Jump to content

Вирус пратен по Скайп

lubricant
 Share

Препоръчан пост

B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Ама има още остатъци:

 

Стартирай OTL.exe и отдолу под Custom Scans/Fixes въведи това:

 

:OTL

O4 - HKLM..\Run: [oynxncnfjzrzq] File not found

O4 - HKLM..\Run: [yojzvqhfpljxulhnevc] C:\DOCUME~1\user\LOCALS~1\Temp\xkcpiaojqjepjxqt.exe File not found

O4 - HKU\S-1-5-21-1547161642-362288127-1801674531-1003..\Run: [oynxncnfjzrzq] C:\DOCUME~1\user\LOCALS~1\Temp\lcypmiazkhgvtliphzhy.exe File not found

O4 - HKU\S-1-5-21-1547161642-362288127-1801674531-1003..\Run: [xkcpiaojqjepjxqt] File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: sevhzqdxdvpzsfx = ncwlgaqnwrobxnindt.exe

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: pymvkyizcrip = C:\DOCUME~1\user\LOCALS~1\Temp\xkcpiaojqjepjxqt.exe File not found

O32 - AutoRun File - [2009.08.29 22:59:46 | 00,000,199 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

[2010.01.14 18:41:35 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\cadbfihnfjplqpthgfusvtx.zfx

[2010.01.14 18:41:35 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\cadbfihnfjplqpthgfusvtx.zfx

[2010.01.14 18:41:35 | 00,000,280 | -H-- | M] () -- C:\Program Files\cadbfihnfjplqpthgfusvtx.zfx

[2010.01.14 18:41:35 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\cadbfihnfjplqpthgfusvtx.zfx

[2010.01.14 18:39:34 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo

[2010.01.14 18:39:34 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo

[2010.01.14 18:39:34 | 00,004,248 | -H-- | M] () -- C:\Program Files\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo

[2010.01.14 18:39:34 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo

 

Натисни Run Fix и публикувай новия лог файл.

Link to comment
Сподели другаде
  • Отговори 131
  • Създадена
  • Последен отговор

ТОП потребители в тази тема

Популярни дни

ТОП потребители в тази тема

Популярни дни

Публикувани изображения

krasimirson Новобранец

krasimirson

Публикувано
Публикувано

Error: Unable to interpret <OTL> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [oynxncnfjzrzq] File not found> in the current context!

Error: Unable to interpret <O4 - HKLM..\Run: [yojzvqhfpljxulhnevc] C:\DOCUME~1\user\LOCALS~1\Temp\xkcpiaojqjepjxqt.exe File not found> in the current context!

Error: Unable to interpret <O4 - HKU\S-1-5-21-1547161642-362288127-1801674531-1003..\Run: [oynxncnfjzrzq] C:\DOCUME~1\user\LOCALS~1\Temp\lcypmiazkhgvtliphzhy.exe File not found> in the current context!

Error: Unable to interpret <O4 - HKU\S-1-5-21-1547161642-362288127-1801674531-1003..\Run: [xkcpiaojqjepjxqt] File not found> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: sevhzqdxdvpzsfx = ncwlgaqnwrobxnindt.exe> in the current context!

Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: pymvkyizcrip = C:\DOCUME~1\user\LOCALS~1\Temp\xkcpiaojqjepjxqt.exe File not found> in the current context!

Error: Unable to interpret <O32 - AutoRun File - [2009.08.29 22:59:46 | 00,000,199 | R--- | M] () - F:\autorun.inf -- [ CDFS ]> in the current context!

Error: Unable to interpret <[2010.01.14 18:41:35 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\cadbfihnfjplqpthgfusvtx.zfx> in the current context!

Error: Unable to interpret <[2010.01.14 18:41:35 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\cadbfihnfjplqpthgfusvtx.zfx> in the current context!

