Много гаден вирус

[vilkata100]

Имам проблем с компютъра ми.Преди около една седмица си изтеглих програмата Adobe Flash Player и щом си я изтеглих и започнах да си я инсталвам ми изписа в долния десен ъгъл: Trojan и от доло Remove(не съм сигурен че вируса е от програмата) и аз веднага натиснах да го трия но щом се рестартира ми зареди Windows на ХП съм и ми се показа черен екран с някакъв надпис Microsoft® Celeron® и там някакви цифри и букви разбъркани само на един ред и в четрите страни на екрана ми пишеше Save Mode но не ставаше да се цъкнат и от самосебеси Windows пак зареди и се пусна и беше съвсем нормално абсолутно всичко само където антивирусната ми(аз съм на ЕСЕТ НОД 32) ми пишеше,че е в повишено внимание и че няма нужда от мой дейсвия.Помислих ,че съм се отървал ,но на следвашия ден започна шом вкуча компа и след около 10-15 секунди той се рестартираше.Това ми го правеше и преди това и мислех че има повреда просто и не ми направи впечатление.Тогава имам проблеми със зареждането(много бавно зарежда),с facebook и Skype(не мога да си влезна в тях) и оше какво ли не.Реших да си инсталирам Avasta за да си сканирам компа за вируси но шом я инсталирах компа се рестартира и пак ми излезе съшия надпис като миналия път Microsoft® Celeron® и тези букви и цифри и пак се оправи ,но сега като цъкна на иконката доло и се опитах да го сканирам то ми показва АБСОЛУТНО СЪШИЯ НАДПИС като на Нод 32 само че е сменено само имаето на праграмата.Иначе абсолутно съшия надпис,фон са едни и същи.Вече незнам какво да направя и се опитвам да избегна да го преинсталирам и се допитвам до вас тъй като виждам че тук в този форум има много хора който разбират от това .МЕРСИ ПРЕДВАРИТЕЛНО зашото много вярвам че ше се оправя с съвети мерси

[kras4ooo]

Направи всичко описана в тези стъпки:

Стъпки

[vilkata100]

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

 

Версия на базата от данни: 8097

 

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

 

06.11.2011 г. 20:06:07

mbam-log-2011-11-06 (20-06-07).txt

 

Тип сканиране: Бързо сканиране

Сканирани обекти: 178724

Изминало време: 6 минута(и), 16 секунда(и)

 

Заразени процеси в паметта: 14

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 18

Заразени стойности в регистратурата: 15

Заразени информационни обекти в регистратурата: 5

Заразени папки: 4

Заразени файлове: 41

 

Заразени процеси в паметта:

c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Agent) -> 2032 -> Unloaded process successfully.

c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Agent) -> 192 -> Unloaded process successfully.

c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2164 -> Unloaded process successfully.

c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2436 -> Unloaded process successfully.

c:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 2416 -> Unloaded process successfully.

c:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 3012 -> Unloaded process successfully.

c:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1428 -> Unloaded process successfully.

c:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 3728 -> Unloaded process successfully.

c:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 556 -> Unloaded process successfully.

c:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> 1624 -> Unloaded process successfully.

c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 2672 -> Unloaded process successfully.

c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> 2780 -> Unloaded process successfully.

c:\WINDOWS\ufa\ufa.exe (PUP.BitMiner) -> 3580 -> Not selected for removal.

c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Agent) -> 1888 -> Unloaded process successfully.

 

Заразени модули в паметта:

(Не бяха открити зловредни обекти)

 

Заразени ключове в регистратурата:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Dropper.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\TWK70 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Заразени стойности в регистратурата:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Agent) -> Value: tray_ico1 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Agent) -> Value: wxpdrv -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\351712.exe (Trojan.Agent) -> Value: 351712.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\734006.exe (Trojan.Agent) -> Value: 734006.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5298154.exe (Trojan.Agent) -> Value: 5298154.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\683511.exe (Trojan.Agent) -> Value: 683511.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1137040.exe (Trojan.Dropper.H) -> Value: 1137040.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4137794.exe (Trojan.Agent) -> Value: 4137794.exe -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\twk70\n (Malware.Trace) -> Value: n -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

 

Заразени информационни обекти в регистратурата:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SAFEBOOT\AlternateShell (Hijack.Altshell) -> Bad: (services32.exe) Good: (cmd.exe) -> Quarantined and deleted successfully.

