Jump to content

Проблем с интернет страниците

Вання
 Share

Препоръчан пост

B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

  • Отворете notepad.exe и с copy/paste въведете следната информация:
    File::
C:\user.js
c:\windows\system32\drivers\SBREDrv.sys
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
Folder::
c:\program files\Ask.com
c:\documents and settings\v@lyo0o\local settings\application data\AskToolbar
c:\documents and settings\v@lyo0o\application data\CallingID
c:\program files\CallingID
c:\documents and settings\v@lyo0o\local settings\application data\adaware
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"=-
"adaware"=-
"adaware_XP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=dword:00000001
DDS::
uStart Page = hxxp://search.callingid.com/search.aspx
uDefault_Search_URL = hxxp://search.searchcompletion.com?si=10188&bs=true&q=
mStart Page = hxxp://www.searchcompletion.com?si=10188&home=true
mSearch Bar = hxxp://search.searchcompletion.com?si=10188&bs=true&q=
Firefox::
FF - ProfilePath - c:\documents and settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ALSV5&o=1665&locale=en_EU&apn_uid=b45eed8c-7453-4f92-ac9f-e7f2e32a8459&apn_ptnrs=AU&apn_sauid=8ED61AFD-BC29-4DA7-AD20-32A7421E4583&apn_dtid=YYYYYYYYBG&&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=w7th2
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=w7th2
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=w7th2&q=
FF - user.js: extensions.funmoods_i.id - ac4307e1000000000000101111111111
FF - user.js: extensions.funmoods_i.instlDay - 15375
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1619:31
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - w7th2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
RegLock::
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]


  • Запазете файла с име CFScript и го провлачете и пуснете в Combofix (както е показано на картинката отдолу).
     
    http://img517.imageshack.us/img517/8662/cfscript10uc2.gif
  • По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !
  • Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си пост.

Link to comment
Сподели другаде
  • Отговори 61
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

valyo_93 Новобранец

valyo_93

Публикувано
Публикувано

на компютъра след сканирането бяха изчезнали иконите и старт менюто и го рестартирах.

винаги ли се процедира така с комбофикс или по различни дефекти се процедира по друг начин

 

 

 

ComboFix 12-02-11.02 - V@lyo0o 02.2012 г. 18:45:22.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.2.1251.359.1033.18.1975.1241 [GMT 2:00]

Running from: C:\Documents and Settings\V@lyo0o\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\V@lyo0o\Desktop\CFScript.txt

 

FILE ::

"C:\user.js"

"c:\windows\system32\drivers\SBREDrv.sys"

"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

c:\documents and settings\v@lyo0o\application data\CallingID

c:\documents and settings\v@lyo0o\application data\CallingID\{1ee6f9a1-3337-4bbf-b0b7-f2853f81e111}.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\{7f2b06bf-3ff2-4b80-9cbd-9cacf0d3ce4c}.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\{cd4d3e1b-5b51-4b11-8c08-c8f69ed99eab}.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\{ce977811-0856-4d7c-9cc8-fc9ca2359ac1}.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\CIDLight.db3

c:\documents and settings\v@lyo0o\application data\CallingID\CIDToolbar.db3

c:\documents and settings\v@lyo0o\application data\CallingID\SearchBox-00000001.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\SearchBox-00000003.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\SearchBox-00000004.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\SearchBox-00000005.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\SearchBox-00000006.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\SearchBox-00000007.bmp

c:\documents and settings\v@lyo0o\application data\CallingID\SearchBox-00000008.bmp

c:\documents and settings\v@lyo0o\local settings\application data\adaware

c:\documents and settings\v@lyo0o\local settings\application data\adaware\catalog.list

c:\documents and settings\v@lyo0o\local settings\application data\adaware\data\120203201434-f.list

c:\documents and settings\v@lyo0o\local settings\application data\adaware\data\120203204621-l.list

c:\documents and settings\v@lyo0o\local settings\application data\adaware\data\120203204621-m.list

c:\documents and settings\v@lyo0o\local settings\application data\adaware\data\120203211650-l.list

c:\documents and settings\v@lyo0o\local settings\application data\adaware\data\120203211650-m.list

c:\documents and settings\v@lyo0o\local settings\application data\adaware\data\temp.zip

c:\documents and settings\v@lyo0o\local settings\application data\AskToolbar

c:\documents and settings\v@lyo0o\local settings\application data\AskToolbar\APNU\config.xml

c:\documents and settings\v@lyo0o\local settings\application data\AskToolbar\cache.dat

c:\documents and settings\v@lyo0o\local settings\application data\AskToolbar\config.xml

c:\program files\Ask.com

c:\program files\Ask.com\assets\oobe\b.png

c:\program files\Ask.com\assets\oobe\bl.png

c:\program files\Ask.com\assets\oobe\br.png

c:\program files\Ask.com\assets\oobe\l.png

c:\program files\Ask.com\assets\oobe\pointer.png

c:\program files\Ask.com\assets\oobe\r.png

c:\program files\Ask.com\assets\oobe\t.png

c:\program files\Ask.com\assets\oobe\tl.png

c:\program files\Ask.com\assets\oobe\tr.png

c:\program files\Ask.com\cobrand.ico

c:\program files\Ask.com\config.xml

c:\program files\Ask.com\favicon.ico

c:\program files\Ask.com\fv_bb.ico

c:\program files\Ask.com\GenericAskToolbar.dll

c:\program files\Ask.com\mupcfg.xml

c:\program files\Ask.com\precache.exe

c:\program files\Ask.com\SaUpdate.exe

c:\program files\Ask.com\Updater\config.xml

c:\program files\Ask.com\Updater\Updater.exe

c:\program files\Ask.com\UpdateTask.exe

c:\program files\CallingID

C:\user.js

c:\windows\system32\drivers\SBREDrv.sys

c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

 