Error: Unable to interpret <[2010.01.14 18:41:35 | 00,000,280 | -H-- | M] () -- C:\Program Files\cadbfihnfjplqpthgfusvtx.zfx> in the current context!

Error: Unable to interpret <[2010.01.14 18:41:35 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\cadbfihnfjplqpthgfusvtx.zfx> in the current context!

Error: Unable to interpret <[2010.01.14 18:39:34 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\System32\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo> in the current context!

Error: Unable to interpret <[2010.01.14 18:39:34 | 00,004,248 | -H-- | M] () -- C:\WINDOWS\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo> in the current context!

Error: Unable to interpret <[2010.01.14 18:39:34 | 00,004,248 | -H-- | M] () -- C:\Program Files\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo> in the current context!

Error: Unable to interpret <[2010.01.14 18:39:34 | 00,004,248 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo> in the current context!

 

OTL by OldTimer - Version 3.1.24.0 log created on 01152010_133107

Link to comment
Сподели другаде
krasimirson Новобранец

krasimirson

Публикувано
Публикувано

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\oynxncnfjzrzq deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yojzvqhfpljxulhnevc deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1547161642-362288127-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\oynxncnfjzrzq deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1547161642-362288127-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\xkcpiaojqjepjxqt deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\sevhzqdxdvpzsfx deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\pymvkyizcrip deleted successfully.

File move failed. F:\autorun.inf scheduled to be moved on reboot.

C:\WINDOWS\system32\cadbfihnfjplqpthgfusvtx.zfx moved successfully.

C:\WINDOWS\cadbfihnfjplqpthgfusvtx.zfx moved successfully.

C:\Program Files\cadbfihnfjplqpthgfusvtx.zfx moved successfully.

C:\Documents and Settings\user\Local Settings\Application Data\cadbfihnfjplqpthgfusvtx.zfx moved successfully.

C:\WINDOWS\system32\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo moved successfully.

C:\WINDOWS\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo moved successfully.

C:\Program Files\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo moved successfully.

C:\Documents and Settings\user\Local Settings\Application Data\pymvkyizcripfpednxxgudsgqhkzqxnxml.ffo moved successfully.

 

OTL by OldTimer - Version 3.1.24.0 log created on 01152010_143922

 

Files\Folders moved on Reboot...

File move failed. F:\autorun.inf scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

 

OTL

 

OTL logfile created on: 15.01.2010 00:37:45 - Run 1

OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.60 Gb Total Space | 39.20 Gb Free Space | 70.51% Space Free | Partition Type: NTFS

Drive D: | 205.08 Gb Total Space | 146.13 Gb Free Space | 71.26% Space Free | Partition Type: NTFS

Drive E: | 205.08 Gb Total Space | 205.01 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Drive F: | 186.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ACER5738

Current User Name: user

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)

PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)

PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)

PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft)

PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

PRC - C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\WINDOWS\system32\newdll.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)

SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)

SRV - (EHttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\E

 

Extras

 

OTL Extras logfile created on: 15.01.2010 00:37:45 - Run 1

OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\user\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000402 | Country: Bulgaria | Language: BGR | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.60 Gb Total Space | 39.20 Gb Free Space | 70.51% Space Free | Partition Type: NTFS

Drive D: | 205.08 Gb Total Space | 146.13 Gb Free Space | 71.26% Space Free | Partition Type: NTFS

Drive E: | 205.08 Gb Total Space | 205.01 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Drive F: | 186.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ACER5738

Current User Name: user

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1547161642-362288127-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"D:\Games\PES 2010\pes2010.exe" = D:\Games\PES 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)

"D:\Games\PES 2010\PESEdit.exe" = D:\Games\PES 2010\PESEdit.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)

"D:\Games\FM 2010\fm.exe" = D:\Games\FM 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{055A5AF0-9FEB-440D-B00A-18935C7C171C}" = SA Dictionary 2008 Beta 4

