-
Атакуют вирусы!
Доброго времени суток всем сердобольным :santa:, помогающим нам, ламерам справляться с новыми и новыми трудностями! Чтобы мы без вас делали!
И так, проблема в следующем: устала отбиваться от вирусов, в последнее время они сыплются как из рога изобилия!
На прошлой неделе мучилась с смс-вымогателем Get Accelerator, на этой с File Downloader. Еще в атозагрузке висит siszyd32.exe. Подозреваю, что прячетя у меня целый букет, но как проверить - толком не знаю. Полное сканирование антивирусом ничего не дает.
Выполнила инструкцию по сканированию системы с форума, результат во вложении.
Может следует сменить антивирус? Сейчас стоит Symantec Antivirus 10.0.0.359
Очень нуждаюсь в ваших советах, самой не справиться! :blink:
-
Пофиксить в HijackThis
[code]
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=\\.\globalroot\systemroot\system32\userinit.exe,
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O21 - SSODL: oledll - {97245B65-9135-5235-D524-2304D923BC72} - C:\WINDOWS\system32\wsX0nol.dll (file missing)
[/code]
ПК перезагрузите.
Выполните скрипт в avz
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files\bitaccelerator\bitaccelerator.*','');
QuarantineFile('WinCtrl32.dll','');
QuarantineFile('C:\WINDOWS\system32\msvcrt57.dll','');
QuarantineFile('C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\siszyd32.exe','');
DeleteService('sfrem02Eventlog');
DeleteService('RasAutoClipSrvsfrem02Eventlog');
DeleteService('RasAutoClipSrv');
DeleteService('NetmanALG');
DeleteService('MSIServerDnscache');
DeleteService('mnmsrvcSpooler');
DeleteService('dmadminSCardSvr');
DeleteService('AudioSrvSCardSvr');
DeleteFile('C:\Documents and Settings\User\Главное меню\Программы\Автозагрузка\siszyd32.exe');
DeleteFile('C:\WINDOWS\system32\msvcrt57.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','WebCheck');
DeleteFile('WinCtrl32.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32','DLLName');
DeleteFile('C:\Program Files\bitaccelerator\bitaccelerator.*');
DeleteFileMask('C:\Program Files\bitaccelerator', '*.*', true);
DeleteDirectory('C:\Program Files\bitaccelerator');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.[/code]
ПК перезагрузится.
Пришлите карантин согласно [B]Приложения 3[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы
Сделайте новые логи.
-
snifer67, спасибо тебе за быстрый ответ! Очень благодарна, что откликнулся!
Карантин отправила! Лога прикрепляю только 2, [B]virusinfo_syscure.zip[/B] вложу попозже, т к сканирование занимает 2 часа((
P.S. новые логи сохраняются все в одном архиве, так и должно быть? Не перепутаются с предыдущими?:unsure: (сорри за глупый вопрос )
-
Выполните скрипт
[CODE]begin
DeleteFileMask(GetAVZDirectory+'Quarantine','*.*',true);
SetAVZPMStatus(True);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteService('dmadminSCardSvr');
DeleteService('mnmsrvcSpooler');
DeleteService('MSIServerDnscache');
DeleteService('NetmanALG');
QuarantineFile('C:\WINDOWS\system32\GameMon.des','');
DeleteService('npggsvc');
DeleteService('RasAutoClipSrv');
DeleteService('RasAutoClipSrvsfrem02Eventlog');
DeleteService('sfrem02Eventlog');
DelBHO('{8BCB5337-EC01-4E38-840C-A964F174255B}');
QuarantineFile('C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll','');
DelCLSID('{E6FB5E20-DE35-11CF-9C87-00AA005127ED}');
QuarantineFile('C:\WINDOWS\system32\msvcrt57.dll','');
DeleteFile('C:\WINDOWS\system32\msvcrt57.dll');
DeleteFile('C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll');
DeleteFile('C:\WINDOWS\system32\GameMon.des');
BC_ImportAll;
ExecuteSysClean;
RebootWindows(true);
end.[/CODE]
затем следующий
[CODE]begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.[/CODE]
файл [B]quarantine.zip[/B] закачайте по ссылке [B][COLOR=Red]Прислать запрошенный карантин[/COLOR][/B]
в шапке Вашей темы.
Повторите действия, описанные в п. 1 - 3 Диагностики и новые логи прикрепите к новому сообщению.