 

((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))

 

 

2012-02-08 17:54:38 . 2012-02-11 14:21:56 -------- d-----w- C:\symbols

2012-02-07 13:26:48 . 2012-02-07 13:26:48 -------- d-----w- C:\TEMP

2012-02-05 21:14:22 . 2012-02-05 21:14:22 -------- d-----w- C:\CIMTEMP

.

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2011-07-08 07:27:43 . 2012-01-26 17:51:53 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 10:01:32 19522592]

"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 11:44:11 85160]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-22 21:01:32 98304]

"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2010-11-11 11:47:32 129648]

"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 15:42:18 499608]

"AdobeCS5.5ServiceManager"="C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 05:08:56 1523360]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2003-12-13 00:50:34 33792]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648]

"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2010-07-04 19:51:26 17408]

"SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56:50 15360]

 

C:\Documents and Settings\V@lyo0o\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2012-1-25 1183744]

Rainmeter.lnk - C:\Program Files\Rainmeter\Rainmeter.exe [2012-2-5 105160]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 17:54:29 511344]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"AdobeBridge"=

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Spybot-S&D Cleaning"="C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25985:TCP"= 25985:TCP:BitComet 25985 TCP

"25985:UDP"= 25985:UDP:BitComet 25985 UDP

 

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe [25.1.2012 г. 21:39:16 2320920]

R2 vmci;VMware vmci;C:\WINDOWS\system32\drivers\vmci.sys [11.11.2010 г. 13:48:50 70768]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11.11.2010 г. 12:31:44 539248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 г. 13:16:28 130384]

S2 gupdate;Услуга на Google Актуализация (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [29.1.2012 г. 19:17:18 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01.2.2012 г. 14:10:37 253600]

S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [25.1.2012 г. 21:39:56 1691480]

S3 gupdatem;Услуга на Google Актуализация (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [29.1.2012 г. 19:17:18 136176]

S3 PROCEXP151;PROCEXP151;\??\C:\WINDOWS\system32\Drivers\PROCEXP151.SYS --> C:\WINDOWS\system32\Drivers\PROCEXP151.SYS [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 г. 13:37:14 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 г. 13:16:28 753504]

 

Contents of the 'Scheduled Tasks' folder

 

2012-02-11 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-01 12:10:37 . 2012-02-08 20:49:25]

 

2012-01-25 C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-V-29C820A3C4E94-V@lyo0o.job

- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-01-25 20:15:48 . 2011-03-15 15:42:18]

 

2012-02-11 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-29 17:17:18 . 2012-01-29 17:17:15]

 

2012-02-11 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-29 17:17:18 . 2012-01-29 17:17:15]

 

2012-02-11 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1417001333-682003330-1003Core.job

- C:\Documents and Settings\V@lyo0o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-10 12:54:24 . 2012-02-10 12:54:23]

 

 

------- Supplementary Scan -------

 

IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: C:\Program Files\VMware\VMware Workstation\vsocklib.dll

TCP: Interfaces\{F4BAA7B1-7EAA-4516-A0FD-AC4050B20CA5}: NameServer = 156.154.70.1,156.154.74.1

FF - ProfilePath - C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\

 

- - - - ORPHANS REMOVED - - - -

 

AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - C:\Program Files\Ask.com\Updater\Updater.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-11 18:47:10

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

на компютъра след сканирането бяха изчезнали иконите и старт менюто и го рестартирах.

винаги ли се процедира така с комбофикс или по различни дефекти се процедира по друг начин

 

 

В повечето случаи рестарта оправя нещата (явно е килнал explorer.exe и после е забравил да го стартира отново).

Разбира се има и ситуации при които се изискват специални мерки. Като цяло избягвайте да го стартирате самостоятелно, защото е много мощен инструмент и лесно може да съсипе Windows.

 

Почистихме доста боклуци. Как е сега положението ? Има ли някаква промяна ?

Пробвайте да сканирате с OTL отново, защото Combofix и DDS не проверяват добавките в Google Chrome за момента...

 

БТВ: Лог файла от Combofix е непълен. отворете C:\Combofix.txt или C:\Qoobox\Combofix.txt и копирайте пълното съдържание на лог файла.

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
Публикувано
сега не ми забива Google Chrome благодаря ти и ако повторя същите стъпки в бъдеще ако имам същия проблем ще се оправи ли както сега.Тези програми сканират ли за MBR вируси защото по същата причина плеинсталирах уиндоуса но нямаше промяна а до колкото знам благодарение на форума това значи че може да имам такъв вирус.сканирах с OTL но мисля да прекача файловете че иначе ще стане доста дълъг отговор

Extras.Txt

OTL.Txt

ComboFix2.txt

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

сега не ми забива Google Chrome благодаря ти и ако повторя същите стъпки в бъдеще ако имам същия проблем ще се оправи ли както сега.Тези програми сканират ли за MBR вируси защото по същата причина плеинсталирах уиндоуса но нямаше промяна а до колкото знам благодарение на форума това значи че може да имам такъв вирус.сканирах с OTL но мисля да прекача файловете че иначе ще стане доста дълъг отговор

 

 

Не, не повтаряйте процедурите занапред. Всички скриптове се изготвят според конкретните нужди за индивидуалната система. При проблеми, по-добре постнете свежи логове за анализ и не се самолекувайте.

