Премини към съдържанието
HackerX

Заразен компютър - причинителят неизвестен

    Препоръчан отговор


    Здравейте!

    Отново ми се налага да търся помощ относно заразена система. :angry:

    Компютърът отново не е моят, а на приятел.

    Оплакваше се, че както си стои и изведнъж започва да чува някакво радио, без да е пуснал никакви програми.

    Бяхме сканирали преди няколко седмици с MalwareBytes Anti-Malware и уж премахнахме двадесетина зловредни неща...

    Разполагаме с диск на Windows.

    Поствам логовете от DDS:

    DDS (Ver_11-03-05.01) - NTFSx86 NETWORK 
    Run by userr at 20:54:39,81 on 28.03.2011 Ј.
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.511.315 [GMT 3:00]
    .
    AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Datecs\Flex2K.exe
    C:\Documents and Settings\userr\Desktop\Skype.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files\TeamViewer\Version6\tv_w32.exe
    c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
    C:\Documents and Settings\userr\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: sharegamescom Toolbar: {28272685-df84-48d7-9589-f91a162b4e94} - c:\program files\sharegamescom\tbshar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: sharegamescom Toolbar: {28272685-df84-48d7-9589-f91a162b4e94} - c:\program files\sharegamescom\tbshar.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbartb\BfgBarDx.dll
    TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
    TB: sharegamescom Toolbar: {28272685-df84-48d7-9589-f91a162b4e94} - c:\program files\sharegamescom\tbshar.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    TB: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbartb\BfgBarDx.dll
    uRun: [PowerArchiver Tray] c:\program files\powerarchiver\PASTARTER.EXE
    uRun: [Skype] "c:\documents and settings\userr\desktop\phone\Skype.exe" /nosplash /minimized
    uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
    uRun: [UpdateMyDrivers] c:\program files\smarttweak software\updatemydrivers\UpdateMyDrivers.exe -t
    mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\userr\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
    IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
    IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
    IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\userr\applic~1\mozilla\firefox\profiles\wee2tece.default\
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\userr\application data\mozilla\firefox\profiles\wee2tece.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency.dll
    FF - component: c:\documents and settings\userr\application data\mozilla\firefox\profiles\wee2tece.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency3.5.dll
    FF - component: c:\documents and settings\userr\application data\mozilla\firefox\profiles\wee2tece.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency3.6.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Toolbar - Big Fish Games: {6847DFAE-037A-400c-A524-27F0A281B692} - %profile%\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2011-1-18 20480]
    S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2005-5-19 11608]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2005-5-19 108289]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2005-5-19 185089]
    S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2005-5-19 55656]
    S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 136176]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-21 583640]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-03-28 13:08:44	--------	d-----w-	c:\windows\inf
    2011-03-28 08:31:51	24	----a-w-	c:\docume~1\alluse~1\applic~1\~f926.tmp
    2011-03-21 14:13:14	37336	----a-w-	c:\windows\system32\CleanMFT32.exe
    2011-03-21 14:13:13	212992	----a-w-	c:\windows\system32\UniBoxVB12.ocx
    2011-03-21 14:13:13	1101824	----a-w-	c:\windows\system32\UniBox210.ocx
    2011-03-21 14:13:11	880640	----a-w-	c:\windows\system32\UniBox10.ocx
    2011-03-21 14:13:08	658432	----a-w-	c:\windows\system32\MSCOMCT2.OCX
    2011-03-21 14:12:03	--------	d-----w-	c:\program files\common files\PC Tools
    2011-02-26 18:00:59	--------	d-----w-	c:\docume~1\userr\applic~1\BSplayer
    .
    ==================== Find3M  ====================
    .
    2011-03-08 14:48:44	1033728	----a-w-	c:\windows\explorer.exe
    2011-03-08 10:22:14	9728	---h--w-	c:\docume~1\userr\applic~1\desktop.ini
    2011-01-01 21:14:00	21840	----a-w-	c:\windows\system32\SIntfNT.dll
    2011-01-01 21:14:00	17212	----a-w-	c:\windows\system32\SIntf32.dll
    2011-01-01 21:14:00	12067	----a-w-	c:\windows\system32\SIntf16.dll
    2005-05-30 20:25:32	2568656	----a-w-	c:\program files\Adobe Flash Player 10.1.53.64 (Firefox, Safari, Opera) (kaldata.com).exe
    2005-05-20 02:05:11	1878888	----a-w-	c:\program files\Adobe Flash Player 10.0.22.87.exe
    .
    ============= FINISH: 20:55:14,50 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/19/2005 2:45:21 AM
    System Uptime: 3/28/2011 8:12:05 PM (0 hours ago)
    .
    Motherboard:          |  | K7VT4APro 
    Processor: AMD Sempron(tm) 2200+ | Socket-A | 1499/166mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 10 GiB total, 2.327 GiB free.
    D: is FIXED (FAT32) - 29 GiB total, 6.784 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Bluetooth PAN Network Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: IVT Corporation
    Name: Bluetooth PAN Network Adapter
    PNP Device ID: ROOT\NET\0000
    Service: BT
    .
    ==== System Restore Points ===================
    .
    RP247: 3/27/2011 8:24:08 PM - Контролна точка на системата
    .
    ==== Installed Programs ======================
    .
    18 Wheels of Steel American Long Haul 1.00
    18 Wheels of Steel Pedal to the Metal
    18 WoS Extreme Trucker
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.0
    Adobe Shockwave Player 11.5
    Avira AntiVir Personal - Free Antivirus
    Big Fish Games: Game Manager
    BitTorrent
    Bluesoleil2.6.0.9 Release 070606
    BS.Player ControlBar
    BS.Player FREE
    C-Media 3D Audio
