virus? malware, nu pot scapa de ei....
Last Updated: May 07 2014 17:31, Started by
andrey_dumytrescu
, Apr 24 2014 02:31
·
0
#1
Posted 24 April 2014 - 02:31
De cateva saptamani am niste virusi, malware sau ce ori fi care se manivesta asa: la fiecare restart in folderul temp ce este golit initial se downloadeaza niste "programale" in limba chineza ca in poza atasata. Am incercat totul, dintre antivirusi doar Avast si norton detecteaza doar pe "365weatherIns_148", care il baga in carantina; dar la intervale neregulate detecteaza iar si iar tot felul de pagini in limba chineza care chipurile se acceseaza automat, blocandu-le. Am debifat tot din ms config, face la fel. In safemode fara networking nu intra, dupa ce incarca driverele ramane ecran negru, Daca intru in safemode cu networking, e tragedie, se instaleaza automat tot felul de "programele" in chineza deorace nu mai e antivirus si avertizarea din windows sa le blocheze instalarea. Cum pot scapa de aceastea? Nu vreau sa reinstalez windowsul, doarece am niste setari in programele cu care lucrez ce nu pot fi exportate. Multumesc.
edit am facut si o scanare cu HijackThis Logfile of Trend Micro HiJackThis v2.0.5 Scan saved at 03:41:23, on 24.04.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17041) Boot mode: Normal Running processes: C:\Users\Andrey\AppData\Local\Akamai\netsession_win.exe C:\Users\Andrey\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe C:\Users\Andrey\Downloads\HijackThis.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: (no name) - {DBB8245E-E5EF-AF2B-0E74-8F75CA7DE01D} - (no file) O2 - BHO: ***** Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\***** Plus for IE\*****Plus32.dll O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [RoccatKoneXTD] "C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE" O4 - HKCU\..\Run: [Weather Widget (HTC Home)] "C:\Program Files (x86)\HTC Home\Weather.exe" O4 - HKCU\..\Run: [test] C:\Windows\bat_starter.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ISEDORA.EXE] C:\iSedora\isedora.exe -hidden O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrey\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DU Meter] "C:\Program Files (x86)\DU Meter\DUMeter.exe" /autostart O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Andrey\AppData\Local\Akamai\netsession_win.exe" O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Agent portofel Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Portofel Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Agentul aplicatiei Portofel Bitdefender] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user') O4 - Startup: Serviio.lnk = C:\Program Files\Serviio\bin\ServiioConsole.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.1.100 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...rl.cab?lmi=1058 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviciul Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8489 bytes Attached FilesEdited by andrey_dumytrescu, 24 April 2014 - 02:43. |
#2
Posted 24 April 2014 - 06:40
ia vezi tu a ca e un topic dedicat publicarii logurilor HijackThis!
cu calculatorul cu care lucrezi, nu te dai pe net! Edited by Nero-d, 24 April 2014 - 06:46. |
#3
Posted 24 April 2014 - 17:46
1. Ruleaza din nou HijackThis.
Bifeaza si da fix la: Quote O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL O4 - HKLM\..\Run: [RoccatKoneXTD] C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE 2. Descarca si ruleaza OTL. Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Bifezi ca in imagine. [ http://s11.postimg.org/jaand9soj/otl1.jpg - Pentru incarcare in pagina (embed) Click aici ] La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt. Copiaza pe rand continutul acestor ferestre si posteazale aici. |