 

Заразени папки:

c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\funwebproducts\Installr\8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Заразени файлове:

c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\update.2\svchost.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.

c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\ufa\ufa.exe (PUP.BitMiner) -> Not selected for removal.

c:\WINDOWS\update.tray-7-0-lnk\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\services32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\123\local settings\Temp\351712.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\734006.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\123\local settings\Temp\5298154.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\683511.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\1137040.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\4137794.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\123\local settings\Temp\2731080.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\123\local settings\Temp\6547272.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\3648264.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\5811796.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\66682_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\9169038.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\5314630.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\5679275.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\9692862.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\311194769.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\Temp\645872381.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.

c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

 

това е всичко което ми показа като писмен документ

[B-boy/StyLe/]

Здравейте,

• Изтеглете OTL.exe и го запазете на десктопа.
  
• Стартирайте файла http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png с двукратен клик на мишката.
  
• Сложете отметка пред Scan All Users http://img408.imageshack.us/img408/1442/46625204.png
  
• Под менюто File Age => изберете 90 days
  
• Под менюто Standard Registry => променете на ALL
  
• Сложете отметки пред LOP и Purity Check
  

• Под http://store.picbg.net/pubpic/0A/C1/c814d031472c0ac1.png с Copy/ Paste въведете следната текстова информация:
  

netsvcs

msconfig

safebootminimal

safebootnetwork

%SYSTEMDRIVE%\*.*

%USERPROFILE%\*.*

%USERPROFILE%\Application Data\*.*

%USERPROFILE%\Local Settings\Application Data\*.*

%AllUsersProfile%\*.*

%AllUsersProfile%\Application Data\*.*

%USERPROFILE%\My Documents\*.*

%CommonProgramFiles%\*.*

%PROGRAMFILES%\*.*

%systemroot%\system32\config\systemprofile\*.*

%windir%\temp*.* /S /MD5

%systemroot%\assembly\tmp\*.* /S /MD5

%systemroot%\assembly\GAC_32\*.* /S /MD5

%systemroot%\assembly\GAC_MSIL\*.* /S /MD5

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /90

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

/md5start

explorer.exe

lsass.exe

svchost.exe

wininit.exe

winlogon.exe

userinit.exe

atapi.sys

iaStor.sys

volsnap.sys

disk.sys

afd.sys

redbook.sys

i8042prt.sys

serial.sys

/md5stop

• Натиснете маркираният в синьо бутон: http://i50.tinypic.com/30rn2na.jpg.
  
• Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt.
  
• Публикувайте съдържанието на лог файловете в следващия си коментар.
  

[vilkata100]

ето това са файловете

OTL.Txt

Extras.Txt

[Бетонов]

Имам проблем с компютъра ми.Преди около една седмица си изтеглих програмата Adobe Flash Player и щом си я изтеглих и започнах да си я инсталвам ми изписа в долния десен ъгъл: Trojan и от доло Remove(не съм сигурен че вируса е от програмата) и аз веднага натиснах да го трия но щом се рестартира ми зареди Windows на ХП съм и ми се показа черен екран с някакъв надпис Microsoft® Celeron® и там някакви цифри и букви разбъркани само на един ред и в четрите страни на екрана ми пишеше Save Mode но не ставаше да се цъкнат и от самосебеси Windows пак зареди и се пусна и беше съвсем нормално абсолутно всичко само където антивирусната ми(аз съм на ЕСЕТ НОД 32) ми пишеше,че е в повишено внимание и че няма нужда от мой дейсвия.Помислих ,че съм се отървал ,но на следвашия ден започна шом вкуча компа и след около 10-15 секунди той се рестартираше.Това ми го правеше и преди това и мислех че има повреда просто и не ми направи впечатление.Тогава имам проблеми със зареждането(много бавно зарежда),с facebook и Skype(не мога да си влезна в тях) и оше какво ли не.Реших да си инсталирам Avasta за да си сканирам компа за вируси но шом я инсталирах компа се рестартира и пак ми излезе съшия надпис като миналия път Microsoft® Celeron® и тези букви и цифри и пак се оправи ,но сега като цъкна на иконката доло и се опитах да го сканирам то ми показва АБСОЛУТНО СЪШИЯ НАДПИС като на Нод 32 само че е сменено само имаето на праграмата.Иначе абсолутно съшия надпис,фон са едни и същи.Вече незнам какво да направя и се опитвам да избегна да го преинсталирам и се допитвам до вас тъй като виждам че тук в този форум има много хора който разбират от това .МЕРСИ ПРЕДВАРИТЕЛНО зашото много вярвам че ше се оправя с съвети мерси

Трагедия!!!

