Премини към съдържанието

bebsito

Потребител
  • Публикации

    38
  • Регистрация

  • Последно онлайн

Нови отговори публикувани от bebsito


  1. Malwarebytes Anti-Malware (Пробна версия) 1.61.0.1400 www.malwarebytes.org Версия на базата от данни: v2012.05.09.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 dita :: DITA-52F573A113 [администратор] Защита: изключена 09.5.2012 г. 18:28:24 mbam-log-2012-05-09 (18-28-24).txt Тип сканиране: Бързо сканиране Включени опции за сканиране: Памет | Автоматично зареждане | Системен регистър | Файлова система | Евристики/Допълнителни | Евристики/Shuriken | PUP | PUM Изключени опции за сканиране: P2P Сканирани обекти: 199872 Изминало време: 8 минута(и), 56 секунда(и) Открити процеси в паметта: 0 (Не бяха открити зловредни обекти) Открити модули в паметта: 0 (Не бяха открити зловредни обекти) Открити ключове в системния регистър: 1 HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Поставен под карантина и изтрит успешно. Открити стойности в системния регистър: 0 (Не бяха открити зловредни обекти) Открити информационни обекти в системния регистър: 0 (Не бяха открити зловредни обекти) Открити папки: 0 (Не бяха открити зловредни обекти) Открити файлове: 0 (Не бяха открити зловредни обекти) (край) Натиснах премахни избраните,но пак е същото положението.


  2. Ами просто не зарежда страницата.Например в Мозила пише: "Връзката беше прекъсната Връзката със сървъра беше прекъсната по време на зареждане на страницата. Сайтът може да е временно недостъпен или твърде зает. Опитайте пак след малко. Ако не можете да заредите коя да е страница, проверете хардуера на компютъра. Ако компютърът или мрежата са зад защитна стена или прокси, проверете дали на Firefox е разрешен достъпът до Интернет. А този host файл къде да го търся?


    • Харесва ми 1

  3. Здравейте!Изпълних препоръките.Компютъра се рестартира.Обаче като стигнах до задачата " Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK",отговора беше следния: --------------------------- Combofix --------------------------- Windows не може да намери "Combofix". Уверете се, че сте въвели името правилно, и след това опитайте отново. За да потърсите някой файл, щракнете върху бутона "Старт" и след това изберете "Търси". --------------------------- OK --------------------------- След това изтеглих OTCleanIt и го стартирах,но иконите са си тук. Може би грешката е в мен.


  4. Здравейте отново.Исках да попитам дали приключихме с поправката на проблема или има още какво да се прави.Компютъра се държи нормално,имам си вече и антивирусна,но ми е необходимо потвърждение от специалист.Единственото което мисля че не е както трябва е това,че имам пет икони за DVD устройство в "Моят компютър" и не мога да ги махна.


  5. Здравейте! :biggrin: изпълних указанията надявам се правилно.Ето и резултата: Encode.exe Submission date: 2010-10-18 06:23:35 (UTC) Current status: finished Result: 0 /42 (0.0%) По отношение на ComboFix,не го открих. След рестарта на компютъра мисля,че всичко е наред. :whist: Благодаря ви от сърце :gift: !!! Благодаря,че има хора като вас!!!


  6. Здравейте!Този път мисля,че направих каквото трябва по въпроса с Malwarebytes' Anti-Malware Free След това изтеглих AVZ 4.35,но се получи един проблем.Настройките на браузърите,незнам как се бяха променили и нямах никаква връзка с Интернет.Мозилата я въстанових,но Internet Explorer не мога какви ли не варианти пробвах и не знам как да оправя връзката.Поради тая причина не иска може би и да се обнови базата данни на тази програма и с една дума не мога да продължа. По въпроса с Avast5 мисля,че всичко е наред изтри всичко което не искаше да се премахне,ще мога вече да си сваля нова нали?

    mbam-log-2010-10-15 (18-30-59).txt


  7. "Уверете се, че на всички редове има отметки, и кликнете на Remove Selected."-Това май го пропуснах,но после от бутона карантина го изтрих,дано да не е грешка.Изпращам ви един лог файл дано да е правилният. И другите два файла изпращам.

    mbam-log-2010-10-15 (16-17-39).txt

    DDS.txt

    Attach.txt


  8. Здравейте! За пореден път се обръщам към вас за помощ,защото от тук получавам най-компетентната. Като го включа получавам съобщение от някакъв Smart Security,който явно децата са инсталирали,че има доста троянски коне които 80% от тях са критична заплаха.Антивирусната ми беше Аваст и явно е изтекъл лиценза,но сега по никакъв начин не мога да я премахна от компютъра,а като инсталирам нова такава въобще не иска да тръгне.И ми изписва това: C:\Program Files\Alwil Software\Avast5\AvastUI.exe --------------------------- C:\Program Files\Alwil Software\Avast5\AvastUI.exe This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem. Ако е възможна да ми помогнете добре,ако не ще се наложи май да го преинсталираме :eek:


  9. Здравейте пак.

