Показано с 1 по 4 из 4.

Virus / trojan redirecting web sites

  1. #1
    Junior Member Репутация
    Регистрация
    14.02.2009
    Сообщений
    2
    Вес репутации
    33

    Virus / trojan redirecting web sites

    I i'm having a problem with a virus / trojan, i've done all that i could, and now i need u guys to see if you can find something i didnt noticed.
    I've scanned with avg, avast, used hijack this, Kaspersky,
    it found a few trojans,

    the last trj i found was called: gaopdxsuhveheb.dll in C:\windws\system32 (Win32:Fasec [Trj] )

    here's a few logs.

    Please help, i really dont want to reformat

    - Kaspersky -

    <AVZ_CollectSysInfo>
    --------------------
    Start time: 13/02/2009 2:19:23 PM
    Duration: 00:02:44
    Finish time: 13/02/2009 2:22:07 PM


    <AVZ_CollectSysInfo>
    --------------------
    Time Event
    ---- -----
    13/02/2009 2:19:25 PM Windows version: Windows Vista (TM) Home Premium, Build=6001, SP="Service Pack 1"
    13/02/2009 2:19:25 PM System Restore: enabled
    13/02/2009 2:19:31 PM 1.1 Searching for user-mode API hooks
    13/02/2009 2:19:31 PM Analysis: kernel32.dll, export table found in section .text
    13/02/2009 2:19:31 PM Function kernel32.dll:CreateProcessA (151) intercepted, method ProcAddressHijack.GetProcAddress ->75E81C36->61F03F42
    13/02/2009 2:19:31 PM Hook kernel32.dll:CreateProcessA (151) blocked
    13/02/2009 2:19:31 PM Function kernel32.dll:CreateProcessW (154) intercepted, method ProcAddressHijack.GetProcAddress ->75E81C01->61F04040
    13/02/2009 2:19:31 PM Hook kernel32.dll:CreateProcessW (154) blocked
    13/02/2009 2:19:31 PM Function kernel32.dll:FreeLibrary (335) intercepted, method ProcAddressHijack.GetProcAddress ->75EC08F8->61F041FC
    13/02/2009 2:19:31 PM Hook kernel32.dll:FreeLibrary (335) blocked
    13/02/2009 2:19:31 PM Function kernel32.dll:GetModuleFileNameA (503) intercepted, method ProcAddressHijack.GetProcAddress ->75EC440D->61F040FB
    13/02/2009 2:19:31 PM Hook kernel32.dll:GetModuleFileNameA (503) blocked
    13/02/2009 2:19:31 PM Function kernel32.dll:GetModuleFileNameW (504) intercepted, method ProcAddressHijack.GetProcAddress ->75EC58E5->61F041A0
    13/02/2009 2:19:31 PM Hook kernel32.dll:GetModuleFileNameW (504) blocked
    13/02/2009 2:19:31 PM Function kernel32.dll:GetProcAddress (54 intercepted, method ProcAddressHijack.GetProcAddress ->75ECB8B6->61F04648
    13/02/2009 2:19:31 PM Hook kernel32.dll:GetProcAddress (54 blocked
    13/02/2009 2:19:31 PM Function kernel32.dlloadLibraryA (759) intercepted, method ProcAddressHijack.GetProcAddress ->75EA9491->61F03C6F
    13/02/2009 2:19:31 PM Hook kernel32.dlloadLibraryA (759) blocked
    13/02/2009 2:19:31 PM >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
    13/02/2009 2:19:31 PM Function kernel32.dlloadLibraryExA (760) intercepted, method ProcAddressHijack.GetProcAddress ->75EA9469->61F03DAF
    13/02/2009 2:19:31 PM Hook kernel32.dlloadLibraryExA (760) blocked
    13/02/2009 2:19:31 PM >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
    13/02/2009 2:19:31 PM Function kernel32.dlloadLibraryExW (761) intercepted, method ProcAddressHijack.GetProcAddress ->75EA30C3->61F03E5A
    13/02/2009 2:19:31 PM Hook kernel32.dlloadLibraryExW (761) blocked
    13/02/2009 2:19:31 PM Function kernel32.dlloadLibraryW (762) intercepted, method ProcAddressHijack.GetProcAddress ->75EA361F->61F03D0C
    13/02/2009 2:19:31 PM Hook kernel32.dlloadLibraryW (762) blocked
    13/02/2009 2:19:31 PM IAT modification detected: LoadLibraryW - 01AA0010<>75EA361F
    13/02/2009 2:19:31 PM Analysis: ntdll.dll, export table found in section .text
    13/02/2009 2:19:31 PM Analysis: user32.dll, export table found in section .text
    13/02/2009 2:19:31 PM Analysis: advapi32.dll, export table found in section .text
    13/02/2009 2:19:31 PM Analysis: ws2_32.dll, export table found in section .text
    13/02/2009 2:19:31 PM Analysis: wininet.dll, export table found in section .text
    13/02/2009 2:19:31 PM Analysis: rasapi32.dll, export table found in section .text
    13/02/2009 2:19:31 PM Analysis: urlmon.dll, export table found in section .text
    13/02/2009 2:19:31 PM Analysis: netapi32.dll, export table found in section .text
    13/02/2009 2:19:32 PM 1.2 Searching for kernel-mode API hooks
    13/02/2009 2:19:34 PM Driver loaded successfully
    13/02/2009 2:19:34 PM SDT found (RVA=12C8C0)
    13/02/2009 2:19:34 PM Kernel ntoskrnl.exe found in memory at address 81C07000
    13/02/2009 2:19:34 PM SDT = 81D338C0
    13/02/2009 2:19:34 PM KiST = 81C748D0 (391)
    13/02/2009 2:19:34 PM Function NtEnumerateKey (85) - machine code modification Method of JmpTo. jmp 860992DC
    13/02/2009 2:19:34 PM >>> Function restored successfully !
    13/02/2009 2:19:34 PM Function NtFlushInstructionCache (8D) - machine code modification Method of JmpTo. jmp 860937EC
    13/02/2009 2:19:34 PM >>> Function restored successfully !
    13/02/2009 2:19:34 PM Function NtQueryValueKey (FC) - machine code modification Method of JmpTo. jmp 860937B4
    13/02/2009 2:19:34 PM >>> Function restored successfully !
    13/02/2009 2:19:34 PM Function IofCallDriver (81C4D169) - machine code modification Method of JmpTo. jmp 86099B7A
    13/02/2009 2:19:34 PM >>> Function restored successfully !
    13/02/2009 2:19:34 PM Function IofCompleteRequest (81C4D1D6) - machine code modification Method of JmpTo. jmp 86FD8CD3
    13/02/2009 2:19:34 PM >>> Function restored successfully !
