Въпрос за Trojan.FakeAlert, открит от Malwarebytes' Anti-Malware

[mihnev_sz]

Най накря успях да го изтегля Dr.WEB CureIt! 5.00.0 ,но не от линка кото си ми дал ,а от Dimisoft.

Изпълних инструкциите и ето шот след сканиране (нищо не откри):

Ако има още нещо да се прави казвайте!!!

Ти май си направил "бързо" сканиране,сложи отметка на "пълно"сканиране с DR.Web

При "бързото" сканиране,сканира само стартиращите се файлове и процеси .

 

П.с. М/у другото току що видях новия лог,въпросното Fake.Alert което е rogue приложение и от OIB.EXE,няма остатъци,фикса от HijackThis,определено до-разчистил и е свършил работа!

С това мисля,че проблема вече е решен.

Но за всеки случай направи и пълно сканиране с антивирусната и с доктора.

[plamen74.72]

Dr.WEB CureIt! 5.00.0 още сканира и не е стигнал даже и до половината ,но показа че тези два файла съдържат инфектирани обекти:

http://i39.tinypic.com/qq23hz.png

 

Трябва ли въобще да ги има в тази папка -> C:\Documents and Settings\Пламен\Application Data\Downloaded Installations\{9B5DAF0D-F5A3-4739-AA18-DCBF4CBC873F} ???

[mihnev_sz]

Dr.WEB CureIt! 5.00.0 още сканира и не е стигнал даже и до половината ,но показа че тези два файла съдържат инфектирани обекти:

Трябва ли въобще да ги има в тази папка -> C:\Documents and Settings\Пламен\Application Data\Downloaded Installations\{9B5DAF0D-F5A3-4739-AA18-DCBF4CBC873F} ???

Аз нямам такава папка там Downloaded Installations ,щом е открил, че съдържат инфекция,ще ги излекува.

Да,пълното сканиране на доктора отнема повечко време,но пък е задълбочено и задължително изчакай до край.

[plamen74.72]

Аз нямам такава папка там Downloaded Installations ,щом е открил, че съдържат инфекция,ще ги излекува.

Да,пълното сканиране на доктора отнема повечко време,но пък е задълбочено и задължително изчакай до край.

 

Dr.WEB CureIt! 5.00.0 приключи сканирането и освен тези нямаше други и направо му дадох да ги изтрие (понеже каза че ти нямаш такава папка -като ръчно премахнах и папката).Антивирусната нищо не откри ,освен това сканирах отново и със MBAB и SAS - и те не откриха нищо!!!

Ако е нужно да пусна още един лог от HijackThis или GMER???

 

п.с.Ако сменя ESS със Avira Free и добавя Ashampoo FireWall FREE за която още имам валиден лиценз - ще бъде ли по добре или да ги оставя както са сега???

[Night_Raven]

Последният път когато пробвах ESS, MBAM ми намери Trojan.Vundo. Поставих въпроса с намек за промяна - от лога бе видна каква е реално-времевата охрана.А от ESET от колко години никакви вируси не били пропускали - вече не си спомням... Поздрави

Vundo не е реален тест. Не само NOD32 не лови Vundo базираните гадинки. Всички антивирусни се дънят при тях.

 

Ако е нужно да пусна още един лог от HijackThis или GMER???

Изтегли DDS и:

1) стартирай я;

2) изчакай да събере информацията си;

3) ще се появят 2 текстови файла, копирай съдържанието и на двата тук или ги архивирай и прикачи архива към коментара си.

 

п.с.Ако сменя ESS със Avira Free и добавя Ashampoo FireWall FREE за която още имам валиден лиценз - ще бъде ли по добре или да ги оставя както са сега???

Както ESS/ЕAV, така и Avira AntiVir са добри програми. Ползвай която комбинация ти допада повече.

[plamen74.72]

Vundo не е реален тест. Не само NOD32 не лови Vundo базираните гадинки. Всички антивирусни се дънят при тях.

 

 

Изтегли DDS и:

1) стартирай я;

2) изчакай да събере информацията си;

3) ще се появят 2 текстови файла, копирай съдържанието и на двата тук или ги архивирай и прикачи архива към коментара си.

 

 

Както ESS/ЕAV, така и Avira AntiVir са добри програми. Ползвай която комбинация ти допада повече.

 

 

Ето ги:

DDS (Ver_09-03-16.01) - NTFSx86

Run by Џ« ¬Ґ­ at 22:05:01,74 on 08.05.2009 Ј.