    Не знам как да ви благодаря,защото сега антивирусната наистина нищо не намери.Макар че докато я пусна малко се озорих/нямала някаква риза,която така и не можа да се изтегли-свалих няколко но не изкаха да действат/Но аз стартирах програмата с обикновен потребителски интерфейс и след като приключи нямаше заразени файлове.

    Може ли все пак да попитам какъв беше точно проблема и коя е била причината да се появи/е сигурно аз съм причината :),но ако може ми кажете/?

    Още веднъж ви благодаря от сърце!

    Желая ви много лични и професионални успехи!


  10. http://rapidshare.de/files/48573225/__1053___1086___1074__WinRAR_archive.rar.html

    това е копие от GMER:

    GMER 1.0.15.15163 - http://www.gmer.net

    Rootkit quick scan 2009-10-24 16:13:24

    Windows 5.1.2600 Service Pack 2

    Running: gmer.exe; Driver: C:\DOCUME~1\dita\LOCALS~1\Temp\uxncraob.sys

    ---- System - GMER 1.0.15 ----

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74912A8]

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF749C910]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 84583548

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    ---- Modules - GMER 1.0.15 ----

    Module _________ F73F3000-F740B000 (98304 bytes)

    ---- EOF - GMER 1.0.15 ----

    Сега ще сканирам с антивирусната и после ще ви кажа


  11. Ето:

    ComboFix 09-10-23.01 - dita 10.2009 г. 15:36.3.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.185 [GMT 3:00]

    Running from: c:\documents and settings\dita\Desktop\ComboFix.exe

    Command switches used :: c:\documents and settings\dita\Desktop\CFScript.txt

    AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::

    "c:\documents and settings\dita\Start Menu\Programs\Startup\zavupd32.exe"

    "c:\windows\ifetudebor.dat"

    "c:\windows\nisiv.com"

    "c:\windows\ufyso.dat"

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\All Users\Application Data\McAfee Security Scan

    c:\documents and settings\All Users\Application Data\McAfee Security Scan\ftstate.ini

    c:\documents and settings\All Users\Application Data\McAfee

    c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\Common\McUICnt\McUICnt000.log

    c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log

    c:\documents and settings\dita\Application Data\ArcaMicroScan

    c:\documents and settings\dita\Application Data\ArcaMicroScan\as_20091023_161409.as

    c:\documents and settings\dita\Application Data\ArcaVirMicroScan

    c:\documents and settings\dita\Application Data\ArcaVirMicroScan\ArcaVirMicroScan.cfg

    c:\documents and settings\dita\Start Menu\Programs\Startup\zavupd32.exe

    c:\program files\ESET

    c:\program files\ESET\ESET Online Scanner\esets_apiA.dll

    c:\program files\ESET\ESET Online Scanner\esets_apiW.dll

    c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll

    c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe

    c:\program files\ESET\ESET Online Scanner\log.txt

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod27EA.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2DE8.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3030.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod323A.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod33B7.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod355E.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod457A.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod472D.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4792.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5690.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod581E.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5ADF.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod67FE.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6B0C.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6F00.nup

    c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver

    c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat

    c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat

    c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat

    c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat

    c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat

    c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat

    c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat

    c:\program files\ESET\ESET Online Scanner\Modules\mod_comp.dat

    c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

    c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

    c:\program files\ESET\ESET Online Scanner\OnlineScanner.cab

    c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf

    c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx

    c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx

    c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe

    c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll

    c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

    c:\program files\ESET\ESET Online Scanner\unicows.dll

    c:\program files\Panda Security

    c:\windows\ifetudebor.dat

    c:\windows\nisiv.com

    c:\windows\ufyso.dat

    .

    ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

    .

    2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\dita\Application Data\Malwarebytes

    2009-10-24 08:07 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-10-24 08:07 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-10-21 08:39 . 2009-10-21 08:39 -------- d-----w- c:\program files\CCleaner

    2009-10-07 09:34 . 2009-10-07 09:34 -------- d-----w- c:\program files\SkyCode

    2009-09-28 10:19 . 2009-09-28 10:27 -------- d-----w- c:\documents and settings\dita\Local Settings\Application Data\Temp

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-10-24 12:10 . 2009-05-12 09:26 -------- d-----w- c:\documents and settings\dita\Application Data\Skype

    2009-10-24 09:23 . 2009-05-12 09:13 -------- d-----w- c:\documents and settings\dita\Application Data\skypePM

    2009-10-23 07:46 . 2009-06-03 06:40 -------- d-----w- c:\program files\Easy Cash Manager

    2009-10-15 09:37 . 2009-05-12 12:00 -------- d-----w- c:\documents and settings\dita\Application Data\uTorrent

    2009-09-07 15:43 . 2009-09-07 13:16 -------- d-----w- c:\program files\Yahoo!

    2009-09-07 13:38 . 2009-09-07 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

    2009-09-07 13:17 . 2009-09-07 13:17 -------- d-----w- c:\documents and settings\dita\Application Data\Yahoo!

