Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

bebsito

Помощ !Проблем с компютъра. [РЕШЕН]

Препоръчан отговор


Здравейте!

Имам голям проблем с компютъра.От вчера антивирусната ми Аваст постоянно пищи и съобщава за вируси.Как ли не се опитвах да ги премахна,но нищо не става.Нито мога да ги изтрия,нито да ги затворя под карантина.Сканирах компютъра с Malwarebytes' Anti-Malware,намери 30 заплахи,рестартирах компютъра/по съвет на Malwarebytes' Anti-Malware/ и като се включи съвсем блокира.Нито едно действие неможех да извърша.Няколко пъти рестартирах/ако е рестартиране това,че го изключвах от мрежата-по друг начин не ставаше/ и най-накрая мога да го исползвам за момента,но не знам до кога.Но последния път като го включих пак се задейства антивирусната със съобщения за вируси.Знам,че е най-добре да го преинсталирам при това положение,но моля ви да погледнете и ми кажете,могат ли да се поправят нещата или е задължителна преинсталация?Приятен ден!

Надявам се на отговор.

Malwarebytes' Anti-Malware 1.41

Версия на базата от данни: 3023

Windows 5.1.2600 Service Pack 2

24.10.2009 г. 11:30:38

mbam-log-2009-10-24 (11-30-38).txt

Тип сканиране: Пълно сканиране (C:\|D:\|F:\|)

Сканирани обекти: 126547

Изминало време: 17 minute(s), 18 second(s)

Заразени процеси в паметта: 2

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 10

Заразени стойности в регистратурата: 7

Заразени информационни обекти в регистратурата: 1

Заразени папки: 0

Заразени файлове: 10

Заразени процеси в паметта:

C:\Documents and Settings\dita\restorer64_a.exe (Trojan.FakeAlert) -> Unloaded process successfully.

C:\WINDOWS\system32\restorer64_a.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Заразени модули в паметта:

(Не бяха открити заплахи)

Заразени ключове в регистратурата:

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Заразени стойности в регистратурата:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mserv (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer64_a (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer64_a (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Заразени информационни обекти в регистратурата:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe cpcp.cpo bef0regiiav) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Заразени папки:

(Не бяха открити заплахи)

Заразени файлове:

C:\Documents and Settings\dita\Local Settings\Temp\TMP2F1.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AE194283-DA9F-4FF1-BD20-231F3F66D29A}\RP150\A0027662.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{AE194283-DA9F-4FF1-BD20-231F3F66D29A}\RP150\A0027668.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

C:\Documents and Settings\dita\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\wpv561255562528.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\wpv571256085323.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\dita\restorer64_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\restorer64_a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:34:28, on 24.10.2009 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Tools\daemon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Temp\_ex-08.exe

C:\WINDOWS\system32\restorer64_a.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\dita\My Documents\Изтегляния\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mebelidita.dir.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe

O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe

O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\dita\restorer64_a.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: zavupd32.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.dskdirect.bg/capicom.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe

--

End of file - 6091 bytes

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте bebsito,

*. Временно спрете защитата на антивирусната си програма в реално време.

*. Изтеглете Combofix.

*. Запазете го на Десктопа.

*. Отворете Start => run => и въведете следната команда:

"%userprofile%\desktop\ComboFix.exe" /KillAll

*. По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

*. Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Направих,каквото ми казахте.Но Combofix се стартира веднага и не ми позволи да му задам командата-"%userprofile%\desktop\ComboFix.exe" /KillAll

И после след рестарта ми отне доста време,за да мога да контролирам компютъра.Ще ви покажа файловете които са се появили,дано да са те.

ComboFix 09-10-23.01 - dita 10.2009 г. 13:27:08.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00]

Running from: C:\Documents and Settings\dita\My Documents\Изтегляния\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\dita\Application Data\wiaserva.log

C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd

C:\Documents and Settings\dita\restorer64_a.exe

C:\Program Files\AskSearch\bin\DefaultSearch.dll

C:\Program Files\WinPCap

C:\Program Files\WinPCap\rpcapd.exe

C:\WINDOWS\Downloaded Program Files\popcaploader.inf

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\Packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\restorer64_a.exe

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

.