    Call of Duty
    Call of Duty(R) 2
    Cartoon Network Mega Games Pack
    Conduit Engine
    Counter-Strike 1.6
    Counter-Strike 1.6: New Era
    CS16 Full v32.1 Non-Steam
    DivXG400
    Euro Truck Simulator 1.2
    Favorite-Games 4.0
    FlexType 2K
    GameSpy Arcade
    Gold Miner Vegas 1.00
    Google Earth Plug-in
    Google Update Helper
    GTR Evolution
    K-Lite Mega Codec Pack 4.1.7
    Landwirtschafts Simulator 2011 Demo
    Malwarebytes' Anti-Malware
    Microsoft Office Professional Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows Media Video 9 VCM
    Mozilla Firefox (3.6.16)
    Need for Speed™ Most Wanted
    Nero 6 Ultra Edition
    Norton Security Scan
    NVIDIA Drivers
    Oni
    PowerArchiver 2007
    PowerDVD
    Readiris Pro 10
    Recuva
    Registry Mechanic 10.0
    Rig&Roll
    Russian Street Racing. Рейсеры против ГАИ v 1.0
    Samsung SCX-4200 Series
    sharegamescom Toolbar
    SmarThru 4
    Specnaz 2
    Splash PRO
    Stronghold Crusader Extreme
    Superstars V8 Racing
    SWAT 4
    TeamViewer 6
    Toolbar - Big Fish Games
    Update for Windows XP (KB898461)
    WebFldrs XP
    Winamp (remove only)
    Windows Bulgarian Interface Pack
    Yahoo! Install Manager
    Yahoo! Widgets
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/28/2011 8:12:28 PM, error: Dhcp [1002]  - The IP address lease 85.217.151.80 for the Network Card with network address 00A1B009F6EC has been denied by the DHCP server 87.121.223.17 (The DHCP Server sent a DHCPNACK message).
    3/28/2011 8:07:48 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.151.80. The machine with the IP address 85.217.147.220 did not allow the name to be claimed by this machine.
    3/28/2011 4:09:16 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  uagp35
    3/28/2011 4:08:54 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
    3/28/2011 3:44:09 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/28/2011 3:42:44 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdK7 avgio avipbb Fips ssmdrv
    3/28/2011 3:41:09 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.147.91. The machine with the IP address 85.217.147.70 did not allow the name to be claimed by this machine.
    3/28/2011 3:30:48 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/28/2011 3:25:31 PM, error: Dhcp [1002]  - The IP address lease 85.217.147.91 for the Network Card with network address 00A1B009F6EC has been denied by the DHCP server 87.121.223.17 (The DHCP Server sent a DHCPNACK message).
    3/28/2011 3:23:08 PM, error: NetBT [4321]  - The name "USER       	:20" could not be registered on the Interface with IP address 85.217.147.91. The machine with the IP address 85.217.147.70 did not allow the name to be claimed by this machine.
    3/28/2011 3:23:08 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.147.91. The machine with the IP address 85.217.147.220 did not allow the name to be claimed by this machine.
    3/28/2011 2:47:54 PM, error: NetBT [4321]  - The name "USER       	:20" could not be registered on the Interface with IP address 85.217.151.70. The machine with the IP address 85.217.147.70 did not allow the name to be claimed by this machine.
    3/28/2011 2:20:18 PM, error: NetBT [4321]  - The name "USER       	:20" could not be registered on the Interface with IP address 85.217.151.70. The machine with the IP address 85.217.150.147 did not allow the name to be claimed by this machine.
    3/28/2011 2:20:18 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.151.70. The machine with the IP address 85.217.147.220 did not allow the name to be claimed by this machine.
    3/28/2011 12:03:33 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.146.32. The machine with the IP address 85.217.147.220 did not allow the name to be claimed by this machine.
    3/28/2011 11:16:20 AM, error: Dhcp [1002]  - The IP address lease 85.217.146.32 for the Network Card with network address 00A1B009F6EC has been denied by the DHCP server 87.121.223.17 (The DHCP Server sent a DHCPNACK message).
    3/28/2011 10:15:21 AM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.146.32. The machine with the IP address 85.217.145.233 did not allow the name to be claimed by this machine.
    3/25/2011 5:38:46 PM, error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    3/25/2011 10:35:50 PM, error: Service Control Manager [7000]  - The SSPORT service failed to start due to the following error:  The system cannot find the file specified.
    3/25/2011 10:35:48 PM, error: NetBT [4321]  - The name "USER       	:20" could not be registered on the Interface with IP address 85.217.146.169. The machine with the IP address 85.217.147.206 did not allow the name to be claimed by this machine.
    3/25/2011 10:35:48 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.146.169. The machine with the IP address 85.217.145.108 did not allow the name to be claimed by this machine.
    3/25/2011 10:35:43 PM, error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{91557C88-917C-430F-A2B5-8BE89839B33D} because another computer on the network has the same name.  The server could not start.
    3/24/2011 6:26:47 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.150.233. The machine with the IP address 85.217.148.45 did not allow the name to be claimed by this machine.
    3/24/2011 12:49:59 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.148.41. The machine with the IP address 85.217.145.87 did not allow the name to be claimed by this machine.
    3/23/2011 8:59:37 AM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.147.246. The machine with the IP address 85.217.145.82 did not allow the name to be claimed by this machine.
    3/21/2011 4:13:08 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'MSCOMCTL.OCX' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
    3/21/2011 1:04:23 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.146.240. The machine with the IP address 85.217.145.164 did not allow the name to be claimed by this machine.
    .
    ==== End Of File ===========================
    
