Премини към съдържанието
kamen0v

Хванах вирус във Facebook помогнете [РЕШЕН]

    Препоръчан отговор


    Някав Flash.. Тотално ми побърка компа, помогнете..

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ок, мерси !

    • Изтеглете OTL.exe и го запазете на десктопа.
    • Стартирайте файла Публикувано изображение с двукратен клик на мишката.
    • Сложете отметка пред Scan All Users Публикувано изображение
    • Под менюто File Age => изберете 90 days
    • Под менюто Standard Registry => променете на ALL
    • Сложете отметки пред LOP и Purity Check
    • Под Публикувано изображение с Copy/ Paste въведете следната текстова информация:
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\Application Data\*.*
    %USERPROFILE%\Local Settings\Application Data\*.*
    %AllUsersProfile%\*.*
    %AllUsersProfile%\Application Data\*.*
    %USERPROFILE%\My Documents\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    userinit.exe
    explorer.exe
    volsnap.sys
    /md5stop
    
    • Натиснете маркираният в синьо бутон: Публикувано изображение.
    • Като приключи проверката, ще се създадат два файла - OTL.Txt и Extras.Txt.
    • Публикувайте съдържанието на лог файловете в следващия си коментар.
    • Харесва ми 3

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Докато напиша скрипта, моля деинсталирайте Norton от Control Panel-a.

    След това използвайте този инструмент за да премахнете всички остатъци от него

    Norton Removal Tool 2012.0.0.19

    Ако се наложи рестартирайте компютъра.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Доста заразена машина с различни неща:

    Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

    :Processes
    killallprocesses
    :OTL
    SRV - (NAV) --  File not found
    SRV - (srvbtcclient) -- C:\WINDOWS\update.5.0\svchost.exe ()
    SRV - (PrtSmanm) -- C:\WINDOWS\System32\smsc.exe ()
    SRV - (srvsysdriver32) -- C:\WINDOWS\sysdriver32.exe ()
    SRV - (wxpdrivers) -- C:\WINDOWS\update.1\svchost.exe ()
    SRV - (vtghvhwv) -- C:\WINDOWS\system32\onjrqpn.dll ()
    DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS (Symantec Corporation)
    DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSP.SYS (Symantec Corporation)
    DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS (Symantec Corporation)
    DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys (Symantec Corporation)
    DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMTDI.SYS (Symantec Corporation)
    DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS (Symantec Corporation)
    DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS (Symantec Corporation)
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -  File not found
    O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-1292428093-1644491937-839522115-500\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [4361856.exe] C:\Documents and Settings\Administrator\Local Settings\Temp\4361856.exe ()
    O4 - HKLM..\Run: [6044413.exe] C:\Documents and Settings\Administrator\Local Settings\Temp\6044413.exe ()
    O4 - HKLM..\Run: [8611945.exe] C:\WINDOWS\TEMP\8611945.exe ()
    O4 - HKLM..\Run: [9066841.exe] C:\WINDOWS\TEMP\9066841.exe ()
    O4 - HKLM..\Run: [91096814-loader2.exe] C:\WINDOWS\TEMP\91096814-loader2.exe ()
    O4 - HKLM..\Run: [9279903.exe] C:\WINDOWS\TEMP\9279903.exe ()
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [KernelFaultCheck]  File not found
    O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()
    O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()
    O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()
    O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()
    O4 - HKLM..\Run: [tray_ico]  File not found
    O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-10-0\svchost.exe ()
    O4 - HKLM..\Run: [tray_ico1]  File not found
    O4 - HKLM..\Run: [tray_ico2]  File not found
    O4 - HKLM..\Run: [tray_ico3]  File not found
    O4 - HKLM..\Run: [tray_ico4]  File not found
    O4 - HKLM..\Run: [w_distrib.exe] C:\WINDOWS\update.3\svchost.exe ()
    O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()
    O4 - HKU\S-1-5-21-1292428093-1644491937-839522115-500..\Run: []  File not found
    O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()
    O31 - SafeBoot: AlternateShell - services32.exe
    NetSvcs: vtghvhwv - C:\WINDOWS\system32\onjrqpn.dll ()
    [2011.07.25 01:20:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
    [2011.07.25 01:18:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-10-0-lnk
    [2011.07.25 01:18:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-10-0
    [2011.07.24 23:13:13 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2011.07.24 23:13:13 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2011.07.24 23:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2011.07.24 23:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2011.07.24 23:12:09 | 000,362,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdi.sys
    [2011.07.24 23:12:09 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdiv.sys
    [2011.07.24 23:12:08 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\SymDS.sys
    [2011.07.24 23:12:08 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\SymEFA.sys
    [2011.07.24 23:12:08 | 000,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.sys
    [2011.07.24 23:12:07 | 000,325,680 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.sys
    [2011.07.24 23:12:06 | 000,116,784 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\Ironx86.sys
    [2011.07.24 23:11:55 | 000,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.sys
    [2011.07.24 23:08:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
    [2011.07.24 23:08:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
    [2011.07.24 23:08:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
    [2011.07.24 23:08:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
    [2011.07.24 23:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
    [2011.07.24 22:57:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
    [2011.07.24 22:54:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.3
    [2011.07.24 22:32:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
    [2011.07.24 22:28:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
    [2011.06.21 01:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    [2011.07.25 03:40:54 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\dll.dll
    [2011.07.25 03:40:54 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
    [2011.05.05 01:04:48 | 000,296,729 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
    [2011.05.05 01:04:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cryptnet32.dll
    [2011.07.25 02:01:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2011.07.24 23:13:12 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2011.07.24 23:13:12 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2011.07.24 23:13:12 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2011.07.24 23:13:12 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2011.07.24 23:11:55 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
    [2011.07.24 23:08:48 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
    [2011.07.24 23:11:54 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
    [2011.07.24 23:11:54 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
    [2011.07.24 23:11:40 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
    [2011.07.24 22:59:31 | 000,000,200 | ---- | M] () -- C:\WINDOWS\info1
    [2011.07.24 22:58:42 | 000,114,176 | ---- | M] () -- C:\WINDOWS\systemup.exe
    [2011.07.24 22:56:20 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe
    [2011.07.24 22:32:11 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
    [2011.07.24 22:30:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
    [2011.07.24 22:28:59 | 000,247,296 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe
    [2011.07.24 22:28:59 | 000,247,296 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
    [2011.07.24 22:28:43 | 001,174,016 | ---- | M] () -- C:\WINDOWS\services32.exe
    [2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
    [2010.11.28 03:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    :files
    C:\Documents and Settings\Administrator\Desktop\PIC675799074533-JPG-www.facebook.com.exe
    C:\WINDOWS\jusched.exe
    C:\Documents and Settings\Administrator\Desktop\Flash-Player.exe
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "FirewallOverride" = 0
    "DisableThumbnailCache" = 0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "4262:TCP" =-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Documents and Settings\Administrator\Desktop\PIC675799074533-JPG-www.facebook.com.exe"=-
    "C:\Documents and Settings\Administrator\Desktop\Flash-Player.exe" =-
    "C:\WINDOWS\update.1\svchost.exe" =-
    "C:\WINDOWS\update.2\svchost.exe" =-
    "C:\WINDOWS\update.3\svchost.exe" =-
    "C:\WINDOWS\services32.exe" =-
    :commands
    [resethosts]
    [reboot]
    
