Jump to content

Препоръчан пост

Здравейте, от няколко дена антивирусната ми програма (Аvira) започна да ми засича странни вируси. Пробвах да ги изтрия от прозореца, но безуспешно, след няколко минути излиза отново. Можете да погледнете за какво става въпрос в прикачените файлове. Има ли някакъв начин проблемът да се оправи?

post-26578-0-95856800-1341083911_thumb.jpg

post-26578-0-89679100-1341084196_thumb.jpg

Link to comment
Сподели другаде

  • Отговори 48
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

ТОП потребители в тази тема

Публикувани изображения

Здравейте,

 

Имате си ZeroAccess рууткит.

Временно деинсталирайте Avira (това е важно!).

След това:

 

1. Изтеглете ComboFix от BleepingComputer

и го запазете (бутон Save -> Save as) ComboFix на вашия десктоп:

http://i46.tinypic.com/2exprgh.jpg

След приключване на изтеглянето на ComboFix, иконката на програмата би трябвало да изглежда така:

http://i46.tinypic.com/29eqjuq.jpg

 

2. Затворете всички работещи приложения, отворени прозорци и програми работещи във фонов режим. Спрете временно защитата в реално време на антивирусната програма и на другите програми за сигурност, ако има такива.

 

 

3. Стартирайте с двоен клик Combofix.exe. Изберете YES, за да се съгласите с условията за използване на програмата. Важно: По време на работата на ComboFix не бива да се движи мишката и да се натискат клавиши от клавиатурата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

 

 

4. Ако получите предупреждение от UAC, съгласете се.

 

 

5 ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката след приключване на работата на Combofix, моля да прочетете това: Manually restoring the Internet connection section.

 

 

6 Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad:

http://i49.tinypic.com/157m978.jpg

 

Копирайте с (Copy) и поставете с (Paste) съдържанието на лога в следващия си коментар.

 

Забележка: Ако се появи следното съобщение при отварянето на различни програми след завършване на сканирането с Combofix - "illegal operation on a registry key that has been marked for deletion." просто рестартирайте компютъра още веднъж и то ще изчезне.

По време на сканирането не използвайте компютъра си !

Link to comment
Сподели другаде

Току що пробвах да направя изброеното, но излезе някакъв проблем по време на стартирането на програма. След като я пусна, програмата започва да extract-ва файловете си и след това ми излиза за кратко съобщението прикачено по-долу, след което, когато завърши разархивирането на файловете си автоматично се затваря и дотам. Нищо не се случва след това, а не е като да не съм изчакал.

post-26578-0-34030500-1341137545_thumb.jpg

Link to comment
Сподели другаде

Ок..ще използваме нов инструмент:

 

 

 

Изтеглете OTL.exe и го запазете на десктопа.

  • Стартирайте OTL (ако е необходимо, потвърдете през UAC).
  • Направете следните настройки:
  • Сложете отметка пред Scan All Users
  • Под менюто File Age изберете 90 days
  • Под менюто Standard Registry променете на ALL
  • Сложете отметки пред LOP и Purity Check

Под http://store.picbg.net/pubpic/0A/C1/c814d031472c0ac1.png с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
"%WinDir%\$NtUninstallKB*$." /90
C:\Program Files\Common Files\ComObjects\*.* /s
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%ProgramData%\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%windir%\installer\*.* /S
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%windir%\temp\*.*
%windir%\system32\*.
%windir%\sysnative\*.
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\syswow64\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\syswow64\drivers\*.sys /90
%systemroot%\syswow64\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /rp /s
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
%SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
/md5start
consrv.dll
services.exe
explorer.exe
lsass.exe
svchost.exe
wininit.exe
winlogon.exe
userinit.exe
atapi.sys
iaStor.sys
serial.sys
volsnap.sys
disk.sys
redbook.sys
i8042prt.sys
afd.sys
netbt.sys
csc.sys
tcpip.sys
dfsc.sys
hlp.dat
/md5stop

  • Натиснете маркираният в синьо бутон: Run Scan.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt. Прикачете тези два файла в следващия си коментар (погледнете опцията Прикачени файлове, когато публикувате мнение).