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10

"{164086E1-A5DD-3D64-06B1-186005030854}" = CCC Help Korean

"{1800A397-53DF-4F2C-6115-FE2FA9EA69DA}" = ccc-core-static

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18625255-5E1D-6BF1-8809-BE4CEE493D52}" = Catalyst Control Center Graphics Full Existing

"{18CD3278-B87E-3026-D38F-38E0A67F2BA4}" = ccc-core-preinstall

"{18D07AC5-417D-4735-BC99-C8E77A7A4195}" = Windows Live Messenger

"{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Инструмент за качване на Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{232AAA95-AE60-46C7-9987-4E7139EA3554}" = Асистент за влизане на Windows Live

"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010

"{298F1470-17A2-124A-B615-9A58F90CDA57}" = CCC Help English

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{368B73EA-A46E-94B1-1B20-24D47B4760F3}" = CCC Help Portuguese

"{3AD20171-A064-C9EC-0C11-5B036FA6F32C}" = CCC Help Dutch

"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes versus Jack the Ripper

"{4A3EB326-F730-4A71-AEBF-3C7DF7ED716F}" = Тайната на сребърната обица

"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1

"{51B83F5C-5660-4B73-AB18-C68993FEDEB3}" = Catalyst Control Center - Branding

"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009

"{5B78DFB0-0FFE-E76F-E51C-FBA53A01085E}" = CCC Help Polish

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{6144C1EC-0F4E-6514-E633-85AC3724F082}" = CCC Help Spanish

"{63686BEF-04CA-461C-B364-53BBC322F7BF}" = Sherlock Holmes Nemesis

"{6D144E43-239B-657F-15C5-854EF2C4E55F}" = Catalyst Control Center Core Implementation

"{70701602-56D7-64DF-150D-5459C547E058}" = CCC Help Chinese Traditional

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{731A3C00-8E73-7893-C15E-4FAFC5787EE5}" = CCC Help Swedish

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{839011A6-DF28-4E21-00AE-83482775212B}" = NBA LIVE 07

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{875FC2BF-BF34-4F26-B579-CFC7CE2FFAEA}" = ESET NOD32 Antivirus

"{8E371F04-9B92-42A0-A7AF-6678DDB688E1}" = Windows Live Essentials

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95991299-E762-2AEA-077D-5DB75E7896C0}" = CCC Help Russian

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = The Awakened

"{A01D832F-1227-EC5B-6A06-88D53753A789}" = CCC Help Hungarian

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A23DD0F0-58E1-7453-9721-760062EF2369}" = CCC Help German

"{A45F3795-1527-47FA-BE1A-2DD242B439E5}_is1" = Need for Speed - Shift

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A4F264EA-5851-4684-185F-83C09B678A9C}" = ccc-utility

"{A75C72CA-4D28-C419-5FBA-3762F2344D2F}" = Skins

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{B0C4DD22-7D91-E56C-F257-37781CC7FFC2}" = Catalyst Control Center Graphics Full New

"{B55E3E57-C706-CFFF-8170-635BB081B3AA}" = CCC Help Greek

"{B7BFA380-2559-B766-85FA-EA02218FD8E7}" = CCC Help Norwegian

"{B9DD8184-8040-1920-D771-3F77AA3131DB}" = CCC Help Chinese Standard

"{BF76EB61-33DA-BBE5-151F-0A1DE5D99A2B}" = CCC Help Japanese

"{C408D81A-CB17-4CDF-98AF-2E64036B3F32}" = Windows Bulgarian Interface Pack

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CC0BD204-465D-B512-E19F-866026F59326}" = CCC Help Italian

"{D02C0FA6-7512-5411-BC81-E910C8AF4A9F}" = CCC Help Thai

"{D1C8DCCF-790D-62AD-ED46-3E5E170B13B2}" = CCC Help Danish

"{D2777D85-7E63-402F-A5E7-2AF436C1C9D4}" = Intel® PROSet/Wireless WiFi Software

"{D27840CA-5F61-7CD3-CDF4-A6EB828CF5D7}" = Catalyst Control Center Localization All

