Jump to content

Skype вирус

valyo_93
 Share

Препоръчан пост

valyo_93 Новобранец

valyo_93

Публикувано
  • Author
Публикувано

ComboFix 12-10-21.02 - user 10/22/2012 21:22:50.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.958.690 [GMT -7:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\user\Application Data\1.exe

c:\documents and settings\user\Application Data\1.tmp

c:\documents and settings\user\Application Data\110.exe

c:\documents and settings\user\Application Data\117.exe

c:\documents and settings\user\Application Data\124.exe

c:\documents and settings\user\Application Data\12E.exe

c:\documents and settings\user\Application Data\15E.exe

c:\documents and settings\user\Application Data\16D.exe

c:\documents and settings\user\Application Data\1AB.exe

c:\documents and settings\user\Application Data\1B.exe

c:\documents and settings\user\Application Data\1B3.exe

c:\documents and settings\user\Application Data\1BB.exe

c:\documents and settings\user\Application Data\1CF.exe

c:\documents and settings\user\Application Data\2.exe

c:\documents and settings\user\Application Data\5.exe

c:\documents and settings\user\Application Data\6B.exe

c:\documents and settings\user\Application Data\6D.exe

c:\documents and settings\user\Application Data\93.exe

c:\documents and settings\user\Application Data\94.exe

c:\documents and settings\user\Application Data\AC.exe

c:\documents and settings\user\Application Data\B3.exe

c:\documents and settings\user\Application Data\C.exe

c:\documents and settings\user\Application Data\C1.exe

c:\documents and settings\user\Application Data\D4.exe

c:\documents and settings\user\Application Data\FC.exe

c:\documents and settings\user\Recent\video.php-v=410912605606154.url

c:\documents and settings\user\WINDOWS

c:\program files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll

c:\windows\system32\spool\prtprocs\w32x86\e180spc.dll

c:\windows\Tab16d20.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NVSVC

-------\Service_NVSvc

.

.

((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))

.

.

2012-10-19 03:21 . 2012-10-19 03:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-19 03:21 . 2012-10-19 03:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-19 03:19 . 2012-10-20 10:33 -------- d-----w- c:\program files\Opera

2012-10-17 05:37 . 2012-10-17 05:49 -------- d-----w- c:\documents and settings\user\Application Data\QuickStoresToolbar

2012-10-17 05:30 . 2012-10-17 05:30 -------- d-----w- c:\program files\Unlocker

2012-10-11 10:58 . 2012-10-11 10:58 -------- d-----w- c:\program files\MSECache

2012-10-11 08:20 . 2012-10-11 08:20 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer

2012-10-11 08:20 . 2012-10-11 08:20 -------- d-----w- c:\program files\TeamViewer

2012-10-11 08:14 . 2012-10-11 08:14 -------- d-----w- c:\program files\GGN

2012-10-10 05:07 . 2012-10-10 05:07 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes

2012-10-10 05:07 . 2012-10-10 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-10-10 04:34 . 2012-10-10 04:41 -------- d-----w- c:\program files\Microsoft Bootvis

2012-10-09 08:42 . 2012-10-09 08:42 -------- d-----w- c:\program files\VS Revo Group

2012-10-05 06:26 . 2012-10-05 06:26 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 01:06 . 2012-10-20 10:36 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2003-12-07 05:12 121856 --sha-w- c:\windows\system32\fpplock.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Smart security registration status.lnk - c:\program files\Charismathics\Smart security interface 4.8.1\CSPregtool.exe [2010-3-30 6930784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-21 05:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]

2007-06-29 17:28 49152 ----a-w- c:\windows\domino.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]

2007-06-29 17:28 212992 ----a-w- c:\windows\VMSnap23.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]

2012-08-28 08:14 2180712 ----a-w- c:\program files\Mail.Ru\Guard\GuardMailRu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAgent]

2010-08-24 11:41 12270784 ----a-w- c:\program files\Mail.Ru\Agent\magent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 08:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]

2011-11-07 08:26 67456 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Warning: do not remove it!]

