Решена ПОМОГИТЕ!

Тема в разделе "Лечение компьютерных вирусов", создана пользователем adamgills, 3 апр 2009.

Статус темы:
Закрыта.
  1. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    На моем компе вирь. Никакие антивирусы не запускаются. Работает только АВЗ. Посмотрите пожалуйста логи, надеюсь на Вашу помощь. Все сделал как написано вправилах. Логи прилагаю.



    [info]Карантин убрал.[/info]
     
  2. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.455
    Симпатии:
    13.954
    mlburmh.exe - Worm.Win32.AutoRun.diq (dr.web: Win32.HLLW.Autoruner.2497)

    AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
    Код (Text):
    begin
     ClearQuarantine;
     SearchRootkit(true, true);
     SetAVZGuardStatus(true);
     QuarantineFile('C:\WINDOWS\system32\rebuild.exe','');
     QuarantineFile('C:\WINDOWS\system32\DRIVERS\wpdusb.sys','');
     QuarantineFile('C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe','');
     QuarantineFile('C:\WINDOWS\system32\vksaver.dll','');
     DeleteFile('C:\WINDOWS\system32\vksaver.dll');
     DeleteFile('c:\windows\system32\vksaver.dll');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\mlburmh.exe');
     DeleteFile('E:\autorun.inf');
     DeleteFile('E:\mlburmh.exe');
     DeleteFile('F:\autorun.inf');
     DeleteFile('F:\mlburmh.exe');
     BC_ImportALL;
     ExecuteRepair(9);
     BC_Activate;
     ExecuteSysClean;
     RebootWindows(true);
    end.
    После выполнения скрипта компьютер перезагрузится.

    Код (Text):
    begin
     CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
    end.

    Полученный архив отправьте на akok<at>pisem.net с указанной ссылкой на тему. (at=@)

    Отключите автозапуск и повторите логи.
     
  3. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    карантин выслал вам на почту
    автозапуск отключил по первому пункту( хотя проги типа мэйл агента при загрузке все повключались), логи прилагаю
     
    Последнее редактирование модератором: 3 апр 2009
  4. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.455
    Симпатии:
    13.954
    PartyPoker - играете?

    AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
    Код (Text):
    begin
     SearchRootkit(true, true);
     SetAVZGuardStatus(true);
     ClearIECache;
     ClearQuarantine;
     QuarantineFile('C:\WINDOWS\system32\ieudinit.exe','');
     QuarantineFile('C:\WINDOWS\system32\AdvUninstCPL.cpl','');
     QuarantineFile('C:\WINDOWS\system32\Path2ClipboardSetup.cpl','');
     QuarantineFile('C:\WINDOWS\system32\Startup.cpl','');
     QuarantineFile('C:\PROGRA~1\FieryAds\FieryAds.dll','');
     QuarantineFile('%USERPROFILE%\Application Data\bpdata.dll','');
     QuarantineFile('E:\Миша\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe','');
     DeleteFile('%USERPROFILE%\Application Data\bpdata.dll');
     DeleteFile('C:\PROGRA~1\FieryAds\FieryAds.dll');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\mlburmh.exe');
     DeleteFile('E:\autorun.inf');
     DeleteFile('E:\mlburmh.exe');
     DeleteFile('F:\autorun.inf');
     DeleteFile('F:\mlburmh.exe');
     DeleteFile('C:\WINDOWS\system32\aoupbie.dll');
     DeleteFile('C:\WINDOWS\system32\ati2avxx.bak');
     DeleteFile('C:\WINDOWS\system32\ati2avxx.exe');
     DelBHO('{CF272101-7F6E-4CF2-9453-B4C5D2FC32C0}');
     DelBHO('{9D64F819-9380-8473-DAB2-702FCB3D7A3E}');
     BC_ImportALL;
     BC_Activate;
     ExecuteSysClean;
     ExecuteRepair(6);
     ExecuteRepair(9);
     RebootWindows(true);
    end.
    После выполнения скрипта компьютер перезагрузится.

    Код (Text):
    begin
     CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
    end.

    Полученный архив отправьте на akok<at>pisem.net с указанной ссылкой на тему. (at=@)

    Скачайте Malwarebytes' Anti-Malware, установите, обновите базы, выберите "Perform Full Scan", нажмите "Scan", после сканирования - Ok - Show Results (показать результаты) - нажмите "Remove Selected" (удалить выделенные). Откройте лог и скопируйте в сообщение.

    Включите AVZPM и повторите логи.
     
