Премини към съдържанието
HackerX

Заразен компютър - причинителят неизвестен

Препоръчан отговор


Здравейте!

Отново ми се налага да търся помощ относно заразена система. :angry:

Компютърът отново не е моят, а на приятел.

Оплакваше се, че както си стои и изведнъж започва да чува някакво радио, без да е пуснал никакви програми.

Бяхме сканирали преди няколко седмици с MalwareBytes Anti-Malware и уж премахнахме двадесетина зловредни неща...

Разполагаме с диск на Windows.

Поствам логовете от DDS:

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK 
Run by userr at 20:54:39,81 on 28.03.2011 Ј.
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional  5.1.2600.3.1251.359.1033.18.511.315 [GMT 3:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Datecs\Flex2K.exe
C:\Documents and Settings\userr\Desktop\Skype.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
c:\program files\teamviewer\version6\TeamViewer_Desktop.exe
C:\Documents and Settings\userr\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: sharegamescom Toolbar: {28272685-df84-48d7-9589-f91a162b4e94} - c:\program files\sharegamescom\tbshar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: sharegamescom Toolbar: {28272685-df84-48d7-9589-f91a162b4e94} - c:\program files\sharegamescom\tbshar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbartb\BfgBarDx.dll
TB: BS.Player ControlBar: {2c688203-7eb3-4327-9995-1cb417ba23f9} - c:\program files\bs.player controlbar\BSToolbar.dll
TB: sharegamescom Toolbar: {28272685-df84-48d7-9589-f91a162b4e94} - c:\program files\sharegamescom\tbshar.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - c:\program files\bfgbartb\BfgBarDx.dll
uRun: [PowerArchiver Tray] c:\program files\powerarchiver\PASTARTER.EXE
uRun: [Skype] "c:\documents and settings\userr\desktop\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [UpdateMyDrivers] c:\program files\smarttweak software\updatemydrivers\UpdateMyDrivers.exe -t
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\userr\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\windows\datecs\Flex2K.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\userr\applic~1\mozilla\firefox\profiles\wee2tece.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\userr\application data\mozilla\firefox\profiles\wee2tece.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency.dll
FF - component: c:\documents and settings\userr\application data\mozilla\firefox\profiles\wee2tece.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\userr\application data\mozilla\firefox\profiles\wee2tece.default\extensions\{6847dfae-037a-400c-a524-27f0a281b692}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Toolbar - Big Fish Games: {6847DFAE-037A-400c-A524-27F0A281B692} - %profile%\extensions\{6847DFAE-037A-400c-A524-27F0A281B692}
.
============= SERVICES / DRIVERS ===============
.
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2011-1-18 20480]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2005-5-19 11608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2005-5-19 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2005-5-19 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2005-5-19 55656]
S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-31 136176]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-3-21 583640]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
.
=============== Created Last 30 ================
.
2011-03-28 13:08:44	--------	d-----w-	c:\windows\inf
2011-03-28 08:31:51	24	----a-w-	c:\docume~1\alluse~1\applic~1\~f926.tmp
2011-03-21 14:13:14	37336	----a-w-	c:\windows\system32\CleanMFT32.exe
2011-03-21 14:13:13	212992	----a-w-	c:\windows\system32\UniBoxVB12.ocx
2011-03-21 14:13:13	1101824	----a-w-	c:\windows\system32\UniBox210.ocx
2011-03-21 14:13:11	880640	----a-w-	c:\windows\system32\UniBox10.ocx
2011-03-21 14:13:08	658432	----a-w-	c:\windows\system32\MSCOMCT2.OCX
2011-03-21 14:12:03	--------	d-----w-	c:\program files\common files\PC Tools
2011-02-26 18:00:59	--------	d-----w-	c:\docume~1\userr\applic~1\BSplayer
.
==================== Find3M  ====================
.
2011-03-08 14:48:44	1033728	----a-w-	c:\windows\explorer.exe
2011-03-08 10:22:14	9728	---h--w-	c:\docume~1\userr\applic~1\desktop.ini
2011-01-01 21:14:00	21840	----a-w-	c:\windows\system32\SIntfNT.dll
2011-01-01 21:14:00	17212	----a-w-	c:\windows\system32\SIntf32.dll
2011-01-01 21:14:00	12067	----a-w-	c:\windows\system32\SIntf16.dll
2005-05-30 20:25:32	2568656	----a-w-	c:\program files\Adobe Flash Player 10.1.53.64 (Firefox, Safari, Opera) (kaldata.com).exe
2005-05-20 02:05:11	1878888	----a-w-	c:\program files\Adobe Flash Player 10.0.22.87.exe
.
============= FINISH: 20:55:14,50 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2005 2:45:21 AM
System Uptime: 3/28/2011 8:12:05 PM (0 hours ago)
.
Motherboard:          |  | K7VT4APro 
Processor: AMD Sempron(tm) 2200+ | Socket-A | 1499/166mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 10 GiB total, 2.327 GiB free.
D: is FIXED (FAT32) - 29 GiB total, 6.784 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT
.
==== System Restore Points ===================
.
RP247: 3/27/2011 8:24:08 PM - Контролна точка на системата
.
==== Installed Programs ======================
.
18 Wheels of Steel American Long Haul 1.00
18 Wheels of Steel Pedal to the Metal
18 WoS Extreme Trucker
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Avira AntiVir Personal - Free Antivirus
Big Fish Games: Game Manager
BitTorrent
Bluesoleil2.6.0.9 Release 070606
BS.Player ControlBar
BS.Player FREE
C-Media 3D Audio
Call of Duty
Call of Duty(R) 2
Cartoon Network Mega Games Pack
Conduit Engine
Counter-Strike 1.6
Counter-Strike 1.6: New Era
CS16 Full v32.1 Non-Steam
DivXG400
Euro Truck Simulator 1.2