2003-12-07 05:12 121856 --sha-w- c:\windows\system32\fpplock.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"e:\\GAMES\\Counter-strike 1.6\\hl.exe"=

"e:\\GAMES\\Need for Speed Underground 2\\SPEED2.EXE"=

"e:\\GAMES\\CS 1.5\\CS 1.5\\CS 1.5\\hl-conzoll.exe"=

"e:\\GAMES\\FT.IT.FT.AT.0T.9T\\FT.IT.FT.AT.0T.9T\\FIFA09.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\GGN\\RealVNC\\winvnc4.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17764:TCP"= 17764:TCP:BitComet 17764 TCP

"17764:UDP"= 17764:UDP:BitComet 17764 UDP

"2817:TCP"= 2817:TCP:rvqjq

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/27/2010 12:12 PM 717296]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/19/2007 11:44 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/19/2007 11:44 PM 108552]

R2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [1/7/2009 2:25 AM 7168]

S2 3064;3064;\??\c:\docume~1\user\LOCALS~1\Temp\3064.sys --> c:\docume~1\user\LOCALS~1\Temp\3064.sys [?]

S2 aarcyydu;Task Update;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 bvwgnm;Helper Server;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 cczcgd;Driver Security;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 dunodmcr;Config Server;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 htnejh;Shell Time;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 huppb;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 ianiht;Update Windows;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 ixrhw;Boot Image;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 jwfqfxr;Server Manager;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 lyruhhqz;System Network;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 nxfznish;Installer Helper;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 srgjcjvhl;Helper Shell;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 tqumhj;Server Universal;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S2 xqjcb;Image Center;c:\windows\system32\svchost.exe -k netsvcs [8/3/2004 4:56 PM 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/18/2012 8:21 PM 250808]

S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [4/13/2011 10:50 PM 115712]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10/20/2012 3:36 AM 115168]

S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [6/26/2007 10:21 PM 476672]

S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [6/26/2007 10:21 PM 260224]

S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/19/2007 11:44 PM 908056]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/19/2007 11:44 PM 297752]

S4 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Mail.Ru\Guard\GuardMailRu.exe [8/24/2010 4:41 AM 2180712]

S4 gupdate;Ус»уі° Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 4:38 AM 135664]

S4 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 4:38 AM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*NewlyCreated* - WUAUSERV

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

huppb

nxfznish

htnejh

xqjcb

srgjcjvhl

dunodmcr

lyruhhqz

ianiht

tqumhj

aarcyydu

bvwgnm

cczcgd

jwfqfxr

ixrhw

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 03:21]

.

2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 11:38]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 11:38]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003Core.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-14 09:53]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003UA.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-14 09:53]

.

2012-10-10 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-02-24 08:26]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.20.29.1 10.20.1.1

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vhwqfrvc.default\

FF - ExtSQL: 2012-09-18 02:52; {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}; c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vhwqfrvc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

FF - ExtSQL: 2012-10-16 22:37; quickstores@quickstores.de; c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de

FF - ExtSQL: 2012-10-17 20:32; abvnotifier@netinfo.bg; c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vhwqfrvc.default\extensions\abvnotifier@netinfo.bg.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-Y - (no file)

MSConfigStartUp-hmonitor - c:\program files\Hmonitor\hmonitor.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-Folder Password Expert 2.1_is1 - c:\program files\Folder Password Expert\unins000.exe

AddRemove-MOORHUHN KART EXTRA XXL - c:\games\MOORHUHN KART EXTRA XXL\Uninstal.exe

AddRemove-Total Video Converter 3.50_is1 - c:\program files\Total Video Converter\unins000.exe

AddRemove-Свен Всемогущий_is1 - c:\games\Свен Всемогущий\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-22 21:31

Windows 5.1.2600 Service Pack 2 NTFS

.

detected NTDLL code modification:

ZwEnumerateValueKey, ZwQueryDirectoryFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Zdlqlp = c:\documents and settings\user\Application Data\Zdlqlp.exe

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG8\avgrsx.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\wdfmgr.exe

.

