Антивирусните програми - дискусии, мнения и съвети

finalista · Август 2, 2009

Avira AntiVir Personal

Report file date: 01 Август 2009 г. 12:07

Scanning for 1584543 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : GA-M52L-S3P-AMD

Version information:

BUILD.DAT : 9.0.0.403 17961 Bytes 03.6.2009 г. 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 11.5.2009 г. 07:14:47

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 г. 08:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 г. 09:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 г. 08:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 г. 10:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.6.2009 г. 14:37:27

ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19.7.2009 г. 14:37:30

ANTIVIR3.VDF : 7.1.5.57 445952 Bytes 31.7.2009 г. 16:49:44

Engineversion : 8.2.0.238

AEVDF.DLL : 8.1.1.1 106868 Bytes 30.4.2009 г. 09:52:04

AESCRIPT.DLL : 8.1.2.22 450938 Bytes 30.7.2009 г. 16:49:45

AESCN.DLL : 8.1.2.4 127348 Bytes 23.7.2009 г. 10:43:34

AERDL.DLL : 8.1.2.4 430452 Bytes 22.7.2009 г. 14:37:33

AEPACK.DLL : 8.1.3.18 401783 Bytes 27.5.2009 г. 14:07:20

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 22.7.2009 г. 14:37:32

AEHEUR.DLL : 8.1.0.147 1884536 Bytes 29.7.2009 г. 07:12:58

AEHELP.DLL : 8.1.5.3 233846 Bytes 23.7.2009 г. 10:43:34

AEGEN.DLL : 8.1.1.53 356724 Bytes 31.7.2009 г. 16:49:44

AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 г. 12:32:40

AECORE.DLL : 8.1.7.6 184694 Bytes 23.7.2009 г. 10:43:32

AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 г. 12:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 г. 06:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 г. 08:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 г. 12:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 г. 08:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24.3.2009 г. 13:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 г. 08:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 г. 13:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.2.2009 г. 06:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 г. 08:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.5.2009 г. 13:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.4.2009 г. 08:19:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: 01 Август 2009 г. 12:07

Starting search for hidden objects.

'30369' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'msiexec.exe' - '1' Module(s) have been scanned

Scan process 'MagicDisc.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'AWC.exe' - '1' Module(s) have been scanned

Scan process 'TBPANEL.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned

Scan process 'brs.exe' - '1' Module(s) have been scanned

Scan process 'PDVD9Serv.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'RMHSvc.exe' - '1' Module(s) have been scanned

Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned

Scan process 'RichVideo.exe' - '1' Module(s) have been scanned

Scan process 'SpywareTerminatorUpdate.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'brs.exe' - '1' Module(s) have been scanned

Scan process 'PDVD9Serv.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

47 processes with 47 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '60' files ).

Starting the file scan:

Begin scan in 'C:\' <BORE 1 TB>

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Documents and Settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\Mozilla\Firefox\Profiles\2u3dfqrt.default\Cache\2F1C82ACd01