#5
Posted 25 April 2014 - 01:13
atasez din nou cele 2 fisiere nu stiu de ce nu a mers prima data
Attached Files |
#6
Posted 25 April 2014 - 06:25
1. Ruleaza din nou OTL.
Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL. Quote
:PROCESSES killallprocesses :OTL SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin: C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrey\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrey\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll File not found O1 - Hosts: 127.0.0.1 2319825.spam.spam.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups O18 - Protocol\Handler\ms-help - No CLSID value found [2014.04.24 14:30:56 | 000,000,000 | ---D | C] -- C:\Users\Andrey\AppData\Local\WebPlayer [2014.04.23 17:17:25 | 000,128,288 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll [2014.04.17 13:15:37 | 000,000,000 | ---D | C] -- C:\Users\Andrey\AppData\Local\CrystalDiskMark [2014.04.16 20:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ROCCAT [2014.04.16 20:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT [2014.04.19 19:29:32 | 000,250,231 | ---- | M] () -- C:\ProgramData\1397924898.bdinstall.bin [2014.04.07 16:15:14 | 000,531,529 | ---- | M] () -- C:\ProgramData\1396876329.bdinstall.bin [2014.04.19 19:29:32 | 000,250,231 | ---- | C] () -- C:\ProgramData\1397924898.bdinstall.bin [2014.04.07 16:15:14 | 000,531,529 | ---- | C] () -- C:\ProgramData\1396876329.bdinstall.bin [2014.03.20 22:51:37 | 000,253,943 | ---- | C] () -- C:\ProgramData\1395345056.bdinstall.bin [2014.03.20 22:41:17 | 000,532,414 | ---- | C] () -- C:\ProgramData\1395344334.bdinstall.bin [2014.03.15 21:15:16 | 000,250,255 | ---- | C] () -- C:\ProgramData\1394907272.bdinstall.bin [2014.03.15 01:55:11 | 000,455,588 | ---- | C] () -- C:\ProgramData\1394837599.bdinstall.bin [2014.03.15 01:42:25 | 000,252,209 | ---- | C] () -- C:\ProgramData\1394836905.bdinstall.bin [2014.03.15 01:33:24 | 000,044,251 | ---- | C] () -- C:\ProgramData\1394836390.bdinstall.bin [2014.03.15 01:32:48 | 000,489,426 | ---- | C] () -- C:\ProgramData\1394836226.bdinstall.bin [2014.01.11 21:04:17 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\DeleteNpf.exe [2013.12.20 20:57:22 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\InstallSadpNpfApp.exe [2013.11.29 18:12:53 | 000,000,000 | ---D | M] -- C:\Users\Andrey\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21_97A6E9190B374845A2EEEC5B058B8C9F_F893F7CA-8278-41DF-A76F-CAF0437A90CD__ [2013.02.01 16:06:48 | 000,000,000 | ---D | M] -- C:\Users\Andrey\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__ [2013.11.05 19:58:10 | 000,000,000 | ---D | M] -- C:\Users\Andrey\AppData\Roaming\NetSpeedMonitor @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD @Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GV6PYM54U3M96HFNXH553Y8VPHKL606FVGEG1P6ERPVRDVT8JL9JJMPYV0PRUEF39P8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVV1VTVVTVMVV7 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:34E543D7 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:98C59C33 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4FC01C57 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:6108D5DF :Files ipconfig /flushdns /c :Commands [purity] [CLEARALLRESTOREPOINTS] [emptytemp] [emptyjava] [emptyflash] [Reboot] Vezi pe imagine cum. Apasa Run Fix. Posteaza logul aici. [ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ] 2. Descarca Complete Internet Repair. Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Bifezi tot si apesi pe GO. [ http://i1-win.softpedia-static.com/screenshots/Complete-Internet-Repair_1.png - Pentru incarcare in pagina (embed) Click aici ] |
#7
Posted 25 April 2014 - 19:23
am facut pasii asta e logu:
All processes killed ========== PROCESSES ========== ========== OTL ========== Service SwitchBoard stopped successfully! Service SwitchBoard deleted successfully! C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe moved successfully. Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\samsung.com/SamsungLinkPCPlugin\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. Folder C:\Users\Andrey\AppData\Local\WebPlayer\ not found. C:\Windows\SysNative\IObitSmartDefragExtension.dll moved successfully. Folder C:\Users\Andrey\AppData\Local\CrystalDiskMark\ not found. File C:\ProgramData\1397924898.bdinstall.bin not found. File C:\ProgramData\1396876329.bdinstall.bin not found. File C:\ProgramData\1397924898.bdinstall.bin not found. File C:\ProgramData\1396876329.bdinstall.bin not found. File C:\ProgramData\1395345056.bdinstall.bin not found. File C:\ProgramData\1395344334.bdinstall.bin not found. File C:\ProgramData\1394907272.bdinstall.bin not found. File C:\ProgramData\1394837599.bdinstall.bin not found. File C:\ProgramData\1394836905.bdinstall.bin not found. File C:\ProgramData\1394836390.bdinstall.bin not found. File C:\ProgramData\1394836226.bdinstall.bin not found. C:\Windows\SysWOW64\drivers\DeleteNpf.exe moved