Премини към съдържанието
kamen0v

Хванах вирус във Facebook помогнете [РЕШЕН]

Препоръчан отговор


Някав Flash.. Тотално ми побърка компа, помогнете..

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ок, мерси !

  • Изтеглете OTL.exe и го запазете на десктопа.
  • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
  • Сложете отметка пред Scan All Users Публикувано изображение
  • Под менюто File Age => изберете 90 days
  • Под менюто Standard Registry => променете на ALL
  • Сложете отметки пред LOP и Purity Check
  • Под Публикувано изображение с Copy/ Paste въведете следната текстова информация:
netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
/md5start
hlp.dat
winlogon.exe
wininit.exe
userinit.exe
explorer.exe
volsnap.sys
/md5stop
  • Натиснете маркираният в синьо бутон: Публикувано изображение.
  • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt.
  • Публикувайте съдържанието на лог файловете в следващия си коментар.
  • Харесва ми 3

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Докато напиша скрипта, моля деинсталирайте Norton от Control Panel-a.

След това използвайте този инструмент за да премахнете всички остатъци от него

Norton Removal Tool 2012.0.0.19

Ако се наложи рестартирайте компютъра.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Доста заразена машина с различни неща:

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:Processes
killallprocesses
:OTL
SRV - (NAV) --  File not found
SRV - (srvbtcclient) -- C:\WINDOWS\update.5.0\svchost.exe ()
SRV - (PrtSmanm) -- C:\WINDOWS\System32\smsc.exe ()
SRV - (srvsysdriver32) -- C:\WINDOWS\sysdriver32.exe ()
SRV - (wxpdrivers) -- C:\WINDOWS\update.1\svchost.exe ()
SRV - (vtghvhwv) -- C:\WINDOWS\system32\onjrqpn.dll ()
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMTDI.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS (Symantec Corporation)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -  File not found
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1292428093-1644491937-839522115-500\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [4361856.exe] C:\Documents and Settings\Administrator\Local Settings\Temp\4361856.exe ()
O4 - HKLM..\Run: [6044413.exe] C:\Documents and Settings\Administrator\Local Settings\Temp\6044413.exe ()
O4 - HKLM..\Run: [8611945.exe] C:\WINDOWS\TEMP\8611945.exe ()
O4 - HKLM..\Run: [9066841.exe] C:\WINDOWS\TEMP\9066841.exe ()
O4 - HKLM..\Run: [91096814-loader2.exe] C:\WINDOWS\TEMP\91096814-loader2.exe ()
O4 - HKLM..\Run: [9279903.exe] C:\WINDOWS\TEMP\9279903.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()
O4 - HKLM..\Run: [tray_ico]  File not found
O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-10-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1]  File not found
O4 - HKLM..\Run: [tray_ico2]  File not found
O4 - HKLM..\Run: [tray_ico3]  File not found
O4 - HKLM..\Run: [tray_ico4]  File not found
O4 - HKLM..\Run: [w_distrib.exe] C:\WINDOWS\update.3\svchost.exe ()
O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()
O4 - HKU\S-1-5-21-1292428093-1644491937-839522115-500..\Run: []  File not found
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()
O31 - SafeBoot: AlternateShell - services32.exe
NetSvcs: vtghvhwv - C:\WINDOWS\system32\onjrqpn.dll ()
[2011.07.25 01:20:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.07.25 01:18:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-10-0-lnk
[2011.07.25 01:18:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-10-0
[2011.07.24 23:13:13 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011.07.24 23:13:13 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011.07.24 23:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.07.24 23:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.07.24 23:12:09 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdi.sys
[2011.07.24 23:12:09 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdiv.sys
[2011.07.24 23:12:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\SymDS.sys
[2011.07.24 23:12:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\SymEFA.sys
[2011.07.24 23:12:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.sys
[2011.07.24 23:12:07 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.sys
[2011.07.24 23:12:06 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\Ironx86.sys
[2011.07.24 23:11:55 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.sys
[2011.07.24 23:08:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.07.24 23:08:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.07.24 23:08:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.07.24 23:08:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2011.07.24 23:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
[2011.07.24 22:57:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.07.24 22:54:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.3
[2011.07.24 22:32:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.07.24 22:28:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.06.21 01:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011.07.25 03:40:54 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\dll.dll
[2011.07.25 03:40:54 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2011.05.05 01:04:48 | 000,296,729 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2011.05.05 01:04:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cryptnet32.dll
[2011.07.25 02:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.07.24 23:13:12 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011.07.24 23:13:12 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011.07.24 23:13:12 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011.07.24 23:13:12 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011.07.24 23:11:55 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.07.24 23:08:48 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.24 23:11:54 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.24 23:11:54 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.24 23:11:40 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.24 22:59:31 | 000,000,200 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.24 22:58:42 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe
[2011.07.24 22:56:20 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
[2011.07.24 22:32:11 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.24 22:30:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.24 22:28:59 | 000,247,296 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
[2011.07.24 22:28:59 | 000,247,296 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
[2011.07.24 22:28:43 | 001,174,016 | ---- | M] () -- C:\WINDOWS\services32.exe
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2010.11.28 03:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
:files
C:\Documents and Settings\Administrator\Desktop\PIC675799074533-JPG-www.facebook.com.exe
C:\WINDOWS\jusched.exe
C:\Documents and Settings\Administrator\Desktop\Flash-Player.exe
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"DisableThumbnailCache" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"4262:TCP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Administrator\Desktop\PIC675799074533-JPG-www.facebook.com.exe"=-
"C:\Documents and Settings\Administrator\Desktop\Flash-Player.exe" =-
"C:\WINDOWS\update.1\svchost.exe" =-
"C:\WINDOWS\update.2\svchost.exe" =-
"C:\WINDOWS\update.3\svchost.exe" =-
"C:\WINDOWS\services32.exe" =-
:commands
[resethosts]
[reboot]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

