Премини към съдържанието

    Препоръчан отговор


    Здравейте, Сканирах компютъра си с Malwarebytes' Anti-Malware Free резултатът: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6108 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/19/2011 14:35:47 mbam-log-2011-03-19 (14-35-47).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 162341 Time elapsed: 10 minute(s), 3 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 1928 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. След което охитах и с Есет, това е резултатът: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=756d088f17b19245854151d5e1dcd854 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-03-20 06:14:54 # local_time=2011-03-20 08:14:54 (+0200, GTB Standard Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=1797 16775165 100 94 79211 37146922 68385 0 # compatibility_mode=8192 67108863 100 0 4569 4569 0 0 # scanned=33139 # found=1 # cleaned=1 # scan_time=2165 C:\Windows\System32\cmdow.exe Win32/CMDOW.143 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Не съм сигурен дали все още няма вируси, да изпълня ли точка 4?

    Редактирано от capnemo (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Мордехай,добър вечер..!Кое ви накара да мислите че системата ви е инфектирана.и да предприемете сканирания..!Опишете проблема си..?:)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Системата е прясно преинсталирана. Няма да коментирам софтуера :) И реших да пусна сканиране, имам си едно наум.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ясно....!Щом проблема ви е :

    имам си едно наум.

    аз предлагагам да задълбочим проверката на системата ви:

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    След това:

    • Изтеглете Security Check (автор: screen317) от тук или от тук и го запишете на десктопа.
    • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
    • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
    • Копирайте съдържанието с Копирай (Copy) на checkup.txt и с Постави (Paste) го поставете в следващия си коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Резултатът от ComboFix:

    ComboFix 11-03-19.04 - Administrator 03/20/2011 22:47:12.1.1 - x86

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1024.590 [GMT 2:00]

    Running from: c:\users\Administrator\Desktop\ComboFix.exe

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\windows\Install

    c:\windows\Install\Activate.exe

    c:\windows\Install\DirectX-9c-DLL-Files-24-41.exe

    c:\windows\Install\Everything-v1.2.1.371.exe

    c:\windows\Install\Flash-v10.0.32.18-IE.exe

    c:\windows\Install\Foxit-PDF-Reader-Pro-v3.0.1817.exe

    c:\windows\Install\HashTab-v2.1.1.exe

    c:\windows\Install\Launch Internet Explorer Browser.lnk

    c:\windows\Install\START7.cmd

    c:\windows\Install\Tweak.reg

    c:\windows\Install\USRMSG.exe

    c:\windows\Install\Watermark.exe

    c:\windows\Install\WinRAR-v3.90.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))

    .

    .

    2011-03-20 20:50 . 2011-03-20 20:50 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-03-20 09:34 . 2011-03-20 09:34 -------- d-----w- c:\program files\Conduit

    2011-03-20 09:34 . 2011-03-20 09:34 -------- d-----w- C:\extensions

    2011-03-20 09:34 . 2011-03-20 09:34 -------- d-----w- c:\program files\uTorrent

    2011-03-19 21:25 . 2011-03-19 21:25 -------- d-----w- c:\programdata\Panda Security

    2011-03-19 21:24 . 2011-03-19 21:24 -------- d-----w- c:\program files\Panda USB Vaccine

    2011-03-19 21:17 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

    2011-03-19 21:17 . 2011-03-19 21:17 -------- d-----w- c:\programdata\Malwarebytes

    2011-03-19 21:17 . 2011-03-19 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2011-03-19 21:17 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

    2011-03-17 16:16 . 2011-03-17 16:16 -------- d-----w- c:\program files\Common Files\Adobe

    2011-03-17 11:17 . 2011-03-19 20:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2011-03-17 11:17 . 2011-03-19 20:38 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2011-03-17 11:17 . 2011-03-17 11:17 -------- d-----w- c:\programdata\Avira

    2011-03-17 11:17 . 2011-03-17 11:17 -------- d-----w- c:\program files\Avira

    2011-03-17 11:17 . 2009-05-11 19:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys

    2011-03-17 11:17 . 2009-05-11 19:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

    2011-03-17 10:07 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

    2011-03-17 08:44 . 2011-03-17 08:44 8192 ----a-w- c:\windows\system32\srvany.exe

    2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\program files\Microsoft Synchronization Services