**************************************************************************

.

Completion time: 2012-10-22 21:33:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-23 04:33

.

Pre-Run: 53,022,617,600 bytes free

Post-Run: 53,280,677,888 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 556310A9B6EFA4746E764A3C609270AD

Link to comment
Сподели другаде
  • Отговори 32
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

s.feradov Новобранец

s.feradov

Публикувано
Публикувано

Изпълнете следното:

  • Запазете прикрепения файл на Вашия десктоп.
  • Провлачете текстовия файл върху ComboFix:

http://i.imgur.com/yRPQX.gif

  • Оставете инструментът да свърши своята работа. Възможно е ComboFix да рестартира Вашата система.

След края на сканирането, моля, прикачете новия log-файл, създаден от инструмента.

CFScript.txt

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
  • Author
Публикувано

ComboFix 12-10-21.02 - user 10/23/2012 2:53.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.958.427 [GMT -7:00]

Running from: c:\documents and settings\user\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\docume~1\user\LOCALS~1\Temp\3064.sys"

"c:\documents and settings\user\Application Data\Zdlqlp.exe"

.

.

((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))

.

.

2012-10-19 03:21 . 2012-10-19 03:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-19 03:21 . 2012-10-19 03:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-19 03:19 . 2012-10-20 10:33 -------- d-----w- c:\program files\Opera

2012-10-17 05:37 . 2012-10-17 05:49 -------- d-----w- c:\documents and settings\user\Application Data\QuickStoresToolbar

2012-10-17 05:30 . 2012-10-17 05:30 -------- d-----w- c:\program files\Unlocker

2012-10-11 10:58 . 2012-10-11 10:58 -------- d-----w- c:\program files\MSECache

2012-10-11 08:20 . 2012-10-11 08:20 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer

2012-10-11 08:20 . 2012-10-11 08:20 -------- d-----w- c:\program files\TeamViewer

2012-10-11 08:14 . 2012-10-11 08:14 -------- d-----w- c:\program files\GGN

2012-10-10 05:07 . 2012-10-10 05:07 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes

2012-10-10 05:07 . 2012-10-10 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-10-10 04:34 . 2012-10-10 04:41 -------- d-----w- c:\program files\Microsoft Bootvis

2012-10-09 08:42 . 2012-10-09 08:42 -------- d-----w- c:\program files\VS Revo Group

2012-10-05 06:26 . 2012-10-05 06:26 -------- d-----w- c:\windows\system32\wbem\Repository

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-11 01:06 . 2012-10-20 10:36 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2003-12-07 05:12 121856 --sha-w- c:\windows\system32\fpplock.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Smart security registration status.lnk - c:\program files\Charismathics\Smart security interface 4.8.1\CSPregtool.exe [2010-3-30 6930784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-21 05:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino]

2007-06-29 17:28 49152 ----a-w- c:\windows\domino.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap]

2007-06-29 17:28 212992 ----a-w- c:\windows\VMSnap23.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]

2012-08-28 08:14 2180712 ----a-w- c:\program files\Mail.Ru\Guard\GuardMailRu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAgent]

2010-08-24 11:41 12270784 ----a-w- c:\program files\Mail.Ru\Agent\magent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-08-04 08:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]

2011-11-07 08:26 67456 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Warning: do not remove it!]

