Jump to content

Не ми се отварят google и youtube


Препоръчан пост

  • Отговори 54
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

ТОП потребители в тази тема

Публикувани изображения

Възможно е да е забранен във файла Hosts, да имате Hijack-нати настройки на DNS-a или дори рууткит от сорта на Alureon.

 

СТЪПКА 1

 

Изтеглете Malwarebytes' Anti-Malware от тук

 

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

 

  • * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
    * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
    * Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan.
    * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

 

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

 

СТЪПКА 2

 

Изтеглете OTL.exe и го запазете на десктопа.

 

Стартирайте файла http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png с двукратен клик на мишката.

 

Направете следните настройки:

 

http://i47.tinypic.com/f1a78i.jpg

 

Под "Custom Scans/Fixes" с copy/paste въведете следната информация:

 

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.*

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

sfcfiles.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%PROGRAMFILES%\*.

%userprofile%\Desktop\*.*

%userprofile%\Desktop\*.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

 

Натиснете Run Scan.

Като приключи проверката публикувайте двата лог файла - OTL.Txt и Extras.Txt.

Link to comment
Сподели другаде

Стартирайте OTL.exe и copy/paste под колонката "Custom Scans/Fixes" въведете това:

 

(Копирайте скрипта 1 към 1 като не забравяте двете точки преди OTL) !

 

:OTL

IE - HKU\S-1-5-21-1644491937-2000478354-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKU\S-1-5-21-1644491937-2000478354-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.

O4 - HKLM..\Run: [soundMan] File not found

O15 - HKU\S-1-5-21-1644491937-2000478354-839522115-1003\..Trusted Domains: ubb.bg ([ebb] https in Trusted sites)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\a215bc26.exe) - C:\WINDOWS\system32\a215bc26.exe (Tmuprrdxubyjixn Twinvlndfywcirhjbzadiwqpby Mtpyoxdrmcxiwmujvykycesidrqz)

O20 - HKLM Winlogon: UserInit - (\\?\globalroot\systemroot\system32\d0lcZ9O.exe) - \\?\globalroot\systemroot\system32\d0lcZ9O.exe ()

O33 - MountPoints2\{01e21419-bdf1-11dd-8846-0013d4dd196d}\Shell - "" = AutoRun

O33 - MountPoints2\{01e21419-bdf1-11dd-8846-0013d4dd196d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{01e21419-bdf1-11dd-8846-0013d4dd196d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - Reg Error: Value error. - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickTV.lnk - C:\PROGRA~1\AVerTV\QuickTV.exe - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Jordan^Start Menu^Programs^Startup^Digsys.lnk - - File not found

MsConfig - StartUpReg: AdobeBridge - hkey= - key= - File not found

MsConfig - StartUpReg: AVP - hkey= - key= - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe File not found

MsConfig - StartUpReg: Babylon Client - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: cctray - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found

MsConfig - StartUpReg: H2O - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found

MsConfig - StartUpReg: MyWebSearch Plugin - hkey= - key= - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL File not found

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: oovoo.exe - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: P17Helper - hkey= - key= - File not found

MsConfig - StartUpReg: PAC7302_Monitor - hkey= - key= - C:\WINDOWS\PixArt\PAC7302\Monitor.exe File not found

MsConfig - StartUpReg: PSwitch - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: Uniblue RegistryBooster 2009 - hkey= - key= - D:\Program files 2\Uniblue\RegistryBooster\RegistryBooster.exe File not found

MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found

MsConfig - StartUpReg: VoipStunt - hkey= - key= - Reg Error: Value error. File not found

[2010.03.06 15:19:48 | 000,074,752 | ---- | C] (Lasvyxgjlwykmqsmtvsuywe Beoowsqxvlszxuszxnlxvzgel) -- C:\WINDOWS\System32\6euNEyj.exe

[2010.03.06 14:20:33 | 000,074,752 | ---- | C] (Lasvyxgjlwykmqsmtvsuywe Beoowsqxvlszxuszxnlxvzgel) -- C:\WINDOWS\System32\TaygPy3.exe

[2010.03.06 14:06:53 | 000,074,752 | ---- | C] (Lasvyxgjlwykmqsmtvsuywe Beoowsqxvlszxuszxnlxvzgel) -- C:\WINDOWS\System32\lO0qoM2.exe

[2010.03.06 14:06:34 | 000,081,920 | ---- | C] (Ncaddgilnqsw) -- C:\WINDOWS\System32\d0lcZ9O.exe

[2010.03.06 14:06:21 | 000,031,232 | ---- | C] (Tmuprrdxubyjixn Twinvlndfywcirhjbzadiwqpby Mtpyoxdrmcxiwmujvykycesidrqz) -- C:\WINDOWS\System32\a215bc26.exe

