Премини към съдържанието

nonamez

Потребител
  • Публикации

    10
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за nonamez

  • Титла
    Потребител
  1. Service Pack 3 вече съм го сложила. Avast! е пуснат дано няма проблеми. И един последен въпрос как да се отърва от yahoo toolbar-a от никъде не се деинсталира?
  2. Лога от SmitFraudFix SmitFraudFix v2.416 Scan done at 15:15:09,49, 19.05.2009 Ј. Run from C:\Documents and Settings\ecstazy91\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #4 - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 DNS Server Search Order: 212.5.158.9 Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #4 - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #4 - Packet Scheduler Miniport DNS Server Search Order: 10.5.128.209 DNS Server Search Order: 10.5.128.210 DNS Server Search Order: 10.254.4.209 DNS Server Search Order: 10.254.4.210 DNS Server Search Order: 10.5.30.211 Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #4 - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{08BDD0FE-31FE-4873-BCAF-5CD2151B936C}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E0877B8-EE1C-4AA2-B684-9B8EAD90F83D}: DhcpNameServer=10.5.128.209 10.5.128.210 10.254.4.209 10.254.4.210 10.5.30.211 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E84C2E86-8351-44D9-8B6F-F6DF53856231}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{FDAA6432-6E9B-4582-9A97-4158847385A7}: DhcpNameServer=192.168.0.1 212.5.158.9 HKLM\SYSTEM\CS1\Services\Tcpip\..\{08BDD0FE-31FE-4873-BCAF-5CD2151B936C}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E0877B8-EE1C-4AA2-B684-9B8EAD90F83D}: DhcpNameServer=10.5.128.209 10.5.128.210 10.254.4.209 10.254.4.210 10.5.30.211 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E84C2E86-8351-44D9-8B6F-F6DF53856231}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{FDAA6432-6E9B-4582-9A97-4158847385A7}: DhcpNameServer=192.168.0.1 212.5.158.9 HKLM\SYSTEM\CS2\Services\Tcpip\..\{08BDD0FE-31FE-4873-BCAF-5CD2151B936C}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E0877B8-EE1C-4AA2-B684-9B8EAD90F83D}: DhcpNameServer=10.5.128.209 10.5.128.210 10.254.4.209 10.254.4.210 10.5.30.211 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E84C2E86-8351-44D9-8B6F-F6DF53856231}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{FDAA6432-6E9B-4582-9A97-4158847385A7}: DhcpNameServer=192.168.0.1 212.5.158.9 HKLM\SYSTEM\CS3\Services\Tcpip\..\{08BDD0FE-31FE-4873-BCAF-5CD2151B936C}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{451A4E1C-14C3-4DF1-A836-2AEB1189B719}: NameServer=84.54.128.9 84.54.128.8 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E0877B8-EE1C-4AA2-B684-9B8EAD90F83D}: DhcpNameServer=10.5.128.209 10.5.128.210 10.254.4.209 10.254.4.210 10.5.30.211 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E84C2E86-8351-44D9-8B6F-F6DF53856231}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{FDAA6432-6E9B-4582-9A97-4158847385A7}: DhcpNameServer=192.168.0.1 212.5.158.9 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK.2 »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
  3. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-18 23:39:07 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.15 ---- SSDT sptd.sys ZwEnumerateKey [0xF970FFB2] SSDT sptd.sys ZwEnumerateValueKey [0xF9710340] Code \??\C:\DOCUME~1\ECSTAZ~1\LOCALS~1\Temp\catchme.sys pIofCallDriver ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \Fat 821731E8 AttachedDevice \FileSystem\Fastfat \Fat MPRIFL.SYS AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- EOF - GMER 1.0.15 ----
  4. Анализа за c:\program files\Common Files\Teleca Shared\CapabilityManager.exe MD5: 8f9e12716958649fbe81d74bccbaeb51 First received: 07.10.2007 09:50:55 (CET) Date: 04.30.2009 17:21:13 (CET) [>18D] Results: 0/40 Permalink: analisis/5c2b577bd06d70162eb46217678d7cee Анализа за c:\program files\Common Files\Teleca Shared\Generic.exe MD5: ac02cf51dcc71e97d1b602ee651518db First received: 02.10.2008 20:08:36 (CET) Date: 05.06.2009 20:04:31 (CET) [>12D] Results: 0/39 Permalink: analisis/7b6c4101294f85db3a759eb5eff82756 Malwarebytes' Anti-Malware 1.36 Версия на базата от данни: 2148 Windows 5.1.2600 Service Pack 2 18.5.2009 г. 22:58:18 mbam-log-2009-05-18 (22-58-18).txt Тип сканиране: Пълно сканиране (C:\|D:\|) Сканирани обекти: 116033 Изминало време: 26 minute(s), 0 second(s) Заразени процеси в паметта: 0 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 0 Заразени стойности в регистратурата: 0 Заразени информационни обекти в регистратурата: 0 Заразени папки: 0 Заразени файлове: 0 Заразени процеси в паметта: (Не бяха открити заплахи) Заразени модули в паметта: (Не бяха открити заплахи) Заразени ключове в регистратурата: (Не бяха открити заплахи) Заразени стойности в регистратурата: (Не бяха открити заплахи) Заразени информационни обекти в регистратурата: (Не бяха открити заплахи) Заразени папки: (Не бяха открити заплахи) Заразени файлове: (Не бяха открити заплахи) Malwarebytes' Anti-Malware не намери нищо, ама докато скенираше и avast-a пак намира вирус пак същото - името на заразения файл някакво двуцифрено число с ръзширение .scr и в крайна сметка няма такъв файл в компютъра.
