\LocalService\\Local Settings\\History/I; s/^%DefaultLocalAppData%/C:\\Documents and Settings\\NetworkService\\Local Settings\\Application Data/I; s/^%DefaultLocalSettings%/C:\\WINDOWS\\system32\\config\\systemprofile\\Local Settings/I; s/^%DefaultPrintHood%/C:\\WINDOWS\\system32\\config\\systemprofile\\PrintHood/I; s/^%DefaultRecent%/C:\\WINDOWS\\system32\\config\\systemprofile\\Recent/I; s/^%DefaultSendTo%/C:\\WINDOWS\\system32\\config\\systemprofile\\SendTo/I; s/^%DefaultStartup%/C:\\WINDOWS\\system32\\config\\systemprofile\\Start Menu\\Programs\\Startup/I; s/^%Desktop%/C:\\Documents and Settings\\dita\\Desktop/I; s/^%Fonts%/C:\\WINDOWS\\Fonts/I; s/^%History%/C:\\Documents and Settings\\dita\\Local Settings\\History/I; s/^%HOMEPATH%/\\Documents and Settings\\dita/I; s/^%LocalAppData%/C:\\Documents and Settings\\dita\\Local Settings\\Application Data/I; s/^%LocalSettings%/C:\\Documents and Settings\\dita\\Local Settings/I; s/^%Personal%/C:\\Documents and Settings\\dita\\My Documents/I; s/^%PrintHood%/C:\\Documents and Settings\\dita\\PrintHood/I; s/^%ProfilesDirectory%/C:\\Documents and Settings/I; s/^%ProgramFiles%/C:\\Program Files/I; s/^%Programs%/C:\\Documents and Settings\\dita\\Start Menu\\Programs/I; s/^%Recent%/C:\\Documents and Settings\\dita\\Recent/I; s/^%SendTo%/C:\\Documents and Settings\\dita\\SendTo/I; s/^%StartMenu%/C:\\Documents and Settings\\dita\\Start Menu/I; s/^%Startup%/C:\\Documents and Settings\\dita\\Start Menu\\Programs\\Startup/I; s/^%SYSTEM%/C:\\WINDOWS\\system32/I; s/^%SysTemp%/C:\\WINDOWS\\TEMP/I; s/^%SystemRoot%/C:\\WINDOWS/I; s/^%Tasks%/C:\\WINDOWS\\Tasks/I; s/^%TEMP%/C:\\DOCUME~1\\dita\\LOCALS~1\\Temp/I; s/^%Templates%/C:\\Documents and Settings\\dita\\Templates/I; s/^%Temp_LFN%/C:\\Documents and Settings\\dita\\Local Settings\\Temp/I; s/^%TMP%/C:\\DOCUME~1\\dita\\LOCALS~1\\Temp/I; s/^%USERPROFILE%/C:\\Documents and Settings\\dita/I; s/^%windir%/C:\\WINDOWS/I; s/^%systemdrive%/C:/I; Ако искате да повторя действието. Трябва ли да изтрия обаче и после да го сваля отново?
  19. Направих,каквото ми казахте.Но Combofix се стартира веднага и не ми позволи да му задам командата-"%userprofile%\desktop\ComboFix.exe" /KillAll И после след рестарта ми отне доста време,за да мога да контролирам компютъра.Ще ви покажа файловете които са се появили,дано да са те. ComboFix 09-10-23.01 - dita 10.2009 г. 13:27:08.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00] Running from: C:\Documents and Settings\dita\My Documents\Изтегляния\ComboFix.exe AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\dita\Application Data\wiaserva.log C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd C:\Documents and Settings\dita\restorer64_a.exe C:\Program Files\AskSearch\bin\DefaultSearch.dll C:\Program Files\WinPCap C:\Program Files\WinPCap\rpcapd.exe C:\WINDOWS\Downloaded Program Files\popcaploader.inf C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\restorer64_a.exe C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 ))))))))))))))))))))))))))))))) . Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00] .:\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\\(\\\|0!\|0\\0\) C:\\WINDOWS\\system32\\config\\\(\\\|0!\|0\\0\) C:\\WINDOWS\\system32\\csrss.exe\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\Drivers\\\(\\\|0!\|0\\0\) C:\\WINDOWS\\system32\\hal.dll\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\lsass.exe\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\ntdll.dll\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\services.exe\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\smss.exe\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\svchost.exe\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\userinit.exe\\\(0!\|0\\0\) C:\\WINDOWS\\system32\\wbem\\\(\\\|0!\|0\\0\) C:\\WINDOWS\\system32\\winlogon.exe\\\(0!\|0\\0\) C:\\boot.ini\\\(0!\|0\\0\) C:\\ntdetect.com\\\(0!\|0\\0\) C:\\ntldr\\\(0!\|0\\0\) C:\\WINDOWS\\\(\\\|0!\|0\\0\) C:\\WINDOWS\\explorer.exe\\\(0!\|0\\0\) Ако е необходимо да повторя действието ще го направя
