Windows забива след пускане на антивирусна програма

Константин Анжело · Март 2, 2012

Здравеи те за първи път пускам тема даме извините ако съм допуснал грешки.....

Проблема е Следния от извесно време немога да сканирам Windows за вироси .

Пусна ли антивиросна програма как вато и да е сканира 2 Мин и лаптопа забива !!!

Ако може някои да помогне ще съм ви БЛАГОДАРЕН

steka · Март 2, 2012

за каква ОС става въпрос ?

Константин Анжело · Март 2, 2012

Windows 7 ултимате

abracadabra · Март 2, 2012

А каква е антивирусната? ("Уиндоус" се пише, и "Ултимейт", и "вируси" :love1:

, да не си от Скопие? ) . Напълно е възможно да товари компютъра. И при мен като сканирам ми се получава нещо такова...

Константин Анжело · Март 2, 2012

По-горе написах даме извините имам проблем с клавиатурата ...

avast Пробвах с най малко още 5 други програми сканират минават 2 .3 Мин и забива целия лаптоп Картина имам но нищо не работи натиснали бутона за изключване и изгася на момента

B-boy/StyLe/ · Март 2, 2012

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

http://i46.tinypic.com/2exprgh.jpg

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

http://i46.tinypic.com/29eqjuq.jpg

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

4. Ако получите предупреждение от UAC, съгласете се.

5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

http://i49.tinypic.com/157m978.jpg

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.

По време на сканирането не използвайте компютъра си !

Константин Анжело · Март 2, 2012

ComboFix 12-03-02.01 - Admin 02.03.2012 20:57:15.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2039.1303 [GMT 1:00]

Running from: c:\users\Konstantin\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\2

c:\program files\2\0\1.cmd

c:\users\Admin\AppData\Local\proginstall27.exe

c:\windows\system32\oobe\audit.exe

c:\windows\system32\oobe\msoobe.exe

c:\windows\system32\oobe\oobeldr.exe

c:\windows\system32\oobe\Setup.exe

c:\windows\system32\oobe\setupsqm.exe

c:\windows\system32\oobe\windeploy.exe

.

((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))

.

2012-02-27 22:02 . 2012-02-27 22:02 -------- d-----w- c:\program files\NightRipper Software

2012-02-26 16:05 . 2010-11-30 16:07 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys

2012-02-26 16:05 . 2012-02-26 16:05 -------- d-----w- c:\program files\TeamViewer

2012-02-25 18:37 . 2012-02-25 18:37 -------- d-----w- c:\users\Admin\AppData\Roaming\uTorrent

2012-02-25 18:37 . 2012-02-25 18:37 -------- d-----w- c:\program files\uTorrent

2012-02-25 15:31 . 2012-02-23 16:10 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-02-25 14:46 . 2012-02-25 14:47 -------- d-----w- c:\users\Admin\AppData\Roaming\BSplayer PRO

2012-02-23 22:17 . 2012-02-25 14:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-02-23 21:12 . 2012-02-25 18:29 -------- d-----w- C:\Downloads

2012-02-23 21:12 . 2012-02-25 21:02 -------- d-----w- c:\users\Konstantin\AppData\Roaming\BitComet

2012-02-23 21:12 . 2012-02-23 21:12 -------- d-----w- c:\program files\BitComet

2012-02-23 02:49 . 2012-02-23 02:49 -------- d-----w- c:\users\Admin\AppData\Roaming\vlc

2012-02-23 02:45 . 2012-02-23 02:45 -------- d-----w- c:\users\Admin\AppData\Local\Graboid Inc

2012-02-23 02:45 . 2012-02-23 02:47 -------- d-----w- c:\users\Admin\AppData\Local\Graboid

2012-02-23 02:45 . 2012-02-23 02:45 -------- d-----w- c:\programdata\Graboid Inc

2012-02-23 02:45 . 2012-02-23 02:45 -------- d-----w- c:\users\Admin\AppData\Local\Geckofx

2012-02-15 20:09 . 2012-02-15 20:09 -------- d-----w- c:\program files\Conduit

2012-02-15 20:09 . 2012-02-25 14:54 -------- d-----w- c:\users\Admin\AppData\Local\Conduit

2012-02-15 12:38 . 2012-02-15 12:38 -------- d-----w- c:\users\Admin\AppData\Roaming\GRETECH

2012-02-15 05:14 . 2012-02-15 05:14 -------- d-----w- C:\Plugins

2012-02-13 14:32 . 2011-08-22 06:12 143360 ----a-w- c:\program files\Mozilla Firefox\BabyFox.dll

