MeGa Публикувано Февруари 15, 2009 Report Share Публикувано Февруари 15, 2009 Вчера форматирах C-то и сложих Windows-a наново заради тоя вирусq, сега пак се появява.Антивирусната естествено не може да го махне. Днес бяха се натрупали около 30 съобщения от антивирусната за вирус ,като тези на снимките, които съм качил само че на всяко съобщение пишеше различно.Мисля че проблемът идва от windows system32 drivers etc hosts защото до колкото съм забелязал това е единствената директория, която показва като съобщение за вирус.Иначе пак ще го преинсталирам този път целя, но ме съмняват някои програмки като java и мисля, че пак може да хване вирус така, че реших да пиша първо тук.Ако някой мисли, че може да помогне да пише. Цитирай Link to comment Сподели другаде More sharing options...
Nicky Публикувано Февруари 15, 2009 Report Share Публикувано Февруари 15, 2009 Пусни LOG файлове на HijackThis и Autoruns, за да видим дали няма някои нередности. Изтегли http://www.softvisia.com/users/Night_Raven...his/alabala.exe (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно. Изтегли http://www.softvisia.com/download.php?view.400, след това стартирай програмата и направи следното: 1) избери Options -> Hide Microsoft Entries; 2) кликни File -> Refresh; 3) кликни File -> Save as; 4) запази файла някъде и след това го прикачи към темата или му копирай съдържанието. Цитирай Link to comment Сподели другаде More sharing options...
sotkata Публикувано Февруари 15, 2009 Report Share Публикувано Февруари 15, 2009 Няма да е лошо да си обновиш софтуера гледам че имаш стара версия на НОД32 ИЕ. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 15, 2009 Report Share Публикувано Февруари 15, 2009 Като за начало бих препоръчал да спреш за малко NOD32 (дори да го замениш с някоя по-съвременна антивирусна) и да сканираш със SUPERAntiSpyware Free и Malwarebytes' Anti-Malware. Логовете от HijackThis и Autoruns също биха били полезни. Цитирай Link to comment Сподели другаде More sharing options...
MeGa Публикувано Февруари 15, 2009 Author Report Share Публикувано Февруари 15, 2009 Антивирусната е за смяна но преди да преинсталирам windows-a бях с по- нова антивирусна и не помогна. oт HijackThis Logfile of HijackThis v1.99.1Scan saved at 00:05:20, on 16.2.2009 г.Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Ivaylo\Desktop\alabala.exe O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [intel Physical Address Aventis 1.3] C:\WINDOWS\wciactrl.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{8A9E6D15-0F0D-455D-93EA-59BC712BC3CB}: NameServer = 195.24.90.1 195.24.88.1O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe от Autoruns HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll+ SunJavaUpdateSched Java Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jusched.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run + Intel Physical Address Aventis 1.3 c:\windows\wciactrl.exe+ SUPERAntiSpyware SUPERAntiSpyware Application SUPERAntiSpyware.com c:\program files\superantispyware\superantispyware.exeHKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:HomeHKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + n/a c:\windows\wciactrl.exeHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + SABShellExecuteHook Class ShellExecuteHook SuperAdBlocker.com c:\program files\superantispyware\sasseh.dllHKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll+ Trojan Remover Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers + MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dllHKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Shellex\DragDropHandlers + WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Folder\Shellex\ColumnHandlers + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dllHKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dll+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll+ Trojan Remover Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers + 00nView NVIDIA Desktop Explorer, Version 111.75 NVIDIA Corporation c:\windows\system32\nvshell.dll+ NvCplDesktopContext NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Desktop Explorer NVIDIA Desktop Explorer, Version 111.75 NVIDIA Corporation c:\windows\system32\nvshell.dll+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 111.75 NVIDIA Corporation c:\windows\system32\nvshell.dll+ Display Panning CPL Extension File not found: deskpan.dll+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 111.75 NVIDIA Corporation c:\windows\system32\nvshell.dll+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll+ Trojan Remover Shell Extension Trojan Remover Shell Extension Simply Super Software c:\program files\trojan remover\trshlex.dll+ WinRAR shell extension c:\program files\winrar\rarext.