Премини към съдържанието

    Препоръчан отговор


    Днес докато работех на компютъра самоволно и вероятно злонамерено ми се появи икона на десктопа, която се казваше Yourgame.exe или нещо подобно. Изтрих я и пуснах dds.scr Ето резултата: DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26 Run by WinXP at 12:45:49 on 2011-07-26 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.693 [GMT 3:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\ASDR.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun uRun: [AtiTrayTools] "c:\program files\ray adams\ati tray tools\atitray.exe" uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Е&кспортирай в Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000 IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: Interfaces\{4244F5F5-0447-4C5B-B2F1-A954098D0546} : NameServer = 212.50.10.50 212.50.10.51 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\winxp\appdata\roaming\mozilla\firefox\profiles\dmt92gov.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-26 64512] R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2007-5-22 18088] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-9 176128] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-30 2280312] R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-9 7723008] R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-9 239616] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2011-7-20 33280] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Услуга Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-21 136176] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-21 136176] . =============== Created Last 30 ================ . 2011-07-26 09:22:49 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-07-26 09:22:47 596 ---ha-w- C:\aaw7boot.cmd 2011-07-26 07:39:15 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-07-26 07:37:21 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-07-26 07:37:18 -------- d-----w- c:\program files\Lavasoft 2011-07-23 14:28:40 -------- d-----w- c:\program files\common files\L&H 2011-07-23 14:28:28 -------- d-----w- c:\program files\Microsoft ActiveSync 2011-07-20 11:58:46 33280 ----a-w- c:\windows\system32\drivers\IOMap.sys 2011-07-20 11:51:36 14336 ----a-w- c:\windows\system32\drivers\EIO.sys 2011-07-11 16:04:13 -------- d-----w- c:\programdata\Nero 2011-07-11 16:03:38 -------- d-----w- c:\program files\Nero 2011-07-11 12:27:12 -------- d-----w- c:\program files\WhoCrashed 2011-07-04 12:15:44 -------- d-----w- c:\program files\SystemRequirementsLab 2011-07-03 09:16:12 -------- d-----w- c:\users\winxp\appdata\local\Chromium 2011-07-02 16:17:48 -------- d-----w- C:\DriveKey 2011-07-01 14:46:13 0 ---ha-w- c:\users\winxp\appdata\local\BITD2A9.tmp 2011-06-28 15:05:17 -------- d-----w- c:\program files\Lavalys . ==================== Find3M ==================== . 2011-06-22 20:04:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-18 08:00:35 431672 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-05-04 01:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 12:46:23,08 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 21.4.2011 г. 00:47:53 System Uptime: 22.7.2011 г. 01:23:42 (107 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5Q Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz | LGA 775 | 1981/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 20 GiB total, 3,705 GiB free. D: is FIXED (NTFS) - 55 GiB total, 14,241 GiB free. F: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP65: 26.7.2011 г. 10:37:04 - Installed Ad-Aware . ==== Installed Programs ====================== . µTorrent Ad-Aware Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.0) AMD APP SDK Runtime AMD Drag and Drop Transcoding Angry Birds ASUS Smart Doctor ATI Catalyst Install Manager Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy ccc-utility CCC Help English DAEMON Tools Lite DTS+AC3 Filter EasyBCD 2.1 EasyBits GO EVEREST Ultimate Edition v5.50 Fable III GOM Player Google Chrome Google Update Helper HP USB Disk Storage Format Tool ICQ7.5 Java Auto Updater Java™ 6 Update 26 JPEG to PDF 1.0 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Help Viewer 1.0 Microsoft Office FrontPage 2003 Microsoft Office XP Professional Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server System CLR Types Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft XNA Framework Redistributable 3.1 Mozilla Firefox 5.0 (x86 en-US) MPEG2 Codec(libmpeg2/mad) Nero Lite 9.2.6.0 Build.2.2 PC Probe II pdfsam Rainlendar2 (remove only) Ray Adams ATI Tray Tools SA Dictionary 2005 T2 Skype Toolbars Skype™ 5.3 System Requirements Lab CYRI TeamViewer 6 USB2.0 1.3M WebCam Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.1.10 WhoCrashed 3.01 Windows 7 USB/DVD Download Tool Windows Live ID Sign-in Assistant WinRAR 4.00 (32-битова версия) Wipe 2011.09 WMV9/VC-1 Video Playback YouTube Downloader 2.7.2 . ==== Event Viewer Messages From Past Week ======== . 26.7.2011 г. 05:59:10, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 26.7.2011 г. 05:59:10, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 25.7.2011 г. 18:54:02, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 25.7.2011 г. 18:53:56, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 25.7.2011 г. 05:17:44, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 25.7.2011 г. 05:17:44, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 24.7.2011 г. 14:20:21, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 24.7.2011 г. 10:35:56, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 24.7.2011 г. 05:12:05, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 24.7.2011 г. 05:11:56, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 24.7.2011 г. 05:11:42, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 24.7.2011 г. 04:48:02, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 24.7.2011 г. 04:31:21, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 24.7.2011 г. 04:31:21, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 23.7.2011 г. 17:29:34, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 23.7.2011 г. 17:29:33, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user WinXP-PC\WinXP SID (S-1-5-21-1862496209-2343190171-1594512438-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 23.7.2011 г. 17:29:15, Error: Service Control Manager [7030] - The Machine Debug Manager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 22.7.2011 г. 04:46:12, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 20.7.2011 г. 14:52:05, Error: Service Control Manager [7030] - The ASDR service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 20.7.2011 г. 01:45:43, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================