2012-02-13 14:32 . 2012-02-13 14:32 -------- d-----w- c:\users\Admin\AppData\Roaming\Acapela Group

2012-02-13 14:30 . 2012-02-13 14:34 -------- d-----w- c:\users\Admin\AppData\Roaming\Babylon

2012-02-10 18:48 . 2012-02-10 20:16 -------- d-----w- c:\program files\ProxyWay

2012-02-08 02:35 . 2012-02-08 02:35 -------- d-----w- c:\windows\system32\SPReview

2012-02-08 02:29 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{658C4718-C13B-4990-A4C5-4095DFD7BEB9}\mpengine.dll

2012-02-08 02:27 . 2011-11-05 04:30 2048 ----a-w- c:\windows\system32\tzres.dll

2012-02-08 02:27 . 2011-11-24 04:23 2340352 ----a-w- c:\windows\system32\win32k.sys

2012-02-08 02:27 . 2011-11-19 14:06 67072 ----a-w- c:\windows\system32\packager.dll

2012-02-08 02:27 . 2011-10-15 05:48 534528 ----a-w- c:\windows\system32\EncDec.dll

2012-02-08 02:27 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\system32\quartz.dll

2012-02-08 02:27 . 2011-10-26 04:28 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-02-08 02:27 . 2011-10-26 04:25 38912 ----a-w- c:\windows\system32\csrsrv.dll

2012-02-08 02:26 . 2011-10-26 04:42 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-02-08 02:26 . 2011-10-26 04:42 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-02-08 02:24 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

2012-02-08 02:24 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-02-08 02:24 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll

2012-02-08 02:24 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-02-08 02:24 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys

2012-02-08 02:24 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll

2012-02-08 02:24 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll

2012-02-08 02:24 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe

2012-02-08 02:24 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll

2012-02-08 02:24 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll

2012-02-08 01:50 . 2012-02-08 01:50 -------- d-----w- c:\users\Admin\AppData\Roaming\TuneUp Software

2012-02-08 01:50 . 2012-02-08 01:51 -------- d-----w- c:\programdata\TuneUp Software

2012-02-08 01:50 . 2012-02-08 01:50 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-02-07 18:06 . 2010-03-02 12:57 105856 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys

2012-02-07 18:06 . 2010-03-02 12:57 105856 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys

2012-02-07 18:06 . 2010-03-02 12:57 105856 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys

2012-02-07 18:06 . 2009-12-28 13:05 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys

2012-02-07 18:06 . 2012-02-07 18:07 -------- d-----w- c:\program files\3DataManager

2012-02-07 17:39 . 2010-02-22 08:06 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys

2012-02-02 06:50 . 2012-02-02 06:50 -------- d-----w- c:\users\Konstantin\AppData\Roaming\Sierra Wireless

2012-02-02 06:49 . 2012-02-02 06:49 -------- d-----w- c:\users\Admin\AppData\Roaming\3 data

2012-02-02 06:45 . 2012-02-02 06:45 -------- d-----w- c:\users\Admin\AppData\Roaming\Mobile Partner

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-01 04:24 . 2011-07-25 22:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 16:23 . 2011-12-04 02:46 41184 ----a-w- c:\windows\avastSS.scr

2012-02-23 16:23 . 2011-12-04 02:46 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-02-23 16:12 . 2011-12-04 02:46 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-02-23 16:12 . 2011-12-04 02:46 337112 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-02-23 16:10 . 2011-12-04 02:46 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-02-23 16:10 . 2011-12-04 02:46 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-02-23 16:10 . 2011-12-04 02:46 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-02-14 04:52 . 2011-07-28 16:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-02-14 04:52 . 2011-07-26 22:36 824144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-02-12 05:36 . 2011-07-26 22:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-02-11 04:18 . 2011-07-28 16:45 824144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-01-29 04:10 . 2011-07-25 21:38 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-14 14:39 . 2011-12-14 14:39 65536 ----a-r- c:\users\Konstantin\AppData\Roaming\Microsoft\Installer\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-02-23 16:23 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-08-17 4527424]

"BitComet"="c:\program files\BitComet\BitComet.exe" [2011-12-12 11761456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-02-23 4031368]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-02-23 48352]

"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-02-23 48352]

"aswaswOtl.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-02-23 48352]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Launcher.lnk - c:\program files\3DataManager\3DataManager_Launcher.exe [2012-2-7 484816]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 136176]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 136176]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-22 9216]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-22 232512]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-02-23 57688]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]

S2 WTGService;WTGService;c:\program files\3DataManager\WTGService.exe [2010-07-08 333264]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-10-09 72576]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 379904]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-11-30 25088]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - BMLoad

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 23:25]

.