Вярно било, че положението е много зле!

[vilkata100]

еми и аз така си мисля щото ми откри 90 вируса :X и са какво да направя ??? съвети ???

[s.feradov]

Не разбрахте намека на Бетонов.

 

Не правете нищо със системата, а изчакайте B-boy/StyLe/ да разгледа лог файловете от OTL и да предприеме необходимите действия. Всяка намеса от ваша страна, без изричното разрешение на някои от хората, опитващи се да Ви помогнат, може да попречи на разрешаването на проблема.

 

Мога да разгледам лог файловете от OTL, но това е проблем, с който се е заел B-boy/StyLe/ и мисля, че е етично, да не се намесвам.

[B-boy/StyLe/]

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

 

 

:OTL
SRV - File not found [Auto | Stopped] --  -- (jkardgkn)
NetSvcs: jkardgkn -  File not found
IE - HKU\S-1-5-21-1229272821-2052111302-839522115-1003\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\InprocServer32 File not found
IE - HKU\S-1-5-21-1229272821-2052111302-839522115-1003\..\URLSearchHook: {6b86eb8d-c199-4355-bdbe-53ee685fe4c8} - SOFTWARE\Classes\CLSID\{6b86eb8d-c199-4355-bdbe-53ee685fe4c8}\InprocServer32 File not found
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2011.07.13 07:11:05 | 000,002,394 | ---- | M] () -- C:\Documents and Settings\123\Application Data\Mozilla\Firefox\Profiles\zpp7zgfk.default\searchplugins\askcom.xml
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll File not found
O2 - BHO: (Softonic web Toolbar) - {6b86eb8d-c199-4355-bdbe-53ee685fe4c8} - C:\Program Files\Softonic_web\tbSoft.dll File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll File not found
O3 - HKLM\..\Toolbar: (Softonic web Toolbar) - {6b86eb8d-c199-4355-bdbe-53ee685fe4c8} - C:\Program Files\Softonic_web\tbSoft.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (Brothersoft Toolbar) - {e8de9422-3b2c-4243-bf6f-235da84d8ef8} - C:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1229272821-2052111302-839522115-1003\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1229272821-2052111302-839522115-1003\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll File not found
O3 - HKU\S-1-5-21-1229272821-2052111302-839522115-1003\..\Toolbar\WebBrowser: (Softonic web Toolbar) - {6B86EB8D-C199-4355-BDBE-53EE685FE4C8} - C:\Program Files\Softonic_web\tbSoft.dll File not found
O3 - HKU\S-1-5-21-1229272821-2052111302-839522115-1003\..\Toolbar\WebBrowser: (Brothersoft Toolbar) - {E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} - C:\Program Files\Brothersoft\prxtbBro2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico2]  File not found
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKU\S-1-5-21-1229272821-2052111302-839522115-1003..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t File not found
O4 - HKU\S-1-5-21-1229272821-2052111302-839522115-1003..\Run: [OscarEditor] "C:\Program Files\MouseGestures\\OscarEditor.exe" Minimum File not found
O4 - HKU\S-1-5-21-1229272821-2052111302-839522115-1003..\Run: [RegistryCleanerPro] C:\Program Files\iXi Tools\Registry Cleaner Pro\RegistryCleanerPro.exe -t File not found
O4 - HKU\.DEFAULT..\RunOnce: [showDeskFix]
O4 - HKU\S-1-5-18..\RunOnce: [showDeskFix]
O4 - HKU\S-1-5-19..\RunOnce: [showDeskFix]
O4 - HKU\S-1-5-20..\RunOnce: [showDeskFix]
O33 - MountPoints2\{d0e69ad4-0ffd-11e0-9917-001966432e56}\Shell\AutoRun\command - "" = F:\avira.exe
[2011.10.29 19:27:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0-lnk
[2011.10.29 19:27:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0
[2011.10.29 19:06:18 | 001,109,504 | -H-- | M] (Cronosoft) MD5=B1915590B6B236F05FF3598641A2E664 -- C:\WINDOWS\update.tray-2-0-lnk\svchost.exe
[2011.11.04 16:25:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk
[2011.11.04 16:25:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0
[2011.10.30 18:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.10.30 18:20:21 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.10.30 18:20:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.10.30 18:20:20 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.10.30 18:18:28 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.10.30 18:18:26 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.10.30 18:18:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.10.30 18:18:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.10.29 19:28:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.10.29 19:27:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.10.30 18:20:20 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.10.30 18:18:26 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.10.30 18:18:12 | 000,000,113 | ---- | C] () -- C:\WINDOWS\info1
[2011.10.30 18:15:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:C41CE1F6
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1
:files
c:\windows\nvsvc32.exe
C:\Documents and Settings\123\My Documents\Downloads\facebook-pic000934519.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.tray-2-0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\services32.exe
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\123\My Documents\Downloads\facebook-pic000934519.exe"=-
"C:\WINDOWS\update.1\svchost.exe"=-
"C:\WINDOWS\update.tray-2-0\svchost.exe"=-
"C:\WINDOWS\update.2\svchost.exe"=-
"C:\WINDOWS\services32.exe"=-
:commands
[resethosts]
[emptytemp]