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00]

.:\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\\(\\\|0!\|0\\0\)

C:\\WINDOWS\\system32\\config\\\(\\\|0!\|0\\0\)

C:\\WINDOWS\\system32\\csrss.exe\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\Drivers\\\(\\\|0!\|0\\0\)

C:\\WINDOWS\\system32\\hal.dll\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\lsass.exe\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\ntdll.dll\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\services.exe\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\smss.exe\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\svchost.exe\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\userinit.exe\\\(0!\|0\\0\)

C:\\WINDOWS\\system32\\wbem\\\(\\\|0!\|0\\0\)

C:\\WINDOWS\\system32\\winlogon.exe\\\(0!\|0\\0\)

C:\\boot.ini\\\(0!\|0\\0\)

C:\\ntdetect.com\\\(0!\|0\\0\)

C:\\ntldr\\\(0!\|0\\0\)

C:\\WINDOWS\\\(\\\|0!\|0\\0\)

C:\\WINDOWS\\explorer.exe\\\(0!\|0\\0\)

Ако е необходимо да повторя действието ще го направя

Редактирано от bebsito (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Честно казано за първи път виждам подобен лог файл... :eek:

Напоследък често ми се случва...

Моля, отворете C:\Combofix.txt и го публикувайте в следващия си пост.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Докато ви пишех последния път пак се задейства антивирусната и започнаха да искачат вируси Опитах се да я спра и тогава автоматично ми излезе Antivirus Pro 2010 и започна да сканира.

Това е нейното сканиране:

File name Malware name

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}\InProcServer32, Apartment Registry item

HKEY_LOCAL_MACHINE\Software\Classes\Interface\{7F7E1C5D-4D91-48C9-B09E-3E45D502FFA0}, IASUTaskScheduler Registry item

HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\4.0\ISAM Formats\HTML Export, HTML Registry item

C:\WINDOWS\system32\zyci.sys BackWebLite

C:\WINDOWS\mugibypab.bat BackWebLite

C:\Documents and Settings\All Users\Documents\adoxim.vbs BackWebLite

C:\WINDOWS\ifetudebor.dat A-Trojan 2.0

C:\WINDOWS\epemuli.lib AceBot

C:\WINDOWS\nisiv.com MPower

C:\WINDOWS\nodum._dl BackWebLite

C:\WINDOWS\system32\acogut.bat Msiebho

C:\Documents and Settings\dita\Cookies\qebolexe.dat AceBot

C:\Documents and Settings\dita\Application Data\ifisikijyc.bat A-Trojan 2.0

C:\Documents and Settings\dita\Application Data\ypeze.com BackWebLite

C:\Documents and Settings\dita\Local Settings\Application Data\jomugozi.db Adware.IpWins

C:\WINDOWS\cakidobuqe.lib Adware.IpWins

C:\Documents and Settings\All Users\Documents\kyxapehi.com BackWebLite

C:\Documents and Settings\All Users\Application Data\xybaqebak.bat AceBot

C:\Documents and Settings\dita\Local Settings\Application Data\ukegele.reg Adware.IpWins

C:\Program Files\Common Files\zabyb._dl A-Trojan 2.0

C:\Documents and Settings\dita\Application Data\ewicewutu.dll AceBot

C:\Documents and Settings\dita\Cookies\kysyfobut.inf A-Trojan 2.0

C:\Documents and Settings\dita\Local Settings\Temporary Internet Files\upaqyba.com Adware.IpWins

C:\Documents and Settings\dita\Local Settings\Application Data\wezotepi.bat Msiebho

C:\Documents and Settings\All Users\Documents\japen.pif Adlogix

C:\WINDOWS\aneras.dl MPower

C:\Documents and Settings\dita\Local Settings\Application Data\emusiqeqy._dl Advware.Adstart.b