    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    След това:

    Отворете virustotal и с бутона Browse намерете файла:

    C:\WINDOWS\System32\lpdd.exe

    Натиснете бутона SEND.

    Ако файла вече е анализирам, моля натиснете re-analyse.

    Повторете стъпките за този файл:

    C:\WINDOWS\System32\smsc.exe

    Публикувайте резултатите от проверката за този файл в следващяи си коментар.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ========== PROCESSES ==========

    All processes killed

    ========== OTL ==========

    Error: No service named NAV was found to stop!

    Service\Driver key NAV not found.

    File File not found not found.

    Error: No service named srvbtcclient was found to stop!

    Service\Driver key srvbtcclient not found.

    File C:\WINDOWS\update.5.0\svchost.exe not found.

    Error: No service named PrtSmanm was found to stop!

    Service\Driver key PrtSmanm not found.

    File C:\WINDOWS\System32\smsc.exe not found.

    Error: No service named srvsysdriver32 was found to stop!

    Service\Driver key srvsysdriver32 not found.

    File C:\WINDOWS\sysdriver32.exe not found.

    Error: No service named wxpdrivers was found to stop!

    Service\Driver key wxpdrivers not found.

    File C:\WINDOWS\update.1\svchost.exe not found.

    Error: No service named vtghvhwv was found to stop!

    Service\Driver key vtghvhwv not found.

    File C:\WINDOWS\system32\onjrqpn.dll not found.

    Error: No service named SymEvent was found to stop!

    Service\Driver key SymEvent not found.

    File C:\WINDOWS\system32\drivers\SYMEVENT.SYS not found.

    Error: No service named SymIRON was found to stop!

    Service\Driver key SymIRON not found.

    File C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS not found.

    Error: No service named SRTSP was found to stop!

    Service\Driver key SRTSP not found.