Link to comment
Сподели другаде

Така...имаме доста работа:

 

 

 

СТЪПКА 1

 

 

  • Изтеглете BlitzBlank от emsisoft и го запазете на вашия десктоп.
  • Стартирайте Blitzblank.exe.
  • Натиснете OK на предупредителното съобщение
  • Натиснете Script и с копи/пейст въведете следната информация.
    DeleteFolder:
    "C:\Users\Kaloyan\AppData\Local\{e7e090c8-b53b-c5be-4e2b-37bfd5d3dba1}"
    "C:\Users\Kaloyan\AppData\Local\3cb2dd68"
    C:\Windows\Installer\{e7e090c8-b53b-c5be-4e2b-37bfd5d3dba1}
    MoveFile:
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
    


  • Натиснете Execute Now. Компютъра ще се рестартира в опит за изтриване на файловете.
  • Когато процедурата завърши ще се създаде лог файл в C:\ => Публикувайте го в следващия си коментар.

 

 

СТЪПКА 2

 

 

 

След това:

 

 

 

Отворете Start => в полето за търсене въведете CMD.exe => кликнете върху файла с десен бутон и изберете Run as administrator.

 

С copy/paste въведете командата:

 

fsutil reparsepoint delete C:\Windows\$NtUninstallKB7717$

 

Натиснете Enter

  • Стартирайте файла http://billy-oneal.com/forums/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png с двукратен клик на мишката.
  • Под http://store.picbg.net/pubpic/0A/C1/c814d031472c0ac1.png с Copy/ Paste въведете изцяло следната текстова информация (само това, което е поставено в карето):