След това:

Отворете virustotal и с бутона Browse намерете файла:

C:\WINDOWS\System32\lpdd.exe

Натиснете бутона SEND.

Ако файла вече е анализирам, моля натиснете re-analyse.

Повторете стъпките за този файл:

C:\WINDOWS\System32\smsc.exe

Публикувайте резултатите от проверката за този файл в следващяи си коментар.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

========== PROCESSES ==========

All processes killed

========== OTL ==========

Error: No service named NAV was found to stop!

Service\Driver key NAV not found.

File File not found not found.

Error: No service named srvbtcclient was found to stop!

Service\Driver key srvbtcclient not found.

File C:\WINDOWS\update.5.0\svchost.exe not found.

Error: No service named PrtSmanm was found to stop!

Service\Driver key PrtSmanm not found.

File C:\WINDOWS\System32\smsc.exe not found.

Error: No service named srvsysdriver32 was found to stop!

Service\Driver key srvsysdriver32 not found.

File C:\WINDOWS\sysdriver32.exe not found.

Error: No service named wxpdrivers was found to stop!

Service\Driver key wxpdrivers not found.

File C:\WINDOWS\update.1\svchost.exe not found.

Error: No service named vtghvhwv was found to stop!

Service\Driver key vtghvhwv not found.

File C:\WINDOWS\system32\onjrqpn.dll not found.

Error: No service named SymEvent was found to stop!

Service\Driver key SymEvent not found.

File C:\WINDOWS\system32\drivers\SYMEVENT.SYS not found.

Error: No service named SymIRON was found to stop!

Service\Driver key SymIRON not found.

File C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS not found.

Error: No service named SRTSP was found to stop!

Service\Driver key SRTSP not found.

File C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSP.SYS not found.

Error: No service named SRTSPX) Symantec Real Time Storage Protection (PEL was found to stop!

Service\Driver key SRTSPX) Symantec Real Time Storage Protection (PEL not found.

File C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS not found.

Error: No service named ccHP was found to stop!

Service\Driver key ccHP not found.

File C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys not found.

Error: No service named SYMTDI was found to stop!

Service\Driver key SYMTDI not found.

File C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMTDI.SYS not found.