    File C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSP.SYS not found.

    Error: No service named SRTSPX) Symantec Real Time Storage Protection (PEL was found to stop!

    Service\Driver key SRTSPX) Symantec Real Time Storage Protection (PEL not found.

    File C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS not found.

    Error: No service named ccHP was found to stop!

    Service\Driver key ccHP not found.

    File C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys not found.

    Error: No service named SYMTDI was found to stop!

    Service\Driver key SYMTDI not found.

    File C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMTDI.SYS not found.

    Error: No service named SymEFA was found to stop!

    Service\Driver key SymEFA not found.

    File C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS not found.

    Error: No service named SymDS was found to stop!

    Service\Driver key SymDS not found.

    File C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS not found.

    Prefs.js: "Ask.com" removed from browser.search.defaultengine

    Prefs.js: "Ask.com" removed from browser.search.defaultenginename

    Prefs.js: "Ask.com" removed from browser.search.order.1

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\ not found.

    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

    Registry value HKEY_USERS\S-1-5-21-1292428093-1644491937-839522115-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4361856.exe deleted successfully.

    C:\Documents and Settings\Administrator\Local Settings\Temp\4361856.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\6044413.exe deleted successfully.

    C:\Documents and Settings\Administrator\Local Settings\Temp\6044413.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8611945.exe deleted successfully.

    C:\WINDOWS\Temp\8611945.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9066841.exe deleted successfully.

    C:\WINDOWS\Temp\9066841.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\91096814-loader2.exe deleted successfully.

    C:\WINDOWS\Temp\91096814-loader2.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\9279903.exe deleted successfully.

    C:\WINDOWS\Temp\9279903.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.

    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.

    C:\WINDOWS\l1rezerv.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.

    File C:\WINDOWS\sysdriver32.exe not found.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.

    C:\WINDOWS\sysdriver32_.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\systemup deleted successfully.

    C:\WINDOWS\systemup.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.

    C:\WINDOWS\update.tray-10-0\svchost.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\w_distrib.exe deleted successfully.

    C:\WINDOWS\update.3\svchost.exe moved successfully.

    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.

    C:\WINDOWS\services32.exe moved successfully.

    Registry value HKEY_USERS\S-1-5-21-1292428093-1644491937-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32\ deleted successfully.

    C:\WINDOWS\system32\cryptnet32.dll moved successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.

    vtghvhwv removed from NetSvcs value successfully!

    File C:\WINDOWS\system32\onjrqpn.dll not found.

    C:\WINDOWS\av_ico folder moved successfully.

    C:\WINDOWS\update.tray-10-0-lnk folder moved successfully.

    C:\WINDOWS\update.tray-10-0 folder moved successfully.

    File C:\WINDOWS\System32\drivers\SYMEVENT.SYS not found.

    File C:\WINDOWS\System32\S32EVNT1.DLL not found.

    Folder C:\Program Files\Common Files\Symantec Shared\ not found.

    Folder C:\Program Files\Symantec\ not found.

    File C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdi.sys not found.

    File C:\WINDOWS\System32\drivers\NAV\1106000.020\symtdiv.sys not found.

    File C:\WINDOWS\System32\drivers\NAV\1106000.020\SymDS.sys not found.

    File C:\WINDOWS\System32\drivers\NAV\1106000.020\SymEFA.sys not found.

    File C:\WINDOWS\System32\drivers\NAV\1106000.020\srtspx.sys not found.

    File C:\WINDOWS\System32\drivers\NAV\1106000.020\srtsp.sys not found.

    File C:\WINDOWS\System32\drivers\NAV\1106000.020\Ironx86.sys not found.

    File C:\WINDOWS\System32\drivers\NAV\1106000.020\cchpx86.sys not found.

    C:\WINDOWS\ufa folder moved successfully.

    C:\WINDOWS\rpcminer folder moved successfully.

    C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.

    C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.

    C:\WINDOWS\phoenix\kernels folder moved successfully.

    C:\WINDOWS\phoenix folder moved successfully.

    C:\WINDOWS\System32\drivers\NAV\1106000.020 folder moved successfully.

    C:\WINDOWS\System32\drivers\NAV folder moved successfully.

    Folder C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus\ not found.

    C:\WINDOWS\update.5.0 folder moved successfully.

    C:\WINDOWS\update.3 folder moved successfully.

    C:\WINDOWS\update.2 folder moved successfully.

    C:\WINDOWS\update.1 folder moved successfully.

    C:\Program Files\Ask.com\Updater folder moved successfully.

    C:\Program Files\Ask.com\assets\oobe folder moved successfully.

