Премини към съдържанието

iantahtov

Потребител
  • Публикации

    5
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за iantahtov

  • Титла
    Новобранец
  1. iantahtov

    Вирус от програма

    GMER 1.0.15.15125 - http://www.gmer.net Rootkit scan 2009-10-11 21:35:56 Windows 5.1.2600 Service Pack 3 Running: tool.exe.exe; Driver: C:\DOCUME~1\XP\LOCALS~1\Temp\pgtdipow.sys ---- System - GMER 1.0.15 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF742E818] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF742E7D0] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7422A20] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74232A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF742E910] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF742E794] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74232C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF742E866] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF742E0B0] Code \??\C:\DOCUME~1\XP\LOCALS~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C28 805044C4 4 Bytes CALL C8A93C0B .text ntkrnlpa.exe!ZwCallbackReturn + 2CE8 80504584 4 Bytes JMP BCEF3CCB .text ntkrnlpa.exe!ZwCallbackReturn + 2E88 80504724 4 Bytes CALL 0C873E6B ? C:\DOCUME~1\XP\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35295F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3528E0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352924 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E35286C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3528A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E35299A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20182A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1996] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352B5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86F58A80 Device \FileSystem\Fastfat \FatCdrom 866A97C0 Device \Driver\Cdrom \Device\CdRom0 86CB17F8 Device \FileSystem\Rdbss \Device\FsWrap 86C7D680 Device \Driver\Cdrom \Device\CdRom1 86CB17F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86CB32A8 Device \Driver\atapi \Device\Ide\IdePort0 86CB32A8 Device \Driver\atapi \Device\Ide\IdePort1 86CB32A8 Device \Driver\atapi \Device\Ide\IdePort2 86CB32A8 Device \Driver\atapi \Device\Ide\IdePort3 86CB32A8 Device \Driver\atapi \Device\Ide\IdePort4 86CB32A8 Device \Driver\atapi \Device\Ide\IdePort5 86CB32A8 Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-14 86CB32A8 Device \FileSystem\Srv \Device\LanmanServer 86BEBC78 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86C7D4E0 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86C7D4E0 Device \FileSystem\Npfs \Device\NamedPipe 86C6D4F0 Device \FileSystem\Msfs \Device\Mailslot 86C6D7E0 Device \Driver\d347prt \Device\Scsi\d347prt1Port6Path0Target0Lun0 86BF0D68 Device \Driver\d347prt \Device\Scsi\d347prt1 86BF0D68 Device \FileSystem\Fastfat \Fat
  2. iantahtov

    Вирус от програма

    Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! NOD32 antivirus system Antivirus up to date! (On Access scanning disabled!) `````````````````````````````` Anti-malware/Other Utilities Check: Out of date HijackThis installed! HijackThis 1.99.1 Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent Eset nod32krn.exe `````````````````````````````` DNS Vulnerability Check: POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS) `````````End of Log```````````
  3. iantahtov