Error: No service named SymEFA was found to stop!

Service\Driver key SymEFA not found.

File C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS not found.

Error: No service named SymDS was found to stop!

Service\Driver key SymDS not found.

File C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS not found.

Prefs.js: "Ask.com" removed from browser.search.defaultengine

Prefs.js: "Ask.com" removed from browser.search.defaultenginename

Prefs.js: "Ask.com" removed from browser.search.order.1

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1292428093-1644491937-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4361856.exe deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\4361856.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\6044413.exe deleted successfully.

C:\Documents and Settings\Administrator\Local Settings\Temp\6044413.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8611945.exe deleted successfully.

C:\WINDOWS\Temp\8611945.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9066841.exe deleted successfully.

C:\WINDOWS\Temp\9066841.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\91096814-loader2.exe deleted successfully.

C:\WINDOWS\Temp\91096814-loader2.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9279903.exe deleted successfully.

C:\WINDOWS\Temp\9279903.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.

C:\WINDOWS\l1rezerv.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.

File C:\WINDOWS\sysdriver32.exe not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.

C:\WINDOWS\sysdriver32_.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.

C:\WINDOWS\systemup.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.

C:\WINDOWS\update.tray-10-0\svchost.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\w_distrib.exe deleted successfully.

C:\WINDOWS\update.3\svchost.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.

C:\WINDOWS\services32.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-1292428093-1644491937-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ deleted successfully.

C:\WINDOWS\system32\cryptnet32.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.

vtghvhwv removed from NetSvcs value successfully!

File C:\WINDOWS\system32\onjrqpn.dll not found.

C:\WINDOWS\av_ico folder moved successfully.

C:\WINDOWS\update.tray-10-0-lnk folder moved successfully.

C:\WINDOWS\update.tray-10-0 folder moved successfully.

File C:\WINDOWS\System32\drivers\SYMEVENT.SYS not found.

File C:\WINDOWS\System32\S32EVNT1.DLL not found.

Folder C:\Program Files\Common Files\Symantec Shared\ not found.

Folder C:\Program Files\Symantec\ not found.

File C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdi.sys not found.

File C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdiv.sys not found.

File C:\WINDOWS\System32\drivers\NAV\1106000.020\SymDS.sys not found.

File C:\WINDOWS\System32\drivers\NAV\1106000.020\SymEFA.sys not found.

File C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.sys not found.

File C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.sys not found.

File C:\WINDOWS\System32\drivers\NAV\1106000.020\Ironx86.sys not found.

File C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.sys not found.

C:\WINDOWS\ufa folder moved successfully.

C:\WINDOWS\rpcminer folder moved successfully.

C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.

C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.

C:\WINDOWS\phoenix\kernels folder moved successfully.

C:\WINDOWS\phoenix folder moved successfully.

C:\WINDOWS\System32\drivers\NAV\1106000.020 folder moved successfully.

C:\WINDOWS\System32\drivers\NAV folder moved successfully.

Folder C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\ not found.

C:\WINDOWS\update.5.0 folder moved successfully.

C:\WINDOWS\update.3 folder moved successfully.

C:\WINDOWS\update.2 folder moved successfully.

C:\WINDOWS\update.1 folder moved successfully.

C:\Program Files\Ask.com\Updater folder moved successfully.

C:\Program Files\Ask.com\assets\oobe folder moved successfully.

C:\Program Files\Ask.com\assets folder moved successfully.

C:\Program Files\Ask.com folder moved successfully.

File C:\WINDOWS\System32\dll.dll not found.

C:\WINDOWS\system32\crt.dat moved successfully.

C:\WINDOWS\system32\shimg.dll moved successfully.

File C:\WINDOWS\System32\cryptnet32.dll not found.

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.

File C:\WINDOWS\System32\drivers\SYMEVENT.SYS not found.

File C:\WINDOWS\System32\S32EVNT1.DLL not found.

File C:\WINDOWS\System32\drivers\SYMEVENT.CAT not found.

File C:\WINDOWS\System32\drivers\SYMEVENT.INF not found.

