Премини към съдържанието

krasilazarov

Потребител
  • Публикации

    15
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

1 Последовател

Всичко за krasilazarov

  • Титла
    Потребител
  1. Пробвах с KM;media ;GOM и все не тръгва Прегледах те ли сайта Мога да ви пратя и линка на филма
  2. Това е че всички филми от този сайт не тръгват http://www.torrentportal.com/
  3. не е вирус сигурен филмът тръгва за 20 сек и изписва да се обърна към MS За кодеци
  4. Мога да ти дам линка на филма изтеглиго и го прегледай пробвах с много плеари не става
  5. Здравейте Изтеглих си един филм от чужд сайт .Когато стартирам филма ми показва че иска някъкви кодеци за да тръгне помогнете моля
  6. Ето това получих ComboFix 10-12-17.02 - lazarovi 12/18/2010 10:48:53.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.191.18 [GMT 2:00] Running from: c:\documents and settings\lazarovi\My Documents\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\lazarovi\Application Data\PriceGong c:\documents and settings\lazarovi\Application Data\PriceGong\Data\1.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\a.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\b.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\c.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\d.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\e.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\f.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\g.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\h.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\i.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\J.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\k.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\l.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\m.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\mru.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\n.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\o.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\p.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\q.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\r.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\s.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\t.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\u.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\v.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\w.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\x.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\y.xml c:\documents and settings\lazarovi\Application Data\PriceGong\Data\z.xml . ((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 ))))))))))))))))))))))))))))))) . 2010-12-17 14:42 . 2010-12-17 14:42 -------- d-----w- c:\documents and settings\lazarovi\Application Data\Malwarebytes 2010-12-17 14:41 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-17 14:41 . 2010-12-17 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-17 14:41 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-17 14:41 . 2010-12-17 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-27 13:23 . 2010-12-17 10:44 -------- d-----w- c:\documents and settings\lazarovi\Local Settings\Application Data\Conduit 2010-11-27 13:23 . 2010-11-27 13:23 -------- d-----w- c:\program files\Conduit 2010-11-27 13:22 . 2010-12-17 15:48 -------- d-----w- c:\documents and settings\lazarovi\Local Settings\Application Data\MyAshampoo 2010-11-27 13:22 . 2010-12-17 10:46 -------- d-----w- c:\program files\MyAshampoo 2010-11-27 13:22 . 2010-11-27 13:22 -------- d-----w- c:\windows\system32\windows media 2010-11-27 13:21 . 2010-11-27 13:21 -------- d-----w- c:\program files\Windows Media Components 2010-11-27 13:20 . 2010-11-27 13:20 -------- d-----w- c:\program files\Ashampoo 2010-11-27 07:41 . 2010-12-17 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-11-27 07:41 . 2010-11-27 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-11-27 07:21 . 2010-11-27 07:21 -------- d-----w- c:\documents and settings\lazarovi\Local Settings\Application Data\AskToolbar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyA0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-23 39408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-03 328568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2004-10-14 49152] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-18 1783808] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-17 149280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-23 331776] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\lazarovi\\Desktop\\internetradio\\sc_serv.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8371:TCP"= 8371:TCP:BitComet 8371 TCP "8371:UDP"= 8371:UDP:BitComet 8371 UDP R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10/18/2009 3:57 PM 141312] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [11/3/2004 1:14 PM 267136] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/3/2010 6:29 PM 135664] S3 PAC207;PC [email protected];c:\windows\system32\drivers\PFC027.SYS [11/20/2006 8:48 AM 506112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 16:29] 2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 16:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll FF - ProfilePath - c:\documents and settings\lazarovi\Application Data\Mozilla\Firefox\Profiles\y12d5g24.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-18 10:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-12-18 11:00:55 ComboFix-quarantined-files.txt 2010-12-18 09:00 ComboFix2.txt 2010-12-17 15:46 Pre-Run: 6,107,631,616 bytes free Post-Run: 6,103,957,504 bytes free - - End Of File - - 9EE78A5DCA78B309F866DEE693E804ED