"{D3F07123-C1BE-3BDE-7B29-C6647C3DCE98}" = Catalyst Control Center Graphics Light

"{D9237C88-448A-C1DE-6BA0-EF53462BB1FC}" = CCC Help French

"{E86766EB-5D72-ADFF-D2F0-DE0AB25174CF}" = CCC Help Turkish

"{EA913B24-ED12-1837-C52C-EA58D6ECDB2F}" = CCC Help Czech

"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F36547BF-7B05-1B15-E383-D42BFFD57796}" = CCC Help Finnish

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"All ATI Software" = ATI - Software Uninstall Utility

"ATI Display Driver" = ATI Display Driver

"BFGC" = Big Fish Games Client

"BFL_FIFA_10" = BFL_FIFA_10

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Cool Edit Pro 2.0" = Cool Edit Pro 2.0

"DirectX10_is1" = DirectX10 RC2 Pre Fix 3

"ESET Online Scanner" = ESET Online Scanner v3

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00

"FIFA 10_is1" = FIFA 10 v1.0 R-E

"FlexType 2K" = FlexType 2K

"Football Manager 2010" = Football Manager 2010

"GOM Player" = GOM Player

"Hamachi" = Hamachi 0.9.9.9

"ie8" = Windows Internet Explorer 8

"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition

"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)

"PESEdit.com 2010 Patch 0.3.1 with Chants" = PESEdit.com 2010 Patch 0.3.1 with Chants

"ProInst" = Intel PROSet Wireless

"SA Dictionary 2005 T2" = SA Dictionary 2005 T2

"Screen Shot Maker_is1" = Screen Shot Maker 2.5

"TVUPlayer" = TVUPlayer 2.3.4.1

"Veetle TV" = Veetle TV 0.9.15

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1547161642-362288127-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 25.12.2009 11:41:18 | Computer Name = ACER5738 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 25.12.2009 15:20:53 | Computer Name = ACER5738 | Source = Application Error | ID = 1000

Description = Faulting application ati2evxx.exe, version 6.14.10.4220, faulting

module ntdll.dll, version 5.1.2600.5512, fault address 0x000108b3.

 

Error - 26.12.2009 06:35:13 | Computer Name = ACER5738 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 30.12.2009 11:31:17 | Computer Name = ACER5738 | Source = Application Hang | ID = 1002

Description = Hanging application msiexec.exe, version 3.1.4001.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

 

Error - 08.01.2010 12:57:38 | Computer Name = ACER5738 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module flash10b.ocx, version 10.0.22.87, fault address 0x001ea9e1.

 

Error - 10.01.2010 12:36:36 | Computer Name = ACER5738 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.18702, fault address 0x0020fbd7.

 

Error - 10.01.2010 12:36:41 | Computer Name = ACER5738 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.18702, fault address 0x0020fbd7.

 

Error - 10.01.2010 12:36:43 | Computer Name = ACER5738 | Source = Application Error | ID = 1001

Description = Fault bucket 1192410865.

 

Error - 10.01.2010 12:37:03 | Computer Name = ACER5738 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.18702, fault address 0x0020fbd7.

 

Error - 10.01.2010 12:37:08 | Computer Name = ACER5738 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mshtml.dll, version 8.0.6001.18702, fault address 0x0020fbd7.

 

[ System Events ]

Error - 14.01.2010 12:39:23 | Computer Name = ACER5738 | Source = Service Control Manager | ID = 7034

Description = The Intel® PROSet/Wireless Event Log service terminated unexpectedly.

It has done this 1 time(s).

 

Error - 14.01.2010 12:39:23 | Computer Name = ACER5738 | Source = Service Control Manager | ID = 7034

Description = The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.

It has done this 1 time(s).