    C:\Program Files\Ask.com\assets folder moved successfully.

    C:\Program Files\Ask.com folder moved successfully.

    File C:\WINDOWS\System32\dll.dll not found.

    C:\WINDOWS\system32\crt.dat moved successfully.

    C:\WINDOWS\system32\shimg.dll moved successfully.

    File C:\WINDOWS\System32\cryptnet32.dll not found.

    C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.

    File C:\WINDOWS\System32\drivers\SYMEVENT.SYS not found.

    File C:\WINDOWS\System32\S32EVNT1.DLL not found.

    File C:\WINDOWS\System32\drivers\SYMEVENT.CAT not found.

    File C:\WINDOWS\System32\drivers\SYMEVENT.INF not found.

    C:\WINDOWS\unrar.exe moved successfully.

    C:\WINDOWS\ufa.rar moved successfully.

    C:\WINDOWS\phoenix.rar moved successfully.

    File C:\WINDOWS\ufa.rar not found.

    C:\WINDOWS\rpcminer.rar moved successfully.

    C:\WINDOWS\info1 moved successfully.

    File C:\WINDOWS\systemup.exe not found.

    File C:\WINDOWS\l1rezerv.exe not found.

    C:\WINDOWS\geoiplist.rar moved successfully.

    C:\WINDOWS\loader2.exe_ok moved successfully.

    File C:\WINDOWS\sysdriver32_.exe not found.

    File C:\WINDOWS\sysdriver32.exe not found.

    File C:\WINDOWS\services32.exe not found.

    C:\WINDOWS\geoiplist moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\TEMP folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\OUT folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\emc\Log folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\Chjw\ce74e6d374e6bd79 folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\Chjw\4090c1b490c1b0a8 folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\Chjw folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.

    C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.

    ========== FILES ==========

    File\Folder C:\Documents and Settings\Administrator\Desktop\PIC675799074533-JPG-www.facebook.com.exe not found.

    File\Folder C:\WINDOWS\jusched.exe not found.

    File\Folder C:\Documents and Settings\Administrator\Desktop\Flash-Player.exe not found.

    ========== REGISTRY ==========

    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify" | 0 /E : value set successfully!

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify" | 0 /E : value set successfully!

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify" | 0 /E : value set successfully!

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" | 0 /E : value set successfully!

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"DisableThumbnailCache" | 0 /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall" | 1 /E : value set successfully!

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\4262:TCP deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrator\Desktop\PIC675799074533-JPG-www.facebook.com.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrator\Desktop\Flash-Player.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.3\svchost.exe deleted successfully.

    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\services32.exe deleted successfully.

    ========== COMMANDS ==========

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.26.1 log created on 07252011_131405

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Antivirus Version Last Update Result AhnLab-V3 2011.07.25.00 2011.07.24 Win32/ExprPacked.suspicious AntiVir 7.11.12.85 2011.07.25 TR/Crypt.XPACK.Gen Antiy-AVL 2.0.3.7 2011.07.25 Trojan/win32.agent.gen Avast 4.8.1351.0 2011.07.25 Win32:Trojan-gen Avast5 5.0.677.0 2011.07.25 Win32:Trojan-gen AVG 10.0.0.1190 2011.07.25 Worm/Generic2.AVIZ BitDefender 7.2 2011.07.25 Trojan.Generic.6343817 CAT-QuickHeal 11.00 2011.07.25 Backdoor.IRCBot.k ClamAV 0.97.0.0 2011.07.24 PUA.Packed.Expressor-1 Commtouch 5.3.2.6 2011.07.25 W32/HLL-SysDlrSharer!Eldorado Comodo 9504 2011.07.25 Backdoor.Win32.Hupigon.~d023 DrWeb 5.0.2.03300 2011.07.25 BackDoor.IRC.Sdbot.15765 Emsisoft 5.1.0.8 2011.07.25 Virus.Win32.Crypted!IK eSafe 7.0.17.0 2011.07.24 Win32.HEURCrypted eTrust-Vet 36.1.8459 2011.07.22 - F-Prot 4.6.2.117 2011.07.24 W32/HLL-SysDlrSharer!Eldorado F-Secure 9.0.16440.0 2011.07.25 Trojan.Generic.6343817 Fortinet 4.2.257.0 2011.07.25 W32/Parite.fam GData 22 2011.07.25 Trojan.Generic.6343817 Ikarus T3.1.1.104.0 2011.07.25 Virus.Win32.Crypted Jiangmin 13.0.900 2011.07.24 Trojan/Generic.efwz K7AntiVirus 9.108.4937 2011.07.22 Riskware Kaspersky 9.0.0.837 2011.07.25 Net-Worm.Win32.Kolab.anen McAfee 5.400.0.1158 2011.07.25 Generic Malware.dq McAfee-GW-Edition 2010.1D 2011.07.24 Heuristic.LooksLike.Win32.Suspicious.C Microsoft 1.7104 2011.07.25 Backdoor:Win32/IRCbot.gen!K NOD32 6322 2011.07.25 a variant of Win32/AutoRun.IRCBot.FC Norman 6.07.10 2011.07.23 Hupigon.gen83 nProtect 2011-07-25.02 2011.07.25 Packer.Expressor.B Panda 10.0.3.5 2011.07.24 Generic Trojan PCTools 8.0.0.5 2011.07.25 Trojan.IRCBot Prevx 3.0 2011.07.25 - Rising 23.68.00.05 2011.07.25 Trojan.Win32.Generic.128A390B Sophos 4.67.0 2011.07.25 Sus/Scribble-B SUPERAntiSpyware 4.40.0.1006 2011.07.24 - Symantec 20111.1.0.186 2011.07.25 W32.IRCBot.Gen TheHacker 6.7.0.1.262 2011.07.24 - TrendMicro 9.200.0.1012 2011.07.25 TROJ_GEN.RC1C1GH TrendMicro-HouseCall 9.200.0.1012 2011.07.25 TROJ_SPNR.0CGO11 VBA32 3.12.16.4 2011.07.25 OScope.Backdoor.Sdbot.Cgen VIPRE 9959 2011.07.25 Backdoor.IRCBot ViRobot 2011.7.25.4587 2011.07.25 - VirusBuster 14.0.136.0 2011.07.24 Packed/eXPressor

