-
Junior Member
- Вес репутации
- 53
-
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
-
Пофиксить в HijackThis
Код:
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O21 - SSODL: oledll - {97245B65-9135-5235-D524-2304D923BC72} - C:\WINDOWS\system32\wsX0nol.dll (file missing)
ПК перезагрузите.
Выполните скрипт в avz
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files\bitaccelerator\bitaccelerator.*','');
QuarantineFile('WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\system32\msvcrt57.dll','');
QuarantineFile('C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\siszyd32.exe','');
DeleteService('sfrem02Eventlog');
DeleteService('RasAutoClipSrvsfrem02Eventlog');
DeleteService('RasAutoClipSrv');
DeleteService('NetmanALG');
DeleteService('MSIServerDnscache');
DeleteService('mnmsrvcSpooler');
DeleteService('dmadminSCardSvr');
DeleteService('AudioSrvSCardSvr');
DeleteFile('C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\siszyd32.exe');
DeleteFile('C:\WINDOWS\system32\msvcrt57.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','WebCheck');
DeleteFile('WinCtrl32.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32','DLLName');
DeleteFile('C:\Program Files\bitaccelerator\bitaccelerator.*');
DeleteFileMask('C:\Program Files\bitaccelerator', '*.*', true);
DeleteDirectory('C:\Program Files\bitaccelerator');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
ПК перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи.
-
-
Junior Member
- Вес репутации
- 53
snifer67, спасибо тебе за быстрый ответ! Очень благодарна, что откликнулся!
Карантин отправила! Лога прикрепляю только 2, virusinfo_syscure.zip вложу попозже, т к сканирование занимает 2 часа((
P.S. новые логи сохраняются все в одном архиве, так и должно быть? Не перепутаются с предыдущими? (сорри за глупый вопрос )
-
Выполните скрипт
Код:
begin
DeleteFileMask(GetAVZDirectory+'Quarantine','*.*',true);
SetAVZPMStatus(True);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('dmadminSCardSvr');
DeleteService('mnmsrvcSpooler');
DeleteService('MSIServerDnscache');
DeleteService('NetmanALG');
QuarantineFile('C:\WINDOWS\system32\GameMon.des','');
DeleteService('npggsvc');
DeleteService('RasAutoClipSrv');
DeleteService('RasAutoClipSrvsfrem02Eventlog');
DeleteService('sfrem02Eventlog');
DelBHO('{8BCB5337-EC01-4E38-840C-A964F174255B}');
QuarantineFile('C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll','');
DelCLSID('{E6FB5E20-DE35-11CF-9C87-00AA005127ED}');
QuarantineFile('C:\WINDOWS\system32\msvcrt57.dll','');
DeleteFile('C:\WINDOWS\system32\msvcrt57.dll');
DeleteFile('C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll');
DeleteFile('C:\WINDOWS\system32\GameMon.des');
BC_ImportAll;
ExecuteSysClean;
RebootWindows(true);
end.
затем следующий
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
файл quarantine.zip закачайте по ссылке Прислать запрошенный карантин
в шапке Вашей темы.
Повторите действия, описанные в п. 1 - 3 Диагностики и новые логи прикрепите к новому сообщению.
Последний раз редактировалось Шапельский Александр; 22.12.2009 в 23:54.
Причина: Поправил
-
-
Junior Member
- Вес репутации
- 53
shapel, не удается выполнить первый скрипт - выскакивает сообщение об ошибке
"Ошибка скрипта: ')' expected, позиция [14:17]"
-
-
-
Junior Member
- Вес репутации
- 53
Отчитываюсь: Скрипты выполнила, карантин отправила, новые логи прикрепила.
Жду Ваших комментариев
-
-
-
Junior Member
- Вес репутации
- 53
-
Junior Member
- Вес репутации
- 53
Я извиняюсь за задержку - полное сканирование занимает уйму времени - 2 часа ....
-
Удалите в mbam
Код:
Заражено ключей реестра:
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\demo.ebooknshandler (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{866e38f6-b2f5-4c0e-b0b9-54b7d5bb8651} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c453f21-396d-11d5-9734-70e252c10127} (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c1de446a-8770-4621-9378-f1922c74a36c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b87b54f6-7cd5-45b2-b873-3f95c558768a} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fieryads (Adware.Adware.FearAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smart-shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BitAccelerator (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driver (Trojan.Downloader) -> No action taken.
Заражено значений реестра:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
Заражено папок:
C:\Documents and Settings\All Users\Application Data\Seekeen (Trojan.Agent) -> No action taken.
C:\Program Files\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Program Files\ConnectionServices (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds (Adware.Adware.FearAds) -> No action taken.
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =- (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Extreme Ty #9 On The Prowl (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5 (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> No action taken.
Заражено файлов:
C:\Documents and Settings\User\Мои документы\хакер\прощай вирус!\AVZ\avz4\Quarantine\2009-12-23\avz00002.dta (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\DoctorWeb\Quarantine\CursorManiaSetup2.2.60.4.ZCfox000.exe (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX01.391\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX01.391\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.0891\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.0891\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.2578\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.2578\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.8953\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.8953\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX96.391\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX96.391\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Miranda Shumaher Pack\Plugins\sar.dll (Trojan.KillAV) -> No action taken.