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + Java Plug-In 2 SSV Helper Java Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\jp2ssv.dll+ Java Plug-In SSV Helper Java Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre6\bin\ssv.dll+ JQSIEStartDetectorImpl Class Java Quick Starter binary Sun Microsystems, Inc. c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllHKLM\System\CurrentControlSet\Services + JavaQuickStarterService Prefetches JRE files for faster startup of Java applets and applications Sun Microsystems, Inc. c:\program files\java\jre6\bin\jqs.exe+ NOD32krn NOD32 Kernel Service Eset c:\program files\eset\nod32krn.exe+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exeHKLM\System\CurrentControlSet\Services + ALCXSENS Sensaura WDM 3D Audio Driver Sensaura Ltd c:\windows\system32\drivers\alcxsens.sys+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys+ AMON Amon monitor Eset c:\windows\system32\drivers\amon.sys+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys+ E100B Intel® PRO/100 Adapter NDIS 5.1 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys+ nod32drv c:\windows\system32\drivers\nod32drv.sys+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.19 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys+ SASDIFSV SASDIFSV.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasdifsv.sys+ SASENUM SASENUM.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasenum.sys+ SASKUTIL SASKUTIL.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\saskutil.sys+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sysHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + !SASWinLogon SUPERAntiSpyware WinLogon Processor SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dllHKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries + 000000000001 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000002 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000003 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000004 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000005 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll+ 000000000011 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll от Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware 1.34Database version: 1763Windows 5.1.2600 Service Pack 2 16.2.2009 г. 00:01:47mbam-log-2009-02-16 (00-01-44).txt Scan type: Quick ScanObjects scanned: 55605Time elapsed: 1 minute(s), 48 second(s) Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:(No malicious items detected) Registry Values Infected:(No malicious items detected) Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken. Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected) тази грешка винаги я дава я намира и аз винаги и давам remove SUPERAntiSpyware Free не намира нищо. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 15, 2009 Report Share Публикувано Февруари 15, 2009 Не виждам нищо опасно в логовете. Сигурен ли, че ги копираш 1:1? Антивирусната обновена ли е? Какво е съдържанието на файла hosts? Цитирай Link to comment Сподели другаде More sharing options...
MeGa Публикувано Февруари 16, 2009 Author Report Share Публикувано Февруари 16, 2009 Логовете са 1:1 ,но преди бях fix-нал целия лог от hijackthis,в файла hosts няма нищо.С по-стар Nod 32 сам Version of signatures: 3853(20090214), като му дам update пише ,че е последна версия и не му е нужен .Виж какво показва trojan remover.Като го премахна на следващoто сканиране пак се появява. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 16, 2009 Report Share Публикувано Февруари 16, 2009 Логовете са 1:1 ,но преди бях fix-нал целия лог от hijackthis,Кога е това "преди"? Искаш да кажеш, че си поставил отметки на всичките обекти и си кликнал Fix checked? Цитирай Link to comment Сподели другаде More sharing options...
MeGa Публикувано Февруари 16, 2009 Author Report Share Публикувано Февруари 16, 2009 Като се появи вируса отметнах сички и им дадох Fix checked. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 16, 2009 Report Share Публикувано Февруари 16, 2009 Що за глупост си направил. Занапред не използвай HijackThis без инструкции от човек, който е наясно с програмата. Цитирай Link to comment Сподели другаде More sharing options...
MeGa Публикувано Февруари 16, 2009 Author Report Share Публикувано Февруари 16, 2009 ами като гледам няма никаква промяна след като ги fix-нах, то без това като гледам е безнадежден случай сега сам изключил антивирусната и всичко си върви добре, като почне да запича преинстал и готово Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 16, 2009 Report Share Публикувано Февруари 16, 2009 Изтегли GMER. Разархивирай и стартирай програмата. Тя ще направи начално сканиране за секунди. След като то приключи НЕ кликай бутон Scan, а кликни бутон Copy и после пейстни съдържанието тук (Ctrl+V). Цитирай Link to comment Сподели другаде More sharing options...
MeGa Публикувано Февруари 16, 2009 Author Report Share Публикувано Февруари 16, 2009 GMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2009-02-16 22:40:04Windows 5.1.2600 Service Pack 2 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset ) ---- EOF - GMER 1.0.14 ---- Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Февруари 16, 2009 Report Share Публикувано Февруари 16, 2009 Дявол да го вземе, логовете изглеждат чисти. Или антивирусната има някакъв проблем, или има някакъв друг, по-сериозен проблем. Изтегли ComboFix и го запази на десктопа. Спри всички ненужни програми. Меню Start -> Run -> напиши/пейстни следния текст:"%userprofile%\desktop\combofix.exe" /killallПотвърди с Yes на прозорците, които се появяват. Изчакай да сканира докрай и не закачай прозореца.. По всяка вероятност ще поиска рестарт, на което се съгласи. След това пейстни съдържанието на текстовия файл C:\ComboFix.txt тук или прикачи файла към коментара си. Цитирай Link to comment Сподели другаде More sharing options...