2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-25 23:25]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3156285

mStart Page = hxxp://startsear.ch/?aff=1

IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

TCP: Interfaces\{EFDAD3D4-2A9F-413D-8262-B8BF8C68D9BD}: NameServer = 194.48.139.254 194.48.124.200

FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t7ubipwq.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1022&systemid=1&sr=0&q=

FF - prefs.js: browser.search.selectedEngine - Search Results

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)

URLSearchHooks-{efc46a17-82ed-46ea-b94a-a08c86bb4fbe} - (no file)

BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)

Toolbar-10 - (no file)

Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file)

HKLM-Run-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe

Notify-avldr - avldr.dll

AddRemove-FoxTab PDF Converter - c:\program files\FoxTabPDFConverter\Uninstall\Uninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-02 21:12:14

ComboFix-quarantined-files.txt 2012-03-02 20:12

.

Pre-Run: 435.690.516.480 bytes free

Post-Run: 435.797.381.120 bytes free

.

- - End Of File - - 011B66B3FBD555C31E668E330EB0D800

B-boy/StyLe/ · Март 2, 2012

За радост или не, няма критично опасни елементи в лог файла (освен няколко туулбари като babylon или conduit), но не вярвам те да са проблема.

Съмнявам се, че Combofix може да е изтрил някои легитимни файлове затова нека да ги проверим (и при нужда да ги върнем на местата им).

Намерете изброените файлове по-надолу и ги проверете на VirusTotal

C:\Qoobox\Quarantine\C\Windows\System32\oobe\audit.exe.vir

C:\Qoobox\Quarantine\C\Windows\System32\oobe\msoobe.exe.vir

C:\Qoobox\Quarantine\C\Windows\System32\oobe\oobeldr.exe.vir

C:\Qoobox\Quarantine\C\Windows\System32\oobe\Setup.exe.vir

C:\Qoobox\Quarantine\C\Windows\System32\oobe\setupsqm.exe.vir

C:\Qoobox\Quarantine\C\Windows\System32\oobe\windeploy.exe.vir

Изберете Choose File => изберете първия файл от списъка и натиснете Send.

Ако файла вече е анализиран, натиснете Re-analyse.

Публикувайте линк към резултатите в следващия си коментар.

Повторете стъпките за всички файлове от списъка.

Константин Анжело · Март 3, 2012

1 https://www.virustotal.com/file/27a7c22eece9b3b241691333f3e3a5ee5ad59d64d517469b58cbb1201cc59cdc/analysis/1330749341/

2 https://www.virustotal.com/file/04d218b7d5a7100fe0ad3e9a785ecae907dbbb32b248eac74838b8243578680d/analysis/1330749567/

3 https://www.virustotal.com/file/1ba925e5acc00423366ab9224ad3151520a7585a1a1d8453dbc5d5a6b1c8e548/analysis/1330749659/

4 https://www.virustotal.com/file/024d73d456ea7aabc614d74515becc87e0e83ad0354013660527bacc97d25b60/analysis/1330749836/

5 https://www.virustotal.com/file/43b9b2f1c957f656cb39308f04ef3fd1f2714fd7ec652ae179ce8e68e631257f/analysis/1330749969/

6 https://www.virustotal.com/file/1a1ca41347cfc01c812086d1179af0a4c9298097ce2f092f97a7b078eb3d6cdb/analysis/1330750052/

Константин Анжело · Март 3, 2012

Вчера пробвах аваст пак заби ос . Рестартирах пуснах пак

ComboFix дано не е проблем не пипах нищо както каза и ето резолтат

ComboFix 12-03-02.01 - Admin 02.03.2012 23:40:32.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2039.1201 [GMT 1:00]

Running from: c:\users\Konstantin\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))

.

2012-03-02 22:51 . 2012-03-02 22:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-02 20:22 . 2012-03-02 20:22 -------- d-----w- c:\users\Admin\AppData\Roaming\PotPlayerMini

2012-03-02 20:22 . 2012-03-02 20:22 -------- d-----w- c:\users\Admin\AppData\Local\Daum

2012-03-02 20:18 . 2012-03-02 20:25 -------- d-----w- c:\users\Admin\AppData\Roaming\BitComet

2012-03-02 20:12 . 2012-03-02 22:51 -------- d-----w- c:\users\Admin\AppData\Local\temp