Премини към съдържанието

vladkopedia

Потребител
  • Публикации

    5
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за vladkopedia

  • Титла
    Новобранец
  1. Malwarebytes' Anti-Malware 1.41 Database version: 2784 Windows 5.1.2600 Service Pack 2 13.9.2009 г. 15:46:17 mbam-log-2009-09-13 (15-46-17).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 160652 Time elapsed: 1 hour(s), 14 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{DF427CC8-3B83-4204-B6F4-0BD022224502}\RP595\A0201825.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{DF427CC8-3B83-4204-B6F4-0BD022224502}\RP595\A0201826.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
  2. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:39:03, on 13.9.2009 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\VMSnap5.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe D:\programs\UTorrents\uTorrent.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\Kaldata.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [uTorrent] "D:\programs\UTorrents\uTorrent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{CBB8B187-D672-4C35-B64F-5A8533ECFD8D}: NameServer = 212.39.90.42,212.39.90.43 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 3216 bytes ComboFix 09-09-11.05 - vladko 09.2009 г. 22:38.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.511.223 [GMT 3:00] Running from: c:\documents and settings\vladko\Desktop\ComboFix.exe AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected Restored copy from - c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_npf ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-12 18:58 . 2009-09-12 18:58 -------- d-----w- c:\program files\ESET 2009-09-12 09:52 . 2009-09-12 09:52 -------- d-----w- c:\program files\Trend Micro 2009-09-12 09:09 . 2009-09-12 09:09 -------- d-----w- c:\documents and settings\vladko\Application Data\Malwarebytes 2009-09-12 09:09 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-12 09:09 . 2009-09-12 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-12 09:09 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-12 09:09 . 2009-09-12 09:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-08 20:02 . 2009-09-08 20:02 -------- d-----w- c:\documents and settings\skype\Local Settings\Application Data\Mozilla 2009-08-14 15:20 . 2009-08-14 15:20 -------- d-----w- c:\program files\ResistorColorBands . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-12 20:01 . 2009-03-07 16:43 707463712 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-09-12 19:57 . 2009-03-07 16:43 9475268 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-09-12 19:33 . 2009-01-03 14:12 -------- d-----w- c:\documents and settings\vladko\Application Data\uTorrent 2009-09-12 18:32 . 2007-08-30 12:35 -------- d-----w- c:\documents and settings\vladko\Application Data\Skype 2009-09-12 13:06 . 2008-03-31 17:59 -------- d-----w- c:\documents and settings\vladko\Application Data\skypePM 2009-09-12 11:24 . 2008-01-01 15:14 -------- d-----w- c:\documents and settings\skype\Application Data\Skype 2009-09-11 21:06 . 2008-04-04 10:38 -------- d-----w- c:\documents and settings\skype\Application Data\skypePM 2009-09-10 05:37 . 2007-08-30 12:23 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-07-28 15:30 . 2009-07-28 15:30 -------- d-----w- c:\program files\PokerStars 2009-07-23 10:55 . 2009-04-28 13:31 -------- d-----w- c:\documents and settings\skype\Application Data\uTorrent 2009-07-17 11:22 . 2008-08-24 21:44 -------- d-----w- c:\documents and settings\vladko\Application Data\BSplayer Pro 2009-06-25 11:16 . 2008-10-07 21:07 18248 ----a-w- c:\documents and settings\skype\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="d:\programs\UTorrents\uTorrent.exe" [2009-07-21 288048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "VMSnap5"="c:\windows\VMSnap5.EXE" [2006-06-28 49152] "Domino"="c:\windows\Domino.EXE" [2006-06-28 49152] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-10-09 981904] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072] "ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "d:\\programs\\UTorrents\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 ZSMC0305;Vimicro USB PC Camera (VC0305);c:\windows\system32\drivers\usbVM305.sys [10.3.2008 г. 22:36 391737] S3 GAGPDrv;GAGPDrv; [x] S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [23.1.2004 г. 16:33 13952] . Contents of the 'Scheduled Tasks' folder c:\windows\Tasks\At18.job . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {CBB8B187-D672-4C35-B64F-5A8533ECFD8D} = 212.39.90.42,212.39.90.43 FF - ProfilePath - c:\documents and settings\vladko\Application Data\Mozilla\Firefox\Profiles\ize2940n.default\ FF - plugin: c:\documents and settings\vladko\Application Data\Mozilla\Firefox\Profiles\ize2940n.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-BigDog305 - c:\windows\VM305_STI.