    Additional information

    MD5 : 9c0930a84d40cf3e57600ccf15c82794 SHA1 : 262a7e73ed59eac26b927df8bcc03d50819b08f8 SHA256: e9558fa3a42230a4f64b72b3025667736a79ebe242864cb1ce4f12b29cb9f546 ssdeep: 768:V6HQF1YCzsFmvrPaNqVPJKW3cEoxgtLPILaNilcpXcKpUu5ovyavocf:Qw5bzJPYm1P8a82

    phpUYiyaR File size : 50703 bytes First seen: 2011-07-17 09:35:30 Last seen : 2011-07-25 10:15:56 TrID:

    Win32 Executable Generic (42.3%)

    Win32 Dynamic Link Library (generic) (37.6%)

    Generic Win/DOS Executable (9.9%)

    DOS Executable Generic (9.9%)

    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned packers (F-Prot): Expr PEInfo: PE structure information

    [[ basic data ]]

    entrypointaddress: 0x824B2

    timedatestamp....: 0x4E22A7A9 (Sun Jul 17 09:13:13 2011)

    machinetype......: 0x14c (I386)

    [[ 3 section(s) ]]

    name, viradd, virsiz, rawdsiz, ntropy, md5

    .data, 0x1000, 0x76000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

    .pdata, 0x77000, 0xA987, 0xA987, 8.00, 28e5b5e5a2262119447c94e2918748b0

    .ex_cod, 0x82000, 0x1806, 0x180F, 6.47, 14829c8218601b8c1d56e314874f73ca

    [[ 14 import(s) ]]

    KERNEL32.dll: VirtualFree, VirtualAlloc, ExitProcess, GetProcAddress, LoadLibraryExA, GetModuleHandleA, VirtualProtect, GetModuleFileNameA, GetLastError, CreateMutexA

    USER32.dll: MessageBoxA

    ADVAPI32.dll: GetUserNameA

    USER32.dll: GetWindowThreadProcessId

    MPR.dll: WNetAddConnection2A

    SHELL32.dll: ShellExecuteExA

    WS2_32.dll: -

    iphlpapi.dll: GetAdaptersInfo

    WININET.dll: FindNextUrlCacheEntryA

    NETAPI32.dll: NetLocalGroupAddMembers

    urlmon.dll: URLDownloadToFileA

    MFC42.DLL: -

    MSVCRT.dll: malloc

    KERNEL32.dll: WriteFile ExifTool:

    file metadata

    CodeSize: 0

    EntryPoint: 0x824b2

    FileSize: 50 kB

    FileType: Win32 EXE

    ImageVersion: 0.0

    InitializedDataSize: 5424

    LinkerVersion: 0.0

    MIMEType: application/octet-stream

    MachineType: Intel 386 or later, and compatibles

    OSVersion: 4.0

    PEType: PE32

    Subsystem: Windows GUI

    SubsystemVersion: 4.0

    TimeStamp: 2011:07:17 11:13:13+02:00

    UninitializedDataSize: 0

    Редактирано от kamen0v (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Нещо не са ми ясни по този начин представените резултати за тези файлове:

    C:\WINDOWS\System32\lpdd.exe

    C:\WINDOWS\System32\smsc.exe

    Може ли да публикувате линковете от проверката на VirusTotal за тях ?