    2009-08-28 12:13 . 2009-08-28 10:43 -------- d-----w- c:\program files\Belltech Business Card Designer Pro

    2009-08-28 06:32 . 2009-05-11 13:26 42168 -c--a-w- c:\documents and settings\dita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    2009-08-17 16:10 . 2009-05-11 13:45 1279456 ----a-w- c:\windows\system32\aswBoot.exe

    2009-08-17 16:06 . 2009-05-11 13:45 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

    2009-08-17 16:06 . 2009-05-11 13:45 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

    2009-08-17 16:05 . 2009-05-11 13:45 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2009-08-17 16:05 . 2009-05-11 13:45 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2009-08-17 16:04 . 2009-05-11 13:45 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2009-08-17 16:04 . 2009-05-11 13:45 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2009-08-17 16:03 . 2009-05-11 13:45 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

    2009-08-17 16:02 . 2009-05-11 13:45 97480 ----a-w- c:\windows\system32\AvastSS.scr

    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-24_12.05.41 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2009-10-24 12:39 . 2009-10-24 12:39 16384 c:\windows\temp\Perflib_Perfdata_60c.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-09-18 503808]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\WINDOWS\\system32\\SUPDSvc.exe"=

    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    "c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

    "c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "53:UDP"= 53:UDP:Promo

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.5.2009 г. 16:45 114768]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.5.2009 г. 16:45 20560]

    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

    S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [11.5.2009 г. 16:57 127656]

    .

    Contents of the 'Scheduled Tasks' folder

    2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

    2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003Core.job

    - c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19]

    2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003UA.job

    - c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://mebelidita.dir.bg/

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    FF - ProfilePath - c:\documents and settings\dita\Application Data\Mozilla\Firefox\Profiles\iuk247jw.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms}

    FF - prefs.js: browser.search.selectedEngine - qtl

    FF - prefs.js: browser.startup.homepage - hxxp://abv.bg

    FF - plugin: c:\documents and settings\dita\Application Data\Mozilla\plugins\npgoogletalk.dll

    FF - plugin: c:\documents and settings\dita\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    ---- FIREFOX POLICIES ----

    FF - user.js: yahoo.homepage.dontask - true.

    - - - - ORPHANS REMOVED - - - -

    AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-10-24 15:39

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(692)

    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(2932)

    c:\windows\system32\msi.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\Ati2evxx.exe

    c:\windows\system32\Ati2evxx.exe

    c:\program files\Alwil Software\Avast4\aswUpdSv.exe

    c:\program files\Alwil Software\Avast4\ashServ.exe

    c:\combofix\CF14086.exe

    c:\windows\system32\wdfmgr.exe

    c:\program files\Alwil Software\Avast4\ashMaiSv.exe

    c:\program files\Alwil Software\Avast4\ashWebSv.exe

    c:\windows\system32\wscntfy.exe

    c:\program files\Skype\Plugin Manager\skypePM.exe

    c:\combofix\PEV.cfxxe

    .

    **************************************************************************

    .

    Completion time: 2009-10-24 15:42 - machine was rebooted

    ComboFix-quarantined-files.txt 2009-10-24 12:42

    ComboFix2.txt 2009-10-24 12:06

    Pre-Run: 12 620 529 664 bytes free

    Post-Run: 12 574 777 344 bytes free

    - - End Of File - - 25A6E2D39BEADECABDA988E454B5B611


  12. Ето това се получи сега:

    ComboFix 09-10-23.01 - dita 10.2009 г. 15:03.2.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.195 [GMT 3:00]

    Running from: c:\documents and settings\dita\Desktop\ComboFix.exe

    AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\All Users\Application Data\xybaqebak.bat

    c:\documents and settings\All Users\Documents\adoxim.vbs

    c:\documents and settings\All Users\Documents\epar.scr

    c:\documents and settings\All Users\Documents\japen.pif

    c:\documents and settings\All Users\Documents\kyxapehi.com

    c:\documents and settings\dita\Application Data\ewicewutu.dll

    c:\documents and settings\dita\Application Data\ifisikijyc.bat

    c:\documents and settings\dita\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk

    c:\documents and settings\dita\Application Data\seres.exe

    c:\documents and settings\dita\Application Data\svcst.exe

    c:\documents and settings\dita\Application Data\usegagisax.bin

    c:\documents and settings\dita\Application Data\wiaserva.log

    c:\documents and settings\dita\Application Data\ypeze.com

    c:\documents and settings\dita\Cookies\kysyfobut.inf

    c:\documents and settings\dita\Cookies\qebolexe.dat

    c:\documents and settings\dita\Local Settings\Application Data\emusiqeqy._dl

    c:\documents and settings\dita\Local Settings\Application Data\ukegele.reg

    c:\documents and settings\dita\Local Settings\Application Data\wezotepi.bat

    c:\documents and settings\dita\Local Settings\Temporary Internet Files\upaqyba.com