    2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\windows\PCHEALTH

    2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\program files\Microsoft.NET

    2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\program files\Microsoft Sync Framework

    2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

    2011-03-17 08:28 . 2011-03-17 08:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8

    2011-03-17 08:28 . 2011-03-17 08:28 -------- d-----w- c:\program files\Microsoft Analysis Services

    2011-03-17 08:28 . 2011-03-17 10:08 -------- d-----w- c:\programdata\Microsoft Help

    2011-03-17 08:28 . 2011-03-17 08:28 -------- d-----r- C:\MSOCache

    2011-03-17 08:25 . 2011-03-17 08:25 -------- d-----w- c:\programdata\DAEMON Tools Lite

    2011-03-17 08:25 . 2011-03-17 08:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar

    2011-03-17 08:25 . 2011-03-17 08:25 -------- d-----w- c:\program files\DAEMON Tools Lite

    2011-03-17 08:23 . 2011-03-17 08:23 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

    2011-03-17 02:11 . 2011-03-17 01:17 -------- d-----w- c:\windows\Panther

    2011-03-17 01:25 . 2009-04-14 12:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE

    2011-03-17 01:25 . 2009-04-14 12:43 965664 ----a-w- c:\windows\system32\RtkPgExt.dll

    2011-03-17 01:25 . 2009-04-14 12:43 154144 ----a-w- c:\windows\system32\RTLCPAPI.dll

    2011-03-17 01:25 . 2009-04-14 12:43 141856 ----a-w- c:\windows\system32\RtkCfg.dll

    2011-03-17 01:25 . 2009-04-14 12:42 223776 ----a-w- c:\windows\Alcrmv.exe

    2011-03-17 01:24 . 2009-06-19 00:45 4172832 ----a-w- c:\windows\system32\drivers\RTKVAC.SYS

    2011-03-17 01:24 . 2009-04-14 12:43 10975264 ----a-w- c:\windows\system32\RTLCPL.EXE

    2011-03-17 01:24 . 2009-04-14 12:43 19036704 ----a-w- c:\windows\system32\ALSNDMGR.CPL

    2011-03-17 01:24 . 2011-03-20 20:48 -------- d-----w- c:\windows\system32\wbem\Performance

    2011-03-17 01:24 . 2009-04-14 12:43 2510368 ----a-w- c:\windows\system32\RtkAPO.dll

    2011-03-17 01:23 . 2011-03-17 16:16 -------- d-sh--w- c:\windows\Installer

    2011-03-17 01:23 . 2009-09-27 13:12 490088 ----a-w- c:\windows\system32\nvuninst.exe

    2011-03-17 01:23 . 2009-09-27 13:12 490088 ----a-w- c:\windows\system32\nvudisp.exe

    2011-03-17 01:20 . 2011-03-17 01:20 -------- d-----w- c:\program files\HashTab Shell Extension

    2011-03-17 01:20 . 2009-08-28 06:04 811520 ----a-w- c:\windows\system32\user32.dll.backup

    2011-03-17 01:17 . 2011-03-17 01:17 -------- d-----w- c:\users\Administrator

    2011-03-16 17:11 . 2011-03-16 17:11 -------- d-----w- c:\program files\Skype

    2011-03-16 17:11 . 2011-03-16 17:11 -------- d-----w- c:\program files\Common Files\Skype

    2011-03-16 17:11 . 2011-03-16 17:11 -------- d-----w- c:\programdata\Skype

    2011-03-16 17:08 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll

    2011-03-16 17:08 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll

    2011-03-16 17:08 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll

    2011-03-16 17:08 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm

    2011-03-16 17:08 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm

    2011-03-16 17:08 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

    2011-03-16 17:08 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll

    2011-03-16 17:08 . 2011-03-16 17:08 -------- d-----w- c:\program files\K-Lite Codec Pack

    2011-03-16 17:06 . 2006-03-17 22:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll

    2011-03-16 17:06 . 2006-03-17 19:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll

    2011-03-16 17:06 . 2006-03-17 19:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll

    2011-03-16 17:06 . 2006-03-17 19:45 258048 ----a-w- c:\windows\system32\imagXR7.dll

    2011-03-16 17:06 . 2011-03-16 17:06 -------- d-----w- c:\program files\Nero

    2011-03-16 17:06 . 2011-03-16 17:06 -------- d-----w- c:\program files\Common Files\Nero

