Здравейте на всички.

Искам да випитам да трия ли тези вируси от мбам.

До сега четох в темата и реших да се регистрирам.

За HJT имам проблем дори и да го преименувам пак не тръгва

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4401

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7.8.2010 г. 11:27:32

mbam-log-2010-08-07 (11-27-32).txt

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 193788

Time elapsed: 27 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 16

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

D:\Windows\System32\ghjik.dll (Trojan.Banker) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\bhoplugin.eyeonie (Trojan.Banker) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{a2d5957f-6d1a-44ce-bfba-d448eaab8781} (Trojan.Banker) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{4cf9a0d2-ed75-40cb-98c0-36df6a30e040} (Trojan.Banker) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{6e28339b-7a2a-47b6-aeb2-46ba53782379} (Trojan.Banker) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6e28339b-7a2a-47b6-aeb2-46ba53782379} (Trojan.Banker) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6e28339b-7a2a-47b6-aeb2-46ba53782379} (Trojan.Banker) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e28339b-7a2a-47b6-aeb2-46ba53782379} (Trojan.Banker) -> No action taken.

HKEY_CLASSES_ROOT\bhoplugin.eyeonie.1 (Trojan.Banker) -> No action taken.

HKEY_CLASSES_ROOT\testatl.atlmy (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib\{ce673b02-973c-4268-a819-da005c782b5d} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{f5cc5892-346b-4f19-b304-307dd1ef1a45} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c4560d12-ce25-4a2e-a5d4-b5070fcbe282} (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\testatl.atlmy.1 (Trojan.Agent) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{86aefbe8-763f-0647-899c-a93278894599} (Namespace.Hijack) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{f9ba1aa9-cad4-4c14-bde6-922dff5f6f38} (Spyware.OnlineGames) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{86aefbe8-763f-0647-899c-a93278894599} (Namespace.Hijack) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\Windows\System32\ghjik.dll (Trojan.Banker) -> No action taken.

D:\Windows\System32\gsevt.dll (Trojan.Agent) -> No action taken.

Също и антивирусната ми - кис 2010 не ще да се стартира.

Пише че avp.exe не се намира

Е помощ от някой

Редактирано 7 август 201015 г. от dani23031 (преглед на промените)

Да, изтрий ги. Има инструкция за това в тази тема:

Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

След това:

Изтеглете инструмента за почистване на OnlineGames: PeeTechFix-win32.PSW.OnlineGames. Ето как се работи с него:

1.Разрхивирайте, после стартирайте приложението PeeTechFix-Win32.PSW.OnlineGames.

2.Рестартирайте.

След това:

Обновете (Update), направете бързо сканиране с Malwarebytes' Anti-Malware (MBAM), отстранете (Remove Selected) намерените зарази, ако има такива и публикувайте лог.

P.S. Уморих се да пиша всеки ден едно и също. Моля тези, които четат тази тема да се съобразяват с правилата на този раздел!

Всяко мнение извън тези правила заминава в коша!

Редактирано 7 август 201015 г. от nologo (преглед на промените)

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4402

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

7.8.2010 г. 14:42:14

mbam-log-2010-08-07 (14-42-14).txt

Scan type: Quick scan

Objects scanned: 124492

Time elapsed: 6 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 120

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\799d.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aoyun.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appdllman.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\appsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastu3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avu3launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cross.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\discovery.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DSMain.exe (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\eghost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filedsty.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ftcleanershell.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fyfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guangd.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ispwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kascrscn.scr (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kastask.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavdx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kernelwind32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kislnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmfilter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32x.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.com (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksloader.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvcenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvdetect.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfwmcl.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvreport.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvscan.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvstub.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatchx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logogo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\magicset.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pagefile.pif (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwliveupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qhset.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctormain.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqkav.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravcopy.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regclean.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanu3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sdgames.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\selfupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\servet.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sreng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srengps.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\syssafe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tnt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\txomou.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ufo.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uihost.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxagent.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxattachment.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxfwhlp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umxpol.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbcleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wopticlean.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsyscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xdelbox.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp2.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp3.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filmst.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jisu.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfserver.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qheart.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stormii.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxgame.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tmp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wbapp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Softfy (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CLASSES_ROOT\exefile\nevershowext (Trojan.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

D:\Users\ASUS\Favorites\¶·Р·УОП·Нш - 4000їоµҐ»ъУОП·Гв·СПВ.url (Hijack.Trace) -> Quarantined and deleted successfully.