:OTL
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aic78u2.dll -- (zfdwm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k56.dll -- (z800mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GcKernel.dll -- (XFX_program)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tmmbd.dll -- (XAudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\artourservice.dll -- (wzcsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MMRTKRNL.dll -- (wintabservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p3.dll -- (WimFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSIRCOMM.dll -- (WIBUKEY)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZDPSp50.dll -- (wdm_au8820)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SDdriver.dll -- (wap3gx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ccispwdsvc.dll -- (wanatw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbscan.dll -- (w550mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\inotask.dll -- (vhidmini)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iviregmgr.dll -- (vet-rec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MtxDma0.dll -- (useraccess7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mksvirmonsvc.dll -- (USBDeviceService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\timounter.dll -- (usb_rndisx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PEVSystemStart.dll -- (uploadmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTSBLFX.DLL.dll -- (tvald)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcods.dll -- (tng-dtmg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w22n51.dll -- (tfsnpool)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlbt_device.dll -- (susbser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnemap.dll -- (stacsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asusgsb.dll -- (sscdserd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\swenum.dll -- (SrvcEPIOMngr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaudio.dll -- (SQTECH905C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\eventlog.dll -- (sonytvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ipinip.dll -- (snoopfreesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epson_pm_rpcv4_01.dll -- (sit_mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvlddmkm.dll -- (shuttleengine)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slee_81_service.dll -- (sfusvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\plsremotesvc.dll -- (SeaPort)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\regspy.dll -- (SE2Emdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTEXFIFX.DLL.dll -- (se27nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emclisrv.dll -- (SE27bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s217bus.dll -- (SaiMini)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbuhci.dll -- (s716mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\buslogic.dll -- (s116mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epsonbidirectionalagent.dll -- (rppkt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RR2IOMod.dll -- (razerusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfmodnt.dll -- (qhwscsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CBN.dll -- (pshost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iAimTV6.dll -- (prfldsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\remotelyanywhere.dll -- (pmj151la)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Si3132r5.dll -- (pdlnafac)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700iat.dll -- (pcidump)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\irenum.dll -- (Pcatip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVCamUSB20.dll -- (oraclesnmppeermasteragent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nimcdldu.dll -- (nvsmu)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RSAFAL.dll -- (ntsecure)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EPSON_EB_RPCV4_01.dll -- (nsm1bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NSSvcMgr.dll -- (nscservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvmd.dll -- (NMSCFG)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Maplom.dll -- (mwagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AmdIde.dll -- (MSMQTriggers)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mi-raysat_3dsmax8.dll -- (mr7910)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ldap.dll -- (mindrepair)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scarddrv.dll -- (mhn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mssql$sony_mediamgr.dll -- (mcpromgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\liveupdate.dll -- (mclogmanagerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DCamUSBEMPIA.dll -- (MA-620)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Subsonic.dll -- (lxcj_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VIAPFD.dll -- (lxby_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vsmon.dll -- (lxbs_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdr4_2k.dll -- (LwUsbHid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winvnc.dll -- (iteatapi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsbwsys.dll -- (InCDsrvR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psched.dll -- (imagedrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btfirst.dll -- (icollectservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cqmgserv.dll -- (iaimfp4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bocdrive.dll -- (GTSCSER)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wuolservice.dll -- (GT891x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wpshelper.dll -- (genregistrar)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JavaQuickStarterService.dll -- (gbpoll)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rnadiagnosticsservice.dll -- (g400)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wandrv.dll -- (ftpds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcdrndisuio.dll -- (fa_scheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CVirtA.dll -- (enethusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msvsmon90.dll -- (emproxy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafadmincontroller.dll -- (dtsagntsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\redbook.dll -- (dlpwd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxbs_device.dll -- (digisptiservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (cwcpsvc20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwcwdm.dll -- (com4qlb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\svchost.dll -- (cmuda3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mqdmbus.dll -- (cmpci)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cics.region1.dll -- (ccproxy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndisuio.dll -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTERFXFX.DLL.dll -- (bridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atinevxx.dll -- (bglivesvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qmofiltr.dll -- (bdselfpr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vvdsvc.dll -- (ATSWPDRV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswrdr.dll -- (amusbprt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpclocator.dll -- (alcxwdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LHidFilt.dll -- (aic78u2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aic78xx.dll -- (agrsrvce)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sscdmdfl.dll -- (adobeactivefilemonitor4.0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\motmodem.dll -- (adihdaudaddservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kmixer.dll -- (acs)
SRV - [2012.06.30 19:48:39 | 000,375,680 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Kaloyan\AppData\Local\Temp\GBBUUUQLMSXY.exe -- (GBBUUUQLMSXY)
SRV - [2012.06.30 19:48:21 | 000,506,752 | ---- | M] (Sysinternals - www.sysinternals.com) [On_Demand | Stopped] -- C:\Users\Kaloyan\AppData\Local\Temp\VXFJSHNBFS.exe -- (VXFJSHNBFS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Kaloyan\AppData\Local\Temp\PCD65X2.sys -- (PCD65X2)
IE - HKU\S-1-5-21-3157794219-3264756420-788014112-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://eu.ask.com/?l=dis&o=14597"]http://eu.ask.com/?l=dis&o=14597[/url]
IE - HKU\S-1-5-21-3157794219-3264756420-788014112-1000\..\SearchScopes\{3B00D267-2A95-4B60-96E0-CBC49D975167}: "URL" = [url="http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYBG&apn_uid=fd8bc969-4f8e-4b94-971c-78136d00cecf&apn_sauid=59A349B0-3E8E-49A4-881B-8DF1E12BA119"]http://websearch.ask...1B-8DF1E12BA119[/url]
IE - HKU\S-1-5-21-3157794219-3264756420-788014112-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = [url="http://www.daemon-search.com/search/web?q={searchTerms}"]http://www.daemon-se...q={searchTerms}[/url]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2012.05.01 22:54:38 | 000,002,322 | ---- | M] () -- C:\Users\Kaloyan\AppData\Roaming\Mozilla\Firefox\Profiles\b4cgl1du.default\searchplugins\askcom.xml
[2011.01.09 13:55:52 | 000,002,059 | ---- | M] () -- C:\Users\Kaloyan\AppData\Roaming\Mozilla\Firefox\Profiles\b4cgl1du.default\searchplugins\daemon-search.xml
O2 - BHO: (no name) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3157794219-3264756420-788014112-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-3157794219-3264756420-788014112-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-3157794219-3264756420-788014112-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKU\S-1-5-21-3157794219-3264756420-788014112-1000..\Run: []  File not found
NetSvcs: SQTECH905C - %systemroot%\system32\viaudio.dll File not found
NetSvcs: Cam5603C - %systemroot%\system32\ndisuio.dll File not found
NetSvcs: bdselfpr - %systemroot%\system32\qmofiltr.dll File not found
NetSvcs: sscdserd - %systemroot%\system32\asusgsb.dll File not found
NetSvcs: SaiMini - %systemroot%\system32\s217bus.dll File not found
NetSvcs: pshost - %systemroot%\system32\CBN.dll File not found
NetSvcs: pdlnafac - %systemroot%\system32\Si3132r5.dll File not found
NetSvcs: WimFltr - %systemroot%\system32\p3.dll File not found
NetSvcs: dlpwd - %systemroot%\system32\redbook.dll File not found
NetSvcs: razerusb - %systemroot%\system32\RR2IOMod.dll File not found
NetSvcs: InCDsrvR - %systemroot%\system32\fsbwsys.dll File not found
NetSvcs: ftpds - %systemroot%\system32\wandrv.dll File not found
NetSvcs: mcpromgr - %systemroot%\system32\mssql$sony_mediamgr.dll File not found
NetSvcs: ntsecure - %systemroot%\system32\RSAFAL.dll File not found
NetSvcs: SeaPort - %systemroot%\system32\plsremotesvc.dll File not found
NetSvcs: WIBUKEY - %systemroot%\system32\MSIRCOMM.dll File not found
NetSvcs: s716mdm - %systemroot%\system32\usbuhci.dll File not found
NetSvcs: wzcsvc - %systemroot%\system32\artourservice.dll File not found
NetSvcs: bglivesvc - %systemroot%\system32\atinevxx.dll File not found
NetSvcs: wanatw - %systemroot%\system32\ccispwdsvc.dll File not found
NetSvcs: cmuda3 - %systemroot%\system32\svchost.dll File not found
NetSvcs: snoopfreesvc - %systemroot%\system32\ipinip.dll File not found
NetSvcs: z800mgmt - %systemroot%\system32\k56.dll File not found
NetSvcs: amusbprt - %systemroot%\system32\aswrdr.dll File not found
NetSvcs: emproxy - %systemroot%\system32\msvsmon90.dll File not found
NetSvcs: agrsrvce - %systemroot%\system32\aic78xx.dll File not found