C:\Documents and Settings\All Users\Documents\epar.scr Advware.Adstart.b

C:\Documents and Settings\dita\Application Data\usegagisax.bin Adlogix

C:\Documents and Settings\dita\Local Settings\Temporary Internet Files\ynyzumy.scr NavExcel

C:\WINDOWS\xoqohem.inf NavExcel

C:\WINDOWS\ufyso.dat Backdoor.IRCBot

Точно така наименуван текстови докемент няма

Има ComboFix-той е

ComboFix 09-10-23.01 - dita 10.2009 г. 13:27:08.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.122 [GMT 3:00]

Running from: C:\Documents and Settings\dita\My Documents\Изтегляния\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\dita\Application Data\wiaserva.log

C:\Documents and Settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd

C:\Documents and Settings\dita\restorer64_a.exe

C:\Program Files\AskSearch\bin\DefaultSearch.dll

C:\Program Files\WinPCap

C:\Program Files\WinPCap\rpcapd.exe

C:\WINDOWS\Downloaded Program Files\popcaploader.inf

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\Packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\restorer64_a.exe

C:\WINDOWS\system32\WanPacket.dll

C:\WINDOWS\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

.

другото име е-ConEnv

s/^%ActiveX%/C:\\WINDOWS\\Downloaded Program Files/I;

s/^%ALLUSERSPROFILE%/C:\\Documents and Settings\\All Users/I;

s/^%APPDATA%/C:\\Documents and Settings\\dita\\Application Data/I;

s/^%Cache%/C:\\Documents and Settings\\dita\\Local Settings\\Temporary Internet Files/I;

s/^%CDBurning%/C:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Microsoft\\CD Burning/I;

s/^%CommonAdministrativeTools%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Administrative Tools/I;

s/^%CommonAppData%/C:\\Documents and Settings\\All Users\\Application Data/I;

s/^%CommonDesktop%/C:\\Documents and Settings\\All Users\\Desktop/I;

s/^%CommonDocuments%/C:\\Documents and Settings\\All Users\\Documents/I;

s/^%CommonFavorites%/C:\\Documents and Settings\\All Users\\Favorites/I;

s/^%CommonProgramFiles%/C:\\Program Files\\Common Files/I;

s/^%CommonPrograms%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs/I;

s/^%CommonStartMenu%/C:\\Documents and Settings\\All Users\\Start Menu/I;

s/^%CommonStartup%/C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup/I;

s/^%CommonTemplates%/C:\\Documents and Settings\\All Users\\Templates/I;

s/^%Cookies%/C:\\Documents and Settings\\dita\\Cookies/I;

s/^%DefaultAppData%/C:\\Documents and Settings\\NetworkService\\Application Data/I;

s/^%DefaultCache%/C:\\Documents and Settings\\LocalService\\Local Settings\\Temporary Internet Files/I;

s/^%DefaultCookies%/C:\\Documents and Settings\\LocalService\\Cookies/I;

s/^%DefaultFonts%/C:\\WINDOWS\\Fonts/I;

s/^%DefaultHistory%/C:\\Documents and Settings\\LocalService\\Local Settings\\History/I;

s/^%DefaultLocalAppData%/C:\\Documents and Settings\\NetworkService\\Local Settings\\Application Data/I;

s/^%DefaultLocalSettings%/C:\\WINDOWS\\system32\\config\\systemprofile\\Local Settings/I;

s/^%DefaultPrintHood%/C:\\WINDOWS\\system32\\config\\systemprofile\\PrintHood/I;

s/^%DefaultRecent%/C:\\WINDOWS\\system32\\config\\systemprofile\\Recent/I;

s/^%DefaultSendTo%/C:\\WINDOWS\\system32\\config\\systemprofile\\SendTo/I;

s/^%DefaultStartup%/C:\\WINDOWS\\system32\\config\\systemprofile\\Start Menu\\Programs\\Startup/I;

s/^%Desktop%/C:\\Documents and Settings\\dita\\Desktop/I;

s/^%Fonts%/C:\\WINDOWS\\Fonts/I;

s/^%History%/C:\\Documents and Settings\\dita\\Local Settings\\History/I;