[0] Archive type: RAR

--> melissa.zip

[1] Archive type: ZIP

--> list.doc

[DETECTION] Contains code of the W97M/Melissa.A Word macro virus

--> mail trojan.zip

[1] Archive type: ZIP

--> mail troian/naebi_suseda.zip

[2] Archive type: ZIP

--> naebi_suseda/config.exe

[DETECTION] Is the TR/PSW.Ring.b Trojan

--> naebi_suseda/NS239_.exe

[DETECTION] Is the TR/PSW.Coced.239 Trojan

--> naebi_suseda/NS239Z.exe

[DETECTION] Is the TR/PSW.Coced.239 Trojan

--> naebi_suseda/NS239.exe

[DETECTION] Is the TR/PSW.Coced.239 Trojan

--> naebi_suseda/NS239PIC.exe

[DETECTION] Is the TR/PSW.Coced.239 Trojan

--> hare.zip

[1] Archive type: ZIP

--> HDEUTHAN.EXV

[DETECTION] Contains recognition pattern of the Hare-V3 virus

--> happy99.zip

[1] Archive type: ZIP

--> H99CLEAN.EXE

[DETECTION] Is the TR/FlashKiller.A Trojan

--> Happy99.exe

[DETECTION] Contains recognition pattern of the WORM/Happy worm

--> frenzy-Troian.zip

[1] Archive type: ZIP

--> Client.exe

[DETECTION] Is the TR/Frenzy1.Cli Trojan

--> Server.exe

[DETECTION] Is the TR/Systray Trojan

--> diskkill.zip

[1] Archive type: ZIP

--> DISKKILL.COM

[DETECTION] Contains code of the DiskKiller virus

--> danger.zip

[1] Archive type: ZIP

--> _1226.zip

[2] Archive type: ZIP

--> _1226.COM

[DETECTION] Contains recognition pattern of the Phoenix #2 virus

--> casino.ZIP

[2] Archive type: ZIP

--> CAS-B.COM

[DETECTION] Contains code of the Casino #2 virus

--> CAS-A.COM

[DETECTION] Contains code of the Casino #2 virus

--> CAS-D.COM

[DETECTION] Contains code of the Casino #2 virus

--> diskkill.zip

[2] Archive type: ZIP

--> DISKKILL.COM

[DETECTION] Contains code of the DiskKiller virus

--> hare.zip

[2] Archive type: ZIP

--> HDEUTHAN.EXV

[DETECTION] Contains recognition pattern of the Hare-V3 virus

--> Mosquito.zip

[2] Archive type: ZIP

--> MOSQUITO.EXE

[DETECTION] Contains code of the Mosquito virus

--> one.zip

[2] Archive type: ZIP

--> 0001.EXE

[DETECTION] Contains recognition pattern of the OneHalf (Mem) #1 virus

--> reincan_.zip

[2] Archive type: ZIP

--> Reincanation.com

[DETECTION] Contains recognition pattern of the VCL-314 virus

--> saratoga.zip

[2] Archive type: ZIP

--> SARATOGA.COM

[DETECTION] Contains recognition pattern of the Saratoga virus

--> Satan612.zip

[2] Archive type: ZIP

--> SATAN612.COM

[DETECTION] Contains recognition pattern of the Satan virus

--> sped.zip

[DETECTION] Contains recognition pattern of the Trivial #24 virus

--> sped.com

[DETECTION] Contains recognition pattern of the Trivial #24 virus

--> twno-b.zip

[2] Archive type: ZIP

--> TWNO-B.DOC

[DETECTION] Contains code of the WM/TWNO.B Word macro virus

--> uencrypt.zip

[2] Archive type: ZIP

--> UENCRYPT.COM

[DETECTION] Contains recognition pattern of the VGEN/886.0 virus

--> ussr2144 - bad.zip

[2] Archive type: ZIP

--> USSR2144.COM

[DETECTION] Contains code of the USSR-2144 virus

--> ussr311.zip

[2] Archive type: ZIP

--> USSR311.COM

[DETECTION] Contains code of the USSR-311 virus

--> ussr492.zip

[2] Archive type: ZIP

--> USSR492.COM

[DETECTION] Contains code of the USSR-492 virus

--> ussr516.zip

[2] Archive type: ZIP

--> USSR516.COM

[DETECTION] Contains code of the Leapfrog virus

--> ussr-696.zip

[2] Archive type: ZIP

--> USSR-696.COM

[DETECTION] Contains code of the USSR-693 virus

--> ussr711.zip

[2] Archive type: ZIP

--> USSR711.COM

[DETECTION] Contains code of the USSR-711 virus

--> war003_.zip

[2] Archive type: ZIP

--> WCA.COM

[DETECTION] Contains recognition pattern of the VGEN/1043.0 virus

--> warp006_.zip

[DETECTION] Contains recognition pattern of the VGEN/3347.0 virus

--> WARP.COM

[DETECTION] Contains recognition pattern of the VGEN/3347.0 virus

--> Whale.zip

[2] Archive type: ZIP

--> WHALE.COM

[DETECTION] Contains recognition pattern of the Whale Mutant #3 virus

--> 1992.zip

[2] Archive type: ZIP

--> 1992.COM

[DETECTION] Contains code of the VCL.Skism-1992 virus

--> AshPizza.zip

[2] Archive type: ZIP

--> VIRUS1.EXE

[DETECTION] Contains recognition pattern of the Ash-1604 virus

--> blah.zip

[2] Archive type: ZIP

--> blah.txt

[DETECTION] Contains recognition pattern of the Blah #1 virus

--> blah.bat

[DETECTION] Contains recognition pattern of the Blah #1 virus

--> filehider.789.zip

[2] Archive type: ZIP

--> filehider.789.exe

[DETECTION] Contains code of the FSP-Killer-A virus

--> Hymn1865a.zip

[2] Archive type: ZIP

--> Hymn1865a.com

[DETECTION] Contains recognition pattern of the Hymn #4 virus

--> Jerusalem1730.zip

[2] Archive type: ZIP

--> Jerusalem1730.com

[DETECTION] Contains code of the Czech-B virus

--> Omega.zip

[2] Archive type: ZIP

--> OMEGA.COM

[DETECTION] Contains recognition pattern of the Omega #3 virus

--> Phoenix.zip

[2] Archive type: ZIP

--> PHOENIX.COM

[DETECTION] Contains recognition pattern of the Phoenix-Trojan virus