C:\WINDOWS\unrar.exe moved successfully.

C:\WINDOWS\ufa.rar moved successfully.

C:\WINDOWS\phoenix.rar moved successfully.

File C:\WINDOWS\ufa.rar not found.

C:\WINDOWS\rpcminer.rar moved successfully.

C:\WINDOWS\info1 moved successfully.

File C:\WINDOWS\systemup.exe not found.

File C:\WINDOWS\l1rezerv.exe not found.

C:\WINDOWS\geoiplist.rar moved successfully.

C:\WINDOWS\loader2.exe_ok moved successfully.

File C:\WINDOWS\sysdriver32_.exe not found.

File C:\WINDOWS\sysdriver32.exe not found.

File C:\WINDOWS\services32.exe not found.

C:\WINDOWS\geoiplist moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\TEMP folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\OUT folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\emc\Log folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Chjw\ce74e6d374e6bd79 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Chjw\4090c1b490c1b0a8 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Chjw folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.

========== FILES ==========

File\Folder C:\Documents and Settings\Administrator\Desktop\PIC675799074533-JPG-www.facebook.com.exe not found.

File\Folder C:\WINDOWS\jusched.exe not found.

File\Folder C:\Documents and Settings\Administrator\Desktop\Flash-Player.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"DisableThumbnailCache" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | 1 /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\4262:TCP deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrator\Desktop\PIC675799074533-JPG-www.facebook.com.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrator\Desktop\Flash-Player.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.3\svchost.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\services32.exe deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07252011_131405

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Antivirus Version Last Update Result AhnLab-V3 2011.07.25.00 2011.07.24 Win32/ExprPacked.suspicious AntiVir 7.11.12.85 2011.07.25 TR/Crypt.XPACK.Gen Antiy-AVL 2.0.3.7 2011.07.25 Trojan/win32.agent.gen Avast 4.8.1351.0 2011.07.25 Win32:Trojan-gen Avast5 5.0.677.0 2011.07.25 Win32:Trojan-gen AVG 10.0.0.1190 2011.07.25 Worm/Generic2.AVIZ BitDefender 7.2 2011.07.25 Trojan.Generic.6343817 CAT-QuickHeal 11.00 2011.07.25 Backdoor.IRCBot.k ClamAV 0.97.0.0 2011.07.24 PUA.Packed.Expressor-1 Commtouch 5.3.2.6 2011.07.25 W32/HLL-SysDlrSharer!Eldorado Comodo 9504 2011.07.25 Backdoor.Win32.Hupigon.~d023 DrWeb 5.0.2.03300 2011.07.25 BackDoor.IRC.Sdbot.15765 Emsisoft 5.1.0.8 2011.07.25 Virus.Win32.Crypted!IK eSafe 7.0.17.0 2011.07.24 Win32.HEURCrypted eTrust-Vet 36.1.8459 2011.07.22 - F-Prot 4.6.2.117 2011.07.24 W32/HLL-SysDlrSharer!Eldorado F-Secure 9.0.16440.0 2011.07.25 Trojan.Generic.6343817 Fortinet 4.2.257.0 2011.07.25 W32/Parite.fam GData 22 2011.07.25 Trojan.Generic.6343817 Ikarus T3.1.1.104.0 2011.07.25 Virus.Win32.Crypted Jiangmin 13.0.900 2011.07.24 Trojan/Generic.efwz K7AntiVirus 9.108.4937 2011.07.22 Riskware Kaspersky 9.0.0.837 2011.07.25 Net-Worm.Win32.Kolab.anen McAfee 5.400.0.1158 2011.07.25 Generic Malware.dq McAfee-GW-Edition 2010.1D 2011.07.24 Heuristic.LooksLike.Win32.Suspicious.C Microsoft 1.7104 2011.07.25 Backdoor:Win32/IRCbot.gen!K NOD32 6322 2011.07.25 a variant of Win32/AutoRun.IRCBot.FC Norman 6.07.10 2011.07.23 Hupigon.gen83 nProtect 2011-07-25.02 2011.07.25 Packer.Expressor.B Panda 10.0.3.5 2011.07.24 Generic Trojan PCTools 8.0.0.5 2011.07.25 Trojan.IRCBot Prevx 3.0 2011.07.25 - Rising 23.68.00.05 2011.07.25 Trojan.Win32.Generic.128A390B Sophos 4.67.0 2011.07.25 Sus/Scribble-B SUPERAntiSpyware 4.40.0.1006 2011.07.24 - Symantec 20111.1.0.186 2011.07.25 W32.IRCBot.Gen TheHacker 6.7.0.1.262 2011.07.24 - TrendMicro 9.200.0.1012 2011.07.25 TROJ_GEN.RC1C1GH TrendMicro-HouseCall 9.200.0.1012 2011.07.25 TROJ_SPNR.0CGO11 VBA32 3.12.16.4 2011.07.25 OScope.Backdoor.Sdbot.Cgen VIPRE 9959 2011.07.25 Backdoor.IRCBot ViRobot 2011.7.25.4587 2011.07.25 - VirusBuster 14.0.136.0 2011.07.24 Packed/eXPressor