  20. Здравейте! Имам голям проблем с компютъра.От вчера антивирусната ми Аваст постоянно пищи и съобщава за вируси.Как ли не се опитвах да ги премахна,но нищо не става.Нито мога да ги изтрия,нито да ги затворя под карантина.Сканирах компютъра с Malwarebytes' Anti-Malware,намери 30 заплахи,рестартирах компютъра/по съвет на Malwarebytes' Anti-Malware/ и като се включи съвсем блокира.Нито едно действие неможех да извърша.Няколко пъти рестартирах/ако е рестартиране това,че го изключвах от мрежата-по друг начин не ставаше/ и най-накрая мога да го исползвам за момента,но не знам до кога.Но последния път като го включих пак се задейства антивирусната със съобщения за вируси.Знам,че е най-добре да го преинсталирам при това положение,но моля ви да погледнете и ми кажете,могат ли да се поправят нещата или е задължителна преинсталация?Приятен ден! Надявам се на отговор. Malwarebytes' Anti-Malware 1.41 Версия на базата от данни: 3023 Windows 5.1.2600 Service Pack 2 24.10.2009 г. 11:30:38 mbam-log-2009-10-24 (11-30-38).txt Тип сканиране: Пълно сканиране (C:\|D:\|F:\|) Сканирани обекти: 126547 Изминало време: 17 minute(s), 18 second(s) Заразени процеси в паметта: 2 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 10 Заразени стойности в регистратурата: 7 Заразени информационни обекти в регистратурата: 1 Заразени папки: 0 Заразени файлове: 10 Заразени процеси в паметта: C:\Documents and Settings\dita\restorer64_a.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\WINDOWS\system32\restorer64_a.exe (Trojan.FakeAlert) -> Unloaded process successfully. Заразени модули в паметта: (Не бяха открити заплахи) Заразени ключове в регистратурата: HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. Заразени стойности в регистратурата: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer64_a (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer64_a (Trojan.FakeAlert) -> Quarantined and deleted successfully. Заразени информационни обекти в регистратурата: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe cpcp.cpo bef0regiiav) Good: (Explorer.exe) -> Quarantined and deleted successfully. Заразени папки: (Не бяха открити заплахи) Заразени файлове: C:\Documents and Settings\dita\Local Settings\Temp\TMP2F1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AE194283-DA9F-4FF1-BD20-231F3F66D29A}\RP150\A0027662.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{AE194283-DA9F-4FF1-BD20-231F3F66D29A}\RP150\A0027668.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\Documents and Settings\dita\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv561255562528.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv571256085323.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\dita\restorer64_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\restorer64_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:34:28, on 24.10.2009 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Temp\_ex-08.exe C:\WINDOWS\system32\restorer64_a.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\dita\My Documents\Изтегляния\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mebelidita.dir.bg/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\dita\restorer64_a.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: zavupd32.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.dskdirect.bg/capicom.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe -- End of file - 6091 bytes
  21. Не става и не става.И с "CCleaner" не я изтрива.Какво е това чудо???
  22. Благодаря на всички които се отзоваха на въпроса ми.Опитах всичко,нищо не става.И затова реших да я истрия,за да кача друга.Оказа се,че не мога да я махна.Казва ми,че файла е повреден или изчезнал и това е.Дайте съвет как да махна тоя NOD32!!!!
  23. Здравейте!Имам проблем с NOD32. Trial version Days left: 16715402 NOD32 antivirus system information Virus signature database version: 2519 (20070910) Dated: Monday, September 10, 2007 Virus signature database build: 10758 Information on other scanner support parts Advanced heuristics module version: 1.065 (20070802) Advanced heuristics module build: 1164 Internet filter version: 1.002 (20040708) Internet filter build: 1013 Archive support module version: 1.058 (20070906) Archive support module build version: 1196 Information about installed components NOD32 For Windows NT/2000/XP/2003/x64 - Base Version: 2.51.8 NOD32 For Windows NT/2000/XP/2003/x64 - Internet support Version: 2.51.8 NOD32 for Windows NT/2000/XP/2003/x64 - Standard component Version: 2.51.8 Operating system information Platform: Windows XP Version: 5.1.2600 Service Pack 2 Version of common control components: 5.82.2900 RAM: 256 MB Processor: Intel® Celeron® CPU 2.40GHz (2400 MHz) Моля помогнете!!!! :sobbing:
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...