    2011-03-16 17:06 . 2011-03-16 17:06 -------- d-----w- c:\programdata\Nero

    2011-03-16 17:06 . 2006-03-17 19:45 1757184 ----a-w- c:\windows\system32\imagX7.dll

    2011-03-16 17:01 . 2011-03-16 17:01 -------- d-----w- c:\program files\SA Dictionary 2008 Beta 4

    2011-03-16 16:34 . 2011-03-16 16:35 -------- d-----w- c:\programdata\NVIDIA

    2011-03-16 16:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll

    2011-03-16 16:30 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2020-02-02 00:02 . 2009-08-30 06:44 48256 ----a-w- c:\windows\system32\drivers\jraid.sys

    2011-03-17 01:20 . 2009-08-28 06:04 811520 ----a-w- c:\windows\system32\user32.dll

    .

    .

    ------- Sigcheck -------

    .

    [-] 2011-03-17 . ED33264518DD8BC4030406602C857589 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

    .

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

    2010-12-09 10:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    .

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    2010-12-09 10:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

    .

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    .

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

    .

    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-20 399736]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Ptipbmf"="ptipbmf.dll" [2003-06-05 118784]

    "Everything"="c:\program files\Everything\Everything.exe" [2009-04-05 602624]

    "SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]

    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-19 281768]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 0 (0x0)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

    "Start_ShowMyMusic"= 0 (0x0)

    .

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoResolveTrack"= 1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "mixer"=wdmaud.drv

    .

    R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-03-17 8192]

    R3 iaNvStor;iaNvStor;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-02-02 229400]

    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]

    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-17 721904]

    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-19 135336]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.bg/

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

    .

    - - - - ORPHANS REMOVED - - - -

    .

    AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-1570415891-337810980-1812106167-500\Software\Microsoft\Internet Explorer\User Preferences]

    @Denied: (2) (Administrator)

    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,f9,9e,b8,8d,0f,2e,4a,ba,69,33,\

    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,f9,9e,b8,8d,0f,2e,4a,ba,69,33,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2011-03-20 22:52:40

    ComboFix-quarantined-files.txt 2011-03-20 20:52

    .

    Pre-Run: 125,179,445,248 bytes free

    Post-Run: 125,157,527,552 bytes free

    .

    - - End Of File - - F84446B59AFD2BC022B6C0E8C0D7CDA0

    Security Check:

    Results of screen317's Security Check version 0.99.9

    Windows 7 (UAC is disabled!)

    Internet Explorer 8

    ``````````````````````````````

    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!

    Windows Firewall Enabled!

    Avira AntiVir Personal - Free Antivirus

    WMI entry may not exist for antivirus; attempting automatic update.

    Avira successfully updated!

    ```````````````````````````````

    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware

    Adobe Flash Player

    Adobe Reader X (10.0.1)

    ````````````````````````````````

    Process Check:

    objlist.exe by Laurent

    Avira Antivir avgnt.exe

    Avira Antivir avguard.exe

    ``````````End of Log````````````


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Копирайте текста в карето на notepad и го запазваш с име CFScript.txt на десктопа си:

    KILLALL::
    
    File::
    c:\program files\ConduitEngine\ConduitEngine.dll
    
    
    Registry::
    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    [-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    
    
    

    След съхранението премести CFScript.txt на иконата на ComboFix.exe

    Публикувано изображение

    Генерирания рапорт прикачете в следващия си пост..!