    c:\documents and settings\dita\Local Settings\Temporary Internet Files\ynyzumy.scr

    c:\documents and settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd

    c:\documents and settings\dita\restorer64_a.exe

    c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010

    c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk

    c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk

    c:\program files\AntivirusPro_2010

    c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg

    c:\program files\AntivirusPro_2010\AVEngn.dll

    c:\program files\AntivirusPro_2010\data\daily.cvd

    c:\program files\AntivirusPro_2010\htmlayout.dll

    c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

    c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll

    c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll

    c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll

    c:\program files\AntivirusPro_2010\pthreadVC2.dll

    c:\program files\AntivirusPro_2010\Uninstall.exe

    c:\program files\AntivirusPro_2010\wscui.cpl

    c:\program files\Common Files\zabyb._dl

    c:\windows\aneras.dl

    c:\windows\mugibypab.bat

    c:\windows\nodum._dl

    c:\windows\system32\_scui.cpl

    c:\windows\system32\acogut.bat

    c:\windows\system32\restorer64_a.exe

    c:\windows\system32\zyci.sys

    c:\windows\xoqohem.inf

    .

    ---- Previous Run -------

    .

    c:\documents and settings\dita\Application Data\wiaserva.log

    c:\documents and settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd

    c:\documents and settings\dita\restorer64_a.exe

    c:\program files\AskSearch\bin\DefaultSearch.dll

    c:\program files\WinPCap\rpcapd.exe

    c:\windows\Downloaded Program Files\popcaploader.inf

    c:\windows\system32\drivers\npf.sys

    c:\windows\system32\Packet.dll

    c:\windows\system32\pthreadVC.dll

    c:\windows\system32\restorer64_a.exe

    c:\windows\system32\WanPacket.dll

    c:\windows\system32\wpcap.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_NPF

    -------\Service_npf

    ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

    .

    2009-10-24 11:20 . 2009-10-24 11:20 15327 ----a-w- c:\windows\nisiv.com

    2009-10-24 11:20 . 2009-10-24 11:20 13772 ----a-w- c:\windows\ufyso.dat

    2009-10-24 11:20 . 2009-10-24 11:20 11994 ----a-w- c:\windows\ifetudebor.dat

    2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\dita\Application Data\Malwarebytes

    2009-10-24 08:07 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-10-24 08:07 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

    2009-10-23 13:14 . 2009-10-23 13:14 -------- d-----w- c:\documents and settings\dita\Application Data\ArcaMicroScan

    2009-10-23 13:11 . 2009-10-23 13:11 -------- d-----w- c:\documents and settings\dita\Application Data\ArcaVirMicroScan

    2009-10-23 12:47 . 2009-10-23 13:10 -------- d-----w- c:\program files\Panda Security

    2009-10-23 10:48 . 2009-10-23 10:48 -------- d-----w- c:\program files\ESET

    2009-10-21 08:39 . 2009-10-21 08:39 -------- d-----w- c:\program files\CCleaner

    2009-10-07 09:34 . 2009-10-07 09:34 -------- d-----w- c:\program files\SkyCode

    2009-09-28 10:19 . 2009-09-28 10:27 -------- d-----w- c:\documents and settings\dita\Local Settings\Application Data\Temp

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-10-24 12:05 . 2009-05-12 09:26 -------- d-----w- c:\documents and settings\dita\Application Data\Skype

    2009-10-24 09:23 . 2009-05-12 09:13 -------- d-----w- c:\documents and settings\dita\Application Data\skypePM

    2009-10-23 07:46 . 2009-06-03 06:40 -------- d-----w- c:\program files\Easy Cash Manager

    2009-10-15 09:37 . 2009-05-12 12:00 -------- d-----w- c:\documents and settings\dita\Application Data\uTorrent

    2009-09-10 11:05 . 2009-09-10 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

    2009-09-10 11:04 . 2009-09-10 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

    2009-09-07 15:43 . 2009-09-07 13:16 -------- d-----w- c:\program files\Yahoo!

    2009-09-07 13:38 . 2009-09-07 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

    2009-09-07 13:17 . 2009-09-07 13:17 -------- d-----w- c:\documents and settings\dita\Application Data\Yahoo!

    2009-08-28 12:13 . 2009-08-28 10:43 -------- d-----w- c:\program files\Belltech Business Card Designer Pro

    2009-08-28 06:32 . 2009-05-11 13:26 42168 -c--a-w- c:\documents and settings\dita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

    2009-08-17 16:10 . 2009-05-11 13:45 1279456 ----a-w- c:\windows\system32\aswBoot.exe

    2009-08-17 16:06 . 2009-05-11 13:45 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

    2009-08-17 16:06 . 2009-05-11 13:45 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

    2009-08-17 16:05 . 2009-05-11 13:45 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

    2009-08-17 16:05 . 2009-05-11 13:45 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

    2009-08-17 16:04 . 2009-05-11 13:45 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

    2009-08-17 16:04 . 2009-05-11 13:45 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

    2009-08-17 16:03 . 2009-05-11 13:45 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

    2009-08-17 16:02 . 2009-05-11 13:45 97480 ----a-w- c:\windows\system32\AvastSS.scr

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 39408]

    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

    "Google Update"="c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-28 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-09-18 503808]

    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\dita\Start Menu\Programs\Startup\

    zavupd32.exe [2004-8-4 26112]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\WINDOWS\\system32\\SUPDSvc.exe"=

    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    "c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

    "c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "53:UDP"= 53:UDP:Promo

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.5.2009 г. 16:45 114768]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.5.2009 г. 16:45 20560]

    S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

    S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [11.5.2009 г. 16:57 127656]

    .