Additional information

MD5 : 9c0930a84d40cf3e57600ccf15c82794 SHA1 : 262a7e73ed59eac26b927df8bcc03d50819b08f8 SHA256: e9558fa3a42230a4f64b72b3025667736a79ebe242864cb1ce4f12b29cb9f546 ssdeep: 768:V6HQF1YCzsFmvrPaNqVPJKW3cEoxgtLPILaNilcpXcKpUu5ovyavocf:Qw5bzJPYm1P8a82

phpUYiyaR File size : 50703 bytes First seen: 2011-07-17 09:35:30 Last seen : 2011-07-25 10:15:56 TrID:

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned packers (F-Prot): Expr PEInfo: PE structure information

[[ basic data ]]

entrypointaddress: 0x824B2

timedatestamp....: 0x4E22A7A9 (Sun Jul 17 09:13:13 2011)

machinetype......: 0x14c (I386)

[[ 3 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.data, 0x1000, 0x76000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

.pdata, 0x77000, 0xA987, 0xA987, 8.00, 28e5b5e5a2262119447c94e2918748b0

.ex_cod, 0x82000, 0x1806, 0x180F, 6.47, 14829c8218601b8c1d56e314874f73ca

[[ 14 import(s) ]]

KERNEL32.dll: VirtualFree, VirtualAlloc, ExitProcess, GetProcAddress, LoadLibraryExA, GetModuleHandleA, VirtualProtect, GetModuleFileNameA, GetLastError, CreateMutexA

USER32.dll: MessageBoxA

ADVAPI32.dll: GetUserNameA

USER32.dll: GetWindowThreadProcessId

MPR.dll: WNetAddConnection2A

SHELL32.dll: ShellExecuteExA

WS2_32.dll: -

iphlpapi.dll: GetAdaptersInfo

WININET.dll: FindNextUrlCacheEntryA

NETAPI32.dll: NetLocalGroupAddMembers

urlmon.dll: URLDownloadToFileA

MFC42.DLL: -

MSVCRT.dll: malloc

KERNEL32.dll: WriteFile ExifTool:

file metadata

CodeSize: 0

EntryPoint: 0x824b2

FileSize: 50 kB

FileType: Win32 EXE

ImageVersion: 0.0

InitializedDataSize: 5424

LinkerVersion: 0.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 4.0

PEType: PE32

Subsystem: Windows GUI

SubsystemVersion: 4.0

TimeStamp: 2011:07:17 11:13:13+02:00

UninitializedDataSize: 0

Редактирано от kamen0v (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Нещо не са ми ясни по този начин представените резултати за тези файлове:

C:\WINDOWS\System32\lpdd.exe

C:\WINDOWS\System32\smsc.exe

Може ли да публикувате линковете от проверката на VirusTotal за тях ?

Мерси !

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не намирам файла smsc.exe Има някакъв smss.exe ?