 

 

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

Ако лог файл липсва, проверете в папката C:\_OTL\MovedFiles

[vilkata100]

All processes killed

========== OTL ==========

Service jkardgkn stopped successfully!

Service jkardgkn deleted successfully!

jkardgkn removed from NetSvcs value successfully!

Error: No service named jkardgkn was found to stop!

Service\Driver key jkardgkn not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6b86eb8d-c199-4355-bdbe-53ee685fe4c8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b86eb8d-c199-4355-bdbe-53ee685fe4c8}\ deleted successfully.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

C:\Documents and Settings\123\Application Data\Mozilla\Firefox\Profiles\zpp7zgfk.default\searchplugins\askcom.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b86eb8d-c199-4355-bdbe-53ee685fe4c8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b86eb8d-c199-4355-bdbe-53ee685fe4c8}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ deleted successfully.

C:\Program Files\Brothersoft\prxtbBro2.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6b86eb8d-c199-4355-bdbe-53ee685fe4c8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b86eb8d-c199-4355-bdbe-53ee685fe4c8}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.

File C:\Program Files\Brothersoft\prxtbBro2.dll not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6B86EB8D-C199-4355-BDBE-53EE685FE4C8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B86EB8D-C199-4355-BDBE-53EE685FE4C8}\ not found.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}\ not found.

File C:\Program Files\Brothersoft\prxtbBro2.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\DriverUpdaterPro deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\OscarEditor deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1229272821-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryCleanerPro deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.

File not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.

File not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.

File not found.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.

File not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0e69ad4-0ffd-11e0-9917-001966432e56}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0e69ad4-0ffd-11e0-9917-001966432e56}\ not found.

File F:\avira.exe not found.

C:\WINDOWS\update.tray-2-0-lnk folder moved successfully.

C:\WINDOWS\update.tray-2-0 folder moved successfully.

File C:\WINDOWS\update.tray-2-0-lnk\svchost.exe not found.

C:\WINDOWS\update.tray-7-0-lnk folder moved successfully.

C:\WINDOWS\update.tray-7-0 folder moved successfully.

C:\WINDOWS\ufa folder moved successfully.

C:\WINDOWS\ufa.rar moved successfully.

C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.

C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.

C:\WINDOWS\phoenix\kernels folder moved successfully.

C:\WINDOWS\phoenix folder moved successfully.

C:\WINDOWS\phoenix.rar moved successfully.

C:\WINDOWS\geoiplist moved successfully.

C:\WINDOWS\geoiplist.rar moved successfully.

C:\WINDOWS\update.5.0 folder moved successfully.

C:\WINDOWS\update.2 folder moved successfully.

C:\WINDOWS\av_ico folder moved successfully.

C:\WINDOWS\update.1 folder moved successfully.

C:\WINDOWS\rpcminer.rar moved successfully.

C:\WINDOWS\unrar.exe moved successfully.

C:\WINDOWS\info1 moved successfully.

C:\WINDOWS\loader2.exe_ok moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\Temp:C41CE1F6 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\Temp:D1B5B4F1 deleted successfully.

========== FILES ==========

File\Folder c:\windows\nvsvc32.exe not found.

File\Folder C:\Documents and Settings\123\My Documents\Downloads\facebook-pic000934519.exe not found.

File\Folder C:\WINDOWS\update.1\svchost.exe not found.