2003-12-07 05:12 121856 --sha-w- c:\windows\system32\fpplock.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=

"e:\\GAMES\\Counter-strike 1.6\\hl.exe"=

"e:\\GAMES\\Need for Speed Underground 2\\SPEED2.EXE"=

"e:\\GAMES\\CS 1.5\\CS 1.5\\CS 1.5\\hl-conzoll.exe"=

"e:\\GAMES\\FT.IT.FT.AT.0T.9T\\FT.IT.FT.AT.0T.9T\\FIFA09.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\GGN\\RealVNC\\winvnc4.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"17764:TCP"= 17764:TCP:BitComet 17764 TCP

"17764:UDP"= 17764:UDP:BitComet 17764 UDP

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/27/2010 12:12 PM 717296]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/19/2007 11:44 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/19/2007 11:44 PM 108552]

R2 SpPortEx;Samsung Port Exclusion;c:\windows\system32\drivers\SpPortEx.sys [1/7/2009 2:25 AM 7168]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10/18/2012 8:21 PM 250808]

S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [4/13/2011 10:50 PM 115712]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10/20/2012 3:36 AM 115168]

S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [6/26/2007 10:21 PM 476672]

S3 ZSMC326;CANYON USB PC Camera;c:\windows\system32\drivers\usbvm323.sys [6/26/2007 10:21 PM 260224]

S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/19/2007 11:44 PM 908056]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/19/2007 11:44 PM 297752]

S4 Guard.Mail.ru;Guard.Mail.ru;c:\program files\Mail.Ru\Guard\GuardMailRu.exe [8/24/2010 4:41 AM 2180712]

S4 gupdate;Ус»уі° Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 4:38 AM 135664]

S4 gupdatem;Ус»уі° Ѕ° Google рєту°»ё·°цёя (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2010 4:38 AM 135664]

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 03:21]

.

2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 11:38]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-22 11:38]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003Core.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-14 09:53]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-484763869-725345543-1003UA.job

- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-14 09:53]

.

2012-10-10 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-02-24 08:26]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &С&валяне &с BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &С&валяне на всички с BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.20.29.1 10.20.1.1

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vhwqfrvc.default\

FF - ExtSQL: 2012-09-18 02:52; {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}; c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vhwqfrvc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}

FF - ExtSQL: 2012-10-16 22:37; quickstores@quickstores.de; c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de

FF - ExtSQL: 2012-10-17 20:32; abvnotifier@netinfo.bg; c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\vhwqfrvc.default\extensions\abvnotifier@netinfo.bg.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-23 02:58

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-10-23 03:00:16

ComboFix-quarantined-files.txt 2012-10-23 10:00

ComboFix2.txt 2012-10-23 09:49

ComboFix3.txt 2012-10-23 04:33

.

Pre-Run: 53,237,395,456 bytes free

Post-Run: 53,225,820,160 bytes free

.

- - End Of File - - 69714FC8BCF1199E8F7C77F6C7242378

Link to comment
Сподели другаде
s.feradov Новобранец

s.feradov

Публикувано
Публикувано

Моля, намерете папката Qoobox, която се намира в следната директория:

C:\

Архивирайте я, прикачете я в избран от Вас хостинг и споделете линка към файла в следващия Ви коментар.

 

Изтеглете OTL

  • Запазете файла на Вашия десктоп.
  • Стартирайте инструмента.
  • Уверете се, че процесът на сканиране няма да бъде прекъснат.
  • В главния прозорец на програмата сложете отметка пред Scan All Users.
  • В полето Standart Registry изберете All.
  • Сложете отметки пред LOP Check и Purity Check.
  • От падащото меню File Age изберете 90 days.
  • Уверете се, че има отметкa пред Skip Microsoft Files.
  • В полето Custom Scans/Fixes поставете следния текст:

 