D:\Program Files\Messenger\coshelp.dll (Adware.Cinmus) -> Quarantined and deleted successfully.

D:\Windows\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Благодаря за лога. Ето какво следва:

Стъпка 1

Сканирайте с Sophos Anti-Rootkit. Ето как: изтеглете Sophos Anti-Rootkit от тук (иска се регистрация), стартирайте sarsfx.exe, пуснете да сканира (Start scan). Когато сканирането завърши, пуснете Windows Explorer и отидете в папка %temp%. Там трябва да има файл с име sarscan.log. Публикувайте съдържанието му в следващия си коментар.

Стъпка 2

Изтеглете и инсталирайте SUPERAntiSpyware Free от тук. След изтеглянето ще последва обновяване на дефинициите. После натиснете бутон Preferences и проверете с Update дали няма нови. Настройките на програмата трябва да изглеждат ето така (Scanning Control):

После затворете с Close, следва Scan your Computer и изберете логическите устройства, без флопи, преносими устройства и CD/DVD.

След това направете пълно сканиране (Complete Scan). Ако има намерени зарази, махнете ги и отидете пак на Preferences. Вижте съдържанието (двоен клик) на последния лог в Statistics/Logs:

и го публикувате в следващия си коментар.

Сега забелязах че антивируснаата е стартирана вече.

Дълго ли ще са сканиранията

Много добре. Сканиранията може да ти отнемат около час. Няма за къде да бързаш...

Добре.

Дано да стане бе преинсталация че бях на почивка и има мкъм 5 гига снимки а нямам сега свободна флашка или друга памет.

А пък съм и с xp i 7 и става гадна праинсталацията

Няма да има нужда от преинсталация. Изпълнявай инструкциите, които ти дадох и ще почистим всички гадини.

Няма да има нужда от преинсталация. Изпълнявай инструкциите, които ти дадох и ще почистим всички гадини.

А да ми кажете как съм ги лепнал като вчера сложих 7 преди бях s xp и само 7 ми пищи без xp пише че няма нищ о киса.

А за киса използвам ригинален за 3 компютъра заедно с баща ми.

Нямам идея как си се заразил. Изпълнявай инструкциите и се въздържай от излишни коментари. Имаме още малко работа.

Sophos Anti-Rootkit Version 1.5.4 © 2009 Sophos Plc

Started logging on 7.8.2010 г. at 14:56:42 ч.

User "ASUS" on computer "ASUS-PC"

Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 Win32

Info: Starting registry scan.

Info: Starting disk scan of C: (NTFS).

Hidden: file C:\Winup\kb93623.exe

Hidden: file C:\Winup\kb371522.exe

Hidden: file C:\Winup\kb37155.exe

Hidden: file C:\Winup\kb37158.exe

Hidden: file C:\Winup\kb371513.exe

Hidden: file C:\Winup\kb371514.exe

Hidden: file C:\Winup\kb371517.exe

Hidden: file C:\Winup\kb371518.exe

Hidden: file C:\WINDOWS\SoftwareDistribution\Download\53d91b4cb515ff831fd50b1300c41863\SP3GDR\ieframe.dll

Hidden: file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C7PTVR5Q\SkypeSetup[1].exe

Hidden: file C:\WINDOWS\system32\anfiok.dll

Hidden: file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AYP6ZULP\utorrent[1].exe

Hidden: file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\UVQN6EM7\SkypeSetup[1].exe

Info: Starting disk scan of D: (NTFS).

Hidden: file D:\Windows\winsxs\x86_prnep00b.inf_31bf3856ad364e35_6.1.7600.16385_none_510ecd5a103fd89f\I386\EP0NOE18.DLL

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHG2HOY0\Vistalizator[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UQISR2D\g[1].css

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UQISR2D\wd[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJJCU8A\mhxy[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UQISR2D\dh2[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJJCU8A\wmgj[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UQISR2D\rxcq[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJJCU8A\qqhx[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UQISR2D\js[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJJCU8A\jxsj[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UQISR2D\mhzx[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJJCU8A\100013[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UQISR2D\small[1].exe

Hidden: file D:\Users\ASUS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QQX4V1I1\ico_sprite_right[1].gif

Info: Starting disk scan of E: (NTFS).