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.1279.409 [GMT 3:00]

 

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated)

FW: Лична защитна стена на ESET *enabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Multimedia Keyboard Driver\M-KbdDrv.exe

C:\Program Files\PicPick\picpick.exe

C:\Program Files\Vista Drive Icon\DrvIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\VisualTaskTips\VisualTaskTips.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Weather Clock\WeatherClock.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\8start Launcher\8start.exe

C:\Documents and Settings\Пламен\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\BACL\SpeechLab\TTSProfileDlg.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Пламен\My Documents\DDS.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://teteven.net/

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

BHO: Flashget Catch Url Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll

TB: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [VisualTaskTips] c:\program files\visualtasktips\VisualTaskTips.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [WeatherClock] c:\program files\weather clock\WeatherClock.exe

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [8start] c:\program files\8start launcher\8start.exe

uRun: [Google Update] "c:\documents and settings\пламен\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MutlimediaKbdDriver] c:\program files\multimedia keyboard driver\M-KbdDrv.exe

mRun: [PicPick Start] c:\program files\picpick\picpick.exe

mRun: [DrvIcon] c:\program files\vista drive icon\DrvIcon.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\92c1~1\startm~1\programs\startup\config~1.lnk - c:\docume~1\92c1~1\applic~1\microsoft\installer\{319a3ca9-da63-4d65-8b25-403cf9cbf087}\_5af141bb.exe

StartupFolder: c:\docume~1\92c1~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe

IE: &Сваляне на всички с FlashGet - c:\program files\flashget\jc_all.htm

IE: &Сваляне с FlashGet - c:\program files\flashget\jc_link.htm

IE: Download all links using BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm

IE: Download all videos using BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm

IE: Download link using &BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: {BC778969-3DF9-4CF2-98C1-D32E6F39A4EC} = 84.22.28.50 212.116.131.138

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\92c1~1\applic~1\mozilla\firefox\profiles\kvqmjoxt.default\

FF - prefs.js: browser.startup.homepage - hxxp://teteven.net/|http://www.google.bg/firefox?client=firefox-a&rls=org.mozilla:bg:official|http://www.google.bg/|http://forums.softvisia.com/index.php?|http://torrents.teteven.net/index.php?page=forum

FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\documents and settings\рџр»р°рјрµрѕ\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll

FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\opera\program\plugins\np_gp.dll

 

============= SERVICES / DRIVERS ===============

 

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]

R2 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2008-10-24 468224]

R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-12-31 693512]

R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2009-4-9 428160]

S2 gupdate1c9badc96537230;Услуга Google Update (gupdate1c9badc96537230);c:\program files\google\update\GoogleUpdate.exe [2009-4-11 133104]

S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getplus_helpersvc.exe --> c:\program files\nos\bin\getPlus_HelperSvc.exe [?]

S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-12-31 910600]

 

=============== Created Last 30 ================

 

2009-05-08 21:55 <DIR> --d-hr-- c:\documents and settings\пламен\Recent

2009-05-08 17:23 <DIR> --d----- c:\documents and settings\пламен\DoctorWeb

2009-05-07 20:41 <DIR> --d----- c:\program files\common files\ODBC

2009-05-06 08:56 0 a------- c:\windows\ams70.INI

2009-05-06 01:09 <DIR> --d----- c:\docume~1\92c1~1\applic~1\Free Sound Recorder

2009-05-05 14:05 231 a------- c:\windows\info

2009-05-05 00:34 <DIR> --d----- c:\docume~1\92c1~1\applic~1\IndigoRose

2009-05-05 00:34 <DIR> --d----- c:\docume~1\92c1~1\applic~1\Thinstall

2009-05-05 00:34 400 a------- c:\windows\system32VSKD.001

2009-05-04 15:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\VirtualFarm

2009-05-04 02:12 <DIR> --d----- c:\program files\sisagp

2009-05-04 02:12 36,992 a------- c:\windows\system32\drivers\SISAGPX.SYS

2009-05-03 18:13 <DIR> --d----- c:\program files\Vista Icons For XP

2009-05-03 18:02 71,184 a----r-- c:\windows\system32\drivers\DefragFS.sys

2009-05-03 17:59 <DIR> --d----- c:\program files\Vista Drive Icon

2009-05-01 19:03 <DIR> --d----- c:\docume~1\92c1~1\applic~1\Audio Recorder for Free

2009-05-01 19:02 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll

2009-05-01 19:02 966,144 a------- c:\windows\system32\NCTAudioInformation2.dll

2009-05-01 19:02 634,880 a------- c:\windows\system32\NCTAudioEditor2.dll

2009-05-01 19:02 522,752 a------- c:\windows\system32\NCTAudioTransform2.dll

2009-05-01 19:02 478,208 a------- c:\windows\system32\NCTAudioVisualization2.dll

2009-05-01 19:02 467,968 a------- c:\windows\system32\NCTAudioRecord2.dll

2009-05-01 19:02 467,456 a------- c:\windows\system32\NCTAudioPlayer2.dll

2009-05-01 19:02 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll

2009-05-01 19:02 348,160 a------- c:\windows\system32\NCTWMAFile2.dll

2009-05-01 19:02 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx

2009-05-01 19:02 479,744 a------- c:\windows\system32\NCTAudioCDGrabber2.dll

2009-04-30 21:10 <DIR> --d-h--- c:\windows\system32\CyberInstallerUninstallerSystem