File name:

lpdd.exe

Submission date:

2011-07-25 10:23:12 (UTC)

Current status:

finished

Result:

39/ 43 (90.7%) "Antivirus", "Version", "Last update", "Result" "AhnLab-V3", "2011.07.25.00", "2011.07.24", "Win32/ExprPacked.suspicious" "AntiVir", "7.11.12.85", "2011.07.25", "TR/Crypt.XPACK.Gen" "Antiy-AVL", "2.0.3.7", "2011.07.25", "Trojan/win32.agent.gen" "Avast", "4.8.1351.0", "2011.07.25", "Win32:Trojan-gen" "Avast5", "5.0.677.0", "2011.07.25", "Win32:Trojan-gen" "AVG", "10.0.0.1190", "2011.07.25", "Worm/Generic2.AVIZ" "BitDefender", "7.2", "2011.07.25", "Trojan.Generic.6343817" "CAT-QuickHeal", "11.00", "2011.07.25", "Backdoor.IRCBot.k" "ClamAV", "0.97.0.0", "2011.07.24", "PUA.Packed.Expressor-1" "Commtouch", "5.3.2.6", "2011.07.25", "W32/HLL-SysDlrSharer!Eldorado" "Comodo", "9504", "2011.07.25", "Backdoor.Win32.Hupigon.~d023" "DrWeb", "5.0.2.03300", "2011.07.25", "BackDoor.IRC.Sdbot.15765" "Emsisoft", "5.1.0.8", "2011.07.25", "Virus.Win32.Crypted!IK" "eSafe", "7.0.17.0", "2011.07.24", "Win32.HEURCrypted" "eTrust-Vet", "36.1.8463", "2011.07.25", "-" "F-Prot", "4.6.2.117", "2011.07.24", "W32/HLL-SysDlrSharer!Eldorado" "F-Secure", "9.0.16440.0", "2011.07.25", "Trojan.Generic.6343817" "Fortinet", "4.2.257.0", "2011.07.25", "W32/Parite.fam" "GData", "22", "2011.07.25", "Trojan.Generic.6343817" "Ikarus", "T3.1.1.104.0", "2011.07.25", "Virus.Win32.Crypted" "Jiangmin", "13.0.900", "2011.07.24", "Trojan/Generic.efwz" "K7AntiVirus", "9.108.4937", "2011.07.22", "Riskware" "Kaspersky", "9.0.0.837", "2011.07.25", "Net-Worm.Win32.Kolab.anen" "McAfee", "5.400.0.1158", "2011.07.25", "Generic Malware.dq" "McAfee-GW-Edition", "2010.1D", "2011.07.24", "Heuristic.LooksLike.Win32.Suspicious.C" "Microsoft", "1.7104", "2011.07.25", "Backdoor:Win32/IRCbot.gen!K" "NOD32", "6322", "2011.07.25", "a variant of Win32/AutoRun.IRCBot.FC" "Norman", "6.07.10", "2011.07.23", "Hupigon.gen83" "nProtect", "2011-07-25.02", "2011.07.25", "Packer.Expressor.B" "Panda", "10.0.3.5", "2011.07.24", "Generic Trojan" "PCTools", "8.0.0.5", "2011.07.25", "Trojan.IRCBot" "Prevx", "3.0", "2011.07.25", "High Risk System Back Door" "Rising", "23.68.00.05", "2011.07.25", "Trojan.Win32.Generic.128A390B" "Sophos", "4.67.0", "2011.07.25", "Sus/Scribble-B" "SUPERAntiSpyware", "4.40.0.1006", "2011.07.24", "-" "Symantec", "20111.1.0.186", "2011.07.25", "W32.IRCBot.Gen" "TheHacker", "6.7.0.1.262", "2011.07.24", "-" "TrendMicro", "9.200.0.1012", "2011.07.25", "TROJ_GEN.RC1C1GH" "TrendMicro-HouseCall", "9.200.0.1012", "2011.07.25", "TROJ_SPNR.0CGO11" "VBA32", "3.12.16.4", "2011.07.25", "OScope.Backdoor.Sdbot.Cgen" "VIPRE", "9959", "2011.07.25", "Backdoor.IRCBot" "ViRobot", "2011.7.25.4587", "2011.07.25", "-" "VirusBuster", "14.0.136.0", "2011.07.24", "Packed/eXPressor" "MD5", "9c0930a84d40cf3e57600ccf15c82794" "SHA1", "262a7e73ed59eac26b927df8bcc03d50819b08f8" "SHA256", "e9558fa3a42230a4f64b72b3025667736a79ebe242864cb1ce4f12b29cb9f546" "File size", "50703 bytes" "Scan date", "2011-07-25 10:23:12 (UTC)"