 

Error - 14.01.2010 12:39:23 | Computer Name = ACER5738 | Source = Service Control Manager | ID = 7034

Description = The TuneUp Program Statistics Service service terminated unexpectedly.

It has done this 1 time(s).

 

Error - 14.01.2010 12:39:23 | Computer Name = ACER5738 | Source = Service Control Manager | ID = 7034

Description = The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly.

It has done this 1 time(s).

 

Error - 14.01.2010 12:39:23 | Computer Name = ACER5738 | Source = Service Control Manager | ID = 7031

Description = The Bluetooth Service service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

 

Error - 14.01.2010 12:43:02 | Computer Name = ACER5738 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000034'

while processing the file '_filelst.cfg' on the volume 'HarddiskVolume1'. It has

stopped monitoring the volume.

 

Error - 14.01.2010 12:43:57 | Computer Name = ACER5738 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

 

Error - 14.01.2010 12:43:57 | Computer Name = ACER5738 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

 

Error - 14.01.2010 12:43:57 | Computer Name = ACER5738 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

 

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

 

Error - 14.01.2010 15:18:33 | Computer Name = ACER5738 | Source = System Error | ID = 1003

Description = Error code 1000007e, parameter1 c0000005, parameter2 ae3c323a, parameter3

f7042ae0, parameter4 f70427dc.

 

[ TuneUp Events ]

Error - 14.01.2010 15:21:57 | Computer Name = ACER5738 | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-14 21:21:57', '\device\harddiskvolume1\program

files\malwarebytes' anti-malware\mbam.exe','3992',0)

 

Error - 14.01.2010 15:33:03 | Computer Name = ACER5738 | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-14 21:33:03', '\device\harddiskvolume1\program

files\malwarebytes' anti-malware\mbam.exe','2216',0)

 

Error - 14.01.2010 18:00:21 | Computer Name = ACER5738 | Source = TuneUp Program Statistics | ID = 131840

Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO

ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-15 00:00:21', '\device\harddiskvolume1\program

files\malwarebytes' anti-malware\mbam.exe','2344',0)

 

 

< End of report >

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Готово.Благодаря ! :)

 

Само да напомня да обновявате софтуера преди да сканирате с него.

В лог файла на MBAM дефинициите с които сте сканирали вчера са били версия - 3510.

Актуалните са 3570 и нагоре. :)

Link to comment
Сподели другаде
krasimirson Новобранец

krasimirson

Публикувано
Публикувано

Само да напомня да обновявате софтуера преди да сканирате с него.

В лог файла на MBAM дефинициите с които сте сканирали вчера са били версия - 3510.

Актуалните са 3570 и нагоре. :)

 

Да ,при инсталацията забравих да дам отметка на автоматичното обновяване.Ше го оправя.

Link to comment
Сподели другаде
  • 3 weeks later...
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Моля за малко помoщ..

Има работещ и лицензиран Нод 4

Това са логовете от OTL

 

1-во не сте дали достатъчно описание за проблема.

2-ро пишете в чужда тема и става плетеница.

3-то стартирали сте програми от които не са ви искани логове и OTL.exe не е с настройки да дава максимума информация.

4-то стартирали сте Combofix който не е за всекидневна употреба.

 

Стартирайте OTL.exe и copy/paste под колонката "Custom Scans/Fixes" въведете това:

 

:OTL

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

[2010.02.03 18:36:41 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\System32\pblbpemasehbvvpblbpemasehbvvpblbpem.seh

[2010.02.03 18:36:41 | 00,002,408 | -H-- | M] () -- C:\WINDOWS\pblbpemasehbvvpblbpemasehbvvpblbpem.seh

[2010.02.03 18:36:41 | 00,002,408 | -H-- | M] () -- C:\Program Files\pblbpemasehbvvpblbpemasehbvvpblbpem.seh

[2010.02.03 18:36:41 | 00,002,408 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\pblbpemasehbvvpblbpemasehbvvpblbpem.seh

