Премини към съдържанието

Чавдар

Потребител
  • Публикации

    7
  • Регистрация

  • Последно онлайн

Харесвания

0 Неутрална репутация

Всичко за Чавдар

  • Титла
    Новобранец
  • Рожден ден 13.09.1978

Информация

  • Пол
    Неопределен
  • Град
    София

Контакти

  • Skype
    yupi@abv.bg
  1. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2014Ran by Yupi at 2014-04-28 19:46:19 Run:3Running from C:Documents and SettingsYupiDesktopBoot Mode: Normal==============================================Content of fixlist:*****************startDeleteQuarantine:end*****************C:FRSTQuarantine => Removed successfully.==== End of Fixlog ==== # DelFix v10.7 - Logfile created 28/04/2014 at 20:05:52# Updated 27/04/2014 by Xplode# Username : Yupi - 0075043875E64A9# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)~ Removing disinfection tools ...Deleted : C:FRSTDeleted : C:AdwCleanerDeleted : C:log.txtDeleted : C:Documents and SettingsYupiDesktopAdwCleaner[s0].txtDeleted : C:Documents and SettingsYupiDesktopFixlog.txtDeleted : C:Documents and SettingsYupiDesktopFRST.exeDeleted : C:Documents and SettingsYupiDesktopJRT.exeDeleted : C:Documents and SettingsYupiDesktoprkill.comDeleted : C:Documents and SettingsYupiDesktopSecurityCheck.exeDeleted : HKLMSOFTWAREAdwCleaner########## - EOF - ########## Благодаря за отделеното време и помощта .
  2. Направих сканиране,но нещо немога да намеря "C:ProgramdataHitmanProLogs". След края отдолу ми изписа да сейвна лог файла - поставям го -> HitmanPro 3.7.9.216www.hitmanpro.com Computer name . . . . : 0075043875E64A9 Windows . . . . . . . : 5.1.3.2600.X86/1 User name . . . . . . : 0075043875E64A9Yupi License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2014-04-27 21:19:34 Scan mode . . . . . . : Normal Scan duration . . . . : 13m 52s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 1 Traces . . . . . . . : 5 Objects scanned . . . : 543430 Files scanned . . . . : 17033 Remnants scanned . . : 81667 files / 444730 keysMiniport ____________________________________________________________________ Primary DriverObject . . . : 86D199A0 DriverName . . . . : Driveratapi DriverPath . . . . : atapi.sys StartIo . . . . . : F7211864 atapi.sys+30820 IRP_MJ_SCSI . . . : F7213B40 atapi.sys+39744 Solution DriverObject . . . : 86D199A0 DriverName . . . . : Driveratapi DriverPath . . . . : atapi.sys StartIo . . . . . : F7211864 atapi.sys+30820 IRP_MJ_SCSI . . . : F7210852 atapi.sys+26706 Malware _____________________________________________________________________ C:System Volume Information_restore{E4E3FD5B-9577-459F-80B0-E00C500348EE}RP1122A0358622.exe -> Quarantined Size . . . . . . . : 1330861 bytes Age . . . . . . . : 1.0 days (2014-04-26 22:24:46) Entropy . . . . . : 8.0 SHA-256 . . . . . : 42F6D277CFB923156D7803E31468D8F44C60AB38889413BD522633BD608D41E7 Version . . . . . : 3.2.0.3 > Bitdefender . . . : Trojan.Generic.11236335 Fuzzy . . . . . . : 113.0 Suspicious files ____________________________________________________________ C:WINDOWSDatecsFlex2K.exe Size . . . . . . . : 151552 bytes Age . . . . . . . : 460.4 days (2013-01-22 12:51:23) Entropy . . . . . : 7.9 SHA-256 . . . . . : E090365CB15BC2ED95ADFBEF20B44A9829B2F6610BA54CA6145D0BDC2BD0AD27 Parent Name . . . : C:WINDOWSExplorer.EXE Running processes : 464 Fuzzy . . . . . . : 31.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Uses the Startup folder in the Start Menu to run each time the user logs on. Program is running but currently exposes no human-computer interface (GUI). The Entry Point of this file lies in a resource section. This is an indication of malware infection. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. Program contains PE structure anomalies. This is not typical for most programs. The file is in use by one or more active processes. Startup C:Documents and SettingsAll UsersStart MenuProgramsStartupFlexType 2K.lnk References C:Documents and SettingsYupiStart MenuProgramsDatecs ApplicationsFlexType 2K.lnk Постави ми под карантина "exe" файл(от Sistem Volume Information_restore) като троянец,но незнам не можах да се справя с игнорето нямаше го.
  3. Няма проблем - по добре е от преди инфекцията. Благодаря.
  4. Готово - качвам FRST файл. FRST2.txt
  5. Готово -> прикачен и пускам рестарт. И един малко странен факт, защо след като на 08.04 спряха подръжката на "ХР" продължава да ми ъпдейтва. Fixlog.txt