NetSvcs: fa_scheduler - %systemroot%\system32\pcdrndisuio.dll File not found
NetSvcs: oraclesnmppeermasteragent - %systemroot%\system32\AVCamUSB20.dll File not found
NetSvcs: vet-rec - %systemroot%\system32\iviregmgr.dll File not found
NetSvcs: shuttleengine - %systemroot%\system32\nvlddmkm.dll File not found
NetSvcs: MA-620 - %systemroot%\system32\DCamUSBEMPIA.dll File not found
NetSvcs: w550mgmt - %systemroot%\system32\usbscan.dll File not found
NetSvcs: susbser - %systemroot%\system32\dlbt_device.dll File not found
NetSvcs: nscservice - %systemroot%\system32\NSSvcMgr.dll File not found
NetSvcs: iaimfp4 - %systemroot%\system32\cqmgserv.dll File not found
NetSvcs: wdm_au8820 - %systemroot%\system32\ZDPSp50.dll File not found
NetSvcs: XFX_program - %systemroot%\system32\GcKernel.dll File not found
NetSvcs: adihdaudaddservice - %systemroot%\system32\motmodem.dll File not found
NetSvcs: Pcatip - %systemroot%\system32\irenum.dll File not found
NetSvcs: GTSCSER - %systemroot%\system32\bocdrive.dll File not found
NetSvcs: USBDeviceService - %systemroot%\system32\mksvirmonsvc.dll File not found
NetSvcs: dtsagntsvc - %systemroot%\system32\cwafadmincontroller.dll File not found
NetSvcs: stacsv - %systemroot%\system32\pdlnemap.dll File not found
NetSvcs: enethusb - %systemroot%\system32\CVirtA.dll File not found
NetSvcs: zfdwm - %systemroot%\system32\aic78u2.dll File not found
NetSvcs: se27nd5 - %systemroot%\system32\CTEXFIFX.DLL.dll File not found
NetSvcs: SrvcEPIOMngr - %systemroot%\system32\swenum.dll File not found
NetSvcs: ATSWPDRV - %systemroot%\system32\vvdsvc.dll File not found
NetSvcs: g400 - %systemroot%\system32\rnadiagnosticsservice.dll File not found
NetSvcs: genregistrar - %systemroot%\system32\wpshelper.dll File not found
NetSvcs: nvsmu - %systemroot%\system32\nimcdldu.dll File not found
NetSvcs: SE2Emdm - %systemroot%\system32\regspy.dll File not found
NetSvcs: GT891x - %systemroot%\system32\wuolservice.dll File not found
NetSvcs: sfusvc - %systemroot%\system32\slee_81_service.dll File not found
NetSvcs: tfsnpool - %systemroot%\system32\w22n51.dll File not found
NetSvcs: lxbs_device - %systemroot%\system32\vsmon.dll File not found
NetSvcs: acs - %systemroot%\system32\kmixer.dll File not found
NetSvcs: NMSCFG - %systemroot%\system32\nvmd.dll File not found
NetSvcs: rppkt - %systemroot%\system32\epsonbidirectionalagent.dll File not found
NetSvcs: vhidmini - %systemroot%\system32\inotask.dll File not found
NetSvcs: nsm1bus - %systemroot%\system32\EPSON_EB_RPCV4_01.dll File not found
NetSvcs: mwagent - %systemroot%\system32\Maplom.dll File not found
NetSvcs: bridge - %systemroot%\system32\CTERFXFX.DLL.dll File not found
NetSvcs: pcidump - %systemroot%\system32\F700iat.dll File not found
NetSvcs: tng-dtmg - %systemroot%\system32\mcods.dll File not found
NetSvcs: alcxwdm - %systemroot%\system32\rpclocator.dll File not found
NetSvcs: MSMQTriggers - %systemroot%\system32\AmdIde.dll File not found
NetSvcs: iteatapi - %systemroot%\system32\winvnc.dll File not found
NetSvcs: cwcpsvc20 - %systemroot%\system32\dlacdbhm.dll File not found
NetSvcs: adobeactivefilemonitor4.0 - %systemroot%\system32\sscdmdfl.dll File not found
NetSvcs: lxby_device - %systemroot%\system32\VIAPFD.dll File not found
NetSvcs: s116mgmt - %systemroot%\system32\buslogic.dll File not found
NetSvcs: LwUsbHid - %systemroot%\system32\cdr4_2k.dll File not found
NetSvcs: tvald - %systemroot%\system32\CTSBLFX.DLL.dll File not found
NetSvcs: icollectservice - %systemroot%\system32\btfirst.dll File not found
NetSvcs: ccproxy - %systemroot%\system32\cics.region1.dll File not found
NetSvcs: imagedrv - %systemroot%\system32\psched.dll File not found
NetSvcs: com4qlb - %systemroot%\system32\cwcwdm.dll File not found
NetSvcs: aic78u2 - %systemroot%\system32\LHidFilt.dll File not found
NetSvcs: pmj151la - %systemroot%\system32\remotelyanywhere.dll File not found
NetSvcs: prfldsvc - %systemroot%\system32\iAimTV6.dll File not found
NetSvcs: mhn - %systemroot%\system32\scarddrv.dll File not found
NetSvcs: sit_mdm - %systemroot%\system32\epson_pm_rpcv4_01.dll File not found
NetSvcs: XAudio - %systemroot%\system32\tmmbd.dll File not found
NetSvcs: useraccess7 - %systemroot%\system32\MtxDma0.dll File not found
NetSvcs: mclogmanagerservice - %systemroot%\system32\liveupdate.dll File not found
NetSvcs: mindrepair - %systemroot%\system32\ldap.dll File not found
NetSvcs: qhwscsvc - %systemroot%\system32\pfmodnt.dll File not found
NetSvcs: wintabservice - %systemroot%\system32\MMRTKRNL.dll File not found
NetSvcs: sonytvc - %systemroot%\system32\eventlog.dll File not found
NetSvcs: wap3gx - %systemroot%\system32\SDdriver.dll File not found
NetSvcs: mr7910 - %systemroot%\system32\mi-raysat_3dsmax8.dll File not found
NetSvcs: gbpoll - %systemroot%\system32\JavaQuickStarterService.dll File not found
NetSvcs: usb_rndisx - %systemroot%\system32\timounter.dll File not found
NetSvcs: SE27bus - %systemroot%\system32\emclisrv.dll File not found
NetSvcs: cmpci - %systemroot%\system32\mqdmbus.dll File not found
NetSvcs: digisptiservice - %systemroot%\system32\lxbs_device.dll File not found
NetSvcs: lxcj_device - %systemroot%\system32\Subsonic.dll File not found
NetSvcs: uploadmgr - %systemroot%\system32\PEVSystemStart.dll File not found
MsConfig - StartUpFolder: C:^Users^Kaloyan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NHL® 09 Registration.lnk -  - File not found
MsConfig - StartUpReg: [b]Bonus.SSR.FR10[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]Metropolis[/b] - hkey= - key= -  File not found
MsConfig - StartUpReg: [b]Rainlendar2[/b] - hkey= - key= -  File not found
[2012.06.30 12:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
:files
rd /s/q C:\Windows\$NtUninstallKB7717$ /c
:commands
[emptytemp]