 

DDS и Combofix имат леки способности да проверяват за MBR инфекции, но няма нищо притеснително в логовете до момента показващо наличието на подобни зарази. Все пак можем да проверим и за такива за да сте спокойни.

 

 

 

СТЪПКА 1

 

 

 

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки пред OTL командата.

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.searchcompletion.com?si=10188&home=true
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10188&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.searchcompletion.com?si=10188&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com?si=10188&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.searchcompletion.com?si=10188&home=true
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.searchcompletion.com?si=10188&home=true
IE - HKU\.DEFAULT\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.callingid.com/search.aspx
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.callingid.com/search.aspx
IE - HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.searchcompletion.com?si=10188&home=true
IE - HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=10188&bs=true&q=
IE - HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.searchcompletion.com?si=10188&bs=true&q=
IE - HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com?si=10188&bs=true&q=
IE - HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.searchcompletion.com?si=10188&home=true
IE - HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.searchcompletion.com?si=10188&home=true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
[2012.02.07 22:41:23 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012.02.05 19:31:33 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\ffxtlbr@funmoods.com
[2012.02.03 18:24:16 | 000,000,000 | ---D | M] ("Auslogics Toolbar") -- C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com
[2012.02.11 14:12:38 | 000,002,400 | ---- | M] () -- C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\searchplugins\askcom.xml
[2012.02.10 19:10:32 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\searchplugins\CallingID.xml
[2012.02.05 19:31:31 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\searchplugins\funmoods.xml
[2012.02.07 22:41:18 | 000,003,230 | ---- | M] () -- C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\searchplugins\Web Search.xml
[2012.02.05 19:32:38 | 000,000,000 | ---D | M] (QuestBasic) -- C:\Program Files\Mozilla Firefox\extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}
[2012.02.03 19:42:55 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.10.17 20:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012.02.10 19:10:32 | 000,001,754 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\CallingID.xml
[2012.02.07 22:41:18 | 000,003,230 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\V@lyo0o\Application Data\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
[2012.02.07 22:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly
[2012.02.04 15:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\V@lyo0o\Application Data\Lavasoft
[2012.02.03 18:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012.02.05 23:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CallingID
[2012.02.07 22:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\V@lyo0o\Application Data\Complitly
:files
dir /s /a "C:\Documents and Settings\All Users\Application Data\fd2a784c21f76347b7d91d0f9c297532_c" /c
dir /s /a "C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}" /c
dir /s /a "C:\Documents and Settings\All Users\Application Data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}" /c
:commands
[emptytemp]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

 

 

 

СТЪПКА 2

 

 

  • Моля изтеглете MBRScan и го запазете на десктопа.
  • Стартирайте файла MBRScan.exe и натиснете Report.
  • По време на сканирането не използвайте компютъра си.
  • Ще се появи текстов файл с името MBRScan.log.
  • Запазете този лог файл (File => Save as) на десктопа и го публикувайте в следващия си коментар.

 

 

СТЪПКА 3

 

 

 

Отворете notepad и с copy/paste въведете:

 

@echo off
REGEDIT /E export.txt "HKEY_LOCAL_MACHINE\system\currentcontrolset\services\hjxgluqd"
start export.txt
del %0

 

Запазете файла с името query.bat и го стартирайте.

Публикувайте резултатите от лог файла в следващия си пост (ако се появи лог файл въобще).

Ако не се появи, значи услугата я няма, което даже е по-добрия вариант. :)

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
Публикувано

за напред няма да използвам същия метод.

3 стъпка не разбрах какво точно искаш,дотъдрих го до MBRScan.exe но нестана нищо а като натиснах Report. ми излезе същия лог фаил.така не сканира изобщо ако му дам Scan няма ли да сканира по обстоино

 

това е за ОТL

 

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Bar| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6c97a91e-4524-4019-86af-2aa2d567bf5c} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}\ not found.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!

HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-1935655697-1417001333-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: true removed from browser.search.useDBForOrder

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults\preferences folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\ffxtlbr@funmoods.com folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\logs folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\defaults folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\datastore folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-31-Jan-2012-15-10-48-GMT folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-10-Feb-2012-12-10-27-GMT folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com\chrome folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\extensions\toolbar@ask.com folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\searchplugins\askcom.xml moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\searchplugins\CallingID.xml moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\searchplugins\funmoods.xml moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Mozilla\Firefox\Profiles\xsw67yzv.default\searchplugins\Web Search.xml moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}\defaults\preferences folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}\defaults folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{1CE72EFA-E2D1-48FA-A5EC-D7111C2C5BB6} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\CallingID.xml moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Complitly\Complitly.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.

C:\Program Files\Complitly\support@Complitly.com\defaults\preferences folder moved successfully.

C:\Program Files\Complitly\support@Complitly.com\defaults folder moved successfully.

C:\Program Files\Complitly\support@Complitly.com\chrome\content folder moved successfully.

C:\Program Files\Complitly\support@Complitly.com\chrome folder moved successfully.