--> Target.zip

[2] Archive type: ZIP

--> TARGET.COM

[DETECTION] Contains code of the Marauder virus

--> arab.zip

[2] Archive type: ZIP

--> arab.com

[DETECTION] Contains recognition pattern of the 742 virus

--> Typo.zip

[2] Archive type: ZIP

--> TYPO.COM

[DETECTION] Contains code of the Typo-A virus

--> Veng.zip

[2] Archive type: ZIP

--> VENG.COM

[DETECTION] Contains recognition pattern of the Vengeance virus

--> Omega.zip

[1] Archive type: ZIP

--> OMEGA.COM

[DETECTION] Contains recognition pattern of the Omega #3 virus

--> Vlab-CIH.zip

[1] Archive type: ZIP

--> Vlab.exe

[DETECTION] Contains recognition pattern of the VKIT/Trixter virus

--> MyPicture Prog.ace

[1] Archive type: ACE

--> My Documents\Install\Naebi_suseda\naebi_suseda\NS239Z.exe

[DETECTION] Is the TR/PSW.Coced.239 Trojan

--> My Documents\Install\Naebi_suseda\naebi_suseda\NS239_.exe

[DETECTION] Is the TR/PSW.Coced.239 Trojan

--> My Documents\Install\Naebi_suseda\naebi_suseda\NS239PIC.exe

[DETECTION] Is the TR/PSW.Coced.239 Trojan

--> My Documents\Install\Naebi_suseda\naebi_suseda\NS239.exe

[DETECTION] Is the TR/PSW.Coced.239 Trojan

--> hddkill.zip

[DETECTION] Is the TR/Win32.HDDKill Trojan

--> VXXXD.VXD

[DETECTION] Is the TR/HDDKill.1 Trojan

--> HDDKILL.COM

[DETECTION] Is the TR/Win32.HDDKill Trojan

--> RECOVER.EXE

[DETECTION] Is the TR/HDDKill.B Trojan

--> MSSUPD.EXE

[DETECTION] Is the TR/Win32.HDDKill Trojan

--> INSTALL.EXE

[DETECTION] Is the TR/HDDKill.1 Trojan

--> Kaboom.zip

[1] Archive type: ZIP

--> Kaboom/KABOOM!3.EXE

[DETECTION] Is the TR/MailBomber Trojan

--> anonmail.zip

[1] Archive type: ZIP

--> anonmail.exe

[DETECTION] Is the TR/Nuker.AnonMail Trojan

C:\Program Files\SpyWall\check_app.dat

[DETECTION] Contains HEUR/Malware suspicious code

Begin scan in 'D:\' <IRINA 1 TB>

Beginning disinfection:

C:\Documents and Settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\Mozilla\Firefox\Profiles\2u3dfqrt.default\Cache\2F1C82ACd01

[NOTE] The file was moved to '4aa5224e.qua'!

C:\Program Files\SpyWall\check_app.dat

[DETECTION] Contains HEUR/Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4ad92270.qua'!

End of the scan: 01 Август 2009 г. 14:07

Used time: 2:00:28 Hour(s)

The scan has been done completely.

14764 Scanned directories

805263 Files were scanned

64 Viruses and/or unwanted programs were found

1 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

2 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

805197 Files not concerned

4323 Archives were scanned

1 Warnings

3 Notes

30369 Objects were scanned with rootkit scan

0 Hidden objects were found

B-boy/StyLe/ · Август 2, 2009

Къде са логовете от Malwarebytes и SUPERAntispyware ?

http://forums.softvisia.com/index.php?s=&a...ost&p=78653

finalista · Август 2, 2009

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/02/2009 at 10:02 PM

Application Version : 4.27.1000

Core Rules Database Version : 4032

Trace Rules Database Version: 1972

Scan type : Complete Scan

Total Scan Time : 00:41:36

Memory items scanned : 487

Memory threats detected : 0

Registry items scanned : 5006

Registry threats detected : 0

File items scanned : 38537

File threats detected : 15

Adware.Tracking Cookie

C:\Documents and Settings\IRINA.GA-M52L-S3P-AMD\Cookies\irina@ads.bsplayer[2].txt

Trojan.VXGame-Variant/D

C:\DOCUMENTS AND SETTINGS\BORE.GA-M52L-S3P-AMD\APPLICATION DATA\MICROSOFT\INSTALLER\{B01E917D-2048-44C4-8AD4-057C0D8DBBEB}\HALITEICON.EXE

C:\DOCUMENTS AND SETTINGS\BORE.GA-M52L-S3P-AMD\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\HALITE.LNK

C:\DOCUMENTS AND SETTINGS\BORE.GA-M52L-S3P-AMD\DESKTOP\HALITE.LNK

C:\DOCUMENTS AND SETTINGS\BORE.GA-M52L-S3P-AMD\START MENU\PROGRAMS\HALITE\HALITE.LNK

C:\GAMES\ROCKSTAR.GAMES\GTA SAN ANDREAS HUUDLUM\GTA SAN ANDREAS\HLM-INTRO.EXE

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP39\A0004251.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP40\A0004299.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP43\A0004550.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP45\A0005469.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP48\A0005745.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP51\A0005917.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP52\A0006161.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP53\A0006163.LNK

C:\SYSTEM VOLUME INFORMATION\_RESTORE{0D952A81-4722-4A9F-8DD1-0E3DDAD07F8C}\RP66\A0007371.LNK

Къде са логовете от Malwarebytes и SUPERAntispyware ?

http://forums.softvisia.com/index.php?s=&a...ost&p=78653

Под Windows XP, който съм инсталирал на C:\ не мога да инсталирам Anti-Malware

Имам я инсталирана под Windows XP, който съм инсталирал на D:\

Но сега пуснах проверка на диск D:\ чрез SUPERAntiSpyware и трябва да изчакам резултата ....