След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл - OTL fix log. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

 

 

 

СТЪПКА 3

 

 

  • Моля изтеглете zoek.exe и я запазете на вашия десктоп.
  • Кликнете с десен бутон върху програмата и изберете Run as administrator.
  • Копирайте следния текстов скрипт и го поставете в програмата:
    attrib -r -s -h "C:\WINDOWS\system32\%%APPDA~1\*" /S /D;b
    attrib -r -s -h "C:\WINDOWS\system32\%%APPDA~1" /S /D;b
    ren "C:\WINDOWS\system32\%%APPDA~1" appdata;b
    C:\WINDOWS\system32\appdata;f
    


  • Изберете Combined fix и след това кликнете върху Run Script.
  • Ще се появи текстов лог файл с име на файла zoek-results.log.
  • Копирайте съдържанието му в следващия си пост.

Link to comment
Сподели другаде

Windows-a ви на български ли е, защото не мога разчета грешката?

Най-вероятно казва, че файла не е намерен (ако е на български).

Също коя версия на Операционната Система използвате, защото не се вижда в лога на OTL?

 

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Link to comment
Сподели другаде

Ок...преди да преминем към стъпка 2 и 3, искам да се уверя че Junction-a е изтрит (това е много важно).

Пробвайте да стартирате сега Combofix отново и изчакайте проверката да завърши.

Публикувайте лог файла и после ще продължим.

Link to comment
Сподели другаде

Полезна е, но не трябва да се използва от начинаещи потребители, защото може да повреди Windows.

 

Тези проксита да са ви познати:

 

FF - prefs.js: network.proxy.ftp - 83.219.158.86
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 83.219.158.86
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 83.219.158.86
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 83.219.158.86
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0

 

Направете нова проверка с OTL, по описания по-нагоре начин и публикувайте OTL.txt (втори лог няма да се създаде). :)

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...

×
×
  • Създай ново...