    13/02/2009 2:19:35 PM Functions checked: 391, intercepted: 0, restored: 5
    13/02/2009 2:19:35 PM 1.3 Checking IDT and SYSENTER
    13/02/2009 2:19:35 PM Analysis for CPU 1
    13/02/2009 2:19:35 PM Analysis for CPU 2
    13/02/2009 2:19:35 PM Checking IDT and SYSENTER - complete
    13/02/2009 2:19:36 PM 1.4 Searching for masking processes and drivers
    13/02/2009 2:19:36 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
    13/02/2009 2:19:36 PM Driver loaded successfully
    13/02/2009 2:19:36 PM 1.5 Checking of IRP handlers
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_CREATE] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_CLOSE] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_WRITE] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_QUERY_INFORMATION] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_SET_INFORMATION] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_QUERY_EA] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_SET_EA] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_QUERY_VOLUME_INFORMATION] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_SET_VOLUME_INFORMATION] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_DIRECTORY_CONTROL] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_FILE_SYSTEM_CONTROL] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_DEVICE_CONTROL] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_LOCK_CONTROL] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_QUERY_SECURITY] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_SET_SECURITY] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \FileSystem\ntfs[IRP_MJ_PNP] = 8461E1F8 -> hook not defined
    13/02/2009 2:19:36 PM \driver\tcpip[IRP_MJ_CREATE_NAMED_PIPE] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:36 PM \driver\tcpip[IRP_MJ_READ] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_WRITE] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_QUERY_INFORMATION] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_SET_INFORMATION] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_QUERY_EA] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_SET_EA] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_FLUSH_BUFFERS] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:37 PM \driver\tcpip[IRP_MJ_QUERY_VOLUME_INFORMATION] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_SET_VOLUME_INFORMATION] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_DIRECTORY_CONTROL] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_FILE_SYSTEM_CONTROL] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_SHUTDOWN] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_LOCK_CONTROL] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_CREATE_MAILSLOT] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:38 PM \driver\tcpip[IRP_MJ_QUERY_SECURITY] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_SET_SECURITY] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_POWER] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_SYSTEM_CONTROL] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_DEVICE_CHANGE] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_QUERY_QUOTA] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_SET_QUOTA] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:39 PM \driver\tcpip[IRP_MJ_PNP] = 81C96827 -> C:\Windows\system32\ntoskrnl.exe, driver recognized as trusted
    13/02/2009 2:19:39 PM Checking - complete
    13/02/2009 2:19:40 PM C:\Windows\system32\avgrsstx.dll --> Suspicion for Keylogger or Trojan DLL
    13/02/2009 2:19:40 PM C:\Windows\system32\avgrsstx.dll>>> Behavioral analysis
    13/02/2009 2:19:40 PM Behaviour typical for keyloggers not detected
    13/02/2009 2:19:42 PM Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs
    13/02/2009 2:19:58 PM Latent loading of libraries through AppInit_DLLs suspected: "avgrsstx.dll"
    13/02/2009 2:19:59 PM >>> C:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
    13/02/2009 2:19:59 PM >>> D:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
    13/02/2009 2:19:59 PM >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-26
    13/02/2009 2:19:59 PM >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
    13/02/2009 2:19:59 PM >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
    13/02/2009 2:19:59 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
    13/02/2009 2:19:59 PM >> Security: disk drives' autorun is enabled
    13/02/2009 2:19:59 PM >> Security: administrative shares (C$, D$ ...) are enabled
    13/02/2009 2:19:59 PM >> Security: anonymous user access is enabled
    13/02/2009 200 PM >> Security: sending Remote Assistant queries is enabled
    13/02/2009 204 PM >> Disable HDD autorun
    13/02/2009 204 PM >> Disable autorun from network drives
    13/02/2009 204 PM >> Disable CD/DVD autorun
    13/02/2009 204 PM >> Disable removable media autorun
    13/02/2009 205 PM System Analysis in progress
    13/02/2009 2:22:07 PM System Analysis - complete
    13/02/2009 2:22:07 PM Delete file:C:\Users\Big Shu\Desktop\Virus Removal Tool\is-OCAVP\LOG\avptool_syscheck.htm
    13/02/2009 2:22:07 PM Delete file:C:\Users\Big Shu\Desktop\Virus Removal Tool\is-OCAVP\LOG\avptool_syscheck.xml
    13/02/2009 2:22:07 PM Deleting service/driver: utmwntcz
    13/02/2009 2:22:07 PM Delete file:C:\Windows\system32\Drivers\utmwntcz.sys
    13/02/2009 2:22:07 PM Deleting service/driver: ujmwntcz
    13/02/2009 2:22:07 PM Script executed without errors