2009-04-30 20:07 <DIR> --d----- c:\program files\gfx

2009-04-30 19:37 <DIR> --d----- c:\program files\CreateInstall Free

2009-04-30 15:01 276 a------- c:\windows\system\cmicnfg.ini

2009-04-30 14:56 736 -------- c:\windows\setup.ini

2009-04-30 14:56 266,240 a------- c:\windows\CMIUninstall.exe

2009-04-30 14:56 225,280 a------- c:\windows\CmiRmRedundDir.exe

2009-04-30 14:56 28,672 a------- c:\windows\CMIRmDriver.dll

2009-04-30 14:56 <DIR> --d----- c:\program files\C-Media 3D Audio

2009-04-30 14:55 <DIR> --d----- c:\program files\C-Media AC97 driver 51.3 for Win2K-XP

2009-04-30 14:48 0 a------- c:\windows\wininit.ini

2009-04-30 13:52 <DIR> --d----- c:\program files\HMSoft

2009-04-29 23:49 167,936 a------- c:\windows\system32\ccrpftv6.ocx

2009-04-29 22:07 <DIR> --d----- c:\program files\NSIS

2009-04-29 21:35 2 a------- c:\windows\EzInstA1.LRU

2009-04-29 19:14 <DIR> --d----- c:\program files\ISTool

2009-04-29 19:14 <DIR> --d----- c:\docume~1\92c1~1\applic~1\ISTool

2009-04-29 19:13 <DIR> --d----- c:\program files\Inno Setup 5

2009-04-29 00:43 <DIR> --d----- c:\windows\Icons

2009-04-28 14:05 107,864 a------- c:\windows\system32\tsccvid.dll

2009-04-27 19:20 <DIR> --d----- c:\program files\IZArc

2009-04-26 18:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\phenomedia

2009-04-25 22:11 <DIR> --d----- c:\program files\Magic Video Converter

2009-04-25 14:45 639 a------- c:\windows\7THLEVEL.INI

2009-04-25 00:25 221,184 a------- c:\windows\system32\wmpns.dll

2009-04-24 22:46 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe

2009-04-24 22:46 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe

2009-04-24 22:46 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe

2009-04-24 22:46 2,560 -------- c:\windows\system32\xpsp4res.dll

2009-04-24 22:27 73 a------- c:\windows\EurekaLog.ini

2009-04-24 17:43 5,120 a--sh--- c:\windows\system32\Thumbs.db

2009-04-21 19:37 <DIR> --d----- c:\program files\PicPick

2009-04-20 01:25 125 a------- c:\windows\system32\temp_0000_65-20.aok

2009-04-20 01:25 126 a------- c:\windows\system32\test.aok

2009-04-20 01:24 258,048 a------- c:\windows\system32\GplMpgDec.ax

2009-04-20 01:24 242,176 a------- c:\windows\system32\fixflash.exe

2009-04-20 01:24 129,024 a------- c:\windows\system32\AVERM.dll

2009-04-20 01:24 28,672 a------- c:\windows\system32\AVEQT.dll

2009-04-18 18:33 86,016 a------- c:\windows\unvise32.exe

2009-04-18 02:08 168,448 a------- c:\windows\system32\unrar.dll

2009-04-18 02:08 414 a------- c:\windows\system32\lame_acm.xml

2009-04-18 02:08 839,680 a------- c:\windows\system32\lameACM.acm

2009-04-18 02:08 217,088 a------- c:\windows\system32\yv12vfw.dll

2009-04-18 02:08 118,784 a------- c:\windows\system32\ac3acm.acm

2009-04-18 02:08 3,596,288 a------- c:\windows\system32\qt-dx331.dll

2009-04-18 02:08 795,648 a------- c:\windows\system32\xvidcore.dll

2009-04-18 02:08 130,048 a------- c:\windows\system32\xvidvfw.dll

2009-04-18 02:08 86,016 a------- c:\windows\system32\dpl100.dll