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Не намирам файла smsc.exe Има някакъв smss.exe ?

Този не го барате - smss.exe е ЛЕГИТИМЕН и КРИТИЧЕН системен файл. :shy11:

Ок явно са лоши, както и предполагах...

Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

:OTL
[2011.07.24 22:43:22 | 000,050,703 | ---- | M] () -- C:\WINDOWS\System32\lpdd.exe
[2011.07.24 22:33:19 | 000,050,703 | R--- | M] () -- C:\WINDOWS\System32\smsc.exe
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\smsc.exe" =-
"C:\WINDOWS\System32\lpdd.exe" =-
:commands
[emptytemp]
След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

All processes killed ========== OTL ========== C:\WINDOWS\system32\lpdd.exe moved successfully. File C:\WINDOWS\System32\smsc.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\smsc.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\lpdd.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 135211949 bytes ->Temporary Internet Files folder emptied: 57534491 bytes ->Java cache emptied: 54898783 bytes ->FireFox cache emptied: 62021946 bytes ->Flash cache emptied: 2935093 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 392978 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2895706 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2142714 bytes %systemroot%\System32 .tmp files removed: 2832913 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 96444725 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1735346 bytes Total Files Cleaned = 400,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07252011_134857 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

След това направете следните две проверки:

  • Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
  • Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
  • След това се върнете на Scanner изберете Perform QUICK Scan, след това кликнете на Scan.
  • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
  • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
  • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
  • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Моля, изтеглете aswMBR и го запазете на вашия десктоп.

  • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
  • Изчакайте да изтегли дефинициите на avast!
  • От падащото меню посочете дял C:\ както е на снимката:
Публикувано изображение
  • Изберете Scan бутона, за да започне проверката.
  • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

После кажете как е състоянието на машината.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7271

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

25.7.2011 г. 14:05:36

mbam-log-2011-07-25 (14-05-36).txt

Scan type: Quick scan

Objects scanned: 151308

Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\Java developer Script Browse (Trojan.Agent) -> Value: Java developer Script Browse -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Ето и с Avast

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

Run date: 2011-07-25 14:29:00

-----------------------------

14:29:00.750 OS Version: Windows 5.1.2600 Service Pack 2

14:29:00.750 Number of processors: 2 586 0x205

14:29:00.750 ComputerName: L2WO UserName:

14:29:01.296 Initialize success

14:29:11.687 AVAST engine defs: 11072500

14:29:19.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

14:29:19.500 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3

14:29:19.515 Device \Driver\atapi -> MajorFunction 8236c1f8

14:29:21.531 Disk 0 MBR read successfully

14:29:21.531 Disk 0 MBR scan

14:29:21.593 Disk 0 Windows XP default MBR code

14:29:23.609 Disk 0 scanning sectors +156296385

14:29:23.843 Disk 0 scanning C:\WINDOWS\system32\drivers

14:29:43.343 Service scanning

14:29:44.046 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

14:29:44.625 Modules scanning

14:30:04.062 Disk 0 trace - called modules:

14:30:04.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8236c1f8]<<

14:30:04.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x822f3ab8]

14:30:04.109 3 CLASSPNP.SYS[f859805b] -> nt!IofCallDriver -> \Device\00000067[0x823511e8]

14:30:04.109 5 ACPI.sys[f83e3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x822f6940]