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%CommonProgramFiles%\ComObjects*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\config\systemprofile\*.*
%systemroot%\system32\config\systemprofile\Application Data\*.*
%systemroot%\system32\config\systemprofile\\Local Settings\*.*
%systemroot%\system32\config\systemprofile\\Local Settings\Application Data\*.*
%systemroot%\system32\config\systemprofile\\Local Settings\Temp\*.*
%systemroot%\system32\config\systemprofile\\Local Settings\Temporary Internet Files\*.*
%windir%\temp\*.*
%windir%\minidump\*.*
%windir%\*.
%windir%\installer\*.
%windir%\system32\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
HKEY_CURRENT_USER\Software\MSOLoad /s
restorepoints
/md5start
consrv.dll
services.exe
svchost.exe
explorer.exe
userinit.exe
winlogon.exe
smss.exe
lsass.exe
atapi.sys
iaStor.sys
serial.sys
disk.sys
volsnap.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
tcpip.sys
ipsec.sys
hlp.dat
str.sys
/md5stop

 

Копирайте кода точно както е даден. Уверете се, че всяка от командите е на нов ред, както е в полето.

 

Натиснете бутона Run Scan. Ще започне сканиране, което няма да продължи дълго.Когато сканирането приключи автоматично ще се отворят два Notepad лог-файла - OTL.txt и Extras.txt.

 

Моля, прикачете тези два файла към следващия Ви коментар.

Link to comment
Сподели другаде
s.feradov Новобранец

s.feradov

Публикувано
Публикувано

Стартирайте отново OTL.

  • В полето Custom Scans/Fixes поставете следния текст :

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aujg60o4)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-484763869-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-299502267-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-299502267-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
:Files
C:\Documents and Settings\user\Local Settings\Application Data\mo1812bpe55edo6
C:\Documents and Settings\All Users\Application Data\mo1812bpe55edo6
:Commands
[emptytemp]

 

Копирайте кода точно както е даден. Уверете се, че не изтървате някое от двуеточията в началото. Уверете се също така, че всяка от командите е на нов ред, както е в полето.

 

След въвеждане на кода в полето Custom Scans/Fixes, натиснете бутона Run Fix. Потвърдете съобщението за рестартиране на системата.

 

След рестартирането на системата, ще се появи лог-файл, намиращ се в C:\_OTL\Moved Files. Моля, прикачете съответния лог -файл към следващия Ви коментар.

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
  • Author
Публикувано

All processes killed

========== OTL ==========

Error: No service named aujg60o4 was found to stop!

Service\Driver key aujg60o4 not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-299502267-484763869-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-299502267-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_USERS\S-1-5-21-299502267-484763869-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

========== FILES ==========

C:\Documents and Settings\user\Local Settings\Application Data\mo1812bpe55edo6 moved successfully.

C:\Documents and Settings\All Users\Application Data\mo1812bpe55edo6 moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: ianko

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 131206 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: user

->Temp folder emptied: 775642 bytes

->Temporary Internet Files folder emptied: 1326641 bytes

->FireFox cache emptied: 331945980 bytes

->Google Chrome cache emptied: 50443752 bytes

->Opera cache emptied: 19170236 bytes

->Flash cache emptied: 147511 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2253306 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6126 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 18545109 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 405.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 10242012_213257

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Link to comment
Сподели другаде
s.feradov Новобранец

s.feradov

Публикувано
Публикувано

Така, нека направим още няколко сканирания.

 

Изтеглете KidoKiller

  • Запазете файла на Вашия десктоп.
  • Разархивайте архива в директория по Ваше желание.
  • Преместете изпълнимия файл kk.exe в следната директория:

C:\

  • Меню Start -> Run -> Въведете cmd -> Натиснете Enter.
  • В командния прозорец въведете следното:

cd C:\

  • Натиснете Enter. След това въведете:

kk.exe -f -n -y -l Scan.txt -v

  • Натиснете Enter.

След края на сканирането, в директория C:\ ще се създаде текстови файл Scan.txt. Моля, прикачете този файл към следващия Ви коментар.

 

Също така, моля, изпълнете следните указания:

 

Моля, намерете папката Qoobox, която се намира в следната директория:

C:\

Архивирайте я, прикачете я в избран от Вас хостинг и споделете линка към файла в следващия Ви коментар.