Hidden: file E:\GAMES\CSS.v4044.2010\CSS\CSS\CSS\GAC Anti-Cheat.ex

Hidden: file E:\GAMES\CSS.v4044.2010\CSS\CSS\GAC.Anti-Cheat-3.7\GAC\GAC Anti-Cheat.ex

Hidden: file E:\Downloads\CSandSTALKER\CSandSTALKER\cstrike\redemax\redemax\Programms\Easy Config Builder.exe

Hidden: file E:\Downloads\Microsoft Windows XP Professional BgInterface edition\GRTMPVOL_BG\I386\svcpack\Z_MUI1_WXP_BG.EXE

Hidden: file E:\System Volume Information\_restore{922FE75C-C5C7-461D-AE3D-5F8317A2BBE1}\RP4\A0002239.exe

Hidden: file E:\System Volume Information\_restore{922FE75C-C5C7-461D-AE3D-5F8317A2BBE1}\RP4\A0002240.exe

Hidden: file E:\System Volume Information\_restore{922FE75C-C5C7-461D-AE3D-5F8317A2BBE1}\RP4\A0002247.exe

Hidden: file E:\System Volume Information\_restore{922FE75C-C5C7-461D-AE3D-5F8317A2BBE1}\RP4\A0002241.exe

Hidden: file E:\System Volume Information\_restore{922FE75C-C5C7-461D-AE3D-5F8317A2BBE1}\RP4\A0002242.exe

Hidden: file E:\System Volume Information\_restore{922FE75C-C5C7-461D-AE3D-5F8317A2BBE1}\RP4\A0002243.exe

Hidden: file E:\System Volume Information\_restore{922FE75C-C5C7-461D-AE3D-5F8317A2BBE1}\RP4\A0002244.exe

Hidden: file E:\System Volume Information\_restore{922FE75C-C5C7-461D-AE3D-5F8317A2BBE1}\RP4\A0002245.exe

Info: Starting disk scan of F: (NTFS).

Stopped logging on 7.8.2010 г. at 15:46:20 ч.

Добре, чакам лог от SUPERAntiSpyware Free.

До тогава:

Качете (Upload a file) на Virus Total за сканиране следния файл:

C:\WINDOWS\system32\anfiok.dll

Копирайте (copy) адреса на файла, маркиран по-горе в зелено и отидете в текстовото поле с надпис "Разглеждане". Поставете поставете (paste) в полето File Name адреса на файла, после Open. След това на Virustotal натиснете Send File. Изчакайте да завърши сканирането и публикувайте линка с резултатите от сканирането в следващия си коментар.

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/07/2010 at 04:53 PM

Application Version : 4.41.1000

Core Rules Database Version : 5330

Trace Rules Database Version: 3142

Scan type : Complete Scan

Total Scan Time : 00:35:51

Memory items scanned : 611

Memory threats detected : 0

Registry items scanned : 7134

Registry threats detected : 0

File items scanned : 26652

File threats detected : 58

Adware.Tracking Cookie

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\asus@2o7[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt

C:\Documents and Settings\Administrator\Cookies\administrator@mediafire[1].txt

secure-it.imrworldwide.com [ D:\Users\ASUS\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VTQC28HN ]

www.mediashare.bg [ D:\Users\ASUS\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VTQC28HN ]

www.naiadsystems.com [ D:\Users\ASUS\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VTQC28HN ]

yield.audience.digitalmedia.bg [ D:\Users\ASUS\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VTQC28HN ]

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@smartadserver[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@adultadworld[1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@advertising[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@mediashare[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@adultfriendfinder[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@statcounter[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@sexbg[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@adtech[1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@kontera[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@clicksor[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@mediafire[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@pornhublive[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@atdmt[1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@doubleclick[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@imrworldwide[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@myroitracking[1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@pornhub[1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@tacoda[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@tns-counter[1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@tribalfusion[2].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@yadro[1].txt

D:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\asus@zedo[2].txt

Trojan.PWS[EyeOnIE]

C:\WINDOWS\SYSTEM32\NBBAW5.DLL

Редактирано 7 август 201015 г. от dani23031 (преглед на промените)

Качи последователно няколко файла на virustotal и дай линк към тях. Става дума за тези файлове:

d:\windows\system32\drivers\qxpwr.sys

d:\windows\МФ±¦Нш.ico

След това:

Обнови (Update) и направи бързо сканиране (Quick Scan) с Kaspersky Internet Security и виж дали има останали зарази.