[2010.02.03 18:36:41 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\System32\lnntxcaemohrbrbddjnsqucex.rhr

[2010.02.03 18:36:41 | 00,000,280 | -H-- | M] () -- C:\WINDOWS\lnntxcaemohrbrbddjnsqucex.rhr

[2010.02.03 18:36:41 | 00,000,280 | -H-- | M] () -- C:\Program Files\lnntxcaemohrbrbddjnsqucex.rhr

[2010.02.03 18:36:41 | 00,000,280 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\lnntxcaemohrbrbddjnsqucex.rhr

[2010.02.03 18:36:04 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux

[2010.02.03 18:36:04 | 00,000,316 | -H-- | M] () -- C:\WINDOWS\System32\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux

[2010.02.03 18:36:04 | 00,000,316 | -H-- | M] () -- C:\Program Files\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux

[2010.02.03 18:36:04 | 00,000,316 | -H-- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux

[2009.12.30 15:56:30 | 00,000,316 | -H-- | C] () -- C:\Program Files\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux

[2009.12.30 15:56:30 | 00,000,316 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux

[2009.12.30 15:56:25 | 00,002,408 | -H-- | C] () -- C:\Program Files\pblbpemasehbvvpblbpemasehbvvpblbpem.seh

[2009.12.30 15:56:25 | 00,002,408 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\pblbpemasehbvvpblbpemasehbvvpblbpem.seh

[2009.12.30 15:56:25 | 00,000,268 | -H-- | C] () -- C:\Program Files\fvjdvoasoeljhljznhzsewsipnlpndrldwiawmt.ptr

[2009.12.30 15:56:25 | 00,000,268 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fvjdvoasoeljhljznhzsewsipnlpndrldwiawmt.ptr

[2009.12.30 15:56:16 | 00,004,248 | -H-- | C] () -- C:\Program Files\qdofuktibosnijerctiyhwpcgbwxsfqhwmvk.qup

[2009.12.30 15:56:16 | 00,004,248 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\qdofuktibosnijerctiyhwpcgbwxsfqhwmvk.qup

[2009.12.30 15:56:16 | 00,000,280 | -H-- | C] () -- C:\Program Files\lnntxcaemohrbrbddjnsqucex.rhr

[2009.12.30 15:56:16 | 00,000,280 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\lnntxcaemohrbrbddjnsqucex.rhr

:files

C:\Qoobox

C:\WINDOWS\*.tmp

C:\WINDOWS\System32\drivers\etc\*.tmp

C:\WINDOWS\System32\*.tmp

:Commands

[purity]

[emptytemp]

[resethosts]

[clearallrestorepoints]

[Reboot]

 

Натиснете бутона Run Fix

 

Ще се създаде лог файл. Копирайте го в следващия си пост.

Link to comment
Сподели другаде
vladimladi Новобранец

vladimladi

Публикувано
Публикувано

Извинявам се за поста си, ще си взема бележка.

Това е лога след фикса:

 

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.

C:\WINDOWS\system32\pblbpemasehbvvpblbpemasehbvvpblbpem.seh moved successfully.

C:\WINDOWS\pblbpemasehbvvpblbpemasehbvvpblbpem.seh moved successfully.

C:\Program Files\pblbpemasehbvvpblbpemasehbvvpblbpem.seh moved successfully.

C:\Documents and Settings\Admin\Local Settings\Application Data\pblbpemasehbvvpblbpemasehbvvpblbpem.seh moved successfully.

C:\WINDOWS\system32\lnntxcaemohrbrbddjnsqucex.rhr moved successfully.

C:\WINDOWS\lnntxcaemohrbrbddjnsqucex.rhr moved successfully.

C:\Program Files\lnntxcaemohrbrbddjnsqucex.rhr moved successfully.

C:\Documents and Settings\Admin\Local Settings\Application Data\lnntxcaemohrbrbddjnsqucex.rhr moved successfully.

C:\WINDOWS\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux moved successfully.