-
shapel, не удается выполнить первый скрипт - выскакивает сообщение об ошибке
"Ошибка скрипта: ')' expected, позиция [14:17]"
-
-
Отчитываюсь: Скрипты выполнила, карантин отправила, новые логи прикрепила.
Жду Ваших комментариев :wink_3:
-
-
-
Я извиняюсь за задержку - полное сканирование занимает уйму времени - 2 часа ....
-
Удалите в [url=http://virusinfo.info/showpost.php?p=493584&postcount=2]mbam [/url]
[code]
Заражено ключей реестра:
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\demo.ebooknshandler (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{866e38f6-b2f5-4c0e-b0b9-54b7d5bb8651} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c453f21-396d-11d5-9734-70e252c10127} (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c1de446a-8770-4621-9378-f1922c74a36c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b87b54f6-7cd5-45b2-b873-3f95c558768a} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fieryads (Adware.Adware.FearAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smart-shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BitAccelerator (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driver (Trojan.Downloader) -> No action taken.
Заражено значений реестра:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
Заражено папок:
C:\Documents and Settings\All Users\Application Data\Seekeen (Trojan.Agent) -> No action taken.
C:\Program Files\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Program Files\ConnectionServices (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds (Adware.Adware.FearAds) -> No action taken.
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =- (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Extreme Ty #9 On The Prowl (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5 (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> No action taken.
Заражено файлов:
C:\Documents and Settings\User\Мои документы\хакер\прощай вирус!\AVZ\avz4\Quarantine\2009-12-23\avz00002.dta (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\DoctorWeb\Quarantine\CursorManiaSetup2.2.60.4.ZCfox000.exe (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX01.391\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX01.391\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.0891\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.0891\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.2578\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.2578\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.8953\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.8953\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX96.391\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX96.391\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\Miranda Shumaher Pack\Plugins\sar.dll (Trojan.KillAV) -> No action taken.
C:\WINDOWS\system32\winivstr.exe (Malware.Packer) -> No action taken.
C:\WINDOWS\Temp\~TM1D.tmp (Trojan.Downloader) -> No action taken.
C:\Program Files\ConnectionServices\Uninstall.exe (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds\FieryAdsUninstall.exe (Adware.Adware.FearAds) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\BitAccelerator.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Rachel Nylon.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\wallpaper.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\What is BDSM.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Uninst.exe (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\fieryads.dat (Adware.FieryAds) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\msconftb.sys (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\User\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
[/code]
Сделаете новый лог mbam
-
Удалила всё, что программа эта нашла. В результате после перезагрузки и быстрого сканирования зараженных объектов не обнаружено.
НО! возникли следующие проблемы:
- значок symantec antivirus пропал из трея (а без этого пользоваться прогой ну ооочень не удобно)
- не загружается QIP (невозможно найти qip.exe)
- не открываются фотографии фотошоп, путем нажатия пкм (открыть с помощью, он просто пропал из списка)
Это то, что заметила на первый взгляд, особо не копаясь. Чувствую на этом сюрпризы не закончатся....Походу придется делать откакт системы...
Что посоветуете в данном случае?
-
Восстановите все из карантина [B]mbam[/B].
-
Восстановила, что дальше делать?
-
Сделайте лог MBAM, но ничего не удаляйте!
Также сделайте лог АВЗ (ст. скрипт №2)
-
Malware докладывает о 127 инфицированных объектов, AVZ ничего не нашел....:scratch_one-s_head:
-
Аааааааауууууууууууууууууууууууууууууууууууууууу!
Хелперы, не оставляйте меня один на один с этими противными пакостниками! :sos:
-
Удалите в [url=http://virusinfo.info/showpost.php?p=493584&postcount=2]mbam [/url]
[code]
Заражено ключей реестра:
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\demo.ebooknshandler (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{866e38f6-b2f5-4c0e-b0b9-54b7d5bb8651} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c453f21-396d-11d5-9734-70e252c10127} (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c1de446a-8770-4621-9378-f1922c74a36c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b87b54f6-7cd5-45b2-b873-3f95c558768a} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fieryads (Adware.Adware.FearAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smart-shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BitAccelerator (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driver (Trojan.Downloader) -> No action taken.
Заражено значений реестра:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
Заражено папок:
C:\Documents and Settings\All Users\Application Data\Seekeen (Trojan.Agent) -> No action taken.
C:\Program Files\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Program Files\ConnectionServices (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds (Adware.Adware.FearAds) -> No action taken.
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =- (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Extreme Ty #9 On The Prowl (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5 (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> No action taken.