B-boy/StyLe/ · Август 2, 2009

Спри System Restore.

Десен бутон на My Computer => Properties => System Restore => Turn off system restore on all drives => Apply

http://tiphub.com/image/topic1/DisableSystemRestore.png

Някакво съобщение за грешка дава ли ти...когато се опитваш да инсталираш Malwarebyres нa C:\ ?

finalista · Август 2, 2009

....
Някакво съобщение за грешка дава ли ти...когато се опитваш да инсталираш Malwarebyres нa C:\ ?

Дава грешка свързана с:

Microsoft Visual C++ Runtime Library, но точно не си спомням

Сега в момента съм пуснал Full Scan с Anti-Malware от D:\ като избрах да сканира и C:\ и D:\ - ще продължи дълго време ...

B-boy/StyLe/ · Август 2, 2009

Дава грешка свързана с:
Microsoft Visual C++ Runtime Library, но точно не си спомням

Сега в момента съм пуснал Full Scan с Anti-Malware от D:\ като избрах да сканира и C:\ и D:\ - ще продължи дълго време ...

А защо не инсталира SUPERAntispyware на C:\ (и тя ли не искаше) ?

Изобщо за какво са ти две Операционни Системи...по принцип...подобни грешки в MBAM се оправят по-този начин:

http://www.malwarebytes.org/forums/index.php?showtopic=10138

или означават зловредна активност...

Можем да се опитаме да излекуваме дял C:\ а може и да го форматираш и да си караш само с инсталацията на D:\

finalista · Август 2, 2009

А защо не инсталира SUPERAntispyware на C:\ (и тя ли не искаше) ?
Изобщо за какво са ти две Операционни Системи...по принцип...подобни грешки в MBAM се оправят по-този начин:

http://www.malwarebytes.org/forums/index.php?showtopic=10138

или означават зловредна активност...
Можем да се опитаме да излекуваме дял C:\ а може и да го форматираш и да си караш само с инсталацията на D:\

Всъщност инсталирах SUPERAntispyware на C:\ и сканирах от C:\ ...

После рестартирах компютъра, избрах да се зареди Win XP от D:\ и сега сканирам и двата диска с MBAM.

Проблемът ми е, че имам инсталирани над 50 игри на диск C:\ - всъщност той е по-важният за мен, но и много по-уязвим за вируси

Предпочитам да излекувам C:\

Благодаря !!!

А отделно пиша в този форум от Лаптопа, като .LOG файловете ги прехвърлях от болния компютър на Лаптопа чрез FLASH Memory 2 Gb

The Graverobber · Август 2, 2009

сканирай си флашката за евентуални гадини, за да предотвратиш заразяването и на лаптопа

finalista · Август 2, 2009

сканирай си флашката за евентуални гадини, за да предотвратиш заразяването и на лаптопа

Сканирах я вече .... няма зарази (дай Боже да е истина)

Лаптопът ми е най-защитения компютър, който имам:

AVIRA Antivir - резидентна защита

Sunbelt Firewall - резидентна защита

Advanced System Care - резидентна защита

MBAM - сканирам периодично

Spyware Terminator - сканирам периодично

Spybot - Search & Destroy - сканирам периодично

B-boy/StyLe/ · Август 2, 2009

Сканирах я вече .... няма зарази (дай Боже да е истина)
Лаптопът ми е най-защитения компютър, който имам:
AVIRA Antivir - резидентна защита
Sunbelt Firewall - резидентна защита
Advanced System Care - резидентна защита
MBAM - сканирам периодично
Spyware Terminator - сканирам периодично
Spybot - Search & Destroy - сканирам периодично

Advanced WindowsCare по-скоро прави имунизация.

Докъде сме с проверката с MBAM ?

След като свършиш зареди в C:\ и изпълни следните стъпки:

Изтегли RootRepeal от тук и го разархивирай го на десктопа.

Кликни два пъти върху RootRepeal.exe , за да стартираш програмата
Кликни на таба Report в долната част на прозореца
Кликни на бутона Scan
Сложи отметки пред следните редове:

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services

Кликни OK
На следващия диалогов прозорец, сложи отметки пред дял C:\
Кликни на OK, за да започне проверката

Забележка: По време на проверката

не стартирай

никакви програми.

Когато сканирането завърши ще се появи бутона Save Report
Кликни върху Save Report и запази лог файла с име RootRepeal.txt
Отвори File, след което Exit , за да затвориш програмата.

Копирай съдържанието на RootRepeal.txt в следващия си пост.

finalista · Август 2, 2009

Трябваше да избера сканиране само на C:\

Аз избрах MBAM да сканира и C:\ и D:\

но и двата диска са по 1 терабайт

разбира се C:\ е пълен наполовина

Засега MBAM е сканирал 250 000 файла от C:\ - предполагам че общо има 850 000 файла на C:\

После ще извърша другите неща, които си ми описал подробно

Благодаря !!!!