s/^%HOMEPATH%/\\Documents and Settings\\dita/I;

s/^%LocalAppData%/C:\\Documents and Settings\\dita\\Local Settings\\Application Data/I;

s/^%LocalSettings%/C:\\Documents and Settings\\dita\\Local Settings/I;

s/^%Personal%/C:\\Documents and Settings\\dita\\My Documents/I;

s/^%PrintHood%/C:\\Documents and Settings\\dita\\PrintHood/I;

s/^%ProfilesDirectory%/C:\\Documents and Settings/I;

s/^%ProgramFiles%/C:\\Program Files/I;

s/^%Programs%/C:\\Documents and Settings\\dita\\Start Menu\\Programs/I;

s/^%Recent%/C:\\Documents and Settings\\dita\\Recent/I;

s/^%SendTo%/C:\\Documents and Settings\\dita\\SendTo/I;

s/^%StartMenu%/C:\\Documents and Settings\\dita\\Start Menu/I;

s/^%Startup%/C:\\Documents and Settings\\dita\\Start Menu\\Programs\\Startup/I;

s/^%SYSTEM%/C:\\WINDOWS\\system32/I;

s/^%SysTemp%/C:\\WINDOWS\\TEMP/I;

s/^%SystemRoot%/C:\\WINDOWS/I;

s/^%Tasks%/C:\\WINDOWS\\Tasks/I;

s/^%TEMP%/C:\\DOCUME~1\\dita\\LOCALS~1\\Temp/I;

s/^%Templates%/C:\\Documents and Settings\\dita\\Templates/I;

s/^%Temp_LFN%/C:\\Documents and Settings\\dita\\Local Settings\\Temp/I;

s/^%TMP%/C:\\DOCUME~1\\dita\\LOCALS~1\\Temp/I;

s/^%USERPROFILE%/C:\\Documents and Settings\\dita/I;

s/^%windir%/C:\\WINDOWS/I;

s/^%systemdrive%/C:/I;

Ако искате да повторя действието.

Трябва ли да изтрия обаче и после да го сваля отново?


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да моля, опитайте отново.

Затворете антивирусната програма и опитайте да затворите и програмата-менте Antivirus Pro 2010.

Изтрийте текущия файл Combofix.exe

Изтеглете Combofix и го запазете наново на десктопа, но не го стартирайте.

Отворете Start => Run => и с paste поставете следната информация:

"%userprofile%\desktop\ComboFix.exe" /KillAll

По-време на сканирането не правете нищо...не натискайте клавиши на клавиатурата и не месетете мишката.

Публикувайте лог файла след рестарта на машината.

Благодаря.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето това се получи сега:

ComboFix 09-10-23.01 - dita 10.2009 г. 15:03.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.195 [GMT 3:00]

Running from: c:\documents and settings\dita\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\xybaqebak.bat

c:\documents and settings\All Users\Documents\adoxim.vbs

c:\documents and settings\All Users\Documents\epar.scr

c:\documents and settings\All Users\Documents\japen.pif

c:\documents and settings\All Users\Documents\kyxapehi.com

c:\documents and settings\dita\Application Data\ewicewutu.dll

c:\documents and settings\dita\Application Data\ifisikijyc.bat

c:\documents and settings\dita\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk

c:\documents and settings\dita\Application Data\seres.exe

c:\documents and settings\dita\Application Data\svcst.exe

c:\documents and settings\dita\Application Data\usegagisax.bin

c:\documents and settings\dita\Application Data\wiaserva.log

c:\documents and settings\dita\Application Data\ypeze.com

c:\documents and settings\dita\Cookies\kysyfobut.inf

c:\documents and settings\dita\Cookies\qebolexe.dat

c:\documents and settings\dita\Local Settings\Application Data\emusiqeqy._dl

c:\documents and settings\dita\Local Settings\Application Data\ukegele.reg

c:\documents and settings\dita\Local Settings\Application Data\wezotepi.bat

c:\documents and settings\dita\Local Settings\Temporary Internet Files\upaqyba.com