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:37:10 PM, on 13/02/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\Utilities\VolControl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\Big Shu\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\Big Shu\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Big Shu\AppData\Local\Google\Chrome\Application\chrome .exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Users\Big Shu\AppData\Local\Google\Chrome\Application\chrome .exe
    C:\Users\Big Shu\AppData\Local\Google\Chrome\Application\chrome .exe
    C:\Users\Big Shu\AppData\Local\Google\Chrome\Application\chrome .exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [googletalk] C:\Users\Big Shu\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Big Shu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: is-OCAVP.lnk = C:\Users\Big Shu\Desktop\Virus Removal Tool\is-OCAVP\startup.exe
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/reso...PUplden-ca.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7080 bytes

  2. #2
    Visiting Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для light59
    Регистрация
    14.07.2008
    Адрес
    Пермь
    Сообщений
    5,492
    Вес репутации
    590

  3. #3
    Junior Member Репутация
    Регистрация
    14.02.2009
    Сообщений
    2
    Вес репутации
    33
    A few web sites also tell me this:
    Your computer (IP: 68.149.230.114) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'


    I attached the AVG log.
    Вложения Вложения

  4. #4

Похожие темы

  1. Kaspersky Anti-Virus: forbidden incoming virus Trojan-Downloader.BAT.Small.aq
    От makstarikov в разделе Помогите!
    Ответов: 28
    Последнее сообщение: 29.06.2012, 13:01
  2. Redirecting search page. Appreciate any help
    От allawi в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 30.12.2009, 09:11
  3. Virus hijacking browser, redirecting websites
    От btang в разделе Malware Removal Service
    Ответов: 2
    Последнее сообщение: 19.11.2008, 00:43
  4. Virus redirecting my requests to 127.0.0.0
    От monetto в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 16.11.2008, 18:43
  5. What do Internet sites know about you?
    От XP user в разделе Microsoft Windows for professionals
    Ответов: 0
    Последнее сообщение: 21.11.2007, 16:54

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01432 seconds with 17 queries