Malwarebytes' Anti-Malware 1.39

Database version: 2547

Windows 5.1.2600 Service Pack 3

03.08.2009 00:12:34

mbam-log-2009-08-03 (00-12-34).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 449389

Time elapsed: 1 hour(s), 34 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Това ме обнадеждава, че заразите изчезват или намаляват !!!!

finalista · Август 2, 2009

Два пъти се рестартира Win XP след стартиране на сканирането чрез RootRepeal ...

Принудих се да направя Exit на няколко програми от System Tray като:

Skype

SUPERAntiSpyware

Ad-Aware

Единствено AVIRA оставих резидентна, но ако пак се рестартира, ще спра и нея.

Сега сканирането тръгна - дано завърши успешно ...

//................................................................................

Единствените индикации, че RootRepeal работи, са червената светлина за дискова активност и пясъчният часовник на курсора на мишката, когато е в прозореца на RootRepeal ....

Дано наистина да работи !!!

B-boy/StyLe/ · Август 2, 2009

Да пробваме с Combofix =>

*. Временно спри защитата на антивирусната си програма в реално време.

*. Изтегли Combofix.

*. Запази го на ДЕСКТОПА.

*. Въведи следната команда:

Start => run => въведи чрез copy/paste

"%userprofile%\desktop\combofix.exe" /killall

http://www.techsupportforum.com/sectools/tetonbob/killall.JPG

*. По времето на сканиране от страна на ComboFix не стартирай никакви други приложения, не натискай клавиши от клавиатурата и не мести мишката !

*. Публикувай лог файла в следващия си пост.

finalista · Август 2, 2009

ComboFix 09-08-01.09 - IRINA 03.08.2009 2:10.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.3327.2995 [GMT 3:00]

Running from: c:\documents and settings\IRINA.GA-M52L-S3P-AMD\desktop\combofix.exe

Command switches used :: /killall

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))

.

2009-08-02 17:21 . 2009-08-02 17:21 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\SUPERAntiSpyware.com

2009-08-02 12:29 . 2009-06-18 09:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys

2009-08-02 11:15 . 2009-08-02 11:15 -------- d-----w- c:\program files\Sophos

2009-08-02 09:27 . 2009-08-02 09:31 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\Cyberlink

2009-08-02 09:27 . 2009-08-02 09:27 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Application Data\CyberLink

2009-08-01 21:25 . 2009-08-01 21:25 -------- d-----w- c:\program files\MSXML 4.0

2009-07-31 22:08 . 2009-08-01 21:29 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Application Data\Spyware Terminator

2009-07-31 21:35 . 2009-07-31 21:35 -------- d-sh--w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\IECompatCache

2009-07-31 21:05 . 2009-07-31 21:24 -------- d-----w- c:\windows\SxsCaPendDel

2009-07-31 20:25 . 2009-07-31 20:25 -------- d-----w- c:\program files\MSSOAP

2009-07-31 20:25 . 2009-07-31 20:25 -------- d-----w- c:\program files\Webroot

2009-07-31 20:25 . 2009-07-31 20:25 164 ----a-w- c:\windows\install.dat

2009-07-31 19:31 . 2009-08-02 22:54 36 ---h--r- c:\windows\sued.dat

2009-07-31 19:31 . 2009-07-31 19:31 186880 ----a-w- c:\windows\system32\drivers\trlkprot.sys

2009-07-31 19:31 . 2009-07-31 19:31 -------- d-----w- c:\windows\trlrm

2009-07-31 19:31 . 2009-08-02 22:54 -------- d-----w- c:\program files\SpyWall

2009-07-31 18:54 . 2009-07-31 18:54 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.002\PrivacIE

2009-07-31 18:54 . 2009-07-31 18:54 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\BS_Player

2009-07-31 18:54 . 2009-07-31 18:54 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Conduit

2009-07-31 17:46 . 2009-07-31 17:46 -------- d-----w- c:\program files\Crawler

2009-07-31 16:15 . 2009-08-02 22:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft

2009-07-31 14:52 . 2009-07-31 14:52 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\K-Meleon

2009-07-31 14:52 . 2009-07-31 14:52 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\K-Meleon

2009-07-31 14:51 . 2009-07-31 14:52 -------- d-----w- c:\program files\K-Meleon

2009-07-31 13:32 . 2009-07-31 13:32 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\Media Player Classic

2009-07-31 13:14 . 2009-07-31 13:14 -------- d-----w- c:\program files\xmplay34

2009-07-31 12:32 . 2009-07-31 12:32 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\GRETECH

2009-07-31 12:31 . 2009-07-31 12:31 -------- d-----w- c:\program files\GRETECH

2009-07-31 09:33 . 2009-07-31 12:32 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\BS_Player

2009-07-31 09:33 . 2009-07-31 09:35 -------- d-----w- c:\program files\BS_Player

2009-07-31 09:33 . 2009-07-31 09:33 -------- d-----w- c:\program files\Conduit

2009-07-31 09:33 . 2009-07-31 09:33 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\Conduit