  7. ето това се получи ComboFix 10-12-16.05 - lazarovi 12/17/2010 17:36:45.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.191.72 [GMT 2:00] Running from: c:\documents and settings\lazarovi\My Documents\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\lazarovi\Recent\Thumbs.db c:\windows\XSxS D:\nxoxmtewdrsq.bat D:\nzsdudqktjmmek.bat D:\vdszmraqvh.bat . ((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 ))))))))))))))))))))))))))))))) . 2010-12-17 14:42 . 2010-12-17 14:42 -------- d-----w- c:\documents and settings\lazarovi\Application Data\Malwarebytes 2010-12-17 14:41 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-17 14:41 . 2010-12-17 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-17 14:41 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-17 14:41 . 2010-12-17 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-27 13:23 . 2010-12-17 10:44 -------- d-----w- c:\documents and settings\lazarovi\Local Settings\Application Data\Conduit 2010-11-27 13:23 . 2010-11-27 13:23 -------- d-----w- c:\program files\Conduit 2010-11-27 13:22 . 2010-12-17 10:44 -------- d-----w- c:\documents and settings\lazarovi\Local Settings\Application Data\MyAshampoo 2010-11-27 13:22 . 2010-12-17 10:46 -------- d-----w- c:\program files\MyAshampoo 2010-11-27 13:22 . 2010-11-27 13:22 -------- d-----w- c:\windows\system32\windows media 2010-11-27 13:21 . 2010-11-27 13:21 -------- d-----w- c:\program files\Windows Media Components 2010-11-27 13:20 . 2010-11-27 13:20 -------- d-----w- c:\program files\Ashampoo 2010-11-27 07:41 . 2010-12-17 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-11-27 07:41 . 2010-11-27 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2010-11-27 07:21 . 2010-11-27 07:21 -------- d-----w- c:\documents and settings\lazarovi\Local Settings\Application Data\AskToolbar 2010-11-18 03:57 . 2010-11-18 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\MyAshampoo\tbMyA0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyA0.dll" [2010-10-18 3908192] [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-23 39408] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-03 328568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2004-10-14 49152] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-10-18 1783808] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-09-17 149280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-7-23 331776] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableInstallerDetection"= 0 (0x0) "EnableSecureUIAPaths"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\lazarovi\\Desktop\\internetradio\\sc_serv.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8371:TCP"= 8371:TCP:BitComet 8371 TCP "8371:UDP"= 8371:UDP:BitComet 8371 UDP R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10/18/2009 3:57 PM 141312] R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [11/3/2004 1:14 PM 267136] S3 PAC207;PC [email protected];c:\windows\system32\drivers\PFC027.SYS [11/20/2006 8:48 AM 506112] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 16:29] 2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 16:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll FF - ProfilePath - c:\documents and settings\lazarovi\Application Data\Mozilla\Firefox\Profiles\y12d5g24.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-SiS7012 - c:\program files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012 ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-12-17 17:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-12-17 17:46:36 ComboFix-quarantined-files.txt 2010-12-17 15:46 Pre-Run: 6,156,640,256 bytes free Post-Run: 6,110,330,880 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 4BB5E24ED08CC76ED2862471F57966F8
  8. Ето това получих като сканирах с програмата Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Версия на базата от данни: 5342 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/17/2010 4:54:29 PM mbam-log-2010-12-17 (16-54-29).txt Тип сканиране: Бързо сканиране Сканирани обекти: 116992 Изминало време: 5 минута(и), 49 секунда(и) Заразени процеси в паметта: 2 Заразени модули в паметта: 1 Заразени ключове в регистратурата: 10 Заразени стойности в регистратурата: 1 Заразени информационни обекти в регистратурата: 2 Заразени папки: 6 Заразени файлове: 11 Заразени процеси в паметта: c:\documents and settings\all users\application data\queryexplorer\queryexplorer121.exe (Adware.QueryExplorer) -> 1720 -> Unloaded process successfully. c:\program files\queryexplorer\queryexplorer.exe (Adware.QueryExplorer) -> 1132 -> Unloaded process successfully. Заразени модули в паметта: c:\program files\queryexplorer\queryexplorer.dll (Adware.Agent.Gen) -> Delete on reboot. Заразени ключове в