C:\WINDOWS\system32\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux moved successfully.

C:\Program Files\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux moved successfully.

C:\Documents and Settings\Admin\Local Settings\Application Data\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux moved successfully.

File C:\Program Files\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux not found.

File C:\Documents and Settings\Admin\Local Settings\Application Data\ynatkcnezourorodqjasdupekhehetgzqitkfu.xux not found.

File C:\Program Files\pblbpemasehbvvpblbpemasehbvvpblbpem.seh not found.

File C:\Documents and Settings\Admin\Local Settings\Application Data\pblbpemasehbvvpblbpemasehbvvpblbpem.seh not found.

C:\Program Files\fvjdvoasoeljhljznhzsewsipnlpndrldwiawmt.ptr moved successfully.

C:\Documents and Settings\Admin\Local Settings\Application Data\fvjdvoasoeljhljznhzsewsipnlpndrldwiawmt.ptr moved successfully.

C:\Program Files\qdofuktibosnijerctiyhwpcgbwxsfqhwmvk.qup moved successfully.

C:\Documents and Settings\Admin\Local Settings\Application Data\qdofuktibosnijerctiyhwpcgbwxsfqhwmvk.qup moved successfully.

File C:\Program Files\lnntxcaemohrbrbddjnsqucex.rhr not found.

File C:\Documents and Settings\Admin\Local Settings\Application Data\lnntxcaemohrbrbddjnsqucex.rhr not found.

========== FILES ==========

C:\Qoobox\Quarantine\Registry_backups folder moved successfully.

C:\Qoobox\Quarantine\E folder moved successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.

C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Settings folder moved successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar folder moved successfully.

C:\Qoobox\Quarantine\C\Program Files\MyWebSearch folder moved successfully.

C:\Qoobox\Quarantine\C\Program Files folder moved successfully.

C:\Qoobox\Quarantine\C folder moved successfully.

C:\Qoobox\Quarantine folder moved successfully.

C:\Qoobox\BackEnv folder moved successfully.

C:\Qoobox folder moved successfully.

C:\WINDOWS\SET3.tmp moved successfully.

C:\WINDOWS\SET4.tmp moved successfully.

C:\WINDOWS\SET8.tmp moved successfully.

C:\WINDOWS\System32\drivers\etc\hosts-lms.tmp moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Admin

->Temp folder emptied: 519714 bytes

->Temporary Internet Files folder emptied: 44021051 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49219 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 13064509 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 10953115 bytes

 

Total Files Cleaned = 65.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore points cleared and new OTL Restore Point set!

 

OTL by OldTimer - Version 3.1.21.0 log created on 02052010_091509

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

СТЪПКА 1

 

Изтеглете => FixPolicies

Запазете го някъде на декстопа.Кликнете два пъти върху файла и изберете Install.Ще се създаде папка с името FixPolicies на десктопа.Отворете я и стартирайте файла Fix_policies.cmd.

 

СТЪПКА 2

 

Изтеглете SafeBootKeyRepair.exe и го стартирайте.

 

СТЪПКА 3

 

Стартирайте програмата OTL.exe => и натиснете бутона вдясно => CleanUp.

 

http://i47.tinypic.com/35hfp21.jpg

 

СТЪПКА 4

 

Временно спрете System Restore => Десен бутон на My Computer => Properties => System Restore => сложете отметка пред => Turn Off System Restore on all drives.