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-12 23:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1482476501-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(904) c:\program files\AlienGUIse\fastload.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ZoneLabs\vsmon.exe c:\windows\system32\ZoneLabs\avsys\ScanningProcess.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-12 23:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-12 20:05 Pre-Run: 2 102 345 728 bytes free Post-Run: 3 105 955 840 bytes free 125 --- E O F --- 2007-09-13 07:33 "Тази стъпка я правите в Safe Mode with Networking , нали ? Имате активна Интернет връзка ? Използвате ли proxy server ?" Да,в Safe mode with networking я направих,имам активна интернет връзка,обаче не знам дали използвам Proxy server.Има ли начин да проверя? След малко ще кача и log от Malwarebytes.
  3. Изпълних всичко до четвърта стъпка,но се появи проблем: стартирам ESET Online Scanner,слагам отметка на YES, I accept the Terms of Use и избирам Start,обаче не започва да сваля нищо а ме пита за проблем с Proxy.Иска конфигурации.Сега?
  4. Благодаря за бързия отговор очаквам съвети и помощ.
  5. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:55:00, on 12.9.2009 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\VMSnap5.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\sys32_nov.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\vladko\sys32_nov.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\braviax.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Trend Micro\HijackThis\Kaldata.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Sleep Moon Xpress\msdxm.ocx O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [uTorrent] "D:\programs\UTorrents\uTorrent.exe" O4 - HKCU\..\Run: [sys32_nov] C:\Documents and Settings\vladko\sys32_nov.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1482476501-1757981266-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'skype') O4 - HKUS\S-1-5-21-1482476501-1757981266-725345543-1004\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe (User 'skype') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe O4 - Startup: ikowin32.exe O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{CBB8B187-D672-4C35-B64F-5A8533ECFD8D}: NameServer = 212.39.90.42,212.39.90.43 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 5288 bytes Malwarebytes' Anti-Malware 1.41 Database version: 2784 Windows 5.1.2600 Service Pack 2 12.9.2009 г. 13:52:46 mbam-log-2009-09-12 (13-52-35).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 172126 Time elapsed: 1 hour(s), 40 minute(s), 13 second(s) Memory Processes Infected: 3 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 5 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 21 Memory Processes Infected: C:\WINDOWS\system32\sys32_nov.exe (Trojan.Cutwail) -> No action taken. C:\Documents and Settings\vladko\sys32_nov.exe (Trojan.Cutwail) -> No action taken. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sys32_nov (Trojan.Cutwail) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sys32_nov (Trojan.Cutwail) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\sys32_nov.exe (Trojan.Cutwail) -> No action taken. C:\Documents and Settings\vladko\sys32_nov.exe (Trojan.Cutwail) -> No action taken. C:\Documents and Settings\vladko\Desktop\Programs\gmaker.exe (Adware.EShoper) -> No action taken. C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> No action taken. C:\WINDOWS\system32\dllcache\figaro.sys (Trojan.KillAV) -> No action taken. C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> No action taken. C:\WINDOWS\Temp\wpv271252625374.exe (Trojan.Cutwail) -> No action taken. C:\Documents and Settings\vladko\Application Data\wiaserva.log (Malware.Trace) -> No action taken. C:\Documents and Settings\vladko\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\Jyb8Is5D.exe.a_a (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\vladko\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\vladko\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> No action taken. C:\Documents and Settings\vladko\Local Settings\Temp\tmpwr2 (Rogue.Installer) -> No action taken. C:\Documents and Settings\vladko\Local Settings\Temp\tmpwr3 (Rogue.Installer) -> No action taken. C:\Documents and Settings\vladko\Local Settings\Temp\tmpwr4 (Rogue.Installer) -> No action taken. C:\Documents and Settings\vladko\Local Settings\Temp\tmpwr5 (Rogue.Installer) -> No action taken. C:\Documents and Settings\vladko\Local Settings\Temp\tmpwr6 (Rogue.Installer) -> No action taken. C:\Documents and Settings\vladko\delself.bat (Malware.Trace) -> No action taken. C:\Documents and Settings\vladko\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken. Идеи как да действам?
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.