2009-07-31 09:33 . 2009-07-31 09:33 -------- d-----w- c:\program files\Webteh

2009-07-31 09:20 . 2009-07-31 09:23 -------- d-----w- c:\program files\The KMPlayer

2009-07-31 08:43 . 2009-07-31 08:43 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\CoreCodec

2009-07-31 08:39 . 2009-07-31 08:39 -------- d-----w- c:\program files\CoreCodec

2009-07-31 08:29 . 2009-07-31 08:38 -------- d-----w- c:\program files\nvideo-tech

2009-07-31 08:29 . 2009-07-31 08:29 720896 ----a-w- c:\windows\iun6002.exe

2009-07-31 08:22 . 2009-07-31 08:22 -------- d-----w- c:\program files\Common Files\xing shared

2009-07-31 08:22 . 2009-07-31 08:22 -------- d-----w- c:\program files\Common Files\Real

2009-07-31 08:22 . 2009-07-31 08:22 -------- d-----w- c:\program files\Real

2009-07-31 08:12 . 2009-07-31 08:12 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\fontconfig

2009-07-31 08:11 . 2009-07-31 08:13 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\.smplayer

2009-07-31 08:09 . 2009-07-31 08:10 -------- d-----w- c:\program files\SMPlayer

2009-07-30 21:23 . 2009-07-30 21:23 -------- d-----w- c:\program files\viplay4b1

2009-07-30 21:19 . 2009-07-30 21:19 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\URUWorks

2009-07-30 21:03 . 2009-07-30 21:03 -------- d-----w- c:\program files\Micro DVD Player

2009-07-30 20:39 . 2009-07-30 20:42 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\Crystal Player

2009-07-30 20:39 . 2009-07-30 20:39 -------- d-----w- c:\program files\Crystal Player

2009-07-30 20:24 . 2009-07-30 20:24 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\DivX

2009-07-30 20:23 . 2009-08-01 14:45 -------- d-----w- c:\program files\Mv2Player

2009-07-30 20:03 . 2009-07-30 20:03 -------- d-sh--w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\PrivacIE

2009-07-30 20:03 . 2009-07-31 21:39 -------- d-----w- c:\program files\AskBarDis

2009-07-30 20:03 . 2009-07-30 20:09 -------- d-----w- c:\program files\Wise Registry Cleaner

2009-07-29 21:53 . 2009-07-29 21:53 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter

2009-07-29 21:53 . 2009-07-29 21:53 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder

2009-07-29 21:53 . 2009-07-29 21:53 -------- d-----w- c:\program files\CD Audio Reader Filter

2009-07-29 21:53 . 2009-07-29 21:53 -------- d-----w- c:\program files\DScaler5

2009-07-29 21:53 . 2009-07-29 21:53 -------- d-----w- c:\program files\OpenSource Flash Video Splitter

2009-07-29 21:52 . 2009-07-29 21:52 -------- d-----w- c:\program files\RealMedia

2009-07-29 21:52 . 2009-07-29 21:52 -------- d-----w- c:\program files\SHOUTcast Source

2009-07-29 21:52 . 2009-07-29 21:52 -------- d-----w- c:\program files\Haali

2009-07-29 21:52 . 2009-07-29 21:52 -------- d-----w- c:\program files\DSP-worx

2009-07-29 21:52 . 2008-12-11 10:26 60273 ----a-w- c:\windows\system32\pthreadGC2.dll

2009-07-29 21:52 . 2009-07-29 21:52 -------- d-----w- c:\program files\DirectVobSub

2009-07-29 21:50 . 2009-07-29 21:57 -------- d-----w- c:\program files\Zoom Player

2009-07-29 21:00 . 2009-07-29 21:00 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Application Data\RadLight Company

2009-07-29 21:00 . 2009-07-29 21:00 -------- d-----w- c:\program files\RadLight Company

2009-07-29 13:38 . 2009-07-29 13:38 -------- d-----w- c:\program files\Microsoft ActiveSync

2009-07-29 13:34 . 2009-07-29 16:50 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\Adobe

2009-07-29 09:25 . 2009-07-29 09:25 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.002\IETldCache

2009-07-29 05:44 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-07-29 05:44 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-07-28 13:44 . 2009-07-28 13:44 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.002\Local Settings\Application Data\Google

2009-07-28 13:39 . 2009-07-28 13:49 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\Temp

2009-07-28 13:39 . 2009-07-31 13:44 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\Google

2009-07-28 13:39 . 2009-07-31 18:54 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.002\Local Settings\Application Data\Google

2009-07-28 13:39 . 2009-07-28 13:39 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\Temp

2009-07-28 11:37 . 2009-07-28 11:37 -------- d-----w- c:\program files\ImageShack Corp

2009-07-28 10:55 . 2009-07-28 11:00 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Application Data\FileZilla

2009-07-28 10:55 . 2009-07-28 10:55 -------- d-----w- c:\program files\FileZilla FTP Client