Заражено файлов:
C:\WINDOWS\system32\winivstr.exe (Malware.Packer) -> No action taken.
C:\WINDOWS\Temp\~TM1D.tmp (Trojan.Downloader) -> No action taken.
C:\Program Files\FieryAds\FieryAdsUninstall.exe (Adware.Adware.FearAds) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\BitAccelerator.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Rachel Nylon.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\wallpaper.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\What is BDSM.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Uninst.exe (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\fieryads.dat (Adware.FieryAds) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\msconftb.sys (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\User\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
[/code]
Сделаете новый лог mbam
-
-
[B]Отключите восстановление системы, иначе мы не победим зловредов!![/B]:smile:
Удалите в MBAM следующее:
[CODE]Заражено ключей реестра:
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\bitaccelerator.bitaccelerator.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\connectionservices.connectionservices.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\demo.ebooknshandler (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbax.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.hbinfoband.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebutton.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttona.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.iebuttonb.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\smart-shopper.smrt-shprctrl.1 (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8cb0d898-a6a2-48c3-bbd7-862f85b18d46} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90f62ef7-58d1-4e8e-bb3e-cfb10ba9e47b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b2b92bc9-e149-4ee8-a93e-0b8cfb329808} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{866e38f6-b2f5-4c0e-b0b9-54b7d5bb8651} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9c453f21-396d-11d5-9734-70e252c10127} (Backdoor.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c1de446a-8770-4621-9378-f1922c74a36c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{431d251c-b43a-47d7-b4f4-07a101b432d6} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{022c671f-6cba-4a03-a8f9-3b3a361b235a} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ad815fc-607b-419f-8b70-d345a507a54e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{92860a02-4d69-48c1-82d7-ef6b2c609502} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6d7b211a-88ea-490c-bab9-3600d8d7c503} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b87b54f6-7cd5-45b2-b873-3f95c558768a} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fieryads (Adware.Adware.FearAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\smart-shopper (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Smart-Shopper (Adware.SmartShopper) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\clinker.clinkerbho.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin.1 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BitAccelerator (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ConnectionServices (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driver (Trojan.Downloader) -> No action taken.
Заражено значений реестра:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> No action taken.
Заражено папок:
C:\Documents and Settings\All Users\Application Data\Seekeen (Trojan.Agent) -> No action taken.
C:\Program Files\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Program Files\ConnectionServices (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds (Adware.Adware.FearAds) -> No action taken.
C:\Program Files\Microsoft Common (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =- (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Extreme Ty #9 On The Prowl (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5 (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1 (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Bin\2.5.1 (Adware.SmartShopper) -> No action taken.
Заражено файлов:
C:\WINDOWS\system32\winivstr.exe (Malware.Packer) -> No action taken.
C:\WINDOWS\Temp\~TM1D.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.0891\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.0891\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.2578\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.2578\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.8953\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX10.8953\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX01.391\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX01.391\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX96.391\Adobe CS3 Keygen Collection\Acrobat 3D 8.1.0.EXE (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Rar$EX96.391\Adobe CS3 Keygen Collection\Acrobat 8 Pro Keygen.exe (Backdoor.Bot) -> No action taken.
C:\Program Files\ConnectionServices\Uninstall.exe (Trojan.BHO) -> No action taken.
C:\Program Files\FieryAds\FieryAdsUninstall.exe (Adware.Adware.FearAds) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\BitAccelerator.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\All Users\Главное меню\Программы\BitAccelerator\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Rachel Nylon.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\wallpaper.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\What is BDSM.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Blonde-stravaganza\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Casey Parker's School's Out\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Impulsive Sex Acts\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\INTERNAL EXPLOSIONS 5\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Front Cover.jpg (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Local Settings\Temp\-= The Porn Collection =-\Pretty Young Ass\Summary.txt (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\Config.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Aliases.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\db\Sites.dbs (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\Phishinglist.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\dwld\WhiteList.xip (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\aggr_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\report\send_storage.xml (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\Smart-Shopper\cs\res1\WhiteList.dbs (Adware.SmartShopper) -> No action taken.
C:\Program Files\Smart-Shopper\Uninst.exe (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\User\Application Data\fieryads.dat (Adware.FieryAds) -> No action taken.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\msconftb.sys (Trojan.BHO) -> No action taken.
C:\Documents and Settings\User\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\User\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
[/CODE]
Page generated in 0.01572 seconds with 10 queries