    Редактирано от HackerX (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..!:whist:Направете следното сканиране:

    • Изтеглете програмата: ESET Online Scanner
    • Стартирайте esetsmartinstaller_enu.exe Публикувано изображение
    • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

      Публикувано изображение

    • Скенерът ще започне да изтегля компонентите, които са му необходими:

      Публикувано изображение

    • Уверете се, че има отметки на следните редове:

      Публикувано изображение

      Накрая изберете Start

    • Скенерът ще започне да изтегля последните дефиниции.
    • След, като сканирането завърши изберете Finish.
    • Отидете в: C:\Program Files\ESET\ESET Online Scanner
    • Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6425
    # api_version=3.0.2
    # EOSSerial=34bd9197dcf3014a8bd2bb3b06828412
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-03-28 08:14:40
    # local_time=2011-03-28 11:14:40 (+0200, FLE Standard Time)
    # country="Bulgaria"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1797 16774106 100 100 52486174 184041992 0 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 238 238 0 0
    # scanned=42790
    # found=8
    # cleaned=8
    # scan_time=4224
    C:\Documents and Settings\userr\Application Data\gfhjeytnvyeouwkt1zqdmiuzvzhc31k2\csrss.exe	a variant of Win32/Kryptik.JWU trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
    C:\Documents and Settings\userr\Application Data\xssendaffctxtbeywtrkqpwrygrrz1ickov1k\svcnost.exe	a variant of Win32/Kryptik.JWU trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
    C:\Documents and Settings\userr\Local Settings\Temp\6227182.exe	a variant of Win32/Kryptik.JWU trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
    C:\Documents and Settings\userr\Local Settings\Temp\9568870.exe	a variant of Win32/Kryptik.LLI trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
    C:\Documents and Settings\userr\Local Settings\Temp\plugtmp-40\plugin-hmjoknbzkzgpf.pdf	PDF/Exploit.Pidief.PDS.Gen trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
    C:\Documents and Settings\userr\My Documents\Downloads\Install_Flash-Player(2).exe	Win32/LockScreen.AFD trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
    C:\Documents and Settings\userr\My Documents\Downloads\Install_Flash-Player.exe	Win32/LockScreen.AFD trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
    C:\WINDOWS\explorer.exe:userini.exe	a variant of Win32/Kryptik.KBT trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
    

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Да продължим така:

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.