File\Folder C:\WINDOWS\update.tray-2-0\svchost.exe not found.

File\Folder C:\WINDOWS\update.2\svchost.exe not found.

File\Folder C:\WINDOWS\services32.exe not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"DisableThumbnailCache"|dword:00000000 /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\123\My Documents\Downloads\facebook-pic000934519.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.tray-2-0\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\services32.exe deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: 123

->Temp folder emptied: 3620180008 bytes

->Temporary Internet Files folder emptied: 174936922 bytes

->FireFox cache emptied: 292749636 bytes

->Flash cache emptied: 306976 bytes

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 18781774 bytes

->Flash cache emptied: 434 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2162283 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1344558040 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 245778097 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 5 436,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 11082011_140832

 

Files\Folders moved on Reboot...

C:\WINDOWS\temp\NOD43D0.tmp moved successfully.

 

Registry entries deleted on Reboot...

[B-boy/StyLe/]

Следват последните няколко задължителни проверки:

• Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
  
• Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
  
• След това се върнете на Scanner изберете Perform QUICK Scan, след това кликнете на Scan.
  
• Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  
• Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  
• Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  
• Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.
  

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

 

 

 

 

 

1) Изтеглете: ESET Online Scanner

2) Стартирайте esetsmartinstaller_enu.exe

3) Сложете отметка на YES, I accept the Terms of Use и изберете Start

4) Скенерът ще започне да изтегля компонентите, които са му необходими.

5) Уверете се, че има отметки на следните редове, включително и тези от менюто Advanced Settings:

• Scan archives
  
• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth technology
  

И накрая изберете Start

 

 

Не слагайте отметка пред Remove found threats

 

6) Скенерът ще започне да изтегля последните дефиниции.

7) След, като сканирането завърши изберете Finish.

8) Отидете в:

C:\Program Files\ESET\ESET Online Scanner

 

Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си пост.

[vilkata100]

Ето това са файловете :

mbam-log-2011-11-08 (15-16-38).txt

log.txt

[B-boy/StyLe/]

Страхотно. Лог файловете са чисти (в лога на Есет се виждат само няколко потенциално опасни приложения на легитимни програми, изтритите от нас бацили и няколко крака на игри).

 

'Стартирайте OTL още веднъж и натиснете бутона CleanUp.

 

http://i47.tinypic.com/35hfp21.jpg

Ако бъдете подканени да рестартирате, се съгласете.

 

Изтеглете и инсталирайте Windows XP Service Pack 3 RTM Build 5512.

Рестартирайте.

 

Преинсталирайте наличната антивирусна (но само една от тях, защото се забелязват остатъци от avast! и от Eset).

 

Пишете дали има още проблеми с Windows.

[vilkata100]

ами всъщност имам само два въпроса

1.Имам проблем със Skype ,защото аз го преинсталирах,но положението е същото ,каквото беше и преди.По време на инсталацията вече ми излиза иконка в лентата и ми излезе на desktopa и тогава ми излиза някаква грешка и ми изписва,че лентите на Skype няма да бъдат инсталирани и след като инсталацията свърши и аз се опитам да си влезна в профила и бутона ,които стой под паролата стой като неактивен както и отметките ,които са най-отдолу на прозореца и не мога да си влезна в Skype

2.Инсталирах си антивирусната NOD 32 2.70.23 и всичко е наред ,само че нямам име и парола за да го update и ако знаеш как или от къде да си намеря такова име и парола ше ти бъда благодарен и има ли опасност ако не се updateva да ми влезне вирус ??

 

 

задавам доста тъпи въпроси(за което съжелявам) ,но още се уча...  мерси

[Night_Raven]

1. Това е за последната версия на Skype? Опитай да я деинсталираш, след което отвори My Computer (или някакъв прозорец на Explorer), в адресната летна постави текста %appdata%, натисни Enter, намери папката на Skype и я изтрий. След това опитай отново да инсталираш Skype.

2. Версия 2 на NOD32 е изключително стара и е абсолютно непрепоръчителна. Инсталирай си последна/актуална версия на антивирусна. Име и парола за актуализиране на NOD32 се получават след закупуването й. Против правилата на форума е да помагаме за откриването на такива. Ако не искаш да ползваш пробна версия на NOD32, ще или да си я закупиш, или да се ориентираш към някоя безплатна антивирусна. avast! Free Antivirus, Avira AntiVir Personal и Microsoft Security Essentials са добри такива.