2009-04-18 02:08 684,032 a------- c:\windows\system32\divx.dll

2009-04-18 02:08 67,584 a------- c:\windows\system32\ff_vfw.dll

2009-04-18 02:08 547 a------- c:\windows\system32\ff_vfw.dll.manifest

2009-04-18 02:08 <DIR> --d----- c:\program files\K-Lite Codec Pack

2009-04-18 00:45 <DIR> --d----- c:\program files\GRETECH

2009-04-17 23:56 <DIR> --d----- c:\program files\Flock

2009-04-16 22:15 <DIR> --d----- c:\program files\mp3DirectCut

2009-04-16 19:43 <DIR> --d----- c:\program files\AEDiction

2009-04-16 17:12 <DIR> --d----- c:\docume~1\92c1~1\applic~1\XnView

2009-04-16 16:54 <DIR> --d----- c:\program files\Stardock

2009-04-16 16:54 <DIR> --d----- c:\program files\common files\Stardock

2009-04-15 00:43 27,648 a------- c:\windows\system32\AVSredirect.dll

2009-04-15 00:42 70,656 a------- c:\windows\system32\i420vfw.dll

2009-04-15 00:38 92,672 ---shr-- c:\windows\system32\RLVorbisDec.ax

2009-04-15 00:38 67,584 ---shr-- c:\windows\system32\RLTheoraDec.ax

2009-04-15 00:38 51,712 ---shr-- c:\windows\system32\RLSpeexDec.ax

2009-04-15 00:38 186,880 ---shr-- c:\windows\system32\RLOgg.ax

2009-04-15 00:38 179,200 ---shr-- c:\windows\system32\DiracSplitter.ax

2009-04-15 00:38 175,104 ---shr-- c:\windows\system32\CoreAAC.ax

2009-04-15 00:38 81,920 ---shr-- c:\windows\system32\aac_parser.ax

2009-04-15 00:13 487,424 a------- c:\windows\system32\msvcp70.dll

2009-04-15 00:13 344,064 a------- c:\windows\system32\msvcr70.dll

2009-04-14 20:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FreshGames

2009-04-14 16:19 50 a------- c:\windows\cdplayer.ini

2009-04-12 23:55 272,128 -c------ c:\windows\system32\dllcache\bthport.sys

2009-04-12 23:55 272,128 -------- c:\windows\system32\drivers\bthport.sys

2009-04-12 23:51 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys

2009-04-12 23:39 <DIR> --d----- c:\windows\system32\PreInstall

2009-04-12 23:39 <DIR> --d-h--- c:\windows\$hf_mig$

2009-04-12 23:33 <DIR> --d----- c:\windows\system32\SoftwareDistribution

2009-04-12 19:08 <DIR> --d----- c:\program files\uTorrent

2009-04-12 18:38 <DIR> --d----- c:\docume~1\92c1~1\applic~1\URSoft

2009-04-12 18:38 <DIR> --d----- c:\program files\Your Uninstaller 2008

2009-04-12 17:36 <DIR> --d----- c:\windows\system32\appmgmt

2009-04-12 16:36 <DIR> --d----- c:\documents and settings\пламен\LocalLow

2009-04-12 16:15 <DIR> --d----- C:\Downloads

2009-04-12 16:14 <DIR> --d----- c:\program files\BitComet

2009-04-12 16:11 <DIR> --d----- c:\program files\FlashGet

2009-04-12 16:09 <DIR> --d----- c:\docume~1\92c1~1\applic~1\uTorrent

2009-04-12 14:55 <DIR> --d----- c:\program files\common files\xing shared

2009-04-12 14:55 <DIR> --d----- c:\program files\common files\Real

2009-04-12 14:53 <DIR> --d----- c:\program files\vloader

2009-04-12 14:20 107,368 a------- c:\windows\system32\GEARAspi.dll

2009-04-12 14:20 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-04-12 14:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-12 14:16 <DIR> --d----- c:\program files\Spider Video Downloader

