Показано с 1 по 11 из 11.

the virus controls my computer

  1. #1
    Junior Member Репутация
    Регистрация
    07.04.2010
    Сообщений
    5
    Вес репутации
    25

    the virus controls my computer

    hello
    i think the virus controls me
    disabled autorun, disable showing hidden file, disabled antiviruses
    Вложения Вложения

  2. #2
    VIP Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Aleksandra
    Регистрация
    13.01.2007
    Сообщений
    7,662
    Вес репутации
    2817
    Kaspersky Virus Removal Tool 7.0.0.290 (database released 27/08/2009; 04:30)
    Please download the actual version of AVPTool and make a new log.
    Наша служба, будто сердце, отдыха не знает никогда.

  3. #3
    Junior Member Репутация
    Регистрация
    07.04.2010
    Сообщений
    5
    Вес репутации
    25

    the virus controls my computer

    this is the log
    Вложения Вложения

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2996
    Switch off/Disable:
    - Antivirus and and, if you have - Firewall.
    - System Restore

    - Execute following script in Manual disinfection
    Код:
    begin
    SearchRootkit(true, true);
    SetAVZGuardStatus(True);
    ClearQuarantine;
     TerminateProcessByName('c:\docume~1\ayman\locals~1\temp\svchost.com');
     QuarantineFile('c:\windows\system32\fdisk.com','');
     QuarantineFile('c:\progra~1\speedo~1\SPO.exe','');
     QuarantineFile('C:\WINDOWS\System32\Drivers\aswSnx.SYS','');
     QuarantineFile('C:\WINDOWS\Fonts\Uninstal.exe','');
     QuarantineFile('F:\Thumbs.db','');
     QuarantineFile('F:\autorun.inf','');
     QuarantineFile('E:\Thumbs.db','');
     QuarantineFile('E:\autorun.inf','');
     QuarantineFile('D:\Thumbs.db','');
     QuarantineFile('D:\autorun.inf','');
     QuarantineFile('C:\Thumbs.db','');
     QuarantineFile('C:\autorun.inf','');
     DeleteFile('c:\docume~1\ayman\locals~1\temp\svchost.com');
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    After reboot execute following script in Manual disinfection
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.

    - Remove Bonjour if you don't use it.
    - Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
    - Make a new log of AVPTool and attach it to your new post..

  5. #5
    Junior Member Репутация
    Регистрация
    07.04.2010
    Сообщений
    5
    Вес репутации
    25
    Thankx alot for your help
    this is the new log
    Вложения Вложения

  6. #6
    VIP Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для Aleksandra
    Регистрация
    13.01.2007
    Сообщений
    7,662
    Вес репутации
    2817
    1. Please, disable System Restore and antivirus (if you have).
    2. Execute this script in AVPTool:

    Код:
    begin
    SetAVZGuardStatus(True);
     TerminateProcessByName('c:\docume~1\ayman\locals~1\temp\svchost.com');
     DeleteFile('c:\docume~1\ayman\locals~1\temp\svchost.com');
     RegKeyParamDel('HKEY_USERS','S-1-5-21-682003330-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run','User Agent');
     DeleteFile('C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sndvol32.exe');
     DeleteFile('C:\Documents and Settings\Ayman\Start Menu\Programs\Startup\sndvol32.exe');
     DeleteFile('C:\WINDOWS\system32\fdisk.com');
     RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','User Agent');
     DeleteFile('C:\WINDOWS\Fonts\Uninstal.exe');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\Thumbs.db');
     DeleteFile('D:\autorun.inf');
     DeleteFile('D:\Thumbs.db');
     DeleteFile('E:\autorun.inf');
     DeleteFile('E:\Thumbs.db');
     DeleteFile('F:\autorun.inf');
     DeleteFile('F:\Thumbs.db');
    BC_ImportDeletedList;
    ExecuteSysClean;
    ExecuteRepair(6);
    ExecuteRepair(9);
    ExecuteRepair(11);
    ExecuteRepair(16);
    ExecuteRepair(17);
    BC_Activate;
    RebootWindows(true);
    end.
    3. Make a new log of AVPTool.
    Наша служба, будто сердце, отдыха не знает никогда.

  7. #7
    Junior Member Репутация
    Регистрация
    07.04.2010
    Сообщений
    5
    Вес репутации
    25
    new log
    Вложения Вложения

  8. #8
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2996
    Цитата Сообщение от aymoon1990 Посмотреть сообщение
    new log
    ... with all the old threats...
    Pls. make a log file of Malwarebytes Antimalware.