    Contents of the 'Scheduled Tasks' folder

    2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

    2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003Core.job

    - c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19]

    2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003UA.job

    - c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://mebelidita.dir.bg/

    uSearch Page = hxxp://www.google.com

    uSearch Bar = hxxp://www.google.com/ie

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    FF - ProfilePath - c:\documents and settings\dita\Application Data\Mozilla\Firefox\Profiles\iuk247jw.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms}

    FF - prefs.js: browser.search.selectedEngine - qtl

    FF - prefs.js: browser.startup.homepage - hxxp://abv.bg

    FF - plugin: c:\documents and settings\dita\Application Data\Mozilla\plugins\npgoogletalk.dll

    FF - plugin: c:\documents and settings\dita\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

    ---- FIREFOX POLICIES ----

    FF - user.js: yahoo.homepage.dontask - true.

    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    HKLM-Run-restorer64_a - c:\windows\system32\restorer64_a.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-10-24 15:05

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(692)

    c:\windows\system32\Ati2evxx.dll

    .

    Completion time: 2009-10-24 15:06

    ComboFix-quarantined-files.txt 2009-10-24 12:06

    Pre-Run: 12 648 841 216 bytes free

    Post-Run: 12 624 756 736 bytes free

    - - End Of File - - 4EE718F05C4685D5F9A7F3EFBCA65211

    Забравих да кажа,че пак не ми се даде възможност да подам никаква команда защата като отворих файла веднага се отвори син прозорец който започна да сканира.И този път системата не поиска сканиране.

    Много се извинавам,ако съм досадна.


  13. Докато ви пишех последния път пак се задейства антивирусната и започнаха да искачат вируси Опитах се да я спра и тогава автоматично ми излезе Antivirus Pro 2010 и започна да сканира.

    Това е нейното сканиране:

    File name Malware name

    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}\InProcServer32, Apartment Registry item

    HKEY_LOCAL_MACHINE\Software\Classes\Interface\{7F7E1C5D-4D91-48C9-B09E-3E45D502FFA0}, IASUTaskScheduler Registry item

    HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\4.0\ISAM Formats\HTML Export, HTML Registry item

    C:\WINDOWS\system32\zyci.sys BackWebLite

    C:\WINDOWS\mugibypab.bat BackWebLite

    C:\Documents and Settings\All Users\Documents\adoxim.vbs BackWebLite

    C:\WINDOWS\ifetudebor.dat A-Trojan 2.0

    C:\WINDOWS\epemuli.lib AceBot

    C:\WINDOWS\nisiv.com MPower

    C:\WINDOWS\nodum._dl BackWebLite

    C:\WINDOWS\system32\acogut.bat Msiebho

    C:\Documents and Settings\dita\Cookies\qebolexe.dat AceBot

    C:\Documents and Settings\dita\Application Data\ifisikijyc.bat A-Trojan 2.0

    C:\Documents and Settings\dita\Application Data\ypeze.com BackWebLite

    C:\Documents and Settings\dita\Local Settings\Application Data\jomugozi.db Adware.IpWins

    C:\WINDOWS\cakidobuqe.lib Adware.IpWins

    C:\Documents and Settings\All Users\Documents\kyxapehi.com BackWebLite

    C:\Documents and Settings\All Users\Application Data\xybaqebak.bat AceBot

    C:\Documents and Settings\dita\Local Settings\Application Data\ukegele.reg Adware.IpWins

    C:\Program Files\Common Files\zabyb._dl A-Trojan 2.0

    C:\Documents and Settings\dita\Application Data\ewicewutu.dll AceBot

    C:\Documents and Settings\dita\Cookies\kysyfobut.inf A-Trojan 2.0

    C:\Documents and Settings\dita\Local Settings\Temporary Internet Files\upaqyba.com Adware.IpWins

    C:\Documents and Settings\dita\Local Settings\Application Data\wezotepi.bat Msiebho

    C:\Documents and Settings\All Users\Documents\japen.pif Adlogix

    C:\WINDOWS\aneras.dl MPower

    C:\Documents and Settings\dita\Local Settings\Application Data\emusiqeqy._dl Advware.Adstart.b

    C:\Documents and Settings\All Users\Documents\epar.scr Advware.Adstart.b

    C:\Documents and Settings\dita\Application Data\usegagisax.bin Adlogix

    C:\Documents and Settings\dita\Local Settings\Temporary Internet Files\ynyzumy.scr NavExcel