2009-04-12 14:09 410,984 a------- c:\windows\system32\deploytk.dll

2009-04-12 14:09 73,728 a------- c:\windows\system32\javacpl.cpl

2009-04-11 22:47 <DIR> --d----- C:\Estir2003

2009-04-11 22:45 <DIR> --d----- c:\program files\Estir2003

2009-04-11 13:23 <DIR> --ds---- c:\documents and settings\пламен\UserData

2009-04-11 00:20 <DIR> --d----- c:\documents and settings\пламен\dwhelper

2009-04-10 19:29 348,160 a------- c:\windows\system32\msvcr71.dll

2009-04-10 01:16 <DIR> --d----- c:\program files\Mp3_Siem

2009-04-10 00:52 <DIR> --d----- c:\windows\pss

2009-04-10 00:45 <DIR> --d-h--- c:\windows\system32\GroupPolicy

2009-04-10 00:20 <DIR> --d----- c:\program files\XnView

2009-04-10 00:02 <DIR> --d----- c:\program files\The KMPlayer

2009-04-09 23:47 <DIR> --d----- c:\program files\VanyoG

2009-04-09 23:47 299,520 a------- c:\windows\uninst.exe

2009-04-09 23:47 <DIR> --d----- c:\documents and settings\пламен\WINDOWS

2009-04-09 23:40 <DIR> --d----- c:\program files\Skype

2009-04-09 23:28 <DIR> --d----- c:\program files\RocketDock

2009-04-09 23:26 <DIR> --d----- c:\program files\BACL

2009-04-09 23:18 <DIR> --d----- c:\docume~1\92c1~1\applic~1\FlashFXP

2009-04-09 23:18 <DIR> --d----- c:\program files\FlashFXP

2009-04-09 23:14 <DIR> --d----- c:\program files\Everest

2009-04-09 23:05 116 a------- c:\windows\NeroDigital.ini

2009-04-09 23:04 <DIR> --d----- c:\docume~1\92c1~1\applic~1\JLC's Software

2009-04-09 23:04 <DIR> --d----- c:\program files\JLC's Software

2009-04-09 23:03 <DIR> --d----- c:\docume~1\92c1~1\applic~1\FastStone

2009-04-09 23:03 <DIR> --d----- c:\program files\FastStone Image Viewer

2009-04-09 23:02 47,360 a------- c:\windows\system32\drivers\pcouffin.sys

2009-04-09 23:00 <DIR> --d----- c:\program files\Screamer Radio

2009-04-09 22:58 <DIR> --d----- c:\program files\CCleaner

2009-04-09 22:51 <DIR> --d----- c:\docume~1\92c1~1\applic~1\Weather Clock

2009-04-09 22:51 <DIR> --d----- c:\program files\Weather Clock

2009-04-09 22:48 <DIR> --d----- c:\program files\Raxco

2009-04-09 22:43 376 a------- c:\windows\ODBC.INI

2009-04-09 22:43 17,920 a------- c:\windows\system32\mdimon.dll

2009-04-09 22:41 <DIR> --d----- c:\program files\common files\L&H

2009-04-09 22:41 <DIR> --d----- c:\program files\Microsoft ActiveSync

2009-04-09 22:40 <DIR> --d----- c:\windows\SHELLNEW

2009-04-09 22:33 160,640 a------- c:\windows\system32\drivers\a347bus.sys

2009-04-09 22:33 5,248 a------- c:\windows\system32\drivers\a347scsi.sys

2009-04-09 22:33 <DIR> --d----- c:\program files\Alcohol Soft

2009-04-09 22:25 <DIR> --d----- c:\program files\IObit

2009-04-09 22:24 <DIR> --d----- c:\program files\8start Launcher

2009-04-09 22:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-04-09 22:17 <DIR> --d----- c:\program files\SUPERAntiSpyware

2009-04-09 22:17 <DIR> --d----- c:\docume~1\92c1~1\applic~1\SUPERAntiSpyware.com

2009-04-09 22:17 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

2009-04-09 22:09 <DIR> --d----- c:\program files\Spybot - Search & Destroy

2009-04-09 22:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2009-04-09 22:05 <DIR> --d----- c:\docume~1\92c1~1\applic~1\Malwarebytes

2009-04-09 22:05 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-04-09 22:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-09 22:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-04-09 22:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-04-09 21:13 <DIR> --d----- c:\docume~1\92c1~1\applic~1\BSplayer Pro