C:\Program Files\Complitly\support@Complitly.com folder moved successfully.

C:\Program Files\Complitly\chrome folder moved successfully.

C:\Program Files\Complitly folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Lavasoft\Ad-Aware\Logs folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Lavasoft\Ad-Aware folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Lavasoft folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Lavasoft\License folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Lavasoft folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\CallingID folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Complitly\64 folder moved successfully.

C:\Documents and Settings\V@lyo0o\Application Data\Complitly folder moved successfully.

========== FILES ==========

< dir /s /a "C:\Documents and Settings\All Users\Application Data\fd2a784c21f76347b7d91d0f9c297532_c" /c >

Volume in drive C has no label.

Volume Serial Number is AC43-07E1

Directory of C:\Documents and Settings\All Users\Application Data

05.02.2012 г. 19:30 0 fd2a784c21f76347b7d91d0f9c297532_c

1 File(s) 0 bytes

Total Files Listed:

1 File(s) 0 bytes

0 Dir(s) 44 867 436 544 bytes free

C:\Documents and Settings\V@lyo0o\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\V@lyo0o\Desktop\cmd.txt deleted successfully.

< dir /s /a "C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}" /c >

Volume in drive C has no label.

Volume Serial Number is AC43-07E1

Directory of C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}

05.02.2012 г. 23:22 <DIR> .

05.02.2012 г. 23:22 <DIR> ..

05.02.2012 г. 23:23 26 849 792 {D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi

1 File(s) 26 849 792 bytes

Total Files Listed:

1 File(s) 26 849 792 bytes

2 Dir(s) 44 867 436 544 bytes free

C:\Documents and Settings\V@lyo0o\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\V@lyo0o\Desktop\cmd.txt deleted successfully.

< dir /s /a "C:\Documents and Settings\All Users\Application Data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}" /c >

Volume in drive C has no label.

Volume Serial Number is AC43-07E1

Directory of C:\Documents and Settings\All Users\Application Data\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}

29.01.2012 г. 21:31 <DIR> .

29.01.2012 г. 21:31 <DIR> ..

29.01.2012 г. 21:31 97 instance.dat

07.10.2010 г. 21:10 577 597 mia.lib

29.01.2012 г. 21:31 284 ObjectDock_free.dat

07.10.2010 г. 21:11 3 024 216 ObjectDock_free.exe

29.01.2012 г. 21:31 0 ObjectDock_free.lnk

07.10.2010 г. 21:10 331 776 ObjectDock_free.msi

29.01.2012 г. 21:31 658 ObjectDock_free.par

07.10.2010 г. 21:11 3 246 079 ObjectDock_free.res

8 File(s) 7 180 707 bytes

Total Files Listed:

8 File(s) 7 180 707 bytes

2 Dir(s) 44 867 432 448 bytes free

C:\Documents and Settings\V@lyo0o\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\V@lyo0o\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 78991 bytes

->Flash cache emptied: 56466 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56466 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: V@lyo0o

->Temp folder emptied: 7100650 bytes

->Temporary Internet Files folder emptied: 2147355 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 77857394 bytes

->Google Chrome cache emptied: 360291145 bytes

->Flash cache emptied: 11491 bytes

 

User: хахаха

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2142714 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 37974 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 429,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 02122012_115829

 

Files\Folders moved on Reboot...

C:\WINDOWS\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3196.log moved successfully.

 

Registry entries deleted on Reboot...

 

 

а това за MBRScan

 

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 37 Stepping 5, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/02/12 (ISO 8601) at 12:03:50
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST3500418AS
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 465.8 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 07EFB0AB178FA670EB3FB6CD453E9F11
MBR_SHA1  : 61BAAB2787C14425891B56946A8F829D8DDDFD9C

Device\Harddisk0\Partition1 55.60 Go   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 205.1 Go   0x07 NTFS / HPFS
Device\Harddisk0\Partition3 102.5 Go   0x07 NTFS / HPFS
Device\Harddisk0\Partition4 102.5 Go   0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xADFE8000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF79B3000
SIZE    : 8.0 Ko

SystemStartOptions : FASTDETECT  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   Ь<.tü»..´.Í.Ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uò.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.Ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tè.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.Ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.ö±.òîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.Ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ËöaùãInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 55 0B 55 0B 00 00 80 01   .....,DcU.U.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 9B 2B F3 06 00 FE   ...þ..?....+ó..þ
0x000001D0   FF FF 0F FE FF FF C1 2F F3 06 3F D8 44 33 00 00   ...þ..Á/ó.?ØD3..
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

за напред няма да използвам същия метод.

3 стъпка не разбрах какво точно искаш,дотъдрих го до MBRScan.exe но нестана нищо а като натиснах Report. ми излезе същия лог фаил.така не сканира изобщо ако му дам Scan няма ли да сканира по обстоино

 

 

3-стъпка е достатъчно ясна. Просто изтеглете прикачения файл и го разархивирайте.

Стартирайте файла query.bat и ако се създаде лог файл с името export.txt, прекопирайте съдържанието му в следващия си пост.

query.zip

 

 

Report си сканира и създава копие и MBR-то и на лог файла. Ако натиснете Scan няма да се появи лог файл и само вие ще си виждате резултатите.

Лог файла е чист, но искам да видя и копие на MBR файла.