MeGa Публикувано Февруари 17, 2009 Author Report Share Публикувано Февруари 17, 2009 ComboFix 09-02-15.01 - Ivaylo 2009-02-17 15:53:38.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.511.295 [GMT 2:00]Running from: c:\documents and settings\Ivaylo\desktop\combofix.exeCommand switches used :: /killallAV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))). c:\windows\system32\404Fix.exec:\windows\system32\Agent.OMZ.Fix.exec:\windows\system32\ammppg.dllc:\windows\system32\dumphive.exec:\windows\system32\IEDFix.C.exec:\windows\system32\IEDFix.exec:\windows\system32\o4Patch.exec:\windows\system32\Process.exec:\windows\system32\SrchSTS.exec:\windows\system32\tmp.regc:\windows\system32\VACFix.exec:\windows\system32\VCCLSID.exec:\windows\system32\WS2Fix.exe .((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))). -------\Legacy_SYSDRV32 ((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 ))))))))))))))))))))))))))))))). 2009-02-16 22:45 . 2009-02-16 22:45 65,664 --a------ c:\windows\system32\81.scr2009-02-16 22:39 . 2009-02-16 22:40 250 --a------ c:\windows\gmer.ini2009-02-16 21:51 . 2009-02-16 21:51 65,664 --a------ c:\windows\system32\80.scr2009-02-16 20:34 . 2009-02-17 15:52 3 --a------ c:\windows\switch.inf2009-02-16 17:53 . 2009-02-16 17:53 65,664 --a------ c:\windows\system32\15.scr2009-02-16 17:21 . 2009-02-16 17:21 65,664 --a------ c:\windows\system32\32.scr2009-02-15 23:45 . 2009-02-15 23:45 <DIR> d-------- c:\program files\SUPERAntiSpyware2009-02-15 23:45 . 2009-02-15 23:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard2009-02-15 23:45 . 2009-02-15 23:45 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\SUPERAntiSpyware.com2009-02-15 23:45 . 2009-02-15 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2009-02-15 21:25 . 2009-02-15 21:25 65,664 --a------ c:\windows\system32\66.scr2009-02-15 20:45 . 2009-02-15 20:45 464,896 -r-hs---- c:\windows\wciactrl.exe2009-02-15 20:45 . 2009-02-15 20:45 65,664 --a------ c:\windows\system32\12.scr2009-02-15 19:19 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix2009-02-15 19:13 . 2009-02-15 19:13 410,984 --a------ c:\windows\system32\deploytk.dll2009-02-15 19:13 . 2009-02-15 19:13 73,728 --a------ c:\windows\system32\javacpl.cpl2009-02-15 18:31 . 2009-02-15 18:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2009-02-15 18:31 . 2009-02-15 18:31 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\Malwarebytes2009-02-15 18:31 . 2009-02-15 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes2009-02-15 18:31 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys2009-02-15 18:31 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys2009-02-15 18:08 . 2009-02-15 18:08 <DIR> d-------- c:\program files\CCleaner2009-02-15 17:37 . 2009-02-15 17:37 <DIR> d-------- c:\program files\Trend Micro2009-02-15 17:14 . 2009-02-15 17:14 65,664 --a------ c:\windows\system32\62.scr2009-02-15 16:27 . 2009-02-15 16:27 65,664 --a------ c:\windows\system32\01.scr2009-02-15 16:21 . 2009-02-15 16:21 65,664 --a------ c:\windows\system32\31.scr2009-02-14 22:10 . 2009-02-16 15:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP2009-02-14 22:09 . 2009-02-14 22:10 <DIR> d-------- c:\program files\Trojan Remover2009-02-14 22:09 . 2009-02-14 22:09 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\Simply Super Software2009-02-14 22:09 . 2009-02-14 22:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software2009-02-14 22:09 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll2009-02-14 22:09 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll2009-02-14 22:09 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll2009-02-14 22:09 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll2009-02-14 22:09 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll2009-02-14 22:07 . 2009-02-15 19:22 464,896 -rahs---- c:\windows\wciactrl.exe.vir2009-02-14 22:07 . 2009-02-14 22:07 162,304 -r-hs---- c:\windows\system32\txsocm32.dll2009-02-14 22:07 . 