2009-04-09 21:12 <DIR> --d----- c:\program files\Webteh

2009-04-09 21:00 4,444 a------- c:\windows\system32\pid.PNF

2009-04-09 20:57 57,600 a------- c:\windows\system32\drivers\redbook.sys

2009-04-09 20:56 32,768 a------- c:\windows\system32\drivers\sisnic.sys

2009-04-09 20:56 74,240 a------- c:\windows\system32\usbui.dll

2009-04-09 20:56 20,992 a------- c:\windows\system32\drivers\RTL8139.sys

2009-04-09 20:56 40,960 a------- c:\windows\system32\drivers\SISAGP.SYS

2009-04-09 20:55 <DIR> --d----- c:\program files\common files\SpeechEngines

2009-04-09 20:54 <DIR> --d--r-- c:\documents and settings\all users\Documents

2009-04-09 20:54 144,484 ac------ c:\windows\system32\dllcache\netfx.cat

2009-04-09 20:54 <DIR> --d----- c:\program files\Nero

2009-04-09 20:53 261 a------- c:\windows\system32\$winnt$.inf

2009-04-09 20:48 <DIR> --d----- c:\docume~1\92c1~1\applic~1\AIMP

2009-04-09 20:47 <DIR> --d----- c:\program files\AIMP2

2009-04-09 20:45 <DIR> --d----- c:\program files\VisualTaskTips

2009-04-09 20:44 <DIR> --d----- c:\program files\Unlocker

2009-04-09 20:26 <DIR> --d----- c:\program files\T610-T616-T630 Handset Manager

2009-04-09 20:26 <DIR> --d----- c:\docume~1\92c1~1\applic~1\MobileAction

2009-04-09 20:10 <DIR> --d----- c:\program files\IVT Corporation

2009-04-09 20:08 <DIR> --d----- c:\program files\Multimedia Keyboard Driver

2009-04-09 19:31 <DIR> --d----- c:\docume~1\92c1~1\applic~1\ESET

2009-04-09 19:30 <DIR> --d----- c:\program files\ESET

2009-04-09 19:13 <DIR> --d----- c:\program files\Windows Media Connect 2

2009-04-09 18:16 <DIR> --ds---- c:\documents and settings\пламен\Cookies

2009-04-09 18:16 <DIR> --d-hr-- c:\documents and settings\пламен\Application Data

2009-04-09 18:16 <DIR> --d--r-- c:\documents and settings\пламен\Favorites

2009-04-09 18:16 <DIR> --d----- c:\documents and settings\пламен\Desktop

2009-04-09 18:16 8,650,752 a---h--- c:\documents and settings\пламен\NTUSER.DAT

2009-04-09 18:16 <DIR> --d-hr-- c:\documents and settings\пламен\SendTo

2009-04-09 18:16 <DIR> --d-h--- c:\documents and settings\пламен\Templates

2009-04-09 18:16 <DIR> --d-h--- c:\documents and settings\пламен\PrintHood

2009-04-09 18:16 <DIR> --d-h--- c:\documents and settings\пламен\NetHood

2009-04-09 18:16 <DIR> --d-h--- c:\documents and settings\пламен\Local Settings

2009-04-09 18:16 <DIR> --d--r-- c:\documents and settings\пламен\Start Menu

2009-04-09 18:16 <DIR> --d--r-- c:\documents and settings\пламен\My Documents

2009-04-09 18:07 <DIR> --dsh--- c:\documents and settings\all users\DRM

2009-04-09 18:06 <DIR> --d-h--- c:\program files\WindowsUpdate

2009-04-09 18:06 <DIR> --d----- c:\program files\common files\MSSoap

2009-04-09 18:04 <DIR> --d----- c:\program files\Online Services

2009-04-09 18:03 <DIR> --d----- c:\program files\Messenger

2009-04-09 18:03 <DIR> --d----- c:\program files\MSN Gaming Zone

2009-04-09 18:03 <DIR> --d----- c:\program files\Windows NT

 

==================== Find3M ====================

 

2009-04-15 22:10 86,627 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2009-04-12 16:15 2,560 a------- c:\windows\system32\BitCometRes.dll

2009-04-12 14:55 499,712 a------- c:\windows\system32\msvcp71.dll

2009-04-09 20:41 60,357 a------- c:\windows\system32\uninstWMPbg.exe

2009-04-09 18:04 21,640 a------- c:\windows\system32\emptyregdb.dat

2009-03-06 17:22 284,160 a------- c:\windows\system32\pdh.dll

2009-02-20 11:10 666,112 a------- c:\windows\system32\wininet.dll

2009-02-20 11:10 81,920 a------- c:\windows\system32\ieencode.dll

2009-02-09 15:10 729,088 a------- c:\windows\system32\lsasrv.dll

2009-02-09 15:10 714,752 a------- c:\windows\system32\ntdll.dll

2009-02-09 15:10 617,472 a------- c:\windows\system32\advapi32.dll

2009-02-09 15:10 401,408 a------- c:\windows\system32\rpcss.dll

2009-02-09 14:13 1,846,784 a------- c:\windows\system32\win32k.sys

2001-11-23 12:08 712,704 a----r-- c:\windows\inf\other\AUDIO3D.DLL

 

============= FINISH: 22:05:36,98 ===============

DDS (Ver_09-03-16.01)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 09.4.2009 г. 18:11:36

System Uptime: 05.8.2009 г. 15:37:41 (-2129 hours ago)

 

Motherboard: ECS | | K7S5A

Processor: AMD Athlon XP 2000+ | Socket-A | 1659/66mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 12 GiB total, 2,116 GiB free.

D: is FIXED (NTFS) - 26 GiB total, 4,891 GiB free.