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-03-19.04 - Administrator 03/20/2011 23:48:21.2.1 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1024.645 [GMT 2:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe Command switches used :: c:\users\Administrator\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\program files\ConduitEngine\ConduitEngine.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\ConduitEngine\ConduitEngine.dll . . ((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 ))))))))))))))))))))))))))))))) . . 2011-03-20 09:34 . 2011-03-20 09:34 -------- d-----w- c:\program files\Conduit 2011-03-20 09:34 . 2011-03-20 09:34 -------- d-----w- C:\extensions 2011-03-20 09:34 . 2011-03-20 09:34 -------- d-----w- c:\program files\uTorrent 2011-03-19 21:25 . 2011-03-19 21:25 -------- d-----w- c:\programdata\Panda Security 2011-03-19 21:24 . 2011-03-19 21:24 -------- d-----w- c:\program files\Panda USB Vaccine 2011-03-19 21:17 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-19 21:17 . 2011-03-19 21:17 -------- d-----w- c:\programdata\Malwarebytes 2011-03-19 21:17 . 2011-03-19 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-19 21:17 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-17 16:16 . 2011-03-17 16:16 -------- d-----w- c:\program files\Common Files\Adobe 2011-03-17 11:17 . 2011-03-19 20:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-17 11:17 . 2011-03-19 20:38 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-17 11:17 . 2011-03-17 11:17 -------- d-----w- c:\programdata\Avira 2011-03-17 11:17 . 2011-03-17 11:17 -------- d-----w- c:\program files\Avira 2011-03-17 11:17 . 2009-05-11 19:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-03-17 11:17 . 2009-05-11 19:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-03-17 10:07 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys 2011-03-17 08:44 . 2011-03-17 08:44 8192 ----a-w- c:\windows\system32\srvany.exe 2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\windows\PCHEALTH 2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\program files\Microsoft.NET 2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\program files\Microsoft Sync Framework 2011-03-17 08:29 . 2011-03-17 08:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-03-17 08:28 . 2011-03-17 08:28 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-03-17 08:28 . 2011-03-17 08:28 -------- d-----w- c:\program files\Microsoft Analysis Services 2011-03-17 08:28 . 2011-03-17 10:08 -------- d-----w- c:\programdata\Microsoft Help 2011-03-17 08:28 . 2011-03-17 08:28 -------- d-----r- C:\MSOCache 2011-03-17 08:25 . 2011-03-17 08:25 -------- d-----w- c:\programdata\DAEMON Tools Lite 2011-03-17 08:25 . 2011-03-17 08:25 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2011-03-17 08:25 . 2011-03-17 08:25 -------- d-----w- c:\program files\DAEMON Tools Lite 2011-03-17 08:23 . 2011-03-17 08:23 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-03-17 02:11 . 2011-03-17 01:17 -------- d-----w- c:\windows\Panther 2011-03-17 01:25 . 2009-04-14 12:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE 2011-03-17 01:25 . 2009-04-14 12:43 965664 ----a-w- c:\windows\system32\RtkPgExt.dll 2011-03-17 01:25 . 2009-04-14 12:43 154144 ----a-w- c:\windows\system32\RTLCPAPI.dll 2011-03-17 01:25 . 2009-04-14 12:43 141856 ----a-w- c:\windows\system32\RtkCfg.dll 2011-03-17 01:25 . 2009-04-14 12:42 223776 ----a-w- c:\windows\Alcrmv.exe 2011-03-17 01:24 . 2009-06-19 00:45 4172832 ----a-w- c:\windows\system32\drivers\RTKVAC.SYS 2011-03-17 01:24 . 2009-04-14 12:43 10975264 ----a-w- c:\windows\system32\RTLCPL.EXE 2011-03-17 01:24 . 2009-04-14 12:43 19036704 ----a-w- c:\windows\system32\ALSNDMGR.CPL 2011-03-17 01:24 . 2011-03-20 20:48 -------- d-----w- c:\windows\system32\wbem\Performance 2011-03-17 01:24 . 2009-04-14 12:43 2510368 ----a-w- c:\windows\system32\RtkAPO.dll 2011-03-17 01:23 . 2011-03-17 16:16 -------- d-sh--w- c:\windows\Installer 2011-03-17 01:23 . 2009-09-27 13:12 490088 ----a-w- c:\windows\system32\nvuninst.exe 2011-03-17 01:23 . 2009-09-27 13:12 490088 ----a-w- c:\windows\system32\nvudisp.exe 2011-03-17 01:20 . 2011-03-17 01:20 -------- d-----w- c:\program files\HashTab Shell Extension 2011-03-17 01:20 . 2009-08-28 06:04 811520 ----a-w- c:\windows\system32\user32.dll.backup 2011-03-17 01:17 . 2011-03-17 01:17 -------- d-----w- c:\users\Administrator 2011-03-16 17:11 . 2011-03-16 17:11 -------- d-----w- c:\program files\Skype 2011-03-16 17:11 . 2011-03-16 17:11 -------- d-----w- c:\program files\Common Files\Skype 2011-03-16 17:11 . 