    C:\WINDOWS\xoqohem.inf NavExcel

    C:\WINDOWS\ufyso.dat Backdoor.IRCBot

    Точно така наименуван текстови докемент няма

    Има ComboFix-той е

    ComboFix 09-10-23.01 - dita 10.2009 г. 13:27:08.1.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00]

    Running from: C:\Documents and Settings\dita\My Documents\Изтегляния\ComboFix.exe

    AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\dita\Application Data\wiaserva.log

    C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd

    C:\Documents and Settings\dita\restorer64_a.exe

    C:\Program Files\AskSearch\bin\DefaultSearch.dll

    C:\Program Files\WinPCap

    C:\Program Files\WinPCap\rpcapd.exe

    C:\WINDOWS\Downloaded Program Files\popcaploader.inf

    C:\WINDOWS\system32\drivers\npf.sys

    C:\WINDOWS\system32\Packet.dll

    C:\WINDOWS\system32\pthreadVC.dll

    C:\WINDOWS\system32\restorer64_a.exe

    C:\WINDOWS\system32\WanPacket.dll

    C:\WINDOWS\system32\wpcap.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_NPF

    -------\Service_npf

    ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

    .

    другото име е-ConEnv

    s/^%ActiveX%/C:\\WINDOWS\\Downloaded Program Files/I;

    s/^%ALLUSERSPROFILE%/C:\\Documents and Settings\\All Users/I;

    s/^%APPDATA%/C:\\Documents and Settings\\dita\\Application Data/I;

    s/^%Cache%/C:\\Documents and Settings\\dita\\Local Settings\\Temporary Internet Files/I;

    s/^%CDBurning%/C:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Microsoft\\CD Burning/I;

    s/^%CommonAdministrativeTools%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Administrative Tools/I;

    s/^%CommonAppData%/C:\\Documents and Settings\\All Users\\Application Data/I;

    s/^%CommonDesktop%/C:\\Documents and Settings\\All Users\\Desktop/I;

    s/^%CommonDocuments%/C:\\Documents and Settings\\All Users\\Documents/I;

    s/^%CommonFavorites%/C:\\Documents and Settings\\All Users\\Favorites/I;

    s/^%CommonProgramFiles%/C:\\Program Files\\Common Files/I;

    s/^%CommonPrograms%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs/I;

    s/^%CommonStartMenu%/C:\\Documents and Settings\\All Users\\Start Menu/I;

    s/^%CommonStartup%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup/I;

    s/^%CommonTemplates%/C:\\Documents and Settings\\All Users\\Templates/I;

    s/^%Cookies%/C:\\Documents and Settings\\dita\\Cookies/I;

    s/^%DefaultAppData%/C:\\Documents and Settings\\NetworkService\\Application Data/I;

    s/^%DefaultCache%/C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files/I;

    s/^%DefaultCookies%/C:\\Documents and Settings\\LocalService\\Cookies/I;

    s/^%DefaultFonts%/C:\\WINDOWS\\Fonts/I;

    s/^%DefaultHistory%/C:\\Documents and Settings\\LocalService\\Local Settings\\History/I;

    s/^%DefaultLocalAppData%/C:\\Documents and Settings\\NetworkService\\Local Settings\\Application Data/I;

    s/^%DefaultLocalSettings%/C:\\WINDOWS\\system32\\config\\systemprofile\\Local Settings/I;

    s/^%DefaultPrintHood%/C:\\WINDOWS\\system32\\config\\systemprofile\\PrintHood/I;

    s/^%DefaultRecent%/C:\\WINDOWS\\system32\\config\\systemprofile\\Recent/I;

    s/^%DefaultSendTo%/C:\\WINDOWS\\system32\\config\\systemprofile\\SendTo/I;

    s/^%DefaultStartup%/C:\\WINDOWS\\system32\\config\\systemprofile\\Start Menu\\Programs\\Startup/I;

    s/^%Desktop%/C:\\Documents and Settings\\dita\\Desktop/I;

    s/^%Fonts%/C:\\WINDOWS\\Fonts/I;

    s/^%History%/C:\\Documents and Settings\\dita\\Local Settings\\History/I;

    s/^%HOMEPATH%/\\Documents and Settings\\dita/I;

    s/^%LocalAppData%/C:\\Documents and Settings\\dita\\Local Settings\\Application Data/I;

    s/^%LocalSettings%/C:\\Documents and Settings\\dita\\Local Settings/I;

    s/^%Personal%/C:\\Documents and Settings\\dita\\My Documents/I;

    s/^%PrintHood%/C:\\Documents and Settings\\dita\\PrintHood/I;

    s/^%ProfilesDirectory%/C:\\Documents and Settings/I;

    s/^%ProgramFiles%/C:\\Program Files/I;

    s/^%Programs%/C:\\Documents and Settings\\dita\\Start Menu\\Programs/I;