    Мерси !

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не намирам файла smsc.exe Има някакъв smss.exe ?

    File name:

    lpdd.exe

    Submission date:

    2011-07-25 10:23:12 (UTC)

    Current status:

    finished

    Result:

    39/ 43 (90.7%) "Antivirus", "Version", "Last update", "Result" "AhnLab-V3", "2011.07.25.00", "2011.07.24", "Win32/ExprPacked.suspicious" "AntiVir", "7.11.12.85", "2011.07.25", "TR/Crypt.XPACK.Gen" "Antiy-AVL", "2.0.3.7", "2011.07.25", "Trojan/win32.agent.gen" "Avast", "4.8.1351.0", "2011.07.25", "Win32:Trojan-gen" "Avast5", "5.0.677.0", "2011.07.25", "Win32:Trojan-gen" "AVG", "10.0.0.1190", "2011.07.25", "Worm/Generic2.AVIZ" "BitDefender", "7.2", "2011.07.25", "Trojan.Generic.6343817" "CAT-QuickHeal", "11.00", "2011.07.25", "Backdoor.IRCBot.k" "ClamAV", "0.97.0.0", "2011.07.24", "PUA.Packed.Expressor-1" "Commtouch", "5.3.2.6", "2011.07.25", "W32/HLL-SysDlrSharer!Eldorado" "Comodo", "9504", "2011.07.25", "Backdoor.Win32.Hupigon.~d023" "DrWeb", "5.0.2.03300", "2011.07.25", "BackDoor.IRC.Sdbot.15765" "Emsisoft", "5.1.0.8", "2011.07.25", "Virus.Win32.Crypted!IK" "eSafe", "7.0.17.0", "2011.07.24", "Win32.HEURCrypted" "eTrust-Vet", "36.1.8463", "2011.07.25", "-" "F-Prot", "4.6.2.117", "2011.07.24", "W32/HLL-SysDlrSharer!Eldorado" "F-Secure", "9.0.16440.0", "2011.07.25", "Trojan.Generic.6343817" "Fortinet", "4.2.257.0", "2011.07.25", "W32/Parite.fam" "GData", "22", "2011.07.25", "Trojan.Generic.6343817" "Ikarus", "T3.1.1.104.0", "2011.07.25", "Virus.Win32.Crypted" "Jiangmin", "13.0.900", "2011.07.24", "Trojan/Generic.efwz" "K7AntiVirus", "9.108.4937", "2011.07.22", "Riskware" "Kaspersky", "9.0.0.837", "2011.07.25", "Net-Worm.Win32.Kolab.anen" "McAfee", "5.400.0.1158", "2011.07.25", "Generic Malware.dq" "McAfee-GW-Edition", "2010.1D", "2011.07.24", "Heuristic.LooksLike.Win32.Suspicious.C" "Microsoft", "1.7104", "2011.07.25", "Backdoor:Win32/IRCbot.gen!K" "NOD32", "6322", "2011.07.25", "a variant of Win32/AutoRun.IRCBot.FC" "Norman", "6.07.10", "2011.07.23", "Hupigon.gen83" "nProtect", "2011-07-25.02", "2011.07.25", "Packer.Expressor.B" "Panda", "10.0.3.5", "2011.07.24", "Generic Trojan" "PCTools", "8.0.0.5", "2011.07.25", "Trojan.IRCBot" "Prevx", "3.0", "2011.07.25", "High Risk System Back Door" "Rising", "23.68.00.05", "2011.07.25", "Trojan.Win32.Generic.128A390B" "Sophos", "4.67.0", "2011.07.25", "Sus/Scribble-B" "SUPERAntiSpyware", "4.40.0.1006", "2011.07.24", "-" "Symantec", "20111.1.0.186", "2011.07.25", "W32.IRCBot.Gen" "TheHacker", "6.7.0.1.262", "2011.07.24", "-" "TrendMicro", "9.200.0.1012", "2011.07.25", "TROJ_GEN.RC1C1GH" "TrendMicro-HouseCall", "9.200.0.1012", "2011.07.25", "TROJ_SPNR.0CGO11" "VBA32", "3.12.16.4", "2011.07.25", "OScope.Backdoor.Sdbot.Cgen" "VIPRE", "9959", "2011.07.25", "Backdoor.IRCBot" "ViRobot", "2011.7.25.4587", "2011.07.25", "-" "VirusBuster", "14.0.136.0", "2011.07.24", "Packed/eXPressor" "MD5", "9c0930a84d40cf3e57600ccf15c82794" "SHA1", "262a7e73ed59eac26b927df8bcc03d50819b08f8" "SHA256", "e9558fa3a42230a4f64b72b3025667736a79ebe242864cb1ce4f12b29cb9f546" "File size", "50703 bytes" "Scan date", "2011-07-25 10:23:12 (UTC)"

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Не намирам файла smsc.exe Има някакъв smss.exe ?