2009-07-28 09:46 . 2009-07-28 09:46 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Application Data\Media Player Classic

2009-07-28 07:46 . 2009-07-28 07:46 143 ----a-w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\fusioncache.dat

2009-07-28 07:46 . 2009-07-28 07:47 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\ApplicationHistory

2009-07-26 21:31 . 2009-07-26 21:31 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\Criterion Games

2009-07-26 20:55 . 2009-07-26 20:55 -------- d-----w- C:\TEXCACHE

2009-07-26 20:55 . 2009-07-26 20:55 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\TYPHOON

2009-07-26 10:50 . 2009-07-26 10:50 -------- d-----w- c:\windows\system32\URTTEMP

2009-07-26 09:48 . 2009-07-26 09:48 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\CometNetwork

2009-07-26 09:48 . 2009-07-26 09:48 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\CometNetwork

2009-07-26 08:49 . 2009-07-26 08:49 -------- d-----w- c:\program files\SA Dictionary 2008 Beta 4

2009-07-26 08:49 . 2009-07-26 08:49 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\Downloaded Installations

2009-07-26 08:47 . 2009-07-26 08:48 -------- d-----w- c:\program files\AEDiction

2009-07-26 08:40 . 2009-07-26 08:40 -------- d-sh--w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\IETldCache

2009-07-26 08:27 . 2009-07-26 08:28 -------- d-----w- c:\program files\Koral English Dictionary

2009-07-26 06:48 . 2009-07-26 06:48 -------- d-sh--w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\IETldCache

2009-07-26 06:40 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-07-26 06:40 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-07-26 06:40 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-07-26 06:40 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-26 06:40 . 2009-07-19 15:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-07-25 21:12 . 2009-07-31 11:01 18968 ----a-w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-25 21:12 . 2009-07-25 21:17 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Local Settings\Application Data\Cyberlink

2009-07-25 21:05 . 2009-07-25 21:05 -------- d-----w- c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\CyberLink

2009-07-25 21:04 . 2009-07-25 21:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\CyberLink

2009-07-25 21:04 . 2009-07-25 21:04 -------- d-----w- c:\program files\Common Files\CyberLink

2009-07-25 21:03 . 2009-07-25 21:04 -------- d-----w- c:\program files\CyberLink

2009-07-25 21:03 . 2009-07-25 21:03 29480 ----a-w- c:\windows\system32\msxml3a.dll

2009-07-25 21:03 . 2009-07-31 19:01 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Temp

2009-07-25 08:03 . 2009-07-25 08:03 -------- d-----w- d:\documents and settings\Default User\Local Settings\Application Data\Microsoft

2009-07-24 10:04 . 2009-07-24 10:04 -------- d-----w- c:\program files\Windows Media Connect 2

2009-07-24 08:30 . 2009-07-24 08:30 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\BC

2009-07-24 08:30 . 2009-07-24 08:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\BC

2009-07-24 08:27 . 2009-07-24 08:27 418480 ----a-w- c:\windows\system32\wrap_oal.dll

2009-07-24 08:27 . 2009-07-24 08:27 115432 ----a-w- c:\windows\system32\OpenAL32.dll

2009-07-24 08:27 . 2009-07-24 08:27 -------- d-----w- c:\program files\OpenAL

2009-07-24 07:00 . 2009-08-02 19:01 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\Halite

2009-07-24 07:00 . 2009-07-24 07:00 -------- d-----w- c:\program files\Halite

2009-07-24 06:36 . 2009-07-24 06:36 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\Targem

2009-07-24 06:16 . 2009-07-24 06:16 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Local Settings\Application Data\CometNetwork

2009-07-24 06:16 . 2009-07-24 06:16 -------- d-----w- c:\documents and settings\BORE.GA-M52L-S3P-AMD\Application Data\CometNetwork

2009-07-24 06:15 . 2009-07-24 06:15 -------- d-----w- C:\Downloads

2009-07-24 05:18 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-07-24 05:18 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2009-07-24 05:17 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-02 22:53 . 2009-08-02 17:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-08-02 17:23 . 2009-08-02 17:23 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com

2009-07-31 21:42 . 2009-07-31 21:42 115202 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat

2009-07-31 21:42 . 2009-07-22 14:10 86627 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-07-31 08:22 . 2003-03-18 17:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2009-07-22 14:28 . 2009-07-22 14:28 -------- d-----w- c:\program files\Vtune

2009-07-22 14:22 . 2009-07-22 14:22 -------- d-----w- c:\program files\AMD

2009-07-03 17:09 . 2008-04-14 02:42 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-16 14:36 . 2008-04-14 02:42 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:36 . 2008-04-14 02:41 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-03 19:09 . 2008-04-14 02:42 1291264 ----a-w- c:\windows\system32\quartz.dll

2009-05-22 23:08 . 2009-05-22 23:08 29696 ----a-w- c:\windows\system32\drivers\VClone.sys

2009-05-07 15:32 . 2008-04-14 02:41 345600 ----a-w- c:\windows\system32\localspl.dll