    s/^%Recent%/C:\\Documents and Settings\\dita\\Recent/I;

    s/^%SendTo%/C:\\Documents and Settings\\dita\\SendTo/I;

    s/^%StartMenu%/C:\\Documents and Settings\\dita\\Start Menu/I;

    s/^%Startup%/C:\\Documents and Settings\\dita\\Start Menu\\Programs\\Startup/I;

    s/^%SYSTEM%/C:\\WINDOWS\\system32/I;

    s/^%SysTemp%/C:\\WINDOWS\\TEMP/I;

    s/^%SystemRoot%/C:\\WINDOWS/I;

    s/^%Tasks%/C:\\WINDOWS\\Tasks/I;

    s/^%TEMP%/C:\\DOCUME~1\\dita\\LOCALS~1\\Temp/I;

    s/^%Templates%/C:\\Documents and Settings\\dita\\Templates/I;

    s/^%Temp_LFN%/C:\\Documents and Settings\\dita\\Local Settings\\Temp/I;

    s/^%TMP%/C:\\DOCUME~1\\dita\\LOCALS~1\\Temp/I;

    s/^%USERPROFILE%/C:\\Documents and Settings\\dita/I;

    s/^%windir%/C:\\WINDOWS/I;

    s/^%systemdrive%/C:/I;

    Ако искате да повторя действието.

    Трябва ли да изтрия обаче и после да го сваля отново?


  14. Направих,каквото ми казахте.Но Combofix се стартира веднага и не ми позволи да му задам командата-"%userprofile%\desktop\ComboFix.exe" /KillAll

    И после след рестарта ми отне доста време,за да мога да контролирам компютъра.Ще ви покажа файловете които са се появили,дано да са те.

    ComboFix 09-10-23.01 - dita 10.2009 г. 13:27:08.1.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00]

    Running from: C:\Documents and Settings\dita\My Documents\Изтегляния\ComboFix.exe

    AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\dita\Application Data\wiaserva.log

    C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd

    C:\Documents and Settings\dita\restorer64_a.exe

    C:\Program Files\AskSearch\bin\DefaultSearch.dll

    C:\Program Files\WinPCap

    C:\Program Files\WinPCap\rpcapd.exe

    C:\WINDOWS\Downloaded Program Files\popcaploader.inf

    C:\WINDOWS\system32\drivers\npf.sys

    C:\WINDOWS\system32\Packet.dll

    C:\WINDOWS\system32\pthreadVC.dll

    C:\WINDOWS\system32\restorer64_a.exe

    C:\WINDOWS\system32\WanPacket.dll

    C:\WINDOWS\system32\wpcap.dll

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_NPF

    -------\Service_npf

    ((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

    .

    Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00]

    .:\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\\(\\\|0!\|0\\0\)

    C:\\WINDOWS\\system32\\config\\\(\\\|0!\|0\\0\)

    C:\\WINDOWS\\system32\\csrss.exe\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\Drivers\\\(\\\|0!\|0\\0\)

    C:\\WINDOWS\\system32\\hal.dll\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\lsass.exe\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\ntdll.dll\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\services.exe\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\smss.exe\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\svchost.exe\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\userinit.exe\\\(0!\|0\\0\)

    C:\\WINDOWS\\system32\\wbem\\\(\\\|0!\|0\\0\)

    C:\\WINDOWS\\system32\\winlogon.exe\\\(0!\|0\\0\)

    C:\\boot.ini\\\(0!\|0\\0\)

    C:\\ntdetect.com\\\(0!\|0\\0\)

    C:\\ntldr\\\(0!\|0\\0\)

    C:\\WINDOWS\\\(\\\|0!\|0\\0\)

    C:\\WINDOWS\\explorer.exe\\\(0!\|0\\0\)

    Ако е необходимо да повторя действието ще го направя


  15. Здравейте!

    Имам голям проблем с компютъра.От вчера антивирусната ми Аваст постоянно пищи и съобщава за вируси.Как ли не се опитвах да ги премахна,но нищо не става.Нито мога да ги изтрия,нито да ги затворя под карантина.Сканирах компютъра с Malwarebytes' Anti-Malware,намери 30 заплахи,рестартирах компютъра/по съвет на Malwarebytes' Anti-Malware/ и като се включи съвсем блокира.Нито едно действие неможех да извърша.Няколко пъти рестартирах/ако е рестартиране това,че го изключвах от мрежата-по друг начин не ставаше/ и най-накрая мога да го исползвам за момента,но не знам до кога.Но последния път като го включих пак се задейства антивирусната със съобщения за вируси.Знам,че е най-добре да го преинсталирам при това положение,но моля ви да погледнете и ми кажете,могат ли да се поправят нещата или е задължителна преинсталация?Приятен ден!

    Надявам се на отговор.