    Вирус от програма

    ComboFix 09-10-08.04 - XP 9.10.2009 22:43.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1015.476 [GMT 3:00] Running from: c:\documents and settings\XP\Desktop\Tool.exe.exe AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\XP\Application Data\Desktopicon c:\documents and settings\XP\Application Data\Desktopicon\config.ini c:\documents and settings\XP\Application Data\Desktopicon\eBayShortcuts.exe c:\documents and settings\XP\Favorites\Download programs.url c:\documents and settings\XP\Favorites\Games.url c:\documents and settings\XP\Favorites\Translator.url c:\documents and settings\XP\Favorites\Videos.url c:\documents and settings\XP\Start Menu\Programs\Download programs.url c:\documents and settings\XP\Start Menu\Programs\Games.url c:\documents and settings\XP\Start Menu\Programs\Translator.url c:\documents and settings\XP\Start Menu\Programs\Videos.url c:\windows\ktkm2.dll c:\windows\ktkm3.dll c:\windows\ktkm34.dll c:\windows\ktkm36.dll c:\windows\ktkm4.dll c:\windows\ktkm8.dll c:\windows\system32\drivers\anfiezme.sys . ((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 ))))))))))))))))))))))))))))))) . 2009-10-09 19:21 . 2009-10-09 19:21 0 ----a-w- c:\windows\nsreg.dat 2009-10-09 19:21 . 2009-10-09 19:21 -------- d-----w- c:\documents and settings\XP\Local Settings\Application Data\Mozilla 2009-10-09 15:55 . 2008-04-13 23:12 151552 ----a-w- c:\windows\system32\irftp.exe 2009-10-09 15:55 . 2008-04-13 23:12 8192 ----a-w- c:\windows\system32\wshirda.dll 2009-10-09 15:55 . 2008-04-13 23:11 28160 ----a-w- c:\windows\system32\irmon.dll 2009-10-09 13:55 . 2009-10-09 15:52 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS 2009-10-07 19:35 . 2009-10-07 19:35 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-03 20:50 . 2009-10-03 20:50 -------- d-----w- c:\documents and settings\XP\Application Data\vlc 2009-10-03 20:37 . 2009-10-03 20:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Readon 2009-10-02 05:27 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll 2009-10-02 05:27 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll 2009-10-02 05:27 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys 2009-10-02 05:27 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll 2009-09-30 11:36 . 2009-09-30 11:36 -------- d-----w- c:\program files\Common Files\TSUninstall 2009-09-30 11:36 . 2009-10-01 18:27 -------- d-----w- c:\program files\TS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-09 19:50 . 2008-07-28 07:05 -------- d-----w- c:\documents and settings\XP\Application Data\Skype 2009-10-09 16:24 . 2008-07-28 07:06 -------- d-----w- c:\documents and settings\XP\Application Data\skypePM 2009-10-09 13:55 . 2008-07-28 07:05 -------- d-----w- c:\program files\Google 2009-10-09 13:16 . 2009-04-27 12:17 5 ----a-w- c:\windows\sbacknt.bin 2009-10-09 13:15 . 2008-08-17 22:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-06 18:35 . 2008-07-31 18:38 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-27 08:27 . 2008-07-25 10:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-10 11:54 . 2008-08-17 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 11:53 . 2008-08-17 22:39 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-09 00:01 . 2008-07-25 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-19 09:10 . 2009-04-27 12:16 152904 ----a-w- c:\windows\system32\vghd.scr 2009-08-19 09:10 . 2009-04-27 12:16 -------- d-----w- c:\program files\vghd 2009-08-16 16:24 . 2008-07-25 10:36 70016 ----a-w- c:\documents and settings\XP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-22 16:51 . 2009-03-07 11:58 0 ----a-w- c:\windows\Infob.dat 2009-07-22 16:51 . 2009-03-07 11:58 0 ----a-w- c:\windows\Infoa.dat 2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 20:43 . 2007-06-24 07:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-09 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Documents and Settings\\XP\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "d:\\Install\\Flashget\\flashget.exe"= "c:\\Documents and Settings\\XP\\My Documents\\My Music\\cs 1.6\\Counter-Strike 1.6 BG.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16744:TCP"= 16744:TCP:BitComet 16744 TCP "16744:UDP"= 16744:UDP:BitComet 16744 UDP "443:TCP"= 443:TCP:*:Disabled:ooVoo TCP порт 443 "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP порт 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP порт 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP порт 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP порт 37675 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [25.7.2008 13:56 35840] R3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [01.8.2008 22:18 391688] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [25.1.2008 12:12 25088] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [02.8.2008 00:14 24652] --- Other Services/Drivers In Memory --- *NewlyCreated* - BTHSERV . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank IE: &Download All with FlashGet - d:\install\Flashget\jc_all.htm IE: &Download with FlashGet - d:\install\Flashget\jc_link.htm LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\XP\Application Data\Mozilla\Firefox\Profiles\29vxw5ng.default\ FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file) HKLM-Run-ClientGW - (no file) AddRemove-Codec pack Base (DivX - c:\windows\system32\uninst Codec pack Base (DivX ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-09 22:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-583907252-823518204-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-583907252-823518204-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1120) c:\windows\system32\imon.dll . Completion time: 2009-10-09 22:52 ComboFix-quarantined-files.txt 2009-10-09 19:52 Pre-Run: 684 064 768 bytes free Post-Run: 4 614 877 184 bytes free 163 --- E O F --- 2009-10-03 00:00
  4. iantahtov