    Този не го барате - smss.exe е ЛЕГИТИМЕН и КРИТИЧЕН системен файл. :shy11:

    Ок явно са лоши, както и предполагах...

    Стартирайте отново OTL, копирайте (Copy) и поставете (Paste) скриптовия текст от текстовото поле по-долу под колонката Custom Scans/Fixes, като не забравяте да копирате скрипта 1 към 1, както и двете точки преди първия ред на скрипта.

    :OTL
    [2011.07.24 22:43:22 | 000,050,703 | ---- | M] () -- C:\WINDOWS\System32\lpdd.exe
    [2011.07.24 22:33:19 | 000,050,703 | R--- | M] () -- C:\WINDOWS\System32\smsc.exe
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\smsc.exe" =-
    "C:\WINDOWS\System32\lpdd.exe" =-
    :commands
    [emptytemp]
    
    След като въведете скрипта от цитата по-горе натиснете бутона, маркиран в червено: Run Fix

    Windows ще се рестартира и ще се създаде лог файл. Публикувайте съдържанието му с Copy/Paste в следващия си коментар.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    All processes killed ========== OTL ========== C:\WINDOWS\system32\lpdd.exe moved successfully. File C:\WINDOWS\System32\smsc.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\smsc.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\lpdd.exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 135211949 bytes ->Temporary Internet Files folder emptied: 57534491 bytes ->Java cache emptied: 54898783 bytes ->FireFox cache emptied: 62021946 bytes ->Flash cache emptied: 2935093 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 392978 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2895706 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2142714 bytes %systemroot%\System32 .tmp files removed: 2832913 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 96444725 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1735346 bytes Total Files Cleaned = 400,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 07252011_134857 Files\Folders moved on Reboot... Registry entries deleted on Reboot...

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    След това направете следните две проверки:

    • Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
    • Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
    • След това се върнете на Scanner изберете Perform QUICK Scan, след това кликнете на Scan.
    • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    Моля, изтеглете aswMBR и го запазете на вашия десктоп.

    • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
    • Изчакайте да изтегли дефинициите на avast!
    • От падащото меню посочете дял C:\ както е на снимката:
    Публикувано изображение
    • Изберете Scan бутона, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.

    После кажете как е състоянието на машината.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Malwarebytes' Anti-Malware 1.51.1.1800

    www.malwarebytes.org

    Database version: 7271

    Windows 5.1.2600 Service Pack 2

    Internet Explorer 6.0.2900.2180

    25.7.2011 г. 14:05:36

    mbam-log-2011-07-25 (14-05-36).txt

    Scan type: Quick scan

    Objects scanned: 151308

    Time elapsed: 3 minute(s), 32 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 2

    Registry Values Infected: 1

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\Java developer Script Browse (Trojan.Agent) -> Value: Java developer Script Browse -> Quarantined and deleted successfully.

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    Ето и с Avast

    aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software

    Run date: 2011-07-25 14:29:00

    -----------------------------

    14:29:00.750 OS Version: Windows 5.1.2600 Service Pack 2

    14:29:00.750 Number of processors: 2 586 0x205

    14:29:00.750 ComputerName: L2WO UserName:

    14:29:01.296 Initialize success

    14:29:11.687 AVAST engine defs: 11072500

    14:29:19.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

    14:29:19.500 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3

    14:29:19.515 Device \Driver\atapi -> MajorFunction 8236c1f8

    14:29:21.531 Disk 0 MBR read successfully

    14:29:21.531 Disk 0 MBR scan

    14:29:21.593 Disk 0 Windows XP default MBR code

    14:29:23.609 Disk 0 scanning sectors +156296385

    14:29:23.843 Disk 0 scanning C:\WINDOWS\system32\drivers

    14:29:43.343 Service scanning

    14:29:44.046 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

    14:29:44.625 Modules scanning

    14:30:04.062 Disk 0 trace - called modules:

    14:30:04.093 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys >>UNKNOWN [0x8236c1f8]<<