Favorite-Games 4.0
FlexType 2K
GameSpy Arcade
Gold Miner Vegas 1.00
Google Earth Plug-in
Google Update Helper
GTR Evolution
K-Lite Mega Codec Pack 4.1.7
Landwirtschafts Simulator 2011 Demo
Malwarebytes' Anti-Malware
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Media Video 9 VCM
Mozilla Firefox (3.6.16)
Need for Speed™ Most Wanted
Nero 6 Ultra Edition
Norton Security Scan
NVIDIA Drivers
Oni
PowerArchiver 2007
PowerDVD
Readiris Pro 10
Recuva
Registry Mechanic 10.0
Rig&Roll
Russian Street Racing. Рейсеры против ГАИ v 1.0
Samsung SCX-4200 Series
sharegamescom Toolbar
SmarThru 4
Specnaz 2
Splash PRO
Stronghold Crusader Extreme
Superstars V8 Racing
SWAT 4
TeamViewer 6
Toolbar - Big Fish Games
Update for Windows XP (KB898461)
WebFldrs XP
Winamp (remove only)
Windows Bulgarian Interface Pack
Yahoo! Install Manager
Yahoo! Widgets
.
==== Event Viewer Messages From Past Week ========
.
3/28/2011 8:12:28 PM, error: Dhcp [1002]  - The IP address lease 85.217.151.80 for the Network Card with network address 00A1B009F6EC has been denied by the DHCP server 87.121.223.17 (The DHCP Server sent a DHCPNACK message).
3/28/2011 8:07:48 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.151.80. The machine with the IP address 85.217.147.220 did not allow the name to be claimed by this machine.
3/28/2011 4:09:16 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  uagp35
3/28/2011 4:08:54 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
3/28/2011 3:44:09 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/28/2011 3:42:44 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdK7 avgio avipbb Fips ssmdrv
3/28/2011 3:41:09 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.147.91. The machine with the IP address 85.217.147.70 did not allow the name to be claimed by this machine.
3/28/2011 3:30:48 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/28/2011 3:25:31 PM, error: Dhcp [1002]  - The IP address lease 85.217.147.91 for the Network Card with network address 00A1B009F6EC has been denied by the DHCP server 87.121.223.17 (The DHCP Server sent a DHCPNACK message).
3/28/2011 3:23:08 PM, error: NetBT [4321]  - The name "USER       	:20" could not be registered on the Interface with IP address 85.217.147.91. The machine with the IP address 85.217.147.70 did not allow the name to be claimed by this machine.
3/28/2011 3:23:08 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.147.91. The machine with the IP address 85.217.147.220 did not allow the name to be claimed by this machine.
3/28/2011 2:47:54 PM, error: NetBT [4321]  - The name "USER       	:20" could not be registered on the Interface with IP address 85.217.151.70. The machine with the IP address 85.217.147.70 did not allow the name to be claimed by this machine.
3/28/2011 2:20:18 PM, error: NetBT [4321]  - The name "USER       	:20" could not be registered on the Interface with IP address 85.217.151.70. The machine with the IP address 85.217.150.147 did not allow the name to be claimed by this machine.
3/28/2011 2:20:18 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.151.70. The machine with the IP address 85.217.147.220 did not allow the name to be claimed by this machine.
3/28/2011 12:03:33 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.146.32. The machine with the IP address 85.217.147.220 did not allow the name to be claimed by this machine.
3/28/2011 11:16:20 AM, error: Dhcp [1002]  - The IP address lease 85.217.146.32 for the Network Card with network address 00A1B009F6EC has been denied by the DHCP server 87.121.223.17 (The DHCP Server sent a DHCPNACK message).
3/28/2011 10:15:21 AM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.146.32. The machine with the IP address 85.217.145.233 did not allow the name to be claimed by this machine.
3/25/2011 5:38:46 PM, error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
3/25/2011 10:35:50 PM, error: Service Control Manager [7000]  - The SSPORT service failed to start due to the following error:  The system cannot find the file specified.
3/25/2011 10:35:48 PM, error: NetBT [4321]  - The name "USER       	:20" could not be registered on the Interface with IP address 85.217.146.169. The machine with the IP address 85.217.147.206 did not allow the name to be claimed by this machine.
3/25/2011 10:35:48 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.146.169. The machine with the IP address 85.217.145.108 did not allow the name to be claimed by this machine.
3/25/2011 10:35:43 PM, error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{91557C88-917C-430F-A2B5-8BE89839B33D} because another computer on the network has the same name.  The server could not start.
3/24/2011 6:26:47 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.150.233. The machine with the IP address 85.217.148.45 did not allow the name to be claimed by this machine.
3/24/2011 12:49:59 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.148.41. The machine with the IP address 85.217.145.87 did not allow the name to be claimed by this machine.
3/23/2011 8:59:37 AM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.147.246. The machine with the IP address 85.217.145.82 did not allow the name to be claimed by this machine.
3/21/2011 4:13:08 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'MSCOMCTL.OCX' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
3/21/2011 1:04:23 PM, error: NetBT [4321]  - The name "USER       	:0" could not be registered on the Interface with IP address 85.217.146.240. The machine with the IP address 85.217.145.164 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================
Редактирано от HackerX (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..!:whist:Направете следното сканиране:

  • Изтеглете програмата: ESET Online Scanner
  • Стартирайте esetsmartinstaller_enu.exe Публикувано изображение
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

    Публикувано изображение

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

    Публикувано изображение

  • Уверете се, че има отметки на следните редове:

    Публикувано изображение

    Накрая изберете Start

  • Скенерът ще започне да изтегля последните дефиниции.
  • След, като сканирането завърши изберете Finish.
  • Отидете в: C:\Program Files\ESET\ESET Online Scanner
  • Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=34bd9197dcf3014a8bd2bb3b06828412
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-28 08:14:40
# local_time=2011-03-28 11:14:40 (+0200, FLE Standard Time)
# country="Bulgaria"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16774106 100 100 52486174 184041992 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 238 238 0 0
# scanned=42790
# found=8
# cleaned=8
# scan_time=4224
C:\Documents and Settings\userr\Application Data\gfhjeytnvyeouwkt1zqdmiuzvzhc31k2\csrss.exe	a variant of Win32/Kryptik.JWU trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\userr\Application Data\xssendaffctxtbeywtrkqpwrygrrz1ickov1k\svcnost.exe	a variant of Win32/Kryptik.JWU trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\userr\Local Settings\Temp\6227182.exe	a variant of Win32/Kryptik.JWU trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\userr\Local Settings\Temp\9568870.exe	a variant of Win32/Kryptik.LLI trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\userr\Local Settings\Temp\plugtmp-40\plugin-hmjoknbzkzgpf.pdf	PDF/Exploit.Pidief.PDS.Gen trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\userr\My Documents\Downloads\Install_Flash-Player(2).exe	Win32/LockScreen.AFD trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Documents and Settings\userr\My Documents\Downloads\Install_Flash-Player.exe	Win32/LockScreen.AFD trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\WINDOWS\explorer.exe:userini.exe	a variant of Win32/Kryptik.KBT trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да продължим така:

Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

  • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

  • Стартирайте Combo-Fix.com и следвайте инструкциите.

Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

  • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.

  • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

Публикувано изображение

След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

Публикувано изображение

Изберете Yes, за да продължи сканирането за зловреден софтуер.

Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

Бележка:

  • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
  • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
  • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
  • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
  • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.