 

СТЪПКА 5

 

Изтеглете Malwarebytes' Anti-Malware от тук

 

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

 

  • * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
    * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
    * Стартирайте програмата и изберете "Perform Quick Scan", след това кликнете на Scan.
    * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

 

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Link to comment
Сподели другаде
schumi Новобранец

schumi

Публикувано
Публикувано
Здравейте, от 2 месеца се занимавам с тоя skype вирус(NOD-a го засича като Win32 autorun agent ud worm).Слага си файлче във всяка папка на компа.Nod-a го намира и изтрива и след това пак се почва да си пълни папките с разни рарчета с името на самите папки.Бихте ли ми помогнали да се отърва от него.Благодаря Ви предварително.
Link to comment
Сподели другаде
B-boy/StyLe/ Новобранец

B-boy/StyLe/

Публикувано
Публикувано

Здравейте, от 2 месеца се занимавам с тоя skype вирус(NOD-a го засича като Win32 autorun agent ud worm).Слага си файлче във всяка папка на компа.Nod-a го намира и изтрива и след това пак се почва да си пълни папките с разни рарчета с името на самите папки.Бихте ли ми помогнали да се отърва от него.Благодаря Ви предварително.

 

При вас е по-модерния вариант на червея.

 

1. Временно спрете System Restore => Десен бутон на My Computer => Properties => System Restore => сложете отметка пред => Turn Off System Restore on all drives.

 

2. Изтеглете Panda USB Vaccine. Стартирайте приложението и натиснете бутона Vaccinate Computer.

 

3. Иизтеглете Malwarebytes' Anti-Malware от тук

 

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

 

  • * Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
    * Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
    * Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    * Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    * Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

 

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

 

4. Изтеглете OTM.exe и го запазете на десктопа.

 

Стартирайте файла http://membres.lycos.fr/wawaseb8/images/help/otico.JPG с двукратен клик на мишката и с copy/paste под колонката "Paste Instructions for Items to be Moved" въведете това:

 

:Processes

explorer.exe

:files

C:\autorun.inf

D:\autorun.inf

E:\autorun.inf

F:\autorun.inf

G:\autorun.inf

H:\autorun.inf

I:\autorun.inf

C:\recycler

D:\recycler

E:\recycler

F:\recycler

G:\recycler

H:\recycler

I:\recycler

:Commands

[purity]

[emptytemp]

[clearallrestorepoints]

[start explorer]

[Reboot]

 

Натиснете бутона http://billy-oneal.com/forums/Canned%20Speeches/speechimages/otmi3/btnmoveit.png

Ще се създаде лог файл след рестарта на машината.

Публикувайте го в следващия си пост.

 

5. Премахване на някои от уязвимите места: (полезни за целта са Windows Worms Doors Cleaner v1.4.1 и Safe XP 1.5.7.14).

 

Стартирайте инструмента Windows Worms Doors Cleaner и натиснете всички опции с червен цвят.

Ще се наложи рестарт на системата за да влезнат промените в сила.

 

http://i30.tinypic.com/5fkz5w.gif

 

Изтеглете и SafeXP от линка по-нагоре и приложете настройките от снимката:

 

http://img152.imageshack.us/img152/9838/safexpuc9.jpg

 

След това просто натиснете Apply.

 

6. От настройките на мрежовата карта можете да изключите някои опции:

*Client for Microsoft Networks

*File and Printer Sharing for Microsoft Network

 

http://img168.imageshack.us/img168/9210/dangerfk9.jpg

Link to comment
Сподели другаде
schumi Новобранец

schumi

Публикувано
Публикувано

Здравейте, направих всичко стъпка по стъпка ето лог от mbam:

Malwarebytes' Anti-Malware 1.44

Database version: 3700

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

 

07.2.2010 г. 17:22:54

mbam-log-2010-02-07 (17-22-54).txt

 

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 132857

Time elapsed: 17 minute(s), 58 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

за OTM започна да изпълнява командите но на последните 3 копма забива на 2 пъти и го рестартвах принудително и след зареждане на wina ми дава следния log:

Files moved on Reboot...

 

Registry entries deleted on Reboot...

 

изпълних и следващите стъпки и накрая пуснах NODa да ми изчисти направените от вируса файлчета.

Засега няма нови но ще видим до кога че последния път изкара без проблеми 1 месец :)

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
 Share
Иди на предишната тема
×
×
  • Създай ново...