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13

@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0

:files

C:\WINDOWS\System32\6euNEyj.exe

C:\WINDOWS\System32\TaygPy3.exe

C:\WINDOWS\System32\lO0qoM2.exe

C:\WINDOWS\System32\d0lcZ9O.exe

C:\WINDOWS\System32\a215bc26.exe

C:\WINDOWS\*.tmp

C:\*.tmp files -> C:\*.tmp

C:\WINDOWS\System32\*.tmp

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\Userinit.exe,"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\FlashFXP\FlashFXP.exe" =-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\(8) INSTAL\New Folder\Download\M-torrent\utorrent_mult100_seeder.exe" =-

"D:\(8) INSTAL\New Folder\Download\M-torrent\utorrent_mult10_seeder.exe" =-

"D:\(8) INSTAL\New Folder\Download\M-torrent\utorrent_mult100_leecher.exe" =-

"D:\Program files 2\uTorrent.exe" =-

"D:\Program files 2\VZOchat.exe" =-

"C:\Program Files\FlashFXP\FlashFXP.exe" =-

"D:\Program files 2\Programs\RM.exe" =-

"D:\Program files 2\Programs\Studio.exe" =-

"D:\Program files 2\Programs\umi.exe" =-

:Commands

[purity]

[emptytemp]

[resethosts]

[Reboot]

 

Натиснете бутона Run Fix

 

Ще се създаде лог файл. Копирайте го в следващия си пост.

 

След това архивирайте папката C:\_OTL и я качете някъде за да можем да я изтеглим.

Link to comment
Сподели другаде

незнам аз лично този проблем го имах преди, и след като го прейнсталирах се оправи :)

Лог файла:

 

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1644491937-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1644491937-2000478354-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SoundMan deleted successfully.

Registry key HKEY_USERS\S-1-5-21-1644491937-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ubb.bg\ebb\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\a215bc26.exe deleted successfully.

C:\WINDOWS\system32\a215bc26.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:\\?\globalroot\systemroot\system32\d0lcZ9O.exe deleted successfully.

File move failed. \\?\globalroot\systemroot\system32\d0lcZ9O.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01e21419-bdf1-11dd-8846-0013d4dd196d}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01e21419-bdf1-11dd-8846-0013d4dd196d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01e21419-bdf1-11dd-8846-0013d4dd196d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01e21419-bdf1-11dd-8846-0013d4dd196d}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01e21419-bdf1-11dd-8846-0013d4dd196d}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01e21419-bdf1-11dd-8846-0013d4dd196d}\ not found.

File G:\LaunchU3.exe not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk\ deleted successfully.

C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk\ deleted successfully.

C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickTV.lnk\ deleted successfully.

C:\WINDOWS\pss\QuickTV.lnkCommon Startup moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^Jordan^Start Menu^Programs^Startup^Digsys.lnk\ deleted successfully.

C:\WINDOWS\pss\Digsys.lnkStartup moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AdobeBridge\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\AVP\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Babylon Client\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\cctray\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CTFMON.EXE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\H2O\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KernelFaultCheck\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MyWebSearch Plugin\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\oovoo.exe\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\P17Helper\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PAC7302_Monitor\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PSwitch\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SUPERAntiSpyware\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Uniblue RegistryBooster 2009\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\updateMgr\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\VoipStunt\ deleted successfully.

C:\WINDOWS\system32\6euNEyj.exe moved successfully.

C:\WINDOWS\system32\TaygPy3.exe moved successfully.

C:\WINDOWS\system32\lO0qoM2.exe moved successfully.

C:\WINDOWS\system32\d0lcZ9O.exe moved successfully.

File C:\WINDOWS\System32\a215bc26.exe not found.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0 deleted successfully.

========== FILES ==========

File\Folder C:\WINDOWS\System32\6euNEyj.exe not found.

File\Folder C:\WINDOWS\System32\TaygPy3.exe not found.

File\Folder C:\WINDOWS\System32\lO0qoM2.exe not found.

File\Folder C:\WINDOWS\System32\d0lcZ9O.exe not found.

File\Folder C:\WINDOWS\System32\a215bc26.exe not found.

C:\WINDOWS\SET3.tmp moved successfully.

C:\WINDOWS\SET4.tmp moved successfully.

C:\WINDOWS\SET41.tmp moved successfully.

C:\WINDOWS\SET44.tmp moved successfully.

C:\WINDOWS\SET50.tmp moved successfully.

C:\WINDOWS\SET8.tmp moved successfully.

File\Folder C:\*.tmp files -> C:\*.tmp not found.

C:\WINDOWS\System32\~GLH002e.TMP moved successfully.