c:\documents and settings\dita\Local Settings\Temporary Internet Files\ynyzumy.scr

c:\documents and settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\documents and settings\dita\restorer64_a.exe

c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010

c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk

c:\documents and settings\dita\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk

c:\program files\AntivirusPro_2010

c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg

c:\program files\AntivirusPro_2010\AVEngn.dll

c:\program files\AntivirusPro_2010\data\daily.cvd

c:\program files\AntivirusPro_2010\htmlayout.dll

c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest

c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll

c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll

c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll

c:\program files\AntivirusPro_2010\pthreadVC2.dll

c:\program files\AntivirusPro_2010\Uninstall.exe

c:\program files\AntivirusPro_2010\wscui.cpl

c:\program files\Common Files\zabyb._dl

c:\windows\aneras.dl

c:\windows\mugibypab.bat

c:\windows\nodum._dl

c:\windows\system32\_scui.cpl

c:\windows\system32\acogut.bat

c:\windows\system32\restorer64_a.exe

c:\windows\system32\zyci.sys

c:\windows\xoqohem.inf

.

---- Previous Run -------

.

c:\documents and settings\dita\Application Data\wiaserva.log

c:\documents and settings\dita\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\documents and settings\dita\restorer64_a.exe

c:\program files\AskSearch\bin\DefaultSearch.dll

c:\program files\WinPCap\rpcapd.exe

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\restorer64_a.exe

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

.

2009-10-24 11:20 . 2009-10-24 11:20 15327 ----a-w- c:\windows\nisiv.com

2009-10-24 11:20 . 2009-10-24 11:20 13772 ----a-w- c:\windows\ufyso.dat

2009-10-24 11:20 . 2009-10-24 11:20 11994 ----a-w- c:\windows\ifetudebor.dat

2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\dita\Application Data\Malwarebytes

2009-10-24 08:07 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-24 08:07 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-23 13:14 . 2009-10-23 13:14 -------- d-----w- c:\documents and settings\dita\Application Data\ArcaMicroScan

2009-10-23 13:11 . 2009-10-23 13:11 -------- d-----w- c:\documents and settings\dita\Application Data\ArcaVirMicroScan

2009-10-23 12:47 . 2009-10-23 13:10 -------- d-----w- c:\program files\Panda Security

2009-10-23 10:48 . 2009-10-23 10:48 -------- d-----w- c:\program files\ESET

2009-10-21 08:39 . 2009-10-21 08:39 -------- d-----w- c:\program files\CCleaner

2009-10-07 09:34 . 2009-10-07 09:34 -------- d-----w- c:\program files\SkyCode

2009-09-28 10:19 . 2009-09-28 10:27 -------- d-----w- c:\documents and settings\dita\Local Settings\Application Data\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-24 12:05 . 2009-05-12 09:26 -------- d-----w- c:\documents and settings\dita\Application Data\Skype

2009-10-24 09:23 . 2009-05-12 09:13 -------- d-----w- c:\documents and settings\dita\Application Data\skypePM

2009-10-23 07:46 . 2009-06-03 06:40 -------- d-----w- c:\program files\Easy Cash Manager

2009-10-15 09:37 . 2009-05-12 12:00 -------- d-----w- c:\documents and settings\dita\Application Data\uTorrent

2009-09-10 11:05 . 2009-09-10 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-09-10 11:04 . 2009-09-10 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2009-09-07 15:43 . 2009-09-07 13:16 -------- d-----w- c:\program files\Yahoo!

2009-09-07 13:38 . 2009-09-07 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-09-07 13:17 . 2009-09-07 13:17 -------- d-----w- c:\documents and settings\dita\Application Data\Yahoo!