  6. Започвам с РКилл - прикачен . Точка 2 - АдвКлеанер -> # AdwCleaner v3.203 - Report created 26/04/2014 at 22:28:23 # Updated 26/04/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Yupi - 0075043875E64A9 # Running from : C:Documents and SettingsYupiDesktopadwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:Documents and SettingsYupiApplication DataMozillaFirefoxProfilesiirl0q25.defaultExtensionsadsremoval@adsremoval.net Folder Deleted : C:Documents and SettingsYupiLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsgkcefkcdkepgkpbgncjchhbjgoanleod File Deleted : C:Documents and SettingsYupiApplication DataMozillaFirefoxProfilesiirl0q25.defaultsearchpluginsbingp.xml File Deleted : C:Documents and SettingsYupiApplication DataMozillaFirefoxProfilesiirl0q25.defaultuser.js File Deleted : C:WINDOWSTasksDriver Booster Update.job ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCUSoftwareSoftonic ***** [ Browsers ] ***** - Internet Explorer v8.0.6001.18702 - Mozilla Firefox v28.0 (bg) [ File : C:Documents and SettingsYupiApplication DataMozillaFirefoxProfilesiirl0q25.defaultprefs.js ] [ File : C:Documents and SettingsAdministratorApplication DataMozillaFirefoxProfilesg13mlpck.defaultprefs.js ] ************************* AdwCleaner[R0].txt - [1561 octets] - [26/04/2014 22:26:14] AdwCleaner[s0].txt - [1494 octets] - [26/04/2014 22:28:23] ########## EOF - C:AdwCleanerAdwCleaner[s0].txt - [1554 octets] ########## минавам на 3 точка Junkware Removal Tool -> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by Yupi on 26.04.2014 Ј. at 22:42:37,37 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:Documents and SettingsAll Usersapplication databoost_interprocess" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26.04.2014 Ј. at 22:49:40,82 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Следващото чудо Malwarebytes Anti -Malware -> Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 26.4.2014 г. Scan Time: 23:55:34 Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.26.04 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Yupi Scan Type: Threat Scan Result: Completed Objects Scanned: 288110 Time Elapsed: 56 min, 28 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Deep Rootkit Scan: Enabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 3 Trojan.Downloader, HKUS-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN|msnsc, C:WINDOWSsystem32msnsc.exe, Quarantined, [9a66de22ae5256aad52c807ac9398779] Trojan.Downloader, HKUS-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN|msnsc, C:WINDOWSsystem32msnsc.exe, Quarantined, [9070fc0404fc42be669b34c617eb9967] Trojan.Downloader, HKUS-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN|msnsc, C:WINDOWSsystem32msnsc.exe, Quarantined, [fe0254ac56aaf20efa07e614bd45b34d] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Spigot.A, C:Documents and SettingsYupiMy DocumentsDownloadsFreeHideIP-3.9.0.2.Setup.exe, Quarantined, [48b828d86d93fb05366f0f11d52c38c8], Physical Sectors: 0 (No malicious items detected) (end) и последното Security Check -> Results of screen317's Security Check version 0.99.82 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 4.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 12.0.0.77 Flash Player out of Date! Adobe Reader 7 Adobe Reader out of Date! Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbam.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 6% ````````````````````End of Log`````````````````````` Накрая прикачвам 2та дневника които направих след всичко това. Мисля си че се оправи,но така и не разбрах какво направих.Ще чакам отговор дали да трия програмите които свалих,ако всичко е ок. Rkill.txt FRST1.txt Addition1.txt
  7. Здравейте - в Фейсбук получих от приятел на лично съобщение да отворя един файл.След като го изтеглих се замислих над адреса(приятеля го нямаше на линия да го питам лично) го оставих на декстопа без да го отварям.След може би час време влезнах в Фейса и вече всичко беше - каша.Пуснах сканиране с Антивируса и ми откри /Win32/Injector.BCOY/ -сложи го под карантина, но се съмнявам че вече имам проблем защото Фейса си е същата каша,а и почва да позабива компа.Сканирах с ФРСТ и слагам файловете. FRST.txt Addition.txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.