регистратурата: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUERYEXPLORER_SERVICE (Adware.QueryExplorer) -> Quarantined and deleted successfully. Заразени стойности в регистратурата: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790574BD765F5B3FA897 (Malware.Trace) -> Value: SRS_IT_E8790574BD765F5B3FA897 -> Quarantined and deleted successfully. Заразени информационни обекти в регистратурата: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Заразени папки: c:\documents and settings\all users\application data\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\queryexplorer (Adware.QueryExplorer) -> Delete on reboot. Заразени файлове: c:\program files\queryexplorer\queryexplorer.dll (Adware.Agent.Gen) -> Delete on reboot. c:\documents and settings\all users\application data\queryexplorer\queryexplorer121.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\queryexplorer\queryexplorer.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\nxoxmtewdrsq.bat (Trojan.KillAV) -> Quarantined and deleted successfully. c:\nzsdudqktjmmek.bat (Trojan.KillAV) -> Quarantined and deleted successfully. c:\documents and settings\all users\application data\queryexplorer\queryexplorer119.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully. c:\program files\queryexplorer\uninstall.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully. Ти си номер 1
  9. Ето това получих като се рестартира компа веднага се стартира анти виросната програма ти си генииииииии.Благодаря ти All processes killed ========== OTL ========== No active process named wnlbxldcqltyvguamvd.exe was found! No active process named jnybkl.exe was found! Service HidServ stopped successfully! Service HidServ deleted successfully! File C:\WINDOWS\System32\hidserv.dll not found. Service cpuz132 stopped successfully! Service cpuz132 deleted successfully! File C:\DOCUME~1\lazarovi\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9d98f439-84f4-465b-b714-784e3d042cd7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d98f439-84f4-465b-b714-784e3d042cd7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lbynivmkxrycyivalt deleted successfully. C:\Documents and Settings\lazarovi\Local Settings\Temp\jbarodwwlhqwugvcpziw.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nxoxmtewdrsq deleted successfully. C:\WINDOWS\System32\wnlbxldcqltyvguamvd.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nxoxmtewdrsq deleted successfully. C:\Documents and Settings\lazarovi\Local Settings\Temp\crnbvhxugzfidmycm.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\qdxjblzuevzatak deleted successfully. C:\WINDOWS\wnlbxldcqltyvguamvd.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\crnbvhxugzfidmycm deleted successfully. C:\Documents and Settings\lazarovi\Local Settings\Temp\lbynivmkxrycyivalt.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mxpzpxjckzbar deleted successfully. C:\WINDOWS\System32\crnbvhxugzfidmycm.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mxpzpxjckzbar deleted successfully. C:\Documents and Settings\lazarovi\Local Settings\Temp\vjerkvkgrjoqksdg.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\vjerkvkgrjoqksdg deleted successfully. C:\WINDOWS\System32\jbarodwwlhqwugvcpziw.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\nzsdudqktjmmek deleted successfully. C:\WINDOWS\crnbvhxugzfidmycm.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\qzpxlrbsyll deleted successfully. File C:\DOCUME~1\lazarovi\LOCALS~1\Temp\jbarodwwlhqwugvcpziw.exe not found. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {D27CDB6E-0000-0000-0000-000000000000} C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-0000-0000-0000-000000000000}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-0000-0000-0000-000000000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-0000-0000-0000-000000000000}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-0000-0000-0000-000000000000}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2acb0828-2387-11df-9239-00138f0d44c0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2acb0828-2387-11df-9239-00138f0d44c0}\ not found. File printer.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{662e799c-25e2-11df-923d-00138f0d44c0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{662e799c-25e2-11df-923d-00138f0d44c0}\ not found. File E:\vdszmraqvh.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{662e799c-25e2-11df-923d-00138f0d44c0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{662e799c-25e2-11df-923d-00138f0d44c0}\ not found. File E:\nzsdudqktjmmek.