  9. #9
    Junior Member Репутация
    Регистрация
    07.04.2010
    Сообщений
    5
    Вес репутации
    25
    malwarebytes Log
    Вложения Вложения

  10. #10
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    2996
    - Execute following script in Manual disinfection
    Код:
    begin
    SetAVZGuardStatus(True);
    ClearQuarantine;
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temp\svchost.com ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Templates\cache\SFCsrvc.pif ','');
    QuarantineFile('C:\WINDOWS\system32\fdisk.com ','');
    QuarantineFile('C:\autorun.inf ','');
    QuarantineFile('C:\Thumbs.db ','');
    QuarantineFile('C:\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\NF2.exe ','');
    QuarantineFile('C:\Documents and Settings\All Users\Start Menu\Programs\Startup\sndvol32.exe ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Start Menu\Programs\Startup\sndvol32.exe ','');
    QuarantineFile('C:\Documents and Settings\Mohammed\Start Menu\Programs\Startup\sndvol32.exe ','');
    QuarantineFile('C:\Documents and Settings\Sooma\Start Menu\Programs\Startup\sndvol32.exe ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temp\setup.exe ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temp\scr\logon.exe ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temp\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\NF2.exe ','');
    QuarantineFile('C:\Documents and Settings\Mohammed\Local Settings\Temp\svchost.com ','');
    QuarantineFile('C:\Documents and Settings\Mohammed\Local Settings\Temp\$RECYCLE.BIN\{5F229C11-5039-40E4-8537-6950BB1C9ECC}\NF2.exe ','');
    QuarantineFile('C:\Documents and Settings\Mohammed\Local Settings\Temp\scr\sstext3d.exe ','');
    QuarantineFile('C:\Documents and Settings\Sooma\Local Settings\Temp\svchost.com ','');
    QuarantineFile('C:\Documents and Settings\Sooma\Local Settings\Temp\scr\logon.exe ','');
    QuarantineFile('C:\WINDOWS\Temp\setup.exe ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\HPCommon.dll ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\hppx.exe ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\MAHelper.exe ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\unins000.dat ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\unins000.exe ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\Data\config.md ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome.manifest ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\install.rdf ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\HPAddOn.jar ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.js ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\chrome\content\HPAddOn.xul ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.dll ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFAddOn.xpt ','');
    QuarantineFile('C:\Program Files\Media Access Startup\1.3.0.790\FF\components\HPFFHelperComponent.js ','');
    QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.dat ','');
    QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\unins000.exe ','');
    QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\Data\eacore.mx ','');
    QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLDynamic.mx ','');
    QuarantineFile('C:\Program Files\System Search Dispatcher\1.2.0.750\Data\URLStatic.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\config.md ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090704-142030.500.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090704-142101.250.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090704-155731.875.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-013838.031.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-110356.859.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-134223.781.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-155333.578.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-155335.500.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090705-224543.203.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-115523.000.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-154255.592.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-163659.639.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-171027.327.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090706-235456.562.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-013632.937.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-013738.140.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-115712.296.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-154123.140.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-160610.375.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-184705.265.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090707-185911.078.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-005918.968.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-094359.125.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-121037.250.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-155135.328.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-211010.625.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-225815.468.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-232750.718.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Application Data\Media Access Startup\1.3.0.790\HJHP_20090708-233207.328.log ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2154df11395ea0249c4c54961007ff8a.gif ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\362f27667f6d7af7e9d2a6856d6560f6.gif ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\4b6752554c03dd13115a0078de71aa4d.gif ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\fb0a3aaf0df9fc6e0a7bc656b80c3973.gif ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf ','');
    QuarantineFile('C:\Documents and Settings\Ayman\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf ','');
    QuarantineFile('C:\Documents and Settings\Mohammed\Templates\cache\SFCsrvc.pif ','');
    QuarantineFile('C:\Documents and Settings\Sooma\Templates\cache\SFCsrvc.pif ','');
    QuarantineFile('C:\WINDOWS\system32\h@tkeysh@@k.dll ','');
    BC_ImportAll;
    SetAVZPMStatus(True);
    RebootWindows(true);
    end.
    After reboot execute following script in Manual disinfection
    Код:
    begin
    CreateQurantineArchive('C:\quarantine.zip');
    end.
    and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.