2009-08-28 12:13 . 2009-08-28 10:43 -------- d-----w- c:\program files\Belltech Business Card Designer Pro

2009-08-28 06:32 . 2009-05-11 13:26 42168 -c--a-w- c:\documents and settings\dita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-17 16:10 . 2009-05-11 13:45 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-17 16:06 . 2009-05-11 13:45 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-17 16:06 . 2009-05-11 13:45 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-17 16:05 . 2009-05-11 13:45 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-17 16:05 . 2009-05-11 13:45 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-17 16:04 . 2009-05-11 13:45 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-17 16:04 . 2009-05-11 13:45 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-17 16:03 . 2009-05-11 13:45 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-17 16:02 . 2009-05-11 13:45 97480 ----a-w- c:\windows\system32\AvastSS.scr

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-11 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

"Google Update"="c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-09-18 503808]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\dita\Start Menu\Programs\Startup\

zavupd32.exe [2004-8-4 26112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\SUPDSvc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53:UDP"= 53:UDP:Promo

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.5.2009 г. 16:45 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.5.2009 г. 16:45 20560]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [11.5.2009 г. 16:57 127656]

.

Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003Core.job

- c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003UA.job

- c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mebelidita.dir.bg/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\dita\Application Data\Mozilla\Firefox\Profiles\iuk247jw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - qtl

FF - prefs.js: browser.startup.homepage - hxxp://abv.bg

FF - plugin: c:\documents and settings\dita\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\dita\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-restorer64_a - c:\windows\system32\restorer64_a.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-24 15:05

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2009-10-24 15:06

ComboFix-quarantined-files.txt 2009-10-24 12:06

Pre-Run: 12 648 841 216 bytes free

Post-Run: 12 624 756 736 bytes free

- - End Of File - - 4EE718F05C4685D5F9A7F3EFBCA65211

Забравих да кажа,че пак не ми се даде възможност да подам никаква команда защата като отворих файла веднага се отвори син прозорец който започна да сканира.И този път системата не поиска сканиране.

Много се извинавам,ако съм досадна.

Редактирано от bebsito (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това вече е нещо друго. :eek:

*. Отворете notepad и въведете чрез copy/paste:

KILLALL::

File::

c:\windows\nisiv.com

c:\windows\ufyso.dat

c:\windows\ifetudebor.dat

c:\documents and settings\dita\Start Menu\Programs\Startup\zavupd32.exe

Folder::

c:\documents and settings\dita\Application Data\ArcaMicroScan

c:\documents and settings\dita\Application Data\ArcaVirMicroScan

c:\program files\Panda Security

c:\program files\ESET

c:\documents and settings\All Users\Application Data\McAfee

c:\documents and settings\All Users\Application Data\McAfee Security Scan

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"=-

"Google Update"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"=-

*. Запазeте файла с име CFScript и го провлачете чрез drag/drop в Combofix.exe (както е на картинката)

CFScript.gif

*. По времето на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

*. Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

Ако ви е трудно, просто изтеглете прикачения файл и го провлачете и пуснете в Combofix (както на картинката).

CFScript.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ето:

ComboFix 09-10-23.01 - dita 10.2009 г. 15:36.3.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.447.185 [GMT 3:00]

Running from: c:\documents and settings\dita\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\dita\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

"c:\documents and settings\dita\Start Menu\Programs\Startup\zavupd32.exe"

"c:\windows\ifetudebor.dat"

"c:\windows\nisiv.com"

"c:\windows\ufyso.dat"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\McAfee Security Scan

c:\documents and settings\All Users\Application Data\McAfee Security Scan\ftstate.ini

c:\documents and settings\All Users\Application Data\McAfee

c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\Common\McUICnt\McUICnt000.log

c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log

c:\documents and settings\dita\Application Data\ArcaMicroScan

c:\documents and settings\dita\Application Data\ArcaMicroScan\as_20091023_161409.as

c:\documents and settings\dita\Application Data\ArcaVirMicroScan

c:\documents and settings\dita\Application Data\ArcaVirMicroScan\ArcaVirMicroScan.cfg