Значи.

Сканирах с киса няма нищо.

Ама първият файл го няма за вирус тотала а за вторият пише 0 от 42

Добре. Сега следва: Изтриване на точка на възстановяване -> прочети какво пише в упътването "Изтриване на всички точки на възстановяване" и го изпълни.

След това пиши дали има някакви други проблеми с Windows 7.

Ок.

Изтрех ги.

Обаче много забива windowsa.

1. Изтеглете ComboFix от следните миръри: от тук: или от тук: .

След изтегляне на файла го запишете (бутон Save -> Save as) ComboFix на вашия десктоп, снимка:

След като изтеглите ComboFix на десктопа, иконката на програмата би трябвало да изглежда така:

2. Затворете всички работещи приложения или отворени прозорци. Прекратете временно работата на антивирусната програма и на други програми за сигурност, ако има такива. За целта може да прегледате информацията от този линк: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

3. Преименувайте ComboFix.exe на ff1.exe

4. Стартирайте с двоен клик ff1.exe. За целта използвайте YES, за да се съгласите с условията за използване на програмата.

Важно: след като се стартира ComboFix не бива да се движи мишката или да се кликва върху отворения прозорец на програмата. Просто търпеливо оставете ComboFix да си свърши работата, без да използвате компютъра за други цели.

5. ComboFix ще спре временно Интернет връзката, но след като приключи работата на програмата тази връзка ще бъде възстановена автоматично. ComboFix ще сканира за проблеми и за заразени файлове, като това може да отнеме известно време. Моля да бъдете търпеливи. Ако има проблем с Интернет връзката, моля да прочетете това: Manually restoring the Internet connection section.

Забележка: При проблеми с ComboFix копирайте (Copy) и поставете (Paste) съдържанието на C:\BUG.txt в следващия си коментар.

6. Когато работата на ComboFix приключи, ще се появи текстов документ (log) в Notepad, виж снимката:

Копирайте (Copy) и поставете (Paste) съдържанието на лога в следващия си коментар.

http://rapidshare.co...___________.txt ето лога

Редактирано 7 август 201015 г. от dani23031 (преглед на промените)

Този линк, дето си дал:

http://rapidshare.com/files/411615765/______________________________________.txt

не води до файл. От rapidshare излиза съобщение:

The uploader has removed this file from the server.

Този линк, дето си дал:

http://rapidshare.co...___________.txt

не води до файл. От rapidshare излиза съобщение:

http://rapidshare.com/files/411620170/SEGa.txt

sega?

sega?

Сега изтеглете SystemLook и запазете програмата на десктопа.

• Кликнете два пъти върху SystemLook.exe, за да стартирате програмата.
  
• Копирайте съдържанието от цитата по-долу в текстовото поле на програмата:
  

  
  :filefind
  ezsidmv.dat
  

• Кликнете на бутона Look, за да започне сканирането.
  
• Когато сканирането завърши ще се отвори Notepad с резултата от сканирането. После публикувайте лог файла в следващия си коментар.
  

SystemLook v1.0 by jpshortstuff (11.01.10)

Log created at 21:57 on 07/08/2010 by ASUS (Administrator - Elevation successful)

========== filefind ==========

Searching for "ezsidmv.dat"

D:\ProgramData\ezsidmv.dat --ah-- 56 bytes [14:46 06/08/2010] [14:46 06/08/2010] 1AE2CD80E8CAF22CA07A7844591F8205

D:\Users\All Users\ezsidmv.dat --ah-- 56 bytes [14:46 06/08/2010] [14:46 06/08/2010] 1AE2CD80E8CAF22CA07A7844591F8205

-=End Of File=-

Сега отворете notepad.exe и с copy/paste въведете следната информация:

File::

D:\ProgramData\ezsidmv.dat

D:\Users\All Users\ezsidmv.dat

Запазете файла с име CFScript и го провлачете и пуснете в Combofix, както е показано на снимката:

Забележка: По време на сканиране от страна на ComboFix не стартирайте никакви други приложения, не натискайте клавиши от клавиатурата и не местете мишката !

Публикувайте лог файла, който ще се създаде след рестарта на компютъра в следващия си коментар.

Може ли да продължим утре че имам работа