Архивирайте файла Dump_Hdd0_DR0.mbr създаден в папката, от която сте стартирали програмата и го прикачете в следващия си коментар.

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

като стартирам query.bat ми излиза грешка прикачвам снимка.

прикачвам и файла Dump_Hdd0_DR0.mbr но може ли да ми кажеш с какво да го отвора

 

Няма нужда от снимка. Това означава, че няма такава услуга в системата (просто исках да проверя нещо за всеки случай).

Mbr-то може да се отвори и през MBRScan. Просто го влачите и пускате в инструмента.

За по-лесен анализ може да се използва и VirusTotal. Няма следи от MBR зараза...

 

Сега да проверим и за рууткити преди да приключим.

 

http://www.techsupportforum.com/images/smilies/i_arrow-r.gif Изтеглете Gmer

  • Временно спрете Интернета си,всички работещи програми,както и антивирусната си програма.
  • Стартирате програмата.
  • След завършването на автоматичната проверка,махнете отметките от следните позиции:
    http://img.bleepingcomputer.com/gmer/uncheck-gmer.jpg
    - IAT/EAT
    - Show all
    - махнете отметките от всички локални дискове. Маркирайте само системния дял (обикновенно това е C:\ )
  • Натиснете бутона Scan
  • Изчакайте програмата да завърши сканирането,след което натиснете бутона Save и запишете (save as) резултатите на десктопа с име Gmer.log.
  • Включете Интернета си и прикачете Gmer.log в следващия си коментар.
     
    Забележка:
  • Не предприемайте никакви действия върху редовете маркирани с "<--- ROOТKIT" ,защото това може да доведе до проблеми с Windows.

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
Публикувано

никъде не пише <--- ROOТKIT това значи ли че няма

 

 

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-02-12 15:07:30

Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3500418AS rev.CC38

Running: gmer.exe; Driver: C:\DOCUME~1\V@lyo0o\LOCALS~1\Temp\fglyakog.sys

 

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6AE2000, 0x253D97, 0xE8000020]

pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xAAD1EF00, 0x24000, 0x48000000]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\WINDOWS\Explorer.EXE[712] SHELL32.dll!SHFileOperationW 7CA707BB 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

 

---- Devices - GMER 1.0.15 ----

 

Device \Driver\usbhub \Device\0000009b hcmon.sys (VMware USB monitor/VMware, Inc.)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

 

---- EOF - GMER 1.0.15 ----

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

И искам да направим една последна проверка:

 

Моля изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп.

  • Стартирайте TDSSKiller.exe за да стартирате приложението. След това кликнете върху бутона Change parameters.
     
    http://img189.imageshack.us/img189/5251/image000q.png
  • Сложете отметки пред Verify Driver Digital Signature и Detect TDLFS file system и натиснете ОК.
     
    http://img545.imageshack.us/img545/6482/image001h.png
  • Натиснете бутона Start Scan.
     
    http://img202.imageshack.us/img202/1699/19695967.jpg
  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.
     
    http://img716.imageshack.us/img716/7638/67776163.jpg
  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.
     
    http://img717.imageshack.us/img717/718/62117367.jpg
     
    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.
  • Лог файл ще бъде създаден в свободната директория на дял C:\ . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

Link to comment
Сподели другаде
valyo_93 Новобранец

valyo_93

Публикувано
Публикувано

нямаше го бутона Cure,а като се даде на Skip вирусите остават ли или се ликуват

кога се натиска Delete

какви вируси съм имал досега и ако бях плеинсталирал уиндоуса щяха ли да се изтрият вирусите

 

 

 

17:39:31.0968 0824 ElbyCDIO - ok

17:39:32.0000 0824 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

17:39:32.0078 0824 Fastfat - ok

17:39:32.0078 0824 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

17:39:32.0140 0824 Fdc - ok

17:39:32.0140 0824 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

17:39:32.0203 0824 Fips - ok

17:39:32.0203 0824 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:39:32.0265 0824 Flpydisk - ok

17:39:32.0296 0824 FltMgr (6cc5181f718820861eeadae38f764b75) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

17:39:32.0312 0824 FltMgr - ok

17:39:32.0328 0824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:39:32.0390 0824 Fs_Rec - ok

17:39:32.0390 0824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:39:32.0453 0824 Ftdisk - ok

17:39:32.0453 0824 gdrv - ok

17:39:32.0484 0824 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:39:32.0531 0824 Gpc - ok

17:39:32.0562 0824 hcmon (9f40fc2a562dc9f4d9e10943586d9ed1) C:\WINDOWS\system32\drivers\hcmon.sys

17:39:32.0562 0824 hcmon - ok

17:39:32.0593 0824 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:39:32.0656 0824 HDAudBus - ok

17:39:32.0671 0824 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys

17:39:32.0687 0824 HECI - ok

17:39:32.0687 0824 hpn - ok

17:39:32.0703 0824 HTTP (909d110c9634b0f1487eaaea837317d9) C:\WINDOWS\system32\Drivers\HTTP.sys

17:39:32.0734 0824 HTTP - ok

17:39:32.0750 0824 i2omgmt - ok

17:39:32.0750 0824 i2omp - ok

17:39:32.0765 0824 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:39:32.0828 0824 i8042prt - ok

17:39:32.0843 0824 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:39:32.0875 0824 Imapi - ok

17:39:32.0875 0824 ini910u - ok

17:39:32.0953 0824 IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:39:33.0078 0824 IntcAzAudAddService - ok