successfully. C:\Windows\SysWOW64\drivers\InstallSadpNpfApp.exe moved successfully. C:\Users\Andrey\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21_97A6E9190B374845A2EEEC5B058B8C9F_F893F7CA- 8278-41DF-A76F-CAF0437A90CD__\5.1\Data folder moved successfully. C:\Users\Andrey\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21_97A6E9190B374845A2EEEC5B058B8C9F_F893F7CA- 8278-41DF-A76F-CAF0437A90CD__\5.1 folder moved successfully. C:\Users\Andrey\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21_97A6E9190B374845A2EEEC5B058B8C9F_F893F7CA- 8278-41DF-A76F-CAF0437A90CD__ folder moved successfully. C:\Users\Andrey\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__ \4.8\Data folder moved successfully. C:\Users\Andrey\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__\4.8 folder moved successfully. C:\Users\Andrey\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__ folder moved successfully. C:\Users\Andrey\AppData\Roaming\NetSpeedMonitor folder moved successfully. ADS C:\ProgramData: $SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWP BXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD deleted successfully. ADS C:\ProgramData: $SS_DESCRIPTOR_LBP6VPVFLVGVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GV6PYM54U3M96HFNXH553Y8VPHKL606FVGEG 1P6ERPVRDVT8JL9JJMPYV0PRUEF39P8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVV1VTVVTVMVV7 deleted successfully. ADS C:\ProgramData\TEMP:34E543D7 deleted successfully. ADS C:\ProgramData\TEMP:98C59C33 deleted successfully. ADS C:\ProgramData\TEMP:4FC01C57 deleted successfully. ADS C:\ProgramData\TEMP:6108D5DF deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Andrey\Desktop\cmd.bat deleted successfully. C:\Users\Andrey\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point [EMPTYTEMP] User: admin ->Temp folder emptied: 0 bytes User: Administrator User: All Users User: Andrey ->Temp folder emptied: 9215 bytes ->Temporary Internet Files folder emptied: 50252760 bytes ->Java cache emptied: 1880735 bytes ->Google Chrome cache emptied: 348494075 bytes ->Flash cache emptied: 643 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: DefaultAppPool ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1709944 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 36303396 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes RecycleBin emptied: 6996142 bytes Total Files Cleaned = 425,00 mb [EMPTYJAVA] User: admin User: Administrator User: All Users User: Andrey ->Java cache emptied: 0 bytes User: Default User: Default User User: DefaultAppPool User: Public Total Java Files Cleaned = 0,00 mb [EMPTYFLASH] User: admin User: Administrator User: All Users User: Andrey ->Flash cache emptied: 0 bytes User: Default User: Default User User: DefaultAppPool User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 04252014_201805 Files\Folders moved on Reboot... File\Folder C:\Users\Andrey\AppData\Local\Temp\etilqs_2sORThh5gu2InkM not found! C:\Users\Andrey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Users\Andrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
#9
Posted 25 April 2014 - 19:58
Am rulat si Complete Internet Repair. Acum la fiecare restart mai apar in folderul temp, ce este in poza 1. Suspect este folderul f1fa ce aparea si inainte ce contine 2 fisiere xml, unul fiind "install_notbsgs_xml" care la cautare pe goolge dupa nume apar rezultate ca ar avea legatura cu siturile alea in chineza de unde se downloada in temp. Pot faca cumva sa nu mai apara la fiecare restart? Mersi
Atasez si cele doua fisiere xml, daca ajuta cu ceva. Attached Files |
#10
Posted 26 April 2014 - 16:10
Fisierul ivyconfig_xml, apartine de Hikvision iVMS-4200, soft prezent la tine in "calculator"
Quote iVMS-4200 is a versatile video management software for the DVRs, NVRs, IP cameras, encoders decoders, etc. It provides multiple functionalities, including real-time live view, video recording, remote search and playback, file backup, etc., for the connected devices to meet the needs of monitoring task. With the flexible distributed structure and easy-to-use operations, the client software is widely applied to the surveillance projects of medium or small scale. Descarca si salveaza pe Desktop, GetSystemInfo. Dublu click pe GetSystemInfo.exe pentru al rula.[ http://s24.postimg.org/4b0emvg7l/Screenshot_from_2014_04_16_05_34_34.png - Pentru incarcare in pagina (embed) Click aici ] Pentru Windows Vista sau Windows7, click dreapta, selecteaza Run as administrator. Alege unde sa salveze raportul, pe Desktop e cel mai bine. Ataseaza GetSystemInfo_utilizator_2014_04_16_07_48_25.zip, in urmatorul mesaj. |
|
#11
Posted 26 April 2014 - 20:40
Da am softul de la Hikvision, iVMS-4200 pentru niste camere de supraveghere. Am adaugat arhiva GetSystemInfo. Am mai si cautat manual prin registrii dupa numele f1fa, si am sters cateva intrari. De atunci nu mai apar in folderul temp la la intrarea in windows, cele 2 xml, si nici acele "programale in chineza. Se pare ca am scapat de ele.