  5. Лога от ComboFix-a ComboFix 09-05-17.07 - ecstazy91 05.2009 г. 21:03.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.255.93 [GMT 3:00] Running from: c:\documents and settings\ecstazy91\desktop\combofix.exe Command switches used :: /killall WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\asr_60516.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSDRV32 ((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 ))))))))))))))))))))))))))))))) . 2009-05-18 13:30 . 2009-04-06 12:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-18 13:30 . 2009-04-06 12:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-18 13:30 . 2009-05-18 13:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-18 13:30 . 2009-05-18 13:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-18 13:07 . 2009-05-18 13:07 -------- d-----w C:\HiJackThis 2009-05-18 09:49 . 2009-05-18 09:49 552 ----a-w c:\windows\system32\d3d8caps.dat 2009-05-18 07:47 . 2009-05-18 07:47 -------- d-----w c:\program files\EsetOnlineScanner 2009-05-17 13:59 . 2009-05-17 13:59 -------- d-----w c:\windows\system32\recover . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2004-08-03 21:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe [-] 2004-08-03 21:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll [-] 2004-08-03 21:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe [-] 2004-08-03 20:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys [-] 2004-08-03 20:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-03 21:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe [-] 2004-08-03 21:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe [-] 2004-08-03 21:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe [-] 2004-08-03 21:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe [-] 2004-08-03 21:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll [-] 2004-08-03 21:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll [-] 2004-08-03 21:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll [-] 2004-08-03 21:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "flockbox"="d:\folder lockbox\flockbox.exe" [2006-10-27 1073152] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-03 110592] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-10-27 73728] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Documents and Settings\\ecstazy91\\Desktop\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9286:TCP"= 9286:TCP:BitComet 9286 TCP "9286:UDP"= 9286:UDP:BitComet 9286 UDP "25451:TCP"= 25451:TCP:BitComet 25451 TCP "25451:UDP"= 25451:UDP:BitComet 25451 UDP "24794:TCP"= 24794:TCP:BitComet 24794 TCP "24794:UDP"= 24794:UDP:BitComet 24794 UDP "12442:TCP"= 12442:TCP:BitComet 12442 TCP "12442:UDP"= 12442:UDP:BitComet 12442 UDP "19353:TCP"= 19353:TCP:BitComet 19353 TCP "19353:UDP"= 19353:UDP:BitComet 19353 UDP "23084:TCP"= 23084:TCP:BitComet 23084 TCP "23084:UDP"= 23084:UDP:BitComet 23084 UDP "12543:TCP"= 12543:TCP:BitComet 12543 TCP "12543:UDP"= 12543:UDP:BitComet 12543 UDP R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [09.4.2007 г. 18:49 13824] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03.4.2008 г. 23:30 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03.4.2008 г. 23:30 20560] S1 oxser;OX16C95x Serial port driver;c:\windows\system32\drivers\OXSER.SYS [29.4.2003 г. 01:31 51169] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [03.10.2007 г. 19:02 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [03.10.2007 г. 19:02 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [03.10.2007 г. 19:02 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [03.10.2007 г. 19:02 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [03.10.2007 г. 19:02 83344] . - - - - ORPHANS REMOVED - - - - HKLM-Run-WinProtection 3.0 - (no file) SafeBoot-SVCWINSPOOL . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ uInternet Settings,ProxyServer = socks= uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to AMV Converter... - d:\mp3 player\AMVConverter\grab.html IE: E&xport to Microsoft Excel - d:\micros1\Office10\EXCEL.EXE/300 IE: MediaManager tool grab multimedia file - d:\mp3 player\MediaManager\grab.html IE: {{2D9B63C6-980C-4B96-A236-4F574237C022} - {77436E47-D8DA-4130-B7B3-A584B281F6AD} - c:\windows\system32\shdocvw.dll IE: {{60237576-b24c-4ba9-9740-c9f3ec9db557} - {EAADF17C-B6EA-4511-8549-A67CFD406EAF} - d:\fromin~1\WEBTRA~1\wt2ie.dll Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-18 21:08 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE c:\windows\system32\rundll32.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Completion time: 2009-05-18 21:11 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-18 18:11 Pre-Run: 5 052 940 288 bytes free Post-Run: 5 361 557 504 bytes free 139 --- E O F --- 2008-04-12 09:36