14:30:04.109 \Driver\atapi[0x82351d20] -> IRP_MJ_CREATE -> 0x8236c1f8

14:30:04.656 AVAST engine scan C:\

15:12:45.640 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP1\A0000014.dll **INFECTED** Win32:Lukicsel-E [Trj]

15:12:45.906 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP1\A0001014.dll **INFECTED** Win32:Lukicsel-E [Trj]

15:14:14.078 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP1\A0001268.dll **INFECTED** Win32:Lukicsel-E [Trj]

15:14:23.578 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP2\A0003278.exe **INFECTED** Win32:Delf-QBF [Trj]

15:14:24.015 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP2\A0003282.dll **INFECTED** Win32:Lukicsel-E [Trj]

15:14:25.078 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP2\A0004282.dll **INFECTED** Win32:Lukicsel-E [Trj]

15:14:34.921 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP2\A0005292.dll **INFECTED** Win32:Lukicsel-E [Trj]

16:07:31.500 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\sysdriver32.exe **INFECTED** Win32:Delf-QBF [Trj]

16:07:32.093 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\system32\onjrqpn.dll **INFECTED** Win32:Confi [Wrm]

16:07:32.453 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\system32\smsc.exe **INFECTED** Win32:Trojan-gen

16:07:34.031 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\update.1\svchost.exe **INFECTED** Win32:Malware-gen

16:07:34.906 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\update.5.0\svchost.exe **INFECTED** Win32:Delf-QBF [Trj]

16:07:36.046 File: C:\_OTL\MovedFiles\07252011_131405\C_Documents and Settings\Administrator\Local Settings\Temp\4361856.exe **INFECTED** Win32:Delf-QBF [Trj]

16:07:36.968 File: C:\_OTL\MovedFiles\07252011_131405\C_Documents and Settings\Administrator\Local Settings\Temp\6044413.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:08.265 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\l1rezerv.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:16.625 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\services32.exe **INFECTED** Win32:Malware-gen

16:09:17.250 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\sysdriver32_.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:17.718 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\system32\cryptnet32.dll **INFECTED** Win32:Lukicsel-E [Trj]

16:09:18.968 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\systemup.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:19.968 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\Temp\8611945.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:20.796 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\Temp\9066841.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:21.703 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\Temp\91096814-loader2.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:23.015 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\Temp\9279903.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:25.593 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\update.2\svchost.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:26.406 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\update.3\svchost.exe **INFECTED** Win32:Delf-QBF [Trj]

16:09:27.656 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\update.tray-10-0\svchost.exe **INFECTED** Win32:Malware-gen

16:09:28.859 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\update.tray-10-0-lnk\svchost.exe **INFECTED** Win32:Malware-gen

16:09:29.703 File: C:\_OTL\MovedFiles\07252011_134857\C_WINDOWS\system32\lpdd.exe **INFECTED** Win32:Trojan-gen

16:09:29.906 Scan finished successfully

16:11:19.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"

16:11:19.812 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Редактирано от kamen0v (преглед на промените)
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Как е сега положението ?

Временно спрете System Restore:

Десен бутон на My Computer => Properties => System Restore => Сложете отметка пред "Turn off system on all drives" => натиснете Apply

Публикувано изображение

После по-обратния път махнете отметката.

Стартирайте OTL още веднъж и натиснете бутона CleanUp.

Публикувано изображение

Ако бъдете подканени да рестартирате, се съгласете.

Изтрийте всички инструменти и логове на инструментите които сме използвали (и не са се изтрили след изпълнените досега процедури).

Вече можете да инсталирате безплатна антивирусна по-избор. Например avast! 6.0.1203 Final или Avira AntiVir Personal 10.0.0.650. Надявам се сме успели да премахнем Norton Antivirus напълно и вече да не се зарежда в System Tray.

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Супер...тогава маркирам случая като решен и занапред внимавайте какво стартирате.

PS: Не е зле да смените паролите за всички акаунти и разплащателни карти (ако ползвате такива) за всеки случай !

Лека вечер и безопасно сърфиране. :angel19:

  • Харесва ми 4

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Гост
Тази тема е заключена за нови отговори.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.