C:\WINDOWS\System32\~GLH003d.TMP moved successfully.

C:\WINDOWS\System32\~GLH0046.TMP moved successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\WINDOWS\\system32\\Userinit.exe," /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\FlashFXP\FlashFXP.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\(8) INSTAL\New Folder\Download\M-torrent\utorrent_mult100_seeder.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\(8) INSTAL\New Folder\Download\M-torrent\utorrent_mult10_seeder.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\(8) INSTAL\New Folder\Download\M-torrent\utorrent_mult100_leecher.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program files 2\uTorrent.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program files 2\VZOchat.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FlashFXP\FlashFXP.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program files 2\Programs\RM.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program files 2\Programs\Studio.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program files 2\Programs\umi.exe deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Jordan

->Temp folder emptied: 299158906 bytes

->Temporary Internet Files folder emptied: 10528048 bytes

->Java cache emptied: 2921231 bytes

->FireFox cache emptied: 72058011 bytes

->Opera cache emptied: 326938 bytes

->Flash cache emptied: 2113049 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 118098 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1142465 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 110538 bytes

RecycleBin emptied: 295258 bytes

 

Total Files Cleaned = 371,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.1.34.0 log created on 03082010_124037

 

Files\Folders moved on Reboot...

File\Folder \\?\globalroot\systemroot\system32\d0lcZ9O.exe not found!

 

Registry entries deleted on Reboot...

Link to comment
Сподели другаде

Има ли промяна при отварянето на тези страници ?

 

Понеже вирусите се ловят от NOD32 като Win32/Spy.Shiz.NAE и от TrendMicro като - TROJ_AGENT.SMH, моля направете следните две проверки:

 

СТЪПКА 1

 

Eset Online Scanner

 

1) Изтеглете: ESET Online Scanner

2) Стартирайте esetsmartinstaller_enu.exe

3) Сложете отметка на YES, I accept the Terms of Use и изберете Start

4) Скенерът ще започне да изтегля компонентите, които са му необходими.

5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

 


  • Remove found threats
  • Scan archives
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

 

И накрая изберете Start

 

6) Скенерът ще започне да изтегля последните дефиниции.

7) След, като сканирането завърши изберете Finish.

8) Отидете в:

C:\Program Files\ESET\ESET Online Scanner

 

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост тук.

 

СТЪПКА 2

 

http://www.trendmicro.com/global/en/images/header-logo.gif

 

Изтеглете следните 3-части:

 

[*]Sysclean Package

[*]Virus Pattern Files - Official Pattern Release

[*]Spyware Pattern Files - Detection and Cleanup (Trend Micro Anti-Spyware) – Ssapiptn.Da5

 

Направете папка на дял C:\ (или място по-избор) с име TrendMicro

Копирайте там и 3-те изтеглени файлове.

Разархивирайте вирусните и антишпионските дефиниции.

Стартирайте sysclean.com => уверете се, че следните отметки са поставени:

 

http://img293.imageshack.us/img293/6662/74939363qc7.jpg

 

Изберете бутона SCAN.

След края на проверката, отворете отново папката C:\TrendMicro и копирайте съдържанието на лог файла sysclean.log в следващия си пост.

Link to comment
Сподели другаде

За съжаление нямаше промяна.

Опитах се да направя горепосоченото, но......

 

Оказа се че сайта на НОД е един от малкото, които имат проблем с отварянето. Успях все пак да намеря файла "ESET Online Scanner" .

Стартирах скенера, но сканирането не започна и ми изписа "Can no get update. Is proxy configured". Виждам че има някакви настройки -configure / proxy server settings, въведох там данните за едно прокси, но ми изписа същата грешка.

Възможно ли е да използвам друг скенер или има друг начин да си продължа процеса?

 

Да продължа ли със СТЪПКА 2?

Link to comment
Сподели другаде

Да пробвайте със стъпка 2.

 

Хммм, да не би да имате наложено proxy от гадинката:

 

Отворете Internet Explorer => Tools => Internet Options =>

 

http://img.bleepingcomputer.com/swr-guides/tools/proxy/tools-internet-options.jpg

 

Connections

 

http://img.bleepingcomputer.com/swr-guides/tools/proxy/internet-options.jpg

 

Lan Settings

 

http://img.bleepingcomputer.com/swr-guides/tools/proxy/connections.jpg

 

и ако има отметка от реда "Use a proxy server for your LAN" я премахнете:

 

http://img.bleepingcomputer.com/swr-guides/tools/proxy/uncheck-proxy.jpg

 

Обновете дефинициите на Malwarebytes' Anti-Malware и направете нова проверка.

Почистете намерените обекти и публикувайте лог файла.

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...

×
×
  • Създай ново...