  6. Инсталираните програми: 4UOnly 1.2.7 ACT Soft Cyrilla Correct+ 2000 Ad-Aware SE Personal Adobe Flash Player 10 ActiveX Adobe Reader 6.0.1 avast! Antivirus BitComet 0.70 BSPlayer CCScore Disc2Phone Encyclopedia ESET Online Scanner ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt FastStone Image Viewer 3.0 fflink Folder Lockbox 1.1 for Windows 2000/XP Free Video Converter V 1.2 HijackThis 2.0.2 HTML Executable IERuntime HyperCam 2 Icy Tower v1.3.1 Jardinains! kgcbaby kgcbase kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday K-Lite Codec Pack 2.50 Full Kodak EasyShare software Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Office PowerPoint Viewer 2003 Microsoft Office XP Professional MoniF Mp3 Knife 3.1 MP3 To Ringtone Gold 3.50 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK netbrdg OfotoXMI Realtek AC'97 Audio SA Dictionary 2004 Datacenter Search Settings 1.2 Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944338) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB947864) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) SeeStorm for Skype SFR SHASTA skin0001 SKINXSDK Sony Ericsson PC Suite 1.20.173 Spybot - Search & Destroy 1.4 staticcr tooltips Total Commander (Remove or Repair) Turbo Pizza Precracked !! UFDisk Format Tool Uninstaller UltraISO V7.21 Media Edition Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB942840) Update for Windows XP (KB946627) VPRINTOL WebTrance3.0 (деинсталиране) Winamp (remove only) Windows Bulgarian Interface Pack Windows Installer 3.1 (KB893803) Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinProtection 3.0 WinRAR archiver WIRELESS Yahoo! Toolbar Zune Desktop Theme логовете от Malwarebytes Malwarebytes' Anti-Malware 1.36 Версия на базата от данни: 1945 Windows 5.1.2600 Service Pack 2 18.5.2009 г. 17:01:11 mbam-log-2009-05-18 (17-01-04).txt Тип сканиране: Пълно сканиране (C:\|D:\|) Сканирани обекти: 107493 Изминало време: 26 minute(s), 9 second(s) Заразени процеси в паметта: 0 Заразени модули в паметта: 0 Заразени ключове в регистратурата: 3 Заразени стойности в регистратурата: 0 Заразени информационни обекти в регистратурата: 0 Заразени папки: 13 Заразени файлове: 30 Заразени процеси в паметта: (Не бяха открити заплахи) Заразени модули в паметта: (Не бяха открити заплахи) Заразени ключове в регистратурата: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdrv32 (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysdrv32 (Backdoor.Bot) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdrv32 (Backdoor.Bot) -> No action taken. Заразени стойности в регистратурата: (Не бяха открити заплахи) Заразени информационни обекти в регистратурата: (Не бяха открити заплахи) Заразени папки: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken. Заразени файлове: C:\WINDOWS\system32\drivers\sysdrv32.sys (Backdoor.Bot) -> No action taken. C:\tools\xpkey.exe (Trojan.Downloader) -> No action taken. C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\02AD9353.bin (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\02AD95CA.bin (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\02ADA66A.bin (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\Cache\02ADA869.bin (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken. C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken. C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken. Обаче Yahoo toolbar нещо се опъва, нито от контролния панел, нито от папката се деинсталира
  7. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:10:15, on 18.5.2009 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Folder Lockbox\flockbox.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HiJackThis\Post.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [flockbox] D:\Folder Lockbox\flockbox.exe /a O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = D:\mICROSOFT\Office10\OSA.EXE O8 - Extra context menu item: Add to AMV Converter... - D:\MP3 player\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\MP3 player\MediaManager\grab.html O9 - Extra button: Cyrillic Convertor - {2D9B63C6-980C-4B96-A236-4F574237C022} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - D:\FROMIN~1\WEBTRA~1\wt2ie.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{451A4E1C-14C3-4DF1-A836-2AEB1189B719}: NameServer = 84.54.128.9 84.54.128.8 O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- End of file - 6152 bytes
  8. Здравейте, Може и да има такава тема, но вирусите изкачат един след друг и нямя наин да се зачетеш по-сериозно.... Проблема е следния Сутринта ми се обновява Avast-a и запачва през 20-30секунди да открива вируси в sistem32, Win32: Trojan-gen {Other}, заразени са някакви файлове, които не съществуват... разширението им е scr. Пуснах да сканира avast-a, ама самия скенер не намра нищо, а продължават да изкачат вируси след това. Пробвах и онлайн скенер, който намери 81 заплахи и резултатът е същия... Ака някой си има представа какво да се прави...
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.