Attached Files |
#12
Posted 26 April 2014 - 20:51
Arhiveaza si trimite-mi in PM(nu pe forum) fisierele:
C:\Program Files (x86)\DU Meter\ssleay32.dll C:\Program Files (x86)\DU Meter\libeay32.dll. C:\Program Files (x86)\DU Meter\DUMetr64.sys |
#13
Posted 26 April 2014 - 21:34
Nu esti "virusat".
Scoate din sistem(dezinstaleaza): Ad-Aware Browsing Protection avast! Free Antivirus Malwarebytes Anti-Malware version 1.75.0.1300 Restart. Instaleaza: Avast! Free Antivirus 9.0.2018 Malwarebytes Anti-Malware 2.0.1.1004 |
#14
Posted 28 April 2014 - 23:18
Au trecut 2 zile si nu au mai aparut acele descarcari de "programele" in folderul temp. Se pare ca e rezolvata problema. Multumesc mult.
|
#15
Posted 29 April 2014 - 17:30
Cu placere.
Daca mai apar probleme, te rog sa-mi spui. Numai bine. |
|
#16
Posted 05 May 2014 - 12:53
Din neatentie am dat click pe jawa update si de atunci o data cu deschidere mozzila sau alte siteuri se incarca si o alta pagina cu cateva “jocuri”
Anno.online = en.anno-online.com Sofler.com = clkmon.com/static/ rd.html… Jump.arango.track Warthunder.com/ro/play4free Am Wp2002 ;service pack 3 ;2,6Ghz ; 960Mb of Ram ; MSecurityE . Ce solutii imi raman pentru a mai putea folosi aparatul? |
#17
Posted 05 May 2014 - 17:44
1. Descarca AdwCleaner by Xplode pe Desktop.
Dublu click pe AdwCleaner.exe pentru al rula. Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Scan. Asteapta sa termine de cautat. Dupa click pe Clean. Un fisier log se va deschide dupa ce va termina de curatat. Posteaza continutul lui aici. Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar). [ http://s16.postimg.org/rjimctqrp/Screenshot_08212013_08_09_26_PM.png - Pentru incarcare in pagina (embed) Click aici ] 2. Descarca si salveaza pe Desktop Junkware Removal Tool. Inchide toate programele care ruleaza. Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Scaneaza cu el. Ai rabdare cu el, dureaza putin mai mult. Posteaza logul aici. [ http://s7.postimage.org/z2rwy800r/JRT.jpg - Pentru incarcare in pagina (embed) Click aici ] |
#18
Posted 05 May 2014 - 19:24
MhG_40, on 05 mai 2014 - 17:44, said:
1. Descarca AdwCleaner by Xplode pe Desktop. Dublu click pe AdwCleaner.exe pentru al rula. Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Scan. Asteapta sa termine de cautat. Dupa click pe Clean. Un fisier log se va deschide dupa ce va termina de curatat. Posteaza continutul lui aici. # Adwcleaner v3.207 - Report created 05/05/2014 at 19:49:17 # Updated 05/05/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : ……….. # Running from : C:\Documents and Settings\............\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : DefaultTabUpdate ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\DAEMON Tools Toolbar Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Documents and Settings\...............\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\...........\Local Settings\Application Data\PackageAware Folder Deleted : C:\Documents and Settings\.............\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\..............\Application Data\BabylonToolbar Folder Deleted : C:\Documents and Settings\...............\Application Data\DefaultTab Folder Deleted : C:\Documents and Settings\................\Application Data\Mozilla\Firefox\Profiles\4ux4r7qa.default\Extensions\Avg@toolbar [!] Folder Deleted : C:\Documents and Settings\.............\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla File Deleted : C:\Documents and Settings\.............\Application Data\Mozilla\Firefox\Profiles\4ux4r7qa.default\Extensions\[email protected] File Deleted : C:\DOCUME~1\............\LOCALS~1\Temp\Uninstall.exe File Deleted : C:\Documents and Settings\............\Application Data\Mozilla\Firefox\Profiles\4ux4r7qa.default\defaulttab.config File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml File Deleted : C:\Documents and Settings\.............\Application Data\Mozilla\Firefox\Profiles\4ux4r7qa.default\searchplugins\search-here.xml File Deleted : C:\WINDOWS\Tasks\DTReg.job |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users