-
Junior Member
- Вес репутации
- 52
Нужна помощь
Здравствуйте!
У меня проблема:
Я не могу подключится к интернету когда только включу ПК, открываю сетевые подключения, а они "тупо" зависают (у меня win7), через некоторое время(3-5 мин) "развисается" и я могу нажать на подключении и подключиться. (Кстати, во время "зависания", загруженность ЦП составляет 70-100%, и использование памяти 1-2 гб)
Подключившись к интернету, возникает другая проблема: не открываю никаких браузеров, игр, обновление всего у меня отключено, а трафик растёт.
Бывает что выскакивает окно: "Прекращена работа программы "Хост-процесс для служб Windows" и трафик останавливает.
Извините, что может не ясно выражаюсь, надеюсь на вашу помощь, логи прилагаются.
-
Будь в курсе!
Будь в курсе!
Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:
-
Junior Member
- Вес репутации
- 52
Вот даже сейчас, норм просматривал страницы в инете, резко повысился трафик, но выскочила ошибка...
Хост-процесс
Прекращена работа программы "Хост-процес служб для Windows"
Вот что пишется в подробностях проблемы....
Сигнатура проблемы:
Имя события проблемы: APPCRASH
Имя приложения: svchost.exe
Версия приложения: 6.1.7600.16385
Отметка времени приложения: 4da32899
Имя модуля с ошибкой: ntdll.dll
Версия модуля с ошибкой: 6.1.7600.20645
Отметка времени модуля с ошибкой: 4b7a43a3
Код исключения: c0000005
Смещение исключения: 00052c38
Версия ОС: 6.1.7600.2.0.0.256.1
Код языка: 1049
Дополнительные сведения 1: 9c54
Дополнительные сведения 2: 9c54c0c076af50e665d2df4966ef821f
Дополнительные сведения 3: 2d6b
Дополнительные сведения 4: 2d6bc1df32d02681bf4b8d07e7cffed9
и интернет стал опять нормально работать...
Добавлено через 1 час 0 минут
Почитал темы, зашёл в Касперского в Мониторинг сети, а там процессов 10-15 svchost то появляются то исчезают и тянут трафик....
Добавлено через 10 часов 59 минут
Провёл маленькую процедурку "убивания" процессов при первом включении ПК и стало ясно что ЦП и память занимают 3 порцесса:
avp.exe
svchost.exe
System NT Kernel & System (самый пугающий) при его завершении появляется синий экран и внизу написано: dump memory и идут проценты наверно, 5,10,15 до ста и ПК перезагружается
Последний раз редактировалось JhekaZ; 15.04.2011 в 05:13.
Причина: Добавлено
-
Выполните скрипт в AVZ
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm','');
QuarantineFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm','');
QuarantineFile('c:\windows\system32\wuaucldt.exe','');
QuarantineFile('C:\Windows\system32\regedit.exe','');
TerminateProcessByName('c:\users\jhekaz\wuaucldt.exe');
QuarantineFile('c:\users\jhekaz\wuaucldt.exe','');
DeleteFile('c:\users\jhekaz\wuaucldt.exe');
DeleteFile('C:\Windows\system32\regedit.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
DeleteFile('c:\windows\system32\wuaucldt.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\AppData\Local\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Documents and Settings\JhekaZ\Local Settings\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\AppData\Local\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Application Data\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Temporary Internet Files\Content.IE5\7TYVOWVV\load[1].htm');
DeleteFile('C:\Users\JhekaZ\Local Settings\Temporary Internet Files\Content.IE5\HI5UJ0P0\load[3].htm');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.
Пришлите карантин согласно Приложения 3 правил по красной ссылке Прислать запрошенный карантин вверху темы
Сделайте новые логи
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 52
Карантин отослал.
Новые логи сделал.
При подключении к интернету трафик теперь не тянется, но я всё равно не могу выйти в интернет минуты 3-4 не заходит в мои подключения(
-
Junior Member
- Вес репутации
- 52
-
Выполните скрипт в AVZ
Код:
begin
RegKeyStrParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows', 'AppInit_DLLs', 'C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll');
RebootWindows(true);
end.
Компьютер перезагрузится.
Сделайте лог полного сканирования МВАМ
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 52
Выполнил скрипт, сделал полное сканирование, а лога нет ни в папке и не открывался блокнот. Что мне нужно сделать что бы он появился или заново делать сканирование?