E: is CDROM ()

G: is CDROM ()

H: is CDROM ()

I: is CDROM ()

J: is CDROM ()

K: is CDROM ()

L: is CDROM ()

M: is CDROM ()

N: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: SiS 900-Based PCI Fast Ethernet Adapter

Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_0A141019&REV_90\3&61AAA01&0&18

Manufacturer: SiS

Name: SiS 900-Based PCI Fast Ethernet Adapter

PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_0A141019&REV_90\3&61AAA01&0&18

Service: SISNIC

 

==== System Restore Points ===================

 

RP73: 03.5.2009 г. 19:32:42 - Before uninstall SSE Setup 5.2

RP74: 03.5.2009 г. 19:32:44 - Before uninstall Adobe Shockwave Player 11.5

RP75: 03.5.2009 г. 19:32:46 - Removed iTunes

RP76: 03.5.2009 г. 19:32:48 - Before uninstall Apple Mobile Device Support

RP77: 03.5.2009 г. 19:32:51 - Removed QuickTime

RP78: 03.5.2009 г. 19:32:55 - Installed QuickTime

RP79: 03.5.2009 г. 19:32:57 - Removed Apple Software Update

RP80: 06.5.2009 г. 23:23:40 - Installed SiSAGP driver

RP81: 06.5.2009 г. 23:23:42 - Before uninstall UltraISO Premium V9.32

RP82: 06.5.2009 г. 23:23:44 - Installed AutoPlay Media Studio 7.5 Trial

RP83: 06.5.2009 г. 23:23:47 - Software Distribution Service 3.0

RP84: 08.5.2009 г. 21:29:45 - Installed Windows XP WgaNotify.

RP85: 08.5.2009 г. 21:29:48 - Контролна точка на системата

RP86: 08.5.2009 г. 21:29:53 - Software Distribution Service 3.0

 

==== Installed Programs ======================

 

 

Архиватор WinRAR

µTorrent

Български интерфейс за WinAmp 5.5

Български интерфейс за Your Uninstaller! Pro 2008 6.1.1232

Български интерфейсен пакет за FlashFXP v3.4.0.1145

Пакет за езиков интерфейс на Windows

A4 TECH PC Camera H

Adobe Flash Player 10 ActiveX

Adobe Flash Player Plugin

AEnglish Dictionary XP 1.72

AIMP2

Allok Video to FLV Converter 5.2.0202

AutoPlay Media Studio 7.0

BitComet 0.81

BlueSoleil

BSPlayer

C-Media 3D Audio

C-Media AC97 driver 51.3 for Win2K-XP

CCleaner (remove only)

CreateInstall free

ESET Smart Security

FastStone Image Viewer 3.7

FlashFXP v3

FlashGet(Jetcar) 1.81

Free Sound Recorder

GOM Player

Google Земя

Google Chrome

Google Earth Plugin

Google Update Helper

HM NIS Edit 2.0.3

ImgBurn

Inno Setup, версия 5.2.3

ISTool 5.2.1.0

IZArc 4.0 beta 1

Java 6 Update 13

JLC's Internet TV

K-Lite Codec Pack 4.6.2 (Full)

Longhorn Theme 4

Malwarebytes' Anti-Malware

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2003 Bulgarian User Interface Pack

Microsoft Office Professional Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (3.0.10)

Multimedia Keyboard Driver

Nero 7 Ultra Edition

Nullsoft Install System

NVIDIA Drivers

ObjectDock

Opera 9.64

PerfectDisk 2008 Professional

QuickTime

RealPlayer

RocketDock 1.3.5

Royale Remixed Theme

Screamer Radio

SiSAGP driver

Skype™ 3.8

Smart Defrag 1.03

Smart Install Maker 5.02

SpeechLab

Spybot - Search & Destroy

SUPERAntiSpyware Free Edition

SVD 1.4.6

T610-T616-T630 Handset Manager

The KMPlayer 2.9.3.1429

Unlocker 1.8.7

Vista Drive Icon 1.4

Visual Task Tips 2.3

vloader 2.4

VP-EYE

Weather Clock 3.5

WebFldrs XP

Winamp

Windows Genuine Advantage Notifications (KB905474)

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

XnView 1.96

Your Uninstaller! 2008 Version 6.2

 

==== Event Viewer Messages From Past Week ========

 

04.5.2009 г. 00:11:40, error: Dhcp [1002] - The IP address lease 192.168.0.65 for the Network Card with network address 001D0FC2E819 has been denied by the DHCP server 192.168.10.171 (The DHCP Server sent a DHCPNACK message).

03.5.2009 г. 19:23:35, error: Dhcp [1002] - The IP address lease 192.168.0.95 for the Network Card with network address 001D0FC2E819 has been denied by the DHCP server 192.168.10.171 (The DHCP Server sent a DHCPNACK message).

03.5.2009 г. 19:21:47, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

02.5.2009 г. 17:17:48, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D0FC2E819. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

01.5.2009 г. 23:37:26, error: Dhcp [1002] - The IP address lease 192.168.0.21 for the Network Card with network address 001D0FC2E819 has been denied by the DHCP server 192.168.10.171 (The DHCP Server sent a DHCPNACK message).