2009-02-14 22:07 39,936 -r-hs---- c:\windows\system32\frnscli32.dll2009-02-14 22:06 . 2009-02-14 22:06 65,664 --a------ c:\windows\system32\84.scr2009-02-14 13:35 . 2009-02-14 13:35 26,624 --a------ c:\windows\system32\06.scr2009-02-14 13:34 . 2009-02-14 13:34 <DIR> d-------- c:\program files\Webteh2009-02-14 13:34 . 2009-02-14 13:35 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\BSplayer Pro2009-02-14 12:52 . 2009-02-14 12:52 26,624 --a------ c:\windows\system32\41.scr2009-02-13 23:05 . 2009-02-13 23:05 <DIR> d-------- c:\windows\system32\Lang2009-02-13 23:05 . 2009-02-13 23:05 146,650 --a------ c:\windows\system32\BuzzingBee.wav2009-02-13 23:05 . 2009-02-13 23:05 125,690 --a------ c:\windows\system32\LoopyMusic.wav2009-02-13 22:39 . 2009-02-13 22:39 26,624 --a------ c:\windows\system32\38.scr2009-02-13 21:50 . 2009-02-13 21:50 26,624 --a------ c:\windows\system32\68.scr2009-02-13 21:15 . 2009-02-16 16:38 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\uTorrent2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\program files\foobar20002009-02-13 20:54 . 2009-02-16 17:04 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\foobar20002009-02-13 20:46 . 2009-02-13 20:46 <DIR> d-------- c:\windows\nview2009-02-13 20:46 . 2008-05-16 14:01 446,464 --a------ c:\windows\system32\nvudisp.exe2009-02-13 20:46 . 2009-02-17 15:56 186,097 --a------ c:\windows\system32\nvapps.xml2009-02-13 20:46 . 2008-05-16 14:01 18,070 --a------ c:\windows\system32\nvdisp.nvu2009-02-13 20:45 . 2009-02-13 20:45 <DIR> d-------- C:\NVIDIA2009-02-13 20:45 . 2008-05-16 11:48 446,464 --a------ c:\windows\system32\NVUNINST.EXE2009-02-13 20:43 . 2009-02-13 20:43 <DIR> d-------- c:\program files\Common Files\Skype2009-02-13 20:34 . 2009-02-13 20:34 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12009-02-13 20:30 . 2009-02-13 20:30 <DIR> d-------- c:\program files\Common Files\Adobe AIR2009-02-13 20:30 . 2009-02-13 20:30 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\vlc2009-02-13 20:29 . 2009-02-13 20:30 <DIR> d-------- c:\program files\Common Files\Adobe2009-02-13 20:28 . 2009-02-13 20:28 <DIR> d-------- c:\program files\VideoLAN2009-02-13 20:16 . 2004-08-04 01:56 221,184 --a------ c:\windows\system32\wmpns.dll2009-02-13 20:13 . 2009-02-13 20:13 <DIR> d-------- c:\windows\system32\LogFiles2009-02-13 20:13 . 2009-02-13 20:14 <DIR> d-------- c:\windows\system32\drivers\UMDF2009-02-13 20:13 . 2006-09-25 17:58 23,856 --a------ c:\windows\system32\spupdsvc.exe2009-02-13 20:07 . 2009-02-13 20:07 <DIR> d-------- c:\windows\Sun2009-02-13 20:02 . 2009-02-13 20:42 <DIR> d-------- c:\program files\NOS2009-02-13 20:02 . 2009-02-13 20:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS2009-02-13 19:54 . 2009-02-17 15:42 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\skypePM2009-02-13 19:54 . 2009-02-13 19:54 56 --ah----- c:\windows\system32\ezsidmv.dat2009-02-13 19:53 . 2009-02-17 15:43 <DIR> d-------- c:\documents and settings\Ivaylo\Application Data\Skype2009-02-13 19:52 . 2009-02-13 20:43 <DIR> dr------- c:\program files\Skype2009-02-13 19:52 . 2009-02-13 20:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype2009-02-13 19:45 . 2009-02-13 19:45 0 --a------ c:\windows\nsreg.dat2009-02-13 19:03 . 2001-08-17 15:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys2009-02-13 19:02 . 2008-05-16 14:01 6,557,408 --a------ c:\windows\system32\drivers\nv4_mini.sys2009-02-13 19:02 . 2008-05-16 14:01 6,557,408 --a--c--- c:\windows\system32\dllcache\nv4_mini.sys2009-02-13 19:02 . 2008-05-16 14:01 6,108,928 --a------ c:\windows\system32\nv4_disp.dll2009-02-13 19:02 . 2003-03-04 05:56 145,408 -ra------ c:\windows\system32\drivers\e100b325.sys2009-02-13 19:02 . 2003-03-04 05:56 145,408 --a--c--- c:\windows\system32\dllcache\e100b325.sys2009-02-13 19:02 . 2004-08-04 00:59 57,472 --a------ c:\windows\system32\drivers\redbook.sys2009-02-13 19:02 . 