17:39:33.0078 0824 IntelIde - ok

17:39:33.0109 0824 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys

17:39:33.0140 0824 intelppm - ok

17:39:33.0156 0824 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

17:39:33.0218 0824 Ip6Fw - ok

17:39:33.0234 0824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:39:33.0296 0824 IpFilterDriver - ok

17:39:33.0296 0824 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:39:33.0359 0824 IpInIp - ok

17:39:33.0375 0824 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:39:33.0406 0824 IpNat - ok

17:39:33.0437 0824 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:39:33.0484 0824 IPSec - ok

17:39:33.0515 0824 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:39:33.0531 0824 IRENUM - ok

17:39:33.0562 0824 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:39:33.0625 0824 isapnp - ok

17:39:33.0640 0824 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:39:33.0718 0824 Kbdclass - ok

17:39:33.0734 0824 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys

17:39:33.0765 0824 kmixer - ok

17:39:33.0781 0824 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys

17:39:33.0828 0824 KSecDD - ok

17:39:33.0843 0824 lbrtfdc - ok

17:39:33.0859 0824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:39:33.0906 0824 mnmdd - ok

17:39:33.0953 0824 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

17:39:34.0000 0824 Modem - ok

17:39:34.0046 0824 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

17:39:34.0078 0824 Monfilt - ok

17:39:34.0109 0824 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:39:34.0156 0824 Mouclass - ok

17:39:34.0171 0824 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

17:39:34.0234 0824 MountMgr - ok

17:39:34.0234 0824 mraid35x - ok

17:39:34.0250 0824 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:39:34.0312 0824 MRxDAV - ok

17:39:34.0328 0824 MRxSmb (83691c30b248034bdddb76b0d6593449) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:39:34.0375 0824 MRxSmb - ok

17:39:34.0375 0824 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

17:39:34.0437 0824 Msfs - ok

17:39:34.0484 0824 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:39:34.0546 0824 MSKSSRV - ok

17:39:34.0562 0824 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:39:34.0609 0824 MSPCLOCK - ok

17:39:34.0625 0824 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

17:39:34.0687 0824 MSPQM - ok

17:39:34.0703 0824 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:39:34.0750 0824 mssmbios - ok

17:39:34.0765 0824 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

17:39:34.0828 0824 MSTEE - ok

17:39:34.0843 0824 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys

17:39:34.0875 0824 Mup - ok

17:39:34.0906 0824 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

17:39:34.0968 0824 NABTSFEC - ok

17:39:34.0968 0824 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

17:39:35.0031 0824 NDIS - ok

17:39:35.0031 0824 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

17:39:35.0093 0824 NdisIP - ok

17:39:35.0125 0824 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:39:35.0171 0824 NdisTapi - ok

17:39:35.0187 0824 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:39:35.0234 0824 Ndisuio - ok

17:39:35.0234 0824 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:39:35.0296 0824 NdisWan - ok

17:39:35.0312 0824 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

17:39:35.0375 0824 NDProxy - ok

17:39:35.0375 0824 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:39:35.0437 0824 NetBIOS - ok

17:39:35.0468 0824 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:39:35.0531 0824 NetBT - ok

17:39:35.0546 0824 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

17:39:35.0609 0824 Npfs - ok

17:39:35.0625 0824 Ntfs (7179ac3f4258aec9627590a842fda1d6) C:\WINDOWS\system32\drivers\Ntfs.sys

17:39:35.0656 0824 Ntfs - ok

17:39:35.0703 0824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:39:35.0750 0824 Null - ok

17:39:35.0765 0824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:39:35.0812 0824 NwlnkFlt - ok

17:39:35.0828 0824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:39:35.0875 0824 NwlnkFwd - ok

17:39:35.0906 0824 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys

17:39:35.0953 0824 Parport - ok

17:39:35.0968 0824 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

17:39:36.0015 0824 PartMgr - ok

17:39:36.0046 0824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

17:39:36.0109 0824 ParVdm - ok

17:39:36.0125 0824 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

17:39:36.0187 0824 PCI - ok

17:39:36.0187 0824 PCIDump - ok

17:39:36.0187 0824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:39:36.0250 0824 PCIIde - ok

17:39:36.0265 0824 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:39:36.0328 0824 Pcmcia - ok

17:39:36.0328 0824 PDCOMP - ok

17:39:36.0343 0824 PDFRAME - ok

17:39:36.0343 0824 PDRELI - ok

17:39:36.0343 0824 PDRFRAME - ok

17:39:36.0359 0824 perc2 - ok

17:39:36.0359 0824 perc2hib - ok

17:39:36.0375 0824 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:39:36.0421 0824 PptpMiniport - ok

17:39:36.0453 0824 PROCEXP151 - ok

17:39:36.0453 0824 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

17:39:36.0515 0824 PSched - ok

17:39:36.0515 0824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:39:36.0562 0824 Ptilink - ok

17:39:36.0578 0824 PxHelp20 (b572ed0c3e6165643fa116af20425a54) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

17:39:36.0578 0824 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

17:39:36.0578 0824 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

17:39:36.0593 0824 ql1080 - ok

17:39:36.0593 0824 Ql10wnt - ok

17:39:36.0609 0824 ql12160 - ok

17:39:36.0609 0824 ql1240 - ok

17:39:36.0609 0824 ql1280 - ok

17:39:36.0625 0824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:39:36.0687 0824 RasAcd - ok