-
Junior Member
- Вес репутации
- 52
Я думаю "сохранить отчёт" - это и есть тот самый лог прикрепляю:
-
Удалите в МВАМ только указанные ниже записи
Код:
Заражённые папки:
c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken.
Заражённые файлы:
c:\Users\JhekaZ\AppData\Local\Temp\43F2.tmp (Trojan.Agent) -> No action taken.
c:\Users\JhekaZ\AppData\Local\Temp\4AA6.tmp (Trojan.Agent) -> No action taken.
c:\Users\JhekaZ\AppData\Local\Temp\4JJADFA.tmp (Trojan.SpyEyes) -> No action taken.
c:\Users\JhekaZ\AppData\Local\Temp\AAA6.tmp (Spyware.Spyeyes) -> No action taken.
c:\Users\JhekaZ\AppData\Local\Temp\jJJjJJ4J.exe (Trojan.Zbot) -> No action taken.
c:\Users\JhekaZ\AppData\Local\Temp\JJJJJjJ.exe (Trojan.Zbot) -> No action taken.
c:\Users\JhekaZ\Desktop\avz4\quarantine\2011-04-14\avz00001.dta (Spyware.Passwords.XGen) -> No action taken.
d:\system volume information\_restore{01500303-f5bd-4fdf-a99b-97811207e967}\RP1\A0001422.exe (PUP.Casino) -> No action taken.
e:\FlashKA\soft\antivirus\avz4\quarantine\2010-03-19\avz00001.dta (Trojan.Glox) -> No action taken.
c:\Users\JhekaZ\AppData\Roaming\igxpgd32.dat (Malware.Trace) -> No action taken.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken.
Смените все пароли
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 52
Удалил в MBAM, но проблема осталась: всё равно не могу выйти в интернет минуты 3-4 не заходит в мои подключения.
Вы ещё сможете чем то помочь?!
-
Не вижу нового лога МВАМ, как было написано в инструкции
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 52
Извиняюсь, не внимательность) Просто вчера ночью делал всё.
Лог то я сделал но забыл загрузить.
-
Microsoft MVP 2012-2016 Consumer Security
Microsoft MVP 2016 Reconnect
-
-
Junior Member
- Вес репутации
- 52
Ясно. Ну хоть на этом спасибо.
Можно ещё вопрос:
Я сделал флешку загрузочным диском win7, вставляю её при загружке выбираю с USB и тишина, не подскажите что то?! Просто мой дисковод не поддерживает win7 и устанавливается она очень долго, а я б хотел через флешку.
-
Создание загрузочных флэшек - вопрос не простой и довольно обширный. К сожалению, очень многие рецепты, которые можно найти в интернете, не работают. Так что просто ищите другие варианты и пробуйте.
I am not young enough to know everything...
-
-
Junior Member
- Вес репутации
- 52
Bratez, а подсказку или что то в этом роде нельзя?
-
Junior Member
- Вес репутации
- 52
Моя проблема так и не была решенной (на половину), я так понял вы больше нечем помочь не можете, спасибо интернет стал работать лучше))
-
Итог лечения
Статистика проведенного лечения:
- Получено карантинов: 1
- Обработано файлов: 13
- В ходе лечения обнаружены вредоносные программы:
- c:\\documents and settings\\jhekaz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\hi5uj0p0\\load - Backdoor.Win32.Protector.ql ( DrWEB: BackDoor.Bulknet.511, BitDefender: Trojan.Generic.KDV.188114, AVAST4: Win32:MalOb-IJ [Cryp] )
- c:\\documents and settings\\jhekaz\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\content.ie5\\7tyvowvv\\load - Trojan-Spy.Win32.Carberp.ot ( DrWEB: Trojan.DownLoader2.30698, BitDefender: Trojan.Generic.6130048, NOD32: Win32/TrojanDownloader.Carberp.W trojan, AVAST4: Win32:Rootkit-gen [Rtk] )
- c:\\users\\jhekaz\\wuaucldt.exe - Backdoor.Win32.Protector.ql ( DrWEB: BackDoor.Bulknet.511, BitDefender: Trojan.Generic.KDV.188114, AVAST4: Win32:MalOb-IJ [Cryp] )
Рекомендации:
- Обнаружены троянские программы класса Trojan-PSW/Trojan-Spy - настоятельно рекомендуется поменять все пароли !
-