C:\WINDOWS\system32\winivstr.exe (Malware.Packer) -> No action taken.
C:\WINDOWS\Temp\~TM1D.tmp (Trojan.Downloader) -> No action taken.
C:\Program Files\ConnectionServices\Uninstall.exe (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds\FieryAdsUninstall.exe (Adware.Adware.FearAds) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\BitAccelerator.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Rachel Nylon.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\wallpaper.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\What is BDSM.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Uninst.exe (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\fieryads.dat (Adware.FieryAds) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\msconftb.sys (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\User\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
Сделаете новый лог mbam
-
-
Junior Member
- Вес репутации
- 53
Удалила всё, что программа эта нашла. В результате после перезагрузки и быстрого сканирования зараженных объектов не обнаружено.
НО! возникли следующие проблемы:
- значок symantec antivirus пропал из трея (а без этого пользоваться прогой ну ооочень не удобно)
- не загружается QIP (невозможно найти qip.exe)
- не открываются фотографии фотошоп, путем нажатия пкм (открыть с помощью, он просто пропал из списка)
Это то, что заметила на первый взгляд, особо не копаясь. Чувствую на этом сюрпризы не закончатся....Походу придется делать откакт системы...
Что посоветуете в данном случае?
-
Восстановите все из карантина mbam.
-
-
Junior Member
- Вес репутации
- 53
Восстановила, что дальше делать?
-
Сделайте лог MBAM, но ничего не удаляйте!
Также сделайте лог АВЗ (ст. скрипт №2)
-
-
Junior Member
- Вес репутации
- 53
Malware докладывает о 127 инфицированных объектов, AVZ ничего не нашел....
-
Junior Member
- Вес репутации
- 53
Аааааааауууууууууууууууууууууууууууууууууууууууу!
Хелперы, не оставляйте меня один на один с этими противными пакостниками!
-
Удалите в mbam
Код:
Заражено ключей реестра:
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\demo.ebooknshandler (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{866e38f6-b2f5-4c0e-b0b9-54b7d5bb8651} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c453f21-396d-11d5-9734-70e252c10127} (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c1de446a-8770-4621-9378-f1922c74a36c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b87b54f6-7cd5-45b2-b873-3f95c558768a} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fieryads (Adware.Adware.FearAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smart-shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BitAccelerator (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driver (Trojan.Downloader) -> No action taken.
Заражено значений реестра:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
Заражено папок:
C:\Documents and Settings\All Users\Application Data\Seekeen (Trojan.Agent) -> No action taken.
C:\Program Files\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Program Files\ConnectionServices (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds (Adware.Adware.FearAds) -> No action taken.
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =- (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Extreme Ty #9 On The Prowl (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5 (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> No action taken.
Заражено файлов:
C:\WINDOWS\system32\winivstr.exe (Malware.Packer) -> No action taken.
C:\WINDOWS\Temp\~TM1D.tmp (Trojan.Downloader) -> No action taken.
C:\Program Files\FieryAds\FieryAdsUninstall.exe (Adware.Adware.FearAds) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\BitAccelerator.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Rachel Nylon.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\wallpaper.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\What is BDSM.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Uninst.exe (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\fieryads.dat (Adware.FieryAds) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\msconftb.sys (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\User\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
Сделаете новый лог mbam
-
-
Junior Member
- Вес репутации
- 53
-
Отключите восстановление системы, иначе мы не победим зловредов!!
Удалите в MBAM следующее:
Код:
Заражено ключей реестра:
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\demo.ebooknshandler (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{866e38f6-b2f5-4c0e-b0b9-54b7d5bb8651} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c453f21-396d-11d5-9734-70e252c10127} (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c1de446a-8770-4621-9378-f1922c74a36c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b87b54f6-7cd5-45b2-b873-3f95c558768a} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fieryads (Adware.Adware.FearAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smart-shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BitAccelerator (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driver (Trojan.Downloader) -> No action taken.
Заражено значений реестра:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
Заражено папок:
C:\Documents and Settings\All Users\Application Data\Seekeen (Trojan.Agent) -> No action taken.
C:\Program Files\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Program Files\ConnectionServices (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds (Adware.Adware.FearAds) -> No action taken.
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =- (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Extreme Ty #9 On The Prowl (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5 (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> No action taken.
Заражено файлов:
C:\WINDOWS\system32\winivstr.exe (Malware.Packer) -> No action taken.
C:\WINDOWS\Temp\~TM1D.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.0891\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.0891\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.2578\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.2578\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.8953\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.8953\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX01.391\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX01.391\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX96.391\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX96.391\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\ConnectionServices\Uninstall.exe (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds\FieryAdsUninstall.exe (Adware.Adware.FearAds) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\BitAccelerator.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Rachel Nylon.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\wallpaper.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\What is BDSM.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Uninst.exe (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\fieryads.dat (Adware.FieryAds) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\msconftb.sys (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\User\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
-