    Malwarebytes' Anti-Malware 1.41

    Версия на базата от данни: 3023

    Windows 5.1.2600 Service Pack 2

    24.10.2009 г. 11:30:38

    mbam-log-2009-10-24 (11-30-38).txt

    Тип сканиране: Пълно сканиране (C:\|D:\|F:\|)

    Сканирани обекти: 126547

    Изминало време: 17 minute(s), 18 second(s)

    Заразени процеси в паметта: 2

    Заразени модули в паметта: 0

    Заразени ключове в регистратурата: 10

    Заразени стойности в регистратурата: 7

    Заразени информационни обекти в регистратурата: 1

    Заразени папки: 0

    Заразени файлове: 10

    Заразени процеси в паметта:

    C:\Documents and Settings\dita\restorer64_a.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    C:\WINDOWS\system32\restorer64_a.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Заразени модули в паметта:

    (Не бяха открити заплахи)

    Заразени ключове в регистратурата:

    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

    Заразени стойности в регистратурата:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer64_a (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer64_a (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Заразени информационни обекти в регистратурата:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe cpcp.cpo bef0regiiav) Good: (Explorer.exe) -> Quarantined and deleted successfully.

    Заразени папки:

    (Не бяха открити заплахи)

    Заразени файлове:

    C:\Documents and Settings\dita\Local Settings\Temp\TMP2F1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{AE194283-DA9F-4FF1-BD20-231F3F66D29A}\RP150\A0027662.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\System Volume Information\_restore{AE194283-DA9F-4FF1-BD20-231F3F66D29A}\RP150\A0027668.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

    C:\Documents and Settings\dita\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

    C:\WINDOWS\Temp\wpv561255562528.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\WINDOWS\Temp\wpv571256085323.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

    C:\Documents and Settings\dita\restorer64_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    C:\WINDOWS\system32\restorer64_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:34:28, on 24.10.2009 г.

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Unable to get Internet Explorer version!

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\D-Tools\daemon.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Documents and Settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Program Files\Skype\Plugin Manager\skypePM.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Temp\_ex-08.exe

    C:\WINDOWS\system32\restorer64_a.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\NOTEPAD.EXE

    C:\Documents and Settings\dita\My Documents\Изтегляния\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mebelidita.dir.bg/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s

    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

    R3 - URLSearchHook: (no name) - - (no file)

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun

    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe

    O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe

    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

    O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\dita\restorer64_a.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Startup: zavupd32.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.dskdirect.bg/capicom.cab

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe

    --

    End of file - 6091 bytes


  16. Виждам,че ползваш нелицензирана версия.Тогава евентуално си ползвал Fix или Crack-т.е. ползвал си я на 40 % от възможностите й .

    Отвори си Task Manager и виж дали някъде не действа .ехе-то й ! Спри го !

    Влез под Save mode и изтрий папките за които писах горе и рестартирай ! Почисти регистрите накрая !

    Силно ти препоръчвам,след това да погледнеш форума на НОД 32 България ,и да си закупиш продукта ! Така ще имаш Истински НОД 32,работещ на 100% .

    В противен случай ползвай някоя безплатна антивирусна !

    Благодаря!Ще го направя.


  17. Изтрий следните папки:

    C:\Program files\ESET

    C:\Documents and Settings\All users\Application data\Eset

    C:\Documents and Settings\потребител\Application data\Eset

    Рестартирай и почисти регистрите ! Използвай CCleaner !

    Пак рестартирай !

    Не става и не става.И с "CCleaner" не я изтрива.Какво е това чудо???


  18. изпозваш версия 2.51 на НОД 32, в момента актуалната е 2.7 , а ноември се чака версия 3

    Смени си версията на НОДа...потърси из торентите, навсякаде има

    Благодаря на всички които се отзоваха на въпроса ми.Опитах всичко,нищо не става.И затова реших да я истрия,за да кача друга.Оказа се,че не мога да я махна.Казва ми,че файла е повреден или изчезнал и това е.Дайте съвет как да махна тоя NOD32!!!!


  19. Здравейте!Имам проблем с NOD32.

    Trial version

    Days left: 16715402

    NOD32 antivirus system information

    Virus signature database version: 2519 (20070910)

    Dated: Monday, September 10, 2007

    Virus signature database build: 10758

    Information on other scanner support parts

    Advanced heuristics module version: 1.065 (20070802)

    Advanced heuristics module build: 1164

    Internet filter version: 1.002 (20040708)

    Internet filter build: 1013

    Archive support module version: 1.058 (20070906)

    Archive support module build version: 1196

    Information about installed components

    NOD32 For Windows NT/2000/XP/2003/x64 - Base

    Version: 2.51.8

    NOD32 For Windows NT/2000/XP/2003/x64 - Internet support

    Version: 2.51.8

    NOD32 for Windows NT/2000/XP/2003/x64 - Standard component

    Version: 2.51.8

    Operating system information

    Platform: Windows XP

    Version: 5.1.2600 Service Pack 2

    Version of common control components: 5.82.2900

    RAM: 256 MB

    Processor: Intel® Celeron® CPU 2.40GHz (2400 MHz)

    Моля помогнете!!!! :sobbing: :sobbing: :sobbing:

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...