Link to comment
Сподели другаде
s.feradov Новобранец

s.feradov

Публикувано
Публикувано

Какво точно представляват тези реклами? Ако е възможно, прикачете изображение, което показва проблема.

 

Същевременно изпълнете следните стъпки:

 

Изтеглете Malwarebytes' Anti-Malware Free.

  • Стартирайте инсталационния файл и инсталирайте програмата.
  • Уверете се, че са поставени отметки пред Update Malwarebytes' Anti-Malware и Launch Malwarebytes'Anti-Malware.
  • Програмата ще изтегли и инсталира автоматично наличните обновявания.
  • Стартирайте програмата.
  • Изберете Perform Quick Scan -> Scan.
  • След края на сканирането, натиснете бутон OK
  • Натиснете бутона Show Results, за да видите резултата от сканирането.
  • Уверете се, че има отметки на всеки ред.
  • Натиснете бутона Remove Selected.

В Notepad ще бъде отворен лог -файл. Моля, прикачете файла към следващия Ви коментар.

 

Забележка: MalwareBytes' Anti-Malware може да поиска да рестартира Вашата система. При подобно запитване от страна на програмата се съгласете и позволете рестартирането на системата.

 

 

Изтеглете ESET Online Scanner

  • Стартирайте esetsmartinstaller_enu.exe
  • Сложете отметка пред YES, I accept the Terms of
  • Натиснете бутона Start. Инструментът ще започне да изтегля необходимите му компоненти.
  • Уверете се, че има отметки пред следните редове, включително и тези от менюто Advanced Settings:

Scan archives

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth technology
  • Натиснете бутона Start.
  • Не слагайте отметка пред Remove found threats.
  • Инструментът ще започне да изтегля последните дефиниции.
  • След като сканирането завърши натиснете бутона Finish.

Намерете директорията C:\Program Files\ESET\ESET Online Scanner

Прикачете файла log.txt към следващия Ви коментар.

 

 

Изтеглете SecurityCheck

  • Запазете файла на Вашия десктоп.
  • Стартирайте инструмента.
  • Следвайте инструкциите, показани в новопоявилия се прозорец.
  • Ще се създаде лог-файл – checkup.txt, който ще се отвори автоматично.

Моля, прикачете въпросния файл към следващия Ви коментар.

Link to comment
Сподели другаде
Vasko12 Новобранец

Vasko12

Публикувано
Публикувано
Предполагам при посещение на разни сайтове се полуава,изтегли си ADBLOCK+ и Ghostery Линковете съдържат кратки видео ръководства за настройка на добавките.
Link to comment
Сподели другаде
s.feradov Новобранец

s.feradov

Публикувано
Публикувано

Логовете от сканиранията са чисти. Последни стъпки:

 

Изпълнете следното:

  • Меню Start -> Run -> Въведете Combofix /Uninstall -> Натиснете Enter.

Изтеглете OTC.

  • Стартирайте OTC.exe.
  • Изберете бутон CleanUp!

Може да премахнете ESET Online Scanner и SecurityCheck.

 

Последни съвети:

  • Инсталирайте Service Pack 3 на операционната система. Пакетът съдържа промени, подобряващи стабилността и сигурността на ОС.
  • Инсталирайте Internet Explorer 8, тъй като текущата версия на софтуера е твърде стара.
  • Изтеглете и инсталирайте последната версия на инсталирания антивирусен продукт оттук.
  • Изтеглете и инсталирайте последната версия на Adobe Flash Player.
  • Изтеглете и инсталирайте последната версия на Adobe Reader.

 

Изпълнете следното:

 

Изтеглете Panda USB Vaccine.

  • Запазете файла на Вашия десктоп.
  • Разархивирайте архива в директория по Ваше желание.
  • Стартирайте USBVaccineSetup.exe и инсталирайте софтуера.
  • Стартирайте Panda USB Vaccine.
  • Изберете бутон Vaccinate Computer.

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
 Share
Иди на предишната тема
×
×
  • Създай ново...