2009-07-15 20:30 . 2009-07-22 15:21 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-12-09 15:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

2009-07-31 09:35 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-31 2215960]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-31 2215960]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13672448]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 86016]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-27 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-07 75048]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-31 198160]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-12-09 18063872]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-03 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\BORE.GA-M52L-S3P-AMD\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-23 576000]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\GAMES\\ACTIVISION\\CALL.of.DUTY.5.WORLD.at.WAR\\CoDWaW.exe"=

"c:\\GAMES\\BLIZZARD\\WARCRAFT III\\Warcraft III.exe"=

"c:\\GAMES\\CODEMASTERS\\DAMNATION\\Binaries\\DamnGame.exe"=

"c:\\GAMES\\UBISOFT\\GEARBOX SOFTWARE\\BROTHERS.IN.ARMS.HELL's.HIGHWAY\\Binaries\\biahh.exe"=

"c:\\GAMES\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=

"c:\\GAMES\\_SETUP_\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TestDriveUnlimited.exe"=

"c:\\Program Files\\BitComet\\BitComet.exe"=

"c:\\Program Files\\Halite\\Halite.exe"=

"c:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=

"c:\\WINDOWS\\trlrm\\RMHSvc.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9638:TCP"= 9638:TCP:BitComet 9638 TCP

"9638:UDP"= 9638:UDP:BitComet 9638 UDP

R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [02.08.2009 15:29 18816]

R1 trlkprot;Trlokom Application scan driver;c:\windows\system32\drivers\trlkprot.sys [31.07.2009 22:31 186880]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/26 00:04];c:\program files\CyberLink\PowerDVD9\000.fcl [07.05.2009 21:05 87536]

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [30.07.2009 23:03 234888]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.07.2009 16:39 133104]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]

S3 rkhdrv40;Rootkit Unhooker Driver; [x]

S3 XRJJYQ;XRJJYQ;c:\docume~1\IRINA~1.GA-\LOCALS~1\Temp\XRJJYQ.exe --> c:\docume~1\IRINA~1.GA-\LOCALS~1\Temp\XRJJYQ.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 13:38]

2009-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 13:38]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559

IE: Crawler Search - tbr:iemenu

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll

FF - ProfilePath - c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\Mozilla\Firefox\Profiles\bs7w2vim.default\

FF - component: c:\documents and settings\IRINA.GA-M52L-S3P-AMD\Application Data\Mozilla\Firefox\Profiles\bs7w2vim.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-03 02:15

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\6.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3032)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\rundll32.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\trlrm\RMHSvc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2009-08-02 2:17 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-02 23:17

Pre-Run: 516 033 355 776 bytes free

Post-Run: 516 004 990 976 bytes free

324 --- E O F --- 2009-08-01 21:25

B-boy/StyLe/ · Август 3, 2009

Здравей, логът изглежда сравнително добре, но имаш тонова "боклуци".

Отвори Control Panel => Add or remove programs и деинсталирай (ако присъстват разбира се).

*Webroot SpySweeper

*Spyware Terminator

*Spywall Antispyware

*Lavasoft Ad-Aware

*Crawler Toolbar

*Ask Toolbar

*BS Player Toolbar

*Sophos Anti-rootkit

*Rootkit Unhooker

Защо са ти толкова много плеъри и речници ?

Прати за анализ този файл до VirusTotal

c:\windows\system32\pthreadGC2.dll

Постни резултатите в следващия си коментар.

Отвори Notepad и чрез copy/paste въведи:

KILLALL::

Driver::
ASKUpgrade
rkhdrv40
XRJJYQ
SAVRKBootTasks
MEMSWEEP2

File::
c:\windows\system32\SAVRKBootTasks.sys
c:\windows\sued.dat
c:\docume~1\IRINA~1.GA-\LOCALS~1\Temp\XRJJYQ.exe
c:\windows\system32\6.tmp

Folder::
c:\program files\AskBarDis
c:\program files\Sophos
c:\documents and settings\BORE.GA-M52L-S3P-AMD\Application Data\Spyware Terminator
c:\program files\Webroot
c:\program files\SpyWall
c:\program files\Crawler
c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft

DirLook::
c:\program files\nvideo-tech

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=-
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

DDS::
IE: Crawler Search -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559

Запази файла с име CFScript и го провали чрез drag/drop в Combofix.

http://img522.imageshack.us/img522/482/cfscriptyr1.gif

Това ще стартира Combofix още веднъж за да извърши зададените команди.

След рестарта на компютъра ще се създаде нов лог файл.

Копирай съдържанието му в следващия си пост.

Обнови дефинициите и направи нова пълна проверка с Авира.

Публикувай лог файла в следващия си файл.

За финал изтегли SECUNIA Personal Inspector. Инсталирай програмата и направи проверка за остарял и уязвим софтуер.

По възможност актуализирай използваните от теб програми.

Поздрави !

Антивирусните програми - дискусии, мнения и съвети

Препоръчан пост

Link to comment

Сподели другаде

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Link to comment

Сподели другаде

Join the conversation