c:\documents and settings\dita\Start Menu\Programs\Startup\zavupd32.exe

c:\program files\ESET

c:\program files\ESET\ESET Online Scanner\esets_apiA.dll

c:\program files\ESET\ESET Online Scanner\esets_apiW.dll

c:\program files\ESET\ESET Online Scanner\esets_apiW_a.dll

c:\program files\ESET\ESET Online Scanner\ESETSmartInstaller.exe

c:\program files\ESET\ESET Online Scanner\log.txt

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod27EA.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod2DE8.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod3030.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod323A.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod33B7.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod355E.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod457A.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod472D.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod4792.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5690.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod581E.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod5ADF.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod67FE.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6B0C.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\nod6F00.nup

c:\program files\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver

c:\program files\ESET\ESET Online Scanner\Modules\em000_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em001_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em002_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em003_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em004_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em005_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\em006_32.dat

c:\program files\ESET\ESET Online Scanner\Modules\mod_comp.dat

c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

c:\program files\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

c:\program files\ESET\ESET Online Scanner\OnlineScanner.cab

c:\program files\ESET\ESET Online Scanner\OnlineScanner.inf

c:\program files\ESET\ESET Online Scanner\OnlineScanner.ocx

c:\program files\ESET\ESET Online Scanner\OnlineScanner64.ocx

c:\program files\ESET\ESET Online Scanner\OnlineScannerApp.exe

c:\program files\ESET\ESET Online Scanner\OnlineScannerLang.dll

c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

c:\program files\ESET\ESET Online Scanner\unicows.dll

c:\program files\Panda Security

c:\windows\ifetudebor.dat

c:\windows\nisiv.com

c:\windows\ufyso.dat

.

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))

.

2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\dita\Application Data\Malwarebytes

2009-10-24 08:07 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-24 08:07 . 2009-10-24 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-24 08:07 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-21 08:39 . 2009-10-21 08:39 -------- d-----w- c:\program files\CCleaner

2009-10-07 09:34 . 2009-10-07 09:34 -------- d-----w- c:\program files\SkyCode

2009-09-28 10:19 . 2009-09-28 10:27 -------- d-----w- c:\documents and settings\dita\Local Settings\Application Data\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-24 12:10 . 2009-05-12 09:26 -------- d-----w- c:\documents and settings\dita\Application Data\Skype

2009-10-24 09:23 . 2009-05-12 09:13 -------- d-----w- c:\documents and settings\dita\Application Data\skypePM

2009-10-23 07:46 . 2009-06-03 06:40 -------- d-----w- c:\program files\Easy Cash Manager

2009-10-15 09:37 . 2009-05-12 12:00 -------- d-----w- c:\documents and settings\dita\Application Data\uTorrent

2009-09-07 15:43 . 2009-09-07 13:16 -------- d-----w- c:\program files\Yahoo!

2009-09-07 13:38 . 2009-09-07 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2009-09-07 13:17 . 2009-09-07 13:17 -------- d-----w- c:\documents and settings\dita\Application Data\Yahoo!

2009-08-28 12:13 . 2009-08-28 10:43 -------- d-----w- c:\program files\Belltech Business Card Designer Pro

2009-08-28 06:32 . 2009-05-11 13:26 42168 -c--a-w- c:\documents and settings\dita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-17 16:10 . 2009-05-11 13:45 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-17 16:06 . 2009-05-11 13:45 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-17 16:06 . 2009-05-11 13:45 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-17 16:05 . 2009-05-11 13:45 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-17 16:05 . 2009-05-11 13:45 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-17 16:04 . 2009-05-11 13:45 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-17 16:04 . 2009-05-11 13:45 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-17 16:03 . 2009-05-11 13:45 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-17 16:02 . 2009-05-11 13:45 97480 ----a-w- c:\windows\system32\AvastSS.scr

.

((((((((((((((((((((((((((((( [email protected]_12.05.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-10-24 12:39 . 2009-10-24 12:39 16384 c:\windows\temp\Perflib_Perfdata_60c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-09-18 503808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\SUPDSvc.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\dita\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53:UDP"= 53:UDP:Promo

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11.5.2009 г. 16:45 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11.5.2009 г. 16:45 20560]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [11.5.2009 г. 16:57 127656]

.

Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003Core.job

- c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19]

2009-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-1532298954-839522115-1003UA.job

- c:\documents and settings\dita\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 10:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mebelidita.dir.bg/

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\dita\Application Data\Mozilla\Firefox\Profiles\iuk247jw.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2192277&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - qtl

FF - prefs.js: browser.startup.homepage - hxxp://abv.bg

FF - plugin: c:\documents and settings\dita\Application Data\Mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\dita\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

- - - - ORPHANS REMOVED - - - -

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-24 15:39

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2932)

c:\windows\system32\msi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\combofix\CF14086.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\wscntfy.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\combofix\PEV.cfxxe

.

**************************************************************************

.

Completion time: 2009-10-24 15:42 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-24 12:42

ComboFix2.txt 2009-10-24 12:06

Pre-Run: 12 620 529 664 bytes free

Post-Run: 12 574 777 344 bytes free

- - End Of File - - 25A6E2D39BEADECABDA988E454B5B611

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

СТЪПКА 1

Моля, архивирайте папката C:\Qoobox и я качете на адрес => http://rapidshare.de/

Публикувайте линк за сваляне в следващия си пост.

След това деинсталирайте Combofix с командата:

Start => Run => въведете => combofix /u (има интервал между combofix и /u).

СТЪПКА 2

Изтеглете GMER и го разархивирайте го на вашия десктоп.

Преди да сканирате се уверете, че всички останали работещи програми в момента са изключени и вашия антивирусен софтуер няма да предприема никакви действия по време на сканирането на Gmer. Не използвайте компютъра си, докато трае сканирането.

СТЪПКА 3

Моля деинсталирайте Adobe Reader 7 и го заменете с Foxit Reader (по-безопасен е).

http://www.kaldata.com/comments.php?id=50510&catid=1&highlight=foxit

СТЪПКА 4

Обновете антивирусната си програма и направете пълна проверка на системата си.

Как се държи сега машината ?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

http://rapidshare.de/files/48573225/__1053___1086___1074__WinRAR_archive.rar.html

това е копие от GMER:

GMER 1.0.15.15163 - http://www.gmer.net

Rootkit quick scan 2009-10-24 16:13:24

Windows 5.1.2600 Service Pack 2

Running: gmer.exe; Driver: C:\DOCUME~1\dita\LOCALS~1\Temp\uxncraob.sys

---- System - GMER 1.0.15 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74912A8]

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF749C910]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84583548

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Modules - GMER 1.0.15 ----

Module _________ F73F3000-F740B000 (98304 bytes)

---- EOF - GMER 1.0.15 ----

Сега ще сканирам с антивирусната и после ще ви кажа

Редактирано от bebsito (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодарим за папката. Дано не е било проблем за вас да я качите, защото не е малка като обем.

Лог файла на GMER е ОК. :)

Моля, изтеглете и инсталирайте този update: Windows XP Service Pack 3 RTM Build 5512

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте пак.

Не знам как да ви благодаря,защото сега антивирусната наистина нищо не намери.Макар че докато я пусна малко се озорих/нямала някаква риза,която така и не можа да се изтегли-свалих няколко но не изкаха да действат/Но аз стартирах програмата с обикновен потребителски интерфейс и след като приключи нямаше заразени файлове.

Може ли все пак да попитам какъв беше точно проблема и коя е била причината да се появи/е сигурно аз съм причината :),но ако може ми кажете/?

Още веднъж ви благодаря от сърце!

Желая ви много лични и професионални успехи!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Радваме се, че всичко е наред. :)

Причината беше програмата менте - Antivirus Pro 2010, която залъгва потребителите да я изтеглят и инсталират (а доста, често се инсталира и сама възползвайки се от редица уязвимости в браузъра и Операционната Система) и изкарва лъжливи съобщения, за намерени (несъществуващи) зарази, а самата тя инжектира компютъра със зловреден код.

Съветвам ви да преинсталирате avast! antivirus, за да си решите проблема със съобщенията за грешки, които показва.

Последната стабилна версия можете да изтеглите оттук:

http://www.kaldata.com/comments.php?id=49885&catid=1&highlight=avast

Поздрави и приятна вечер. :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Добави ново...