    Вирус от програма

    Results of screen317's Security Check version 0.99.0 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! NOD32 antivirus system Antivirus up to date! (On Access scanning disabled!) `````````````````````````````` Anti-malware/Other Utilities Check: Out of date HijackThis installed! HijackThis 1.99.1 Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent Eset nod32krn.exe `````````````````````````````` DNS Vulnerability Check: POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS) `````````End of Log``````````` ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/09 22:27 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: Image Path: Address: 0xF7385000 Size: 98304 File Visible: No Signed: - Status: - Name: Image Path: Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF5DA0000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7A88000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF4201000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "d347bus.sys" at address 0xf742e818 #: 041 Function Name: NtCreateKey Status: Hooked by "d347bus.sys" at address 0xf742e7d0 #: 045 Function Name: NtCreatePagingFile Status: Hooked by "d347bus.sys" at address 0xf7422a20 #: 071 Function Name: NtEnumerateKey Status: Hooked by "d347bus.sys" at address 0xf74232a8 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "d347bus.sys" at address 0xf742e910 #: 119 Function Name: NtOpenKey Status: Hooked by "d347bus.sys" at address 0xf742e794 #: 160 Function Name: NtQueryKey Status: Hooked by "d347bus.sys" at address 0xf74232c8 #: 177 Function Name: NtQueryValueKey Status: Hooked by "d347bus.sys" at address 0xf742e866 #: 241 Function Name: NtSetSystemPowerState Status: Hooked by "d347bus.sys" at address 0xf742e0b0 ==EOF==
  5. исках да гледам едно клипче и ми изписа че трябва да си обновя ''Abobe Flash PLayer'' и свалих си фаила ама се оказа че са изтеглил вирус и ми се появи едно като щитче и веднага пуснах NoD 32 i Malwarebytes' Anti-Malware и ми се махна обаче като влизам в някакъв сайт няма значение кой ми излиза Едно BloKed на самата страница и искам да го махна това е всичко ето и резутатите от иследването на Malwarebytes Anti-Malware Malwarebytes' Anti-Malware 1.41 Версия на базата от данни: 2775 Windows 5.1.2600 Service Pack 3 09.10.2009 16:13:16 mbam-log-2009-10-09 (16-13-16).txt Тип сканиране: Пълно сканиране (C:\|D:\|) Сканирани обекти: 185249 Изминало време: 38 minute(s), 15 second(s) Заразени процеси в паметта: 0 Заразени модули в паметта: 1 Заразени ключове в регистратурата: 21 Заразени стойности в регистратурата: 6 Заразени информационни обекти в регистратурата: 1 Заразени папки: 1 Заразени файлове: 6 Заразени процеси в паметта: (Не бяха открити заплахи) Заразени модули в паметта: C:\WINDOWS\system32\iehelpmod.dll (Trojan.FakeAlert) -> Delete on reboot. Заразени ключове в регистратурата: HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Documents and Settings/XP/Local Settings/Temp/pvhwydib.dat (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pvhwydib.dat (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pvhwydib.dat (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xccewgqxrjtmnbhk (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_offersfortoday (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mglpewgn (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mglpewgn (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mglpewgn (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mglpewgn (Trojan.Agent) -> Delete on reboot. Заразени стойности в регистратурата: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc5chj0e3er (Rogue.AntiVirusXP) -> Quarantined and deleted successfully. Заразени информационни обекти в регистратурата: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully. Заразени папки: C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Заразени файлове: C:\WINDOWS\system32\iehelpmod.dll (Trojan.FakeAlert) -> Delete on reboot. C:\Documents and Settings\XP\Local Settings\Temp\pvhwydib.dat (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\xccewgqxrjtmnbhk.exe (Adware.AdRotator) -> Quarantined and deleted successfully. C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cont_offersfortoday-remove.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\mglpewgn.sys (Trojan.Agent) -> Delete on reboot. ето и от HjackThis : Logfile of HijackThis v1.99.1 Scan saved at 16:32:30, on 09.10.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21073) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe D:\Install\Flashget\FlashGet.exe C:\WINDOWS\VM305_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vista Rainbar\launcher.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\PROGRA~1\VISTAR~1\Rainbar.exe C:\Program Files\vghd\VirtuaGirl_downloader.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cidaemon.exe D:\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iantahtovi.dir.bg/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Install\Flashget\jccatch.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll (file missing) O2 - BHO: (no name) - {C3B3B48B-AA99-4FD8-B07F-3C6A4895A670} - C:\WINDOWS\system32\auth.dll (file missing) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Install\Flashget\getflash.dll O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.3.0.1\MarioForever_Toolbar.dll (file missing) O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Flashget] "D:\Install\Flashget\FlashGet.exe" /min O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKCU\..\Run: [Vista Rainbar] C:\Program Files\Vista Rainbar\launcher.exe O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe O4 - HKCU\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] D:\game\SuperTux 0.3.0\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [TS] C:\Program Files\TS\tsc.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; AntivirXP08; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.flash-igri.com/bg/game/25.html" O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - D:\Install\Flashget\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - D:\Install\Flashget\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Install\Flashget\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Install\Flashget\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O15 - Trusted Zone: http://www.mobileheart.com O15 - Trusted IP range: http://213.91.243.65 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227210670171 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E87A4CD6-BA5F-4552-BC4F-8EC240A2755C} (WebRecClient Control) - http://213.91.243.65:7000/webrec.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.