lubbocom Публикувано Август 9, 2008 Report Share Публикувано Август 9, 2008 Мерси много за помощта! Сега ще инсталирам и ще чистя!Доскоро! Цитирай Link to comment Сподели другаде More sharing options...
Behchet Публикувано Ноември 29, 2008 Report Share Публикувано Ноември 29, 2008 Имам същия проблем и от 6 часа се мъча да го махна :(Значи пробвах с много програми... вече просто не знам какво да правя... Моля ви се, някой да ми помогне. Ето и логовете:MBAMMalwarebytes' Anti-Malware 1.30Database version: 1434Windows 5.1.2600 Service Pack 2 29.11.2008 г. 21:33:23mbam-log-2008-11-29 (21-33-23).txt Scan type: Full Scan (C:\|D:\|E:\|)Objects scanned: 131443Time elapsed: 1 hour(s), 50 minute(s), 39 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 8 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{8dfe3882-5474-4010-bf17-544d1d390117} (Rogue.PestPatrol) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{fef72f04-58f1-433f-8b51-4c6e85b4605b} (Rogue.PestPatrol) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected:(No malicious items detected) Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:C:\Documents and Settings\Administrator\Favorites\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Favorites\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Favorites\Cheap Pharmacy Online.url (Rogue.Link) -> Quarantined and deleted successfully.C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Favorites\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully. HijackthisLogfile of HijackThis v1.99.1Scan saved at 23:33:51, on 29.11.2008 г.Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Administrator\Desktop\alabala.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bg/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://quicktimepro.apple.com/?country=BG&...ersion=07038000R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO1 - Hosts: 212.214.41.186 test.managerzone.comO1 - Hosts: 212.214.41.186 test.managerzone.comO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dllO2 - BHO: Almsms - {E9B5BA28-C732-49DC-94CE-9079F7F75F4E} - C:\WINDOWS\system32\avt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startupO4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /SO4 - Global Startup: FlexType 2K.lnk = C:\WINDOWS\Datecs\Flex2K.exeO4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htmO8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htmO9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exeO9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://212.214.41.186/applet/PowerLoader.cabO16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dllO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{3FA25DDE-6572-4A8A-8091-DA0F655B1122}: NameServer = 83.222.161.130,83.222.161.131O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe FixIEDefCreated at 23:04:00 on Saturday, November 29, 2008 Time Zone : (GMT+02:00) Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius Logged On User : Administrator Operating System : Microsoft Windows XP Professional Service Pack 2OS Version : 5.1.2600System Langauge : English (United States)Keyboard Layout : English (United States)Processor : X86 Intel® Pentium® 4 CPU 1.60GHz System Drive : C:\Windows Directory : C:\WINDOWSSystem Directory : C:\WINDOWS\system32 System Drive Type : FixedSystem Drive Status : READYSystem Drive Label : WarningSystem Drive Size : 12 GBSystem Drive Free : 1.59 GB Total Physical Memory: 511 MBFree Physical Memory : 257 MBTotal Page File : 511 MBFree Page File : 814 MBTotal Virtual Memory : 2048 MBFree Virtual Memory : 1971 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! userinit.exe is Clean !!! -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\WINDOWS\system32\drv2.dllC:\WINDOWS\system32\drv1.dllC:\WINDOWS\system32\drvc.dllC:\WINDOWS\system32\tmp.regC:\WINDOWS\system32\tmp.txt -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! HKEY_CURRENT_USER\SOFTWARE\Microsoft\bind "comment2" ================================================================================ All Done ShadowPuterDude Safe Surfing!!!mbam_log.txt Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Ноември 29, 2008 Report Share Публикувано Ноември 29, 2008 Постави отметки на следните обекти и удари Fix checked:O1 - Hosts: 212.214.41.186 test.managerzone.comO1 - Hosts: 212.214.41.186 test.managerzone.comO2 - BHO: Almsms - {E9B5BA28-C732-49DC-94CE-9079F7F75F4E} - C:\WINDOWS\system32\avt.dllO16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://212.214.41.186/applet/PowerLoader.cabO16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dllO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabИначе можеш да сканираш и със SUPERAntiSpyware Free.Към това бих прибавил и ComboFix:1) изтегли и стартирай;2) изчакваш да се разархивира и потвърждаваш с Yes на двата прозореца;3) изчакваш да приключи цялото сканиране и не кликаш по прозореца;4) след като приключи всичко програмата ще се самозатвори и ще се създаде доклад (C:\ComboFix.txt);5) рестартирай компютъра. Цитирай Link to comment Сподели другаде More sharing options...
Behchet Публикувано Ноември 30, 2008 Report Share Публикувано Ноември 30, 2008 Значи... сканирах със SUPERAntiSpyware... нищо не намериПосле пуснах ComboFixРестартирах компа и пак се появява... Ето лога:ComboFix.txt Цитирай Link to comment Сподели другаде More sharing options...
Behchet Публикувано Ноември 30, 2008 Report Share Публикувано Ноември 30, 2008 Оправи се tnx Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.