2011-03-16 17:11 -------- d-----w- c:\programdata\Skype 2011-03-16 17:08 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2011-03-16 17:08 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2011-03-16 17:08 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2011-03-16 17:08 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm 2011-03-16 17:08 . 2007-09-21 00:52 118784 ----a-w- c:\windows\system32\ac3acm.acm 2011-03-16 17:08 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2011-03-16 17:08 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2011-03-16 17:08 . 2011-03-16 17:08 -------- d-----w- c:\program files\K-Lite Codec Pack 2011-03-16 17:06 . 2006-03-17 22:49 368640 ----a-w- c:\windows\system32\TwnLib4.dll 2011-03-16 17:06 . 2006-03-17 19:45 802816 ----a-w- c:\windows\system32\imagXRA7.dll 2011-03-16 17:06 . 2006-03-17 19:45 497296 ----a-w- c:\windows\system32\imagXpr7.dll 2011-03-16 17:06 . 2006-03-17 19:45 258048 ----a-w- c:\windows\system32\imagXR7.dll 2011-03-16 17:06 . 2011-03-16 17:06 -------- d-----w- c:\program files\Nero 2011-03-16 17:06 . 2011-03-16 17:06 -------- d-----w- c:\program files\Common Files\Nero 2011-03-16 17:06 . 2011-03-16 17:06 -------- d-----w- c:\programdata\Nero 2011-03-16 17:06 . 2006-03-17 19:45 1757184 ----a-w- c:\windows\system32\imagX7.dll 2011-03-16 17:01 . 2011-03-16 17:01 -------- d-----w- c:\program files\SA Dictionary 2008 Beta 4 2011-03-16 16:34 . 2011-03-16 16:35 -------- d-----w- c:\programdata\NVIDIA 2011-03-16 16:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll 2011-03-16 16:30 . 2011-01-05 05:37 428032 ----a-w- c:\windows\system32\vbscript.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2020-02-02 00:02 . 2009-08-30 06:44 48256 ----a-w- c:\windows\system32\drivers\jraid.sys 2011-03-17 01:20 . 2009-08-28 06:04 811520 ----a-w- c:\windows\system32\user32.dll . . ------- Sigcheck ------- . [-] 2011-03-17 . ED33264518DD8BC4030406602C857589 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll . ((((((((((((((((((((((((((((( SnapShot@2011-03-20_20.51.14 ))))))))))))))))))))))))))))))))))))))))) . + 2011-03-20 07:06 . 2011-03-20 21:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-03-20 07:06 . 2011-03-20 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-20 07:06 . 2011-03-20 21:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-03-20 07:06 . 2011-03-20 20:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-03-20 20:41 . 2011-03-20 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-03-20 20:41 . 2011-03-20 20:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-20 399736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ptipbmf"="ptipbmf.dll" [2003-06-05 118784] "Everything"="c:\program files\Everything\Everything.exe" [2009-04-05 602624] "SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-19 281768] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "Start_ShowMyMusic"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-03-17 8192] R3 iaNvStor;iaNvStor;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-02-02 229400] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-17 721904] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-19 135336] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.bg/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1570415891-337810980-1812106167-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,f9,9e,b8,8d,0f,2e,4a,ba,69,33,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c3,f9,9e,b8,8d,0f,2e,4a,ba,69,33,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\AUDIODG.EXE c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\system32\sppsvc.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\windows\system32\conhost.exe c:\windows\SOUNDMAN.EXE . ************************************************************************** . Completion time: 2011-03-20 23:55:05 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-20 21:55 ComboFix2.txt 2011-03-20 20:52 . Pre-Run: 125,189,472,256 bytes free Post-Run: 125,104,975,872 bytes free . - - End Of File - - 2FC8977A21D238D1BB8574F4A8618BC3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Всичко ли се изчисти?

    Въпроса е ..''Има ли какво да чистим..?''.Аз не виждам активни зарази ...!:)

    Деинсталирайте Комбофикс така:

    1.Натиснете Start ==> Run ==> въведете командата Combofix /Uninstall ==> OK

    Публикувано изображение

    2.Изтеглете OTCleanIt или от тук,стартирайте и натиснете Clean up

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Благодаря за отделеното време! :rolleyes: Единствено, програмата Security Check следва ли да се премахне, тъй като все още я има?

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.