17:39:36.0718 0824 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:39:36.0781 0824 Rasl2tp - ok

17:39:36.0781 0824 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:39:36.0843 0824 RasPppoe - ok

17:39:36.0843 0824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:39:36.0906 0824 Raspti - ok

17:39:36.0906 0824 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:39:36.0937 0824 Rdbss - ok

17:39:36.0953 0824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:39:37.0000 0824 RDPCDD - ok

17:39:37.0031 0824 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

17:39:37.0093 0824 rdpdr - ok

17:39:37.0125 0824 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys

17:39:37.0156 0824 RDPWD - ok

17:39:37.0171 0824 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:39:37.0218 0824 redbook - ok

17:39:37.0250 0824 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

17:39:37.0312 0824 ROOTMODEM - ok

17:39:37.0328 0824 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys

17:39:37.0343 0824 rspndr - ok

17:39:37.0375 0824 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

17:39:37.0375 0824 RTLE8023xp - ok

17:39:37.0390 0824 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:39:37.0406 0824 Secdrv ( UnsignedFile.Multi.Generic ) - warning

17:39:37.0406 0824 Secdrv - detected UnsignedFile.Multi.Generic (1)

17:39:37.0421 0824 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:39:37.0484 0824 Serenum - ok

17:39:37.0500 0824 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

17:39:37.0562 0824 Serial - ok

17:39:37.0578 0824 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:39:37.0640 0824 Sfloppy - ok

17:39:37.0640 0824 Simbad - ok

17:39:37.0671 0824 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

17:39:37.0718 0824 SLIP - ok

17:39:37.0734 0824 Sparrow - ok

17:39:37.0750 0824 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys

17:39:37.0781 0824 splitter - ok

17:39:37.0812 0824 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

17:39:37.0843 0824 sr - ok

17:39:37.0875 0824 Srv (5230953c21c811b5fc1ff31ae2b48097) C:\WINDOWS\system32\DRIVERS\srv.sys

17:39:37.0906 0824 Srv - ok

17:39:37.0921 0824 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

17:39:37.0968 0824 streamip - ok

17:39:37.0984 0824 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:39:38.0046 0824 swenum - ok

17:39:38.0062 0824 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

17:39:38.0109 0824 swmidi - ok

17:39:38.0125 0824 symc810 - ok

17:39:38.0140 0824 symc8xx - ok

17:39:38.0140 0824 sym_hi - ok

17:39:38.0140 0824 sym_u3 - ok

17:39:38.0171 0824 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

17:39:38.0328 0824 sysaudio - ok

17:39:38.0343 0824 Tcpip (e6b15bcc470953e600ef7aded3cab142) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:39:38.0375 0824 Tcpip - ok

17:39:38.0406 0824 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:39:38.0453 0824 TDPIPE - ok

17:39:38.0468 0824 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

17:39:38.0515 0824 TDTCP - ok

17:39:38.0546 0824 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:39:38.0593 0824 TermDD - ok

17:39:38.0609 0824 TosIde - ok

17:39:38.0625 0824 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

17:39:38.0703 0824 Udfs - ok

17:39:38.0734 0824 ultra - ok

17:39:38.0750 0824 Update (7b2170ee3d858ce8fbe503904cc9b663) C:\WINDOWS\system32\DRIVERS\update.sys

17:39:38.0765 0824 Update - ok

17:39:38.0796 0824 usbehci (35e69410d5a2f1de386b37f4fc17aeb7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:39:38.0812 0824 usbehci - ok

17:39:38.0812 0824 usbhub (db53e336c44cb0975d7dcb35bac0ecda) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:39:38.0828 0824 usbhub - ok

17:39:38.0859 0824 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:39:38.0921 0824 USBSTOR - ok

17:39:38.0937 0824 usbuhci (b3671fbc569afe9390175561f1ab335c) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

17:39:38.0937 0824 usbuhci - ok

17:39:38.0968 0824 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys

17:39:38.0968 0824 VClone ( UnsignedFile.Multi.Generic ) - warning

17:39:38.0968 0824 VClone - detected UnsignedFile.Multi.Generic (1)

17:39:38.0984 0824 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys

17:39:38.0984 0824 VComm ( UnsignedFile.Multi.Generic ) - warning

17:39:38.0984 0824 VComm - detected UnsignedFile.Multi.Generic (1)

17:39:39.0000 0824 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys

17:39:39.0000 0824 VcommMgr ( UnsignedFile.Multi.Generic ) - warning

17:39:39.0000 0824 VcommMgr - detected UnsignedFile.Multi.Generic (1)

17:39:39.0015 0824 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

17:39:39.0078 0824 VgaSave - ok

17:39:39.0078 0824 ViaIde - ok

17:39:39.0109 0824 vmci (c9561dcbeda5b700752e3f7049b2d6f2) C:\WINDOWS\system32\Drivers\vmci.sys

17:39:39.0109 0824 vmci - ok

17:39:39.0156 0824 vmkbd (dcd2f4a14795e8a8114a7cae2a9b9465) C:\WINDOWS\system32\drivers\VMkbd.sys

17:39:39.0156 0824 vmkbd - ok

17:39:39.0171 0824 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys

17:39:39.0171 0824 VMnetAdapter - ok

17:39:39.0203 0824 VMnetBridge (af55d6a291f99146c9b6419028fed844) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys

17:39:39.0203 0824 VMnetBridge - ok

17:39:39.0218 0824 VMnetuserif (ecbe41a85c852bcd2fd12281e8f9d833) C:\WINDOWS\system32\drivers\vmnetuserif.sys

17:39:39.0218 0824 VMnetuserif - ok

17:39:39.0250 0824 vmx86 (626d103ef74b9c2e9f7b5d3be9007fba) C:\WINDOWS\system32\Drivers\vmx86.sys

17:39:39.0281 0824 vmx86 - ok

17:39:39.0312 0824 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

17:39:39.0375 0824 VolSnap - ok

17:39:39.0437 0824 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys

17:39:39.0437 0824 vstor2-ws60 - ok

17:39:39.0468 0824 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:39:39.0531 0824 Wanarp - ok

17:39:39.0546 0824 WDICA - ok

17:39:39.0578 0824 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys

17:39:39.0593 0824 wdmaud - ok

17:39:39.0625 0824 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

17:39:39.0687 0824 WS2IFSL - ok

17:39:39.0718 0824 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

17:39:39.0765 0824 WSTCODEC - ok

17:39:39.0796 0824 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

17:39:39.0828 0824 WudfPf - ok

17:39:39.0843 0824 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

17:39:39.0859 0824 WudfRd - ok

17:39:39.0875 0824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

17:39:40.0093 0824 \Device\Harddisk0\DR0 - ok

17:39:40.0093 0824 Boot (0x1200) (912052bded355dcc86050cba52ce5048) \Device\Harddisk0\DR0\Partition0

17:39:40.0093 0824 \Device\Harddisk0\DR0\Partition0 - ok

17:39:40.0093 0824 Boot (0x1200) (1a218e757bbf4f02827cb54bd7ec20bd) \Device\Harddisk0\DR0\Partition1

17:39:40.0093 0824 \Device\Harddisk0\DR0\Partition1 - ok

17:39:40.0125 0824 Boot (0x1200) (fdc14d45c941c257fce2368ee6b60ad4) \Device\Harddisk0\DR0\Partition2

17:39:40.0125 0824 \Device\Harddisk0\DR0\Partition2 - ok

17:39:40.0140 0824 Boot (0x1200) (83b4abe9a1fe16ad5d134df1e88e895d) \Device\Harddisk0\DR0\Partition3

17:39:40.0140 0824 \Device\Harddisk0\DR0\Partition3 - ok

17:39:40.0140 0824 ============================================================

17:39:40.0140 0824 Scan finished

17:39:40.0140 0824 ============================================================

17:39:40.0265 1676 Detected object count: 10

17:39:40.0265 1676 Actual detected object count: 10

17:41:04.0562 1676 BlueletAudio ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 BlueletAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 BT ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 BT ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 Btcsrusb ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 Btcsrusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 BTHidEnum ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 BTHidEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 BTHidMgr ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 BTHidMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 VClone ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 VComm ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 VComm ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:41:04.0562 1676 VcommMgr ( UnsignedFile.Multi.Generic ) - skipped by user

17:41:04.0562 1676 VcommMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip

17:42:07.0875 3600 Deinitialize success

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

нямаше го бутона Cure,а като се даде на Skip вирусите остават ли или се ликуват

кога се натиска Delete

какви вируси съм имал досега и ако бях плеинсталирал уиндоуса щяха ли да се изтрият вирусите

 

Няма бутон Cure, защото няма нищо за лекуване. Ако се избере SKIP TDSSKiller не предриема действия. Това е препоръчителното действие, за да може като ми предоставиш лог файла да видя дали има нужда от повторна проверка за да натиснеш бутона Delete за някои от тях. Е такова нужда няма - лог файла е чист и като цялото системата е чиста.

 

Точно вируси не мисля, че си имал - просто няколко некачествени добавки за браузърите и други боклуци и остатъци.

 

Деинсталирай Combofix:

 

Отвори Start => Run => напиши Combofix /Uninstall => натисни Enter (има празно място между Combofix и /Uninstall).

 

Деинсталирай OTL:

 

Стартирай OTL още веднъж и натисни бутона CleanUp.

http://i47.tinypic.com/35hfp21.jpg

Ако бъдеш подканен да рестартираш, съгласи се.

 

Това би трябвало да изтрие повечето от използваните инструменти, асоциираните с тях файлове и папки.

Ако остане някой инструмент, който не се е изтрил го изтрий ръчно.

Остави си само Malwarebytes' Anti-Malware за профилактични проверки.

 

Изтегли и инсталирай => Windows XP Service Pack 3 RTM Build 5512

 

Това беше от мен...Сега проблеми има ли с Google Chrome ?

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

не всичко е наред почвам да трия и ще инсталирам пак аваст но незнам дали да инсталирам и SUPERAntiSpyware.

Благодаря ти за помощта.

 

SUPERAntispyware, не е лоша, но добавя някои излишни процеси в паметта. Аз бих я инсталирал само при нужда. За ежедневно използване, няма смисъл... MBAM там ще я замести пълноценно.

От avast! можеш да пробваш и новата бета версия avast! 7.0.1396 Beta (но имай предвидм, че това е бета и нестабилна версия - ползвай я на своя отговорност). :)

Поздрави и лек ден ! ;)

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
 Share
Иди на предишната тема
×
×
  • Създай ново...