2004-08-04 00:31 20,992 --a------ c:\windows\system32\drivers\RTL8139.sys2009-02-13 19:02 . 2004-08-04 01:08 10,624 --a------ c:\windows\system32\drivers\gameenum.sys2009-02-13 19:01 . 2004-08-04 02:56 74,240 --a------ c:\windows\system32\usbui.dll2009-02-13 19:01 . 2004-08-04 01:07 42,368 --a------ c:\windows\system32\drivers\AGP440.SYS2009-02-13 19:01 . 2004-08-04 00:59 5,504 --a------ c:\windows\system32\drivers\intelide.sys2009-02-13 19:00 . 2009-02-13 17:12 <DIR> dr------- c:\documents and settings\All Users\Documents .(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-15 17:13 --------- d-----w c:\program files\Java2009-02-15 16:37 --------- d-----w c:\program files\ESET2009-02-13 18:15 --------- d-----w c:\program files\Windows Media Connect 22009-02-13 18:13 --------- d-----w c:\program files\Common Files\InstallShield2009-02-13 16:48 --------- d-----w c:\program files\K-Lite Codec Pack2009-02-13 16:47 --------- d-----w c:\program files\Gaberoff Koral2009-02-13 16:39 --------- d-----w c:\program files\SA Dictionary 2005 T22009-02-13 16:27 --------- d-----w c:\program files\AnMing2009-02-13 16:24 --------- d-----w c:\program files\SkyCode2009-02-13 16:22 --------- d-----w c:\program files\Common Files\Java2009-02-13 16:19 --------- d-----w c:\program files\Microsoft ActiveSync2009-02-13 16:16 --------- d--h--w c:\program files\InstallShield Installation Information2009-02-13 16:16 --------- d-----w c:\program files\A4-Tech2009-02-13 16:16 --------- d-----w c:\documents and settings\Ivaylo\Application Data\InstallShield2009-02-13 15:58 --------- d-----w c:\program files\Realtek Sound Manager2009-02-13 15:58 --------- d-----w c:\program files\AvRack2009-02-13 15:54 512,096 ----a-w c:\windows\system32\drivers\amon.sys2009-02-13 15:54 299,392 ----a-w c:\windows\system32\imon.dll2009-02-13 15:54 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys2009-02-13 15:17 --------- d-----w c:\program files\microsoft frontpage. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Intel Physical Address Aventis 1.3"="c:\windows\wciactrl.exe" [2009-02-15 464896]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-15 136600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Intel Physical Address Aventis 1.3"="c:\windows\wciactrl.exe" [2009-02-15 464896] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="d:\\Games\\cs\\59579088499187464721.exe"="d:\\µTorrent\\uTorrent.exe"="d:\\Games\\cs\\88479782745917389057.exe"="c:\\WINDOWS\\System32\\68.scr"="c:\\WINDOWS\\System32\\38.scr"="c:\\WINDOWS\\System32\\41.scr"="c:\\WINDOWS\\System32\\06.scr"="d:\\Games\\cs\\80250369886764936677.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-13 15424]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Intel Physical Address Aventis 1.3]c:\windows\wciactrl.exe.- - - - ORPHANS REMOVED - - - - SafeBoot-WindowsTelephony .------- Supplementary Scan -------.LSP: c:\windows\system32\imon.dllFF - ProfilePath - c:\documents and settings\Ivaylo\Application Data\Mozilla\Firefox\Profiles\s2jq9cda.default\FF - prefs.js: browser.startup.homepage - free.haskovo.net. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-17 15:56:10Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.--------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688)c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'lsass.exe'(744)c:\windows\system32\imon.dll.------------------------ Other Running Processes ------------------------.c:\program files\Java\jre6\bin\jqs.exec:\program files\ESET\nod32krn.exec:\windows\system32\nvsvc32.exec:\windows\system32\wscntfy.exec:\program files\Mozilla Firefox\firefox.exe.**************************************************************************.Completion time: 2009-02-17 15:57:08 - machine was rebootedComboFix-quarantined-files.txt 2009-02-17 13:57:05 Pre-Run: 15 548 014 592 bytes freePost-Run: 15,517,364,224 bytes free 220 всяко съобщение за вирус от nod 32 завършва накрая с hosts Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.