    14:30:04.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x822f3ab8]

    14:30:04.109 3 CLASSPNP.SYS[f859805b] -> nt!IofCallDriver -> \Device\00000067[0x823511e8]

    14:30:04.109 5 ACPI.sys[f83e3620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x822f6940]

    14:30:04.109 \Driver\atapi[0x82351d20] -> IRP_MJ_CREATE -> 0x8236c1f8

    14:30:04.656 AVAST engine scan C:\

    15:12:45.640 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP1\A0000014.dll **INFECTED** Win32:Lukicsel-E [Trj]

    15:12:45.906 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP1\A0001014.dll **INFECTED** Win32:Lukicsel-E [Trj]

    15:14:14.078 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP1\A0001268.dll **INFECTED** Win32:Lukicsel-E [Trj]

    15:14:23.578 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP2\A0003278.exe **INFECTED** Win32:Delf-QBF [Trj]

    15:14:24.015 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP2\A0003282.dll **INFECTED** Win32:Lukicsel-E [Trj]

    15:14:25.078 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP2\A0004282.dll **INFECTED** Win32:Lukicsel-E [Trj]

    15:14:34.921 File: C:\System Volume Information\_restore{C9D1B27D-BB36-4095-B095-518C10C81C9B}\RP2\A0005292.dll **INFECTED** Win32:Lukicsel-E [Trj]

    16:07:31.500 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\sysdriver32.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:07:32.093 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\system32\onjrqpn.dll **INFECTED** Win32:Confi [Wrm]

    16:07:32.453 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\system32\smsc.exe **INFECTED** Win32:Trojan-gen

    16:07:34.031 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\update.1\svchost.exe **INFECTED** Win32:Malware-gen

    16:07:34.906 File: C:\_OTL\MovedFiles\07252011_130928\C_WINDOWS\update.5.0\svchost.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:07:36.046 File: C:\_OTL\MovedFiles\07252011_131405\C_Documents and Settings\Administrator\Local Settings\Temp\4361856.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:07:36.968 File: C:\_OTL\MovedFiles\07252011_131405\C_Documents and Settings\Administrator\Local Settings\Temp\6044413.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:08.265 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\l1rezerv.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:16.625 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\services32.exe **INFECTED** Win32:Malware-gen

    16:09:17.250 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\sysdriver32_.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:17.718 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\system32\cryptnet32.dll **INFECTED** Win32:Lukicsel-E [Trj]

    16:09:18.968 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\systemup.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:19.968 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\Temp\8611945.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:20.796 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\Temp\9066841.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:21.703 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\Temp\91096814-loader2.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:23.015 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\Temp\9279903.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:25.593 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\update.2\svchost.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:26.406 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\update.3\svchost.exe **INFECTED** Win32:Delf-QBF [Trj]

    16:09:27.656 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\update.tray-10-0\svchost.exe **INFECTED** Win32:Malware-gen

    16:09:28.859 File: C:\_OTL\MovedFiles\07252011_131405\C_WINDOWS\update.tray-10-0-lnk\svchost.exe **INFECTED** Win32:Malware-gen

    16:09:29.703 File: C:\_OTL\MovedFiles\07252011_134857\C_WINDOWS\system32\lpdd.exe **INFECTED** Win32:Trojan-gen

    16:09:29.906 Scan finished successfully

    16:11:19.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"

    16:11:19.812 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

    Редактирано от kamen0v (преглед на промените)
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Как е сега положението ?

    Временно спрете System Restore:

    Десен бутон на My Computer => Properties => System Restore => Сложете отметка пред "Turn off system on all drives" => натиснете Apply

    Публикувано изображение

    После по-обратния път махнете отметката.

    Стартирайте OTL още веднъж и натиснете бутона CleanUp.

    Публикувано изображение

    Ако бъдете подканени да рестартирате, се съгласете.

    Изтрийте всички инструменти и логове на инструментите които сме използвали (и не са се изтрили след изпълнените досега процедури).

    Вече можете да инсталирате безплатна антивирусна по-избор. Например avast! 6.0.1203 Final или Avira AntiVir Personal 10.0.0.650. Надявам се сме успели да премахнем Norton Antivirus напълно и вече да не се зарежда в System Tray.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Супер...тогава маркирам случая като решен и занапред внимавайте какво стартирате.

    PS: Не е зле да смените паролите за всички акаунти и разплащателни карти (ако ползвате такива) за всеки случай !

    Лека вечер и безопасно сърфиране. :angel19:

    • Харесва ми 4

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Гост
    Тази тема е заключена за нови отговори.

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.