    Редактирано от Shchekn (преглед на промените)

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте..Прилича ми на вирус ..но ще ми е нужно още едно - две сканирания...!

    Изтеглете ComboFix от тук или тук и го запазете на десктопа си.

    • Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.

    Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to Disable your Security Programs

    • Стартирайте Combo-Fix.com и следвайте инструкциите.

    Бележка: ComboFix ще се стартира без инсталирана Recovery Console.

    • Като част от неговата работа, ComboFix ще провери дали Microsoft Windows Recovery Console е инсталирана. Предвид бързо развиващия се зловреден софтуер е силно препоръчително да бъде инсталирана преди премахването на зловредния софтуер. Това ще Ви позволи да влезете в специален recovery/repair режим, който ще ни позволи по-лесно да решите проблем, който би могъл да възникне при премахване на зловредния софтуер.
    • Следвайте инструкциите, за да позволите на ComboFix да изтегли и инсталира Microsoft Windows Recovery Console. В един момент ще бъдете попитани дали сте съгласни с лицензното споразумение. Необходимо е да потвърдите, че сте съгласни, за да инсталирате Microsoft Windows Recovery Console.

    ** Забележете: Ако Microsoft Windows Recovery Console е вече инсталирана, ComboFix ще продължи към процеса по премахване на зловредния софтуер.

    Публикувано изображение

    След като Microsoft Windows Recovery Console е инсталирана, използвайки ComboFix, Вие ще видите следното съобщение:

    Публикувано изображение

    Изберете Yes, за да продължи сканирането за зловреден софтуер.

    Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:\ComboFix.txt в следващия Ви коментар в тази тема.

    Бележка:

    • Моля, не движете мишката, докато ComboFix работи. Това може да наруши процеса на работа.
    • ComboFix ще нулира всички настройки на Microsoft Internet Explorer, включително да направи IE браузър по подразбиране.
    • ComboFix ще изключи autorun функцията на ВСИЧКИ CD, Floppy и USB устройства, за да помогне при премахването на зловредния софтуер и Ви защити от бъдещи вируси/заплахи, които поразяват чрез autorun. Ако това е проблем за вас - моля, уведомете ме.
    • ComboFix ще изключи вашата интернет връзка. Интернет връзката ще се възстанови автоматично, преди ComboFix да завърши процеса на работа. При проблем, той ще прекрати интернет връзката. За да възстановите интернет връзката си, рестартирайте компютъра си.
    • В случай на проблем с ComboFix, той може да създаде лог файл. Моля, включете съдържанието на C:\BUG.txt в следващия Ви коментар в тази тема.

    Работата на ComboFix, може да отнеме до 20-30 минути, за да завърши, моля имайте търпение.

    Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ComboFix 11-07-26.02 - WinXP 07.2011 г. 19:52:31.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.2047.720 [GMT 3:00] Running from: c:\users\WinXP\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 ))))))))))))))))))))))))))))))) . . 2011-07-26 17:06 . 2011-07-26 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-26 16:46 . 2011-07-26 16:46 -------- d-----w- C:\32788R22FWJFW 2011-07-26 09:22 . 2011-07-26 07:39 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-07-26 09:22 . 2011-07-26 09:22 596 ---ha-w- C:\aaw7boot.cmd 2011-07-26 07:39 . 2011-07-26 07:39 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-07-26 07:37 . 2011-07-26 07:37 -------- dc----w- c:\windows\system32\DRVSTORE 2011-07-26 07:37 . 2011-07-21 11:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-07-26 07:37 . 2011-07-26 07:37 -------- d-----w- c:\programdata\Lavasoft 2011-07-26 07:37 . 2011-07-26 07:37 -------- d-----w- c:\program files\Lavasoft 2011-07-23 14:28 . 2011-07-23 14:28 -------- d-----w- c:\program files\Common Files\L&H 2011-07-23 14:28 . 2011-07-23 14:28 -------- d-----w- c:\program files\Microsoft Works 2011-07-23 14:28 . 2011-07-23 14:28 -------- d-----w- c:\program files\Microsoft ActiveSync 2011-07-20 11:58 . 2010-03-04 15:49 33280 ----a-w- c:\windows\system32\drivers\IOMap.sys 2011-07-11 16:04 . 2011-07-11 16:05 -------- d-----w- c:\users\WinXP\AppData\Roaming\Nero 2011-07-11 16:04 . 2011-07-11 16:04 -------- d-----w- c:\program files\Common Files\Nero 2011-07-11 16:04 . 2011-07-11 16:04 -------- d-----w- c:\programdata\Nero 2011-07-11 16:03 . 2011-07-11 16:04 -------- d-----w- c:\program files\Nero 2011-07-11 12:27 . 2011-07-11 12:27 -------- d-----w- c:\program files\WhoCrashed 2011-07-04 12:15 . 2011-07-04 12:15 -------- d-----w- c:\program files\SystemRequirementsLab 2011-07-04 12:15 . 2011-07-04 12:15 -------- d-----w- c:\users\WinXP\AppData\Roaming\SystemRequirementsLab 2011-07-03 09:16 . 2011-07-05 17:05 -------- d-----w- c:\users\WinXP\AppData\Local\Chromium 2011-07-02 16:17 . 2011-07-02 16:17 -------- d-----w- C:\DriveKey 2011-07-01 17:27 . 2011-07-01 17:27 -------- d-----w- c:\program files\Common Files\Java 2011-07-01 14:46 . 2011-07-01 14:46 0 ---ha-w- c:\users\WinXP\AppData\Local\BITD2A9.tmp 2011-06-28 15:05 . 2011-06-28 15:05 -------- d-----w- c:\program files\Lavalys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-22 20:04 . 2011-05-21 12:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-18 08:51 . 2009-08-18 08:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2011-05-18 08:51 . 2009-08-18 08:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-18 08:00 . 2011-05-18 08:00 431672 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-05-10 17:38 . 2011-05-10 17:37 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll 2011-05-04 01:52 . 2011-04-28 12:06 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-29 13:39 . 2011-04-29 13:39 119808 ----a-r- c:\users\WinXP\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2011-06-23 08:27 . 2011-04-20 21:54 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe" [2007-05-22 521128] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-02-04 2346496] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384] "snp2std"="c:\windows\vsnp2std.exe" [2005-09-22 339968] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-06-04 17:20 124216 ----a-w- c:\program files\ICQ7.5\ICQ.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Услуга Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 136176] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 18088] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [2010-03-04 33280] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LBD . Contents of the 'Scheduled Tasks' folder . 2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 21:57] . 2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 21:57] . . ------- Supplementary Scan ------- . IE: Е&кспортирай в Microsoft Excel - c:\progra~1\MIF5BA~1\Office10\EXCEL.EXE/3000 IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe TCP: Interfaces\{4244F5F5-0447-4C5B-B2F1-A954098D0546}: NameServer = 212.50.10.50 212.50.10.51 FF - ProfilePath - c:\users\WinXP\AppData\Roaming\Mozilla\Firefox\Profiles\dmt92gov.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3276) c:\program files\Ray Adams\ATI Tray Tools\raphook.dll . Completion time: 2011-07-26 20:08:13 ComboFix-quarantined-files.txt 2011-07-26 17:08 . Pre-Run: 3 889 188 864 bytes free Post-Run: 3 866 210 304 bytes free . - - End Of File - - 79E506F335E5B3B88E10D8DAE4B2380B

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    * Изтеглете Malwarebytes' Anti-Malware или от тук

    * Кликнете два пъти върху mbam-setup.exe, за да инсталирате програмата.

    * Уверете се, че са поставени отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware. След това кликнете на Finish.

    * Ако има намерени обновявания, тя ще ги изтегли и инсталира.

    * Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.

    * Сканирането ще отнеме малко време, затова моля да бъдете търпеливи.

    * Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.

    * Уверете се, че на всички редове има отметки, и кликнете на Remove Selected.

    * Когато всичко бъде премахнато, в Notepad ще бъде отворен лог. Копирайте този лог и го публикувайте в следващия си коментар по темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    ===================================================================================

    • Изтеглете програмата: ESET Online Scanner
    • Стартирайте esetsmartinstaller_enu.exe Публикувано изображение
    • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

      Публикувано изображение

    • Скенерът ще започне да изтегля компонентите, които са му необходими:

      Публикувано изображение

    • Уверете се, че има отметки на следните редове:

      Публикувано изображение

      Накрая изберете Start

    • Скенерът ще започне да изтегля последните дефиниции.
    • След, като сканирането завърши изберете Finish.
    • Отидете в: C:\Program Files\ESET\ESET Online Scanner
    • Отворете файла log.txt , копирайте съдържанието му и го поставете в следващия си коментар.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.