01.5.2009 г. 22:06:59, error: Dhcp [1002] - The IP address lease 192.168.0.104 for the Network Card with network address 001D0FC2E819 has been denied by the DHCP server 192.168.10.171 (The DHCP Server sent a DHCPNACK message).

07.5.2009 г. 10:44:44, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

07.5.2009 г. 19:30:14, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.30 with the system having network hardware address 00:1F:E2:66:3B:D1. Network operations on this system may be disrupted as a result.

07.5.2009 г. 21:14:40, error: Dhcp [1002] - The IP address lease 192.168.0.30 for the Network Card with network address 001D0FC2E819 has been denied by the DHCP server 192.168.10.171 (The DHCP Server sent a DHCPNACK message).

07.5.2009 г. 21:50:29, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

08.5.2009 г. 13:00:06, error: Dhcp [1002] - The IP address lease 192.168.0.134 for the Network Card with network address 001D0FC2E819 has been denied by the DHCP server 192.168.10.171 (The DHCP Server sent a DHCPNACK message).

 

==== End Of File ===========================

 

За сега ми допада ESS (понеже е на Български),но искам да ви попитам - защитната и стена да я оставя ли в автоматичен режим или да я включа в интерактивен???

[plamen74.72]

Има ли нещо нередно в логовете???

[B-boy/StyLe/]

Лога ти от RSIT, който ми прати на Л.С. бе непълен.

 

Доста обемен лог, но не мисля, че е чак толкова зле положението.

 

Провери на този адрес:

 

http://www.virustotal.com/img/VirusTotal-logo.png

 

следните файлове:

 

C:\WINDOWS\system32\pvyvm.exe
C:\WINDOWS\system32\fixflash.exe
C:\WINDOWS\unvise32.exe
C:\Documents and Settings\Пламен\oib.exe

 

Можеш да изтриеш следните папки:

 

C:\Program Files\trend micro

C:\rsit

c:\documents and settings\пламен\DoctorWeb

 

Изтрий услугата - getPlus® Helper (явно останала след деинсталацията на Adobe Reader).

 

Отвори Notepad и въведи:

 

@echo off

sc stop getPlus® Helper

sc delete getPlus® Helper

del fix.bat

 

Запази файла с име fix.bat и го стартирай

 

Няма да е зле да провериш с още антивирусни (тези не се нуждаят от инсталиране):

 

http://forums.softvisia.com/index.php?show...amp;#entry68242

 

Като приключиш можеш да ги изтриеш и да почистиш временните файлове и System Restore-a.

[Night_Raven]

1. plamen74.72 не давай зор. Не е учтиво.

2. Какви са тия потайни помощи? Дявол да го вземе, това е форум. Идеята е да се помага публично, а не всеки да си общува на ЛС зад кулисите. Да не би да трябва да се забрани използването на системата за лични съобщения?

[plamen74.72]

1. plamen74.72 не давай зор. Не е учтиво.

2. Какви са тия потайни помощи? Дявол да го вземе, това е форум. Идеята е да се помага публично, а не всеки да си общува на ЛС зад кулисите. Да не би да трябва да се забрани използването на системата за лични съобщения?

Много се извинявам ,не исках да ви давам зор!

А колкото до ЛС-то ,бях помолен лично от B-boy/StyLe/ да му пратя логовете на ЛС, но ще ги публикувам и тук!

Той ме помоли за лог от тази дето и Night_Raven поиска последно - DDS и също и тази RSIT - цитат от ЛС-то:

Каква е тази програма, защото излежда съмнителна ?

 

C:\Documents and Settings\Пламен\oib.exe

Можеш да ми дадеш и един лог от RSIT или DDS

 

http://images.malwareremoval.com/random/RSIT.exe

 

http://download.bleepingcomputer.com/sUBs/dds.scr

А ето ги и логовете от RSIT:

log.txt

info.txt

 

А ето и нови логове от DDS след почистване на системата и новото и стартиране днес:

DDS.txt

Attach.txt

 

Дано този път да няма нищо опасно!!!

 

п.с.B-boy/StyLe/ не се сърди че публикувах ЛС-то ти ,но Night_Raven е прав - трябва да става публично - нали за това е форума!!!

[plamen74.72]

Извинете ме ,че отново отварям темата ,но не успях да разбера дали има нещо нередно в логовете които поискахте или още не ми е свършило наказанието за моето прибързване по горе???

[Night_Raven]

Продължавам да не виждам нищо опасно.

[plamen74.72]

Продължавам да не виждам нищо опасно.

 

Благодаря Night_Raven - вече наистина ще дишам спокойно!!!