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{662e799c-25e2-11df-923d-00138f0d44c0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{662e799c-25e2-11df-923d-00138f0d44c0}\ not found. File E:\nxoxmtewdrsq.bat not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. C:\WINDOWS\qdxjblzuevzatakmuzdmylizhboiumwkfpgkl.lvx moved successfully. C:\Program Files\qdxjblzuevzatakmuzdmylizhboiumwkfpgkl.lvx moved successfully. C:\Documents and Settings\lazarovi\Local Settings\Application Data\qdxjblzuevzatakmuzdmylizhboiumwkfpgkl.lvx moved successfully. C:\WINDOWS\yblnvvzkkrlcliiaytnmoreljtw.iqq moved successfully. C:\Program Files\yblnvvzkkrlcliiaytnmoreljtw.iqq moved successfully. C:\Documents and Settings\lazarovi\Local Settings\Application Data\yblnvvzkkrlcliiaytnmoreljtw.iqq moved successfully. C:\WINDOWS\pjkdctoqhfqyymdmbnyohb.exe moved successfully. C:\WINDOWS\yrrjhxrsifpwviygufpew.exe moved successfully. File C:\WINDOWS\wnlbxldcqltyvguamvd.exe not found. C:\WINDOWS\vjerkvkgrjoqksdg.exe moved successfully. C:\WINDOWS\lbynivmkxrycyivalt.exe moved successfully. C:\WINDOWS\jbarodwwlhqwugvcpziw.exe moved successfully. File C:\WINDOWS\crnbvhxugzfidmycm.exe not found. C:\WINDOWS\system32\yblnvvzkkrlcliiaytnmoreljtw.iqq moved successfully. C:\WINDOWS\system32\qdxjblzuevzatakmuzdmylizhboiumwkfpgkl.lvx moved successfully. C:\autorun.inf moved successfully. C:\vdszmraqvh.bat moved successfully. C:\WINDOWS\system32\lbynivmkxrycyivaltambrrlwtjgvqdusfzgkgqd.tbi moved successfully. C:\WINDOWS\lbynivmkxrycyivaltambrrlwtjgvqdusfzgkgqd.tbi moved successfully. C:\Program Files\lbynivmkxrycyivaltambrrlwtjgvqdusfzgkgqd.tbi moved successfully. C:\Documents and Settings\lazarovi\Local Settings\Application Data\lbynivmkxrycyivaltambrrlwtjgvqdusfzgkgqd.tbi moved successfully. C:\WINDOWS\system32\yrrjhxrsifpwviygufpew.exe moved successfully. C:\WINDOWS\system32\pjkdctoqhfqyymdmbnyohb.exe moved successfully. File C:\WINDOWS\System32\jbarodwwlhqwugvcpziw.exe not found. C:\WINDOWS\system32\lbynivmkxrycyivalt.exe moved successfully. File C:\WINDOWS\System32\crnbvhxugzfidmycm.exe not found. C:\WINDOWS\system32\vjerkvkgrjoqksdg.exe moved successfully. File C:\WINDOWS\System32\wnlbxldcqltyvguamvd.exe not found. File C:\Program Files\lbynivmkxrycyivaltambrrlwtjgvqdusfzgkgqd.tbi not found. File C:\Documents and Settings\lazarovi\Local Settings\Application Data\lbynivmkxrycyivaltambrrlwtjgvqdusfzgkgqd.tbi not found. C:\Program Files\wnlbxldcqltyvguamvdqgxytfdusieskjxsafcnbh.ckx moved successfully. C:\Documents and Settings\lazarovi\Local Settings\Application Data\wnlbxldcqltyvguamvdqgxytfdusieskjxsafcnbh.ckx moved successfully. File C:\Program Files\qdxjblzuevzatakmuzdmylizhboiumwkfpgkl.lvx not found. File C:\Documents and Settings\lazarovi\Local Settings\Application Data\qdxjblzuevzatakmuzdmylizhboiumwkfpgkl.lvx not found. C:\Program Files\vjerkvkgrjoqksdgpvakxljbkftobufuqbtyau.nqz moved successfully. C:\Documents and Settings\lazarovi\Local Settings\Application Data\vjerkvkgrjoqksdgpvakxljbkftobufuqbtyau.nqz moved successfully. File C:\Program Files\yblnvvzkkrlcliiaytnmoreljtw.iqq not found. File C:\Documents and Settings\lazarovi\Local Settings\Application Data\yblnvvzkkrlcliiaytnmoreljtw.iqq not found. ========== FILES ========== File\Folder C:\WINDOWS\system32\wnlbxldcqltyvguamvd.exe not found. C:\Documents and Settings\lazarovi\Local Settings\Temp\jnybkl.exe moved successfully. File/Folder C:\WINDOWS\tasks\at*.job not found. C:\RECYCLER\S-1-5-21-583907252-162531612-725345543-1003 folder moved successfully. C:\RECYCLER folder moved successfully. D:\RECYCLER\S-1-5-21-583907252-162531612-725345543-1003 folder moved successfully. D:\RECYCLER\S-1-5-21-515967899-706699826-839522115-1003 folder moved successfully. D:\RECYCLER folder moved successfully. autorun.inf not found in C:\ D:\autorun.inf moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\lazarovi\My Documents\Downloads\cmd.bat deleted successfully. C:\Documents and Settings\lazarovi\My Documents\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: lazarovi ->Temp folder emptied: 380377619 bytes ->Temporary Internet Files folder emptied: 300332439 bytes ->Java cache emptied: 93741 bytes ->FireFox cache emptied: 412486902 bytes ->Google Chrome cache emptied: 337189390 bytes ->Flash cache emptied: 14004 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 5467588 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33237 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2162283 bytes %systemroot%\System32 .tmp files removed: 2577 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16506827 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 83677210 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,467.00 mb [EMPTYFLASH] User: All Users User: lazarovi ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12172010_162911 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  10. В момента сканира Ето сканираното изпращам ти го като прикачен фаил OTL.Txt 1.txt Extras.Txt 1.txt
  11. когато влезна на определения линк който ми дадохте ми изключва браузара .Има ли начин когато са спрени програмите от компа да видя коя програма черпи ресурс
  12. В кой по точно раздел Видян темата за виросите
  13. Здравейте Имам един проблем не мога да си включа анти вирусната програма на компа .Когато влезна в интернет да си тегля нова направо ми затваря браузара какво трябва да направя в случая имам ли вирус и как мога да направя компа в минимален режим за да видя коя програма черпи ресурс Благодаря ви предварително
  14. Здравейте Имам един проблем не мога да си включа анти вирусната програма на компа .Когато влезна в интернет да си тегля нова направо ми затваря браузара какво трябва да направя в случая имам ли вирус и как мога да направя компа в минимален режим за да видя коя програма черпи ресурс Благодаря ви предварително
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×
×
  • Добави ново...