    Let Malwarebytes Antimalware run and remove all threats. Reboot your system and repeat the log of Malwarebytes Antimalware

  11. #11
    Cybernetic Helper Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    29.12.2008
    Сообщений
    47,526
    Вес репутации
    940

    Итог лечения

    Статистика проведенного лечения:
    • Получено карантинов: 3
    • Обработано файлов: 190
    • В ходе лечения обнаружены вредоносные программы:
      1. c:\autorun.inf - Trojan.Win32.AutoRun.hm ( BitDefender: Trojan.Autorun.AKY, NOD32: Win32/AutoRun.VB.DU worm, AVAST4: VBS:Malware-gen )
      2. c:\documents and settings\all users\start menu\programs\startup\sndvol32.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      3. c:\documents and settings\ayman\local settings\temp\$recycle.bin\{5f229c11-5039-40e4-8537-6950bb1c9ecc}\nf2.exe - Worm.Win32.AutoIt.uz ( DrWEB: archive: Win32.HLLW.Autoruner.18225, BitDefender: Trojan.Generic.3310442 )
      4. c:\documents and settings\ayman\local settings\temp\scr\logon.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      5. c:\documents and settings\ayman\local settings\temp\setup.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      6. c:\documents and settings\ayman\local settings\temp\svchost.com - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      7. c:\documents and settings\ayman\start menu\programs\startup\sndvol32.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      8. c:\documents and settings\ayman\templates\cache\sfcsrvc.pif - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      9. c:\documents and settings\mohammed\local settings\temp\$recycle.bin\{5f229c11-5039-40e4-8537-6950bb1c9ecc}\nf2.exe - Worm.Win32.AutoIt.uz ( DrWEB: archive: Win32.HLLW.Autoruner.18225, BitDefender: Trojan.Generic.3310442 )
      10. c:\documents and settings\mohammed\local settings\temp\scr\sstext3d.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      11. c:\documents and settings\mohammed\local settings\temp\svchost.com - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      12. c:\documents and settings\mohammed\start menu\programs\startup\sndvol32.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      13. c:\documents and settings\mohammed\templates\cache\sfcsrvc.pif - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      14. c:\documents and settings\sooma\local settings\temp\scr\logon.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      15. c:\documents and settings\sooma\local settings\temp\svchost.com - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      16. c:\documents and settings\sooma\start menu\programs\startup\sndvol32.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      17. c:\documents and settings\sooma\templates\cache\sfcsrvc.pif - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      18. c:\$recycle.bin\{5f229c11-5039-40e4-8537-6950bb1c9ecc}\nf2.exe - Worm.Win32.AutoIt.uz ( DrWEB: archive: Win32.HLLW.Autoruner.18225, BitDefender: Trojan.Generic.3310442 )
      19. c:\thumbs.db - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      20. c:\windows\system32\fdisk.com - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      21. c:\windows\temp\setup.exe - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      22. d:\autorun.inf - Trojan.Win32.AutoRun.hm ( BitDefender: Trojan.Autorun.AKY, NOD32: Win32/AutoRun.VB.DU worm, AVAST4: VBS:Malware-gen )
      23. d:\thumbs.db - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      24. e:\autorun.inf - Trojan.Win32.AutoRun.hm ( BitDefender: Trojan.Autorun.AKY, NOD32: Win32/AutoRun.VB.DU worm, AVAST4: VBS:Malware-gen )
      25. e:\thumbs.db - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )
      26. f:\autorun.inf - Trojan.Win32.AutoRun.hm ( BitDefender: Trojan.Autorun.AKY, NOD32: Win32/AutoRun.VB.DU worm, AVAST4: VBS:Malware-gen )
      27. f:\thumbs.db - Worm.Win32.AutoIt.rm ( DrWEB: Win32.HLLW.Autoruner.9108, BitDefender: Trojan.Generic.2591950 )


Похожие темы

  1. Ответов: 1
    Последнее сообщение: 15.01.2011, 03:00
  2. Virus on Computer
    От glatham311 в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 18.09.2010, 10:25
  3. the virus controls my computer
    От aymoon1990 в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 15.04.2010, 15:56
  4. VIRUS IN MY COMPUTER
    От RICARDO в разделе Malware Removal Service
    Ответов: 1
    Последнее сообщение: 07.03.2010, 10:56
  5. Computer with Virus
    От Nayan в разделе Malware Removal Service
    Ответов: 0
    Последнее сообщение: 24.05.2009, 16:13

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00470 seconds with 22 queries