  5. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    Malwarebytes' Anti-Malware 1.35
    Версия базы данных: 1938
    Windows 5.1.2600 Service Pack 2

    04.04.2009 1:08:26
    mbam-log-2009-04-04 (01-08-26).txt

    Тип проверки: Полная (C:\|E:\|F:\|)
    Проверено объектов: 166632
    Прошло времени: 22 minute(s), 21 second(s)

    Заражено процессов в памяти: 0
    Заражено модулей в памяти: 0
    Заражено ключей реестра: 130
    Заражено значений реестра: 1
    Заражено параметров реестра: 3
    Заражено папок: 0
    Заражено файлов: 4

    Заражено процессов в памяти:
    (Вредоносные программы не обнаружены)

    Заражено модулей в памяти:
    (Вредоносные программы не обнаружены)

    Заражено ключей реестра:
    HKEY_CLASSES_ROOT\CLSID\{1408e208-2ac1-42d3-9f10-78a5b36e05ac} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9d64f819-9380-8473-dab2-702fcb3d7a3e} (Trojan.Ransom) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{b0ed4726-5bc8-4e22-a7a8-3074a73ce64e} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9d64f819-9380-8473-dab2-702fcb3d7a3e} (Trojan.Ransom) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xvideoplugin.jetvideoplugin.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\xvideoplugin.jetmimefiltr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvU3Launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanU3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiU.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.

    Заражено значений реестра:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ati2avxx (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

    Заражено параметров реестра:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Заражено папок:
    (Вредоносные программы не обнаружены)

    Заражено файлов:
    C:\WINDOWS\system32\ati2avxx.exe (Trojan.FakeAlert.H) -> Delete on reboot.
    C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\updater_29_118363602.exe (Trojan.Ransomware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\updater_29_118367554.exe (Trojan.Ransomware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\updater_29_152080483.exe (Trojan.Ransomware) -> Quarantined and deleted successfully.
     
  6. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    а вот и скрипты, зараза вроде бы осталась

    покер люблю, да... :)
     
    Последнее редактирование модератором: 4 апр 2009
  7. iolka
    Оффлайн

    iolka Активный пользователь

    Сообщения:
    1.210
    Симпатии:
    2.684
    AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".

    Код (Text):

    begin
     SearchRootkit(true, true);
     SetAVZGuardStatus(True);
     QuarantineFile('C:\WINDOWS\system32\DRIVERS\wpdusb.sys','');
     QuarantineFile('C:\WINDOWS\system32\IMES.dll','');
     QuarantineFile('fynlphmh.sys','');
     QuarantineFile('C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\ updater_29_118363602.exe','');
     QuarantineFile('C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\ updater_29_118367554.exe','');    
     QuarantineFile('C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\ updater_29_152080483.exe','');
     DeleteFile('fynlphmh.sys');  
     DeleteFile('C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\ updater_29_152080483.exe');
     DeleteFile('C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\ updater_29_118367554.exe');
     DeleteFile('C:\Documents and Settings\Администратор\Local Settings\Application Data\Opera\Маша\profile\cache4\temporary_download\ updater_29_118363602.exe');    
     DeleteFile('C:\WINDOWS\system32\IMES.dll');
     DeleteFile('C:\WINDOWS\system32\DRIVERS\wpdusb.sys');
     DeleteFile('c:\windows\system32\ati2avxx.exe');    
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\mlburmh.exe');
     DeleteFile('E:\autorun.inf');
     DeleteFile('E:\mlburmh.exe');
     DeleteFile('F:\autorun.inf');
     DeleteFile('F:\mlburmh.exe');
     BC_ImportALL;
     ExecuteSysClean;
     BC_Activate;
     ExecuteRepair(6);
     ExecuteRepair(8);
     RegKeyIntParamWrite( 'HKLM', 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum', '{BDEADF00-C265-11D0-BCED-00A0C90AB50F}', 1);
     RebootWindows(true);
    end.
    После выполнения скрипта компьютер перезагрузится.

    Код (Text):

    begin
     CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
    end.
    Полученный архив отправьте на akok<at>pisem.net с указанной ссылкой на тему. (at=@)

    И подготовте полный комплект логов отсюда :
    virusinfo_syscure.zip и virusinfo_syscheck.zip. - со включённым! AVZPM
    log.txt
    info.txt
     
    Последнее редактирование: 4 апр 2009
  8. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    все сделал как сказали, вот логи
     
  9. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.455
    Симпатии:
    13.954
    C:\WINDOWS\system32\IMES.dll - Trojan.Win32.Delf.fjk
    FieryAds.dll - not-a-virus:AdWare.Win32.FearAds.am

    AVZ, меню "Файл - Выполнить скрипт" -- Скопировать ниже написанный скрипт-- Нажать кнопку "Запустить".
    Код (Text):
    begin
     SearchRootkit(true, true);
     SetAVZGuardStatus(true);
     DeleteFile('C:\WINDOWS\system32\aoupbie.dll');
     DeleteFile('c:\windows\system32\ati2avxx.exe');
     DeleteFile('C:\WINDOWS\system32\IMES.dll');
     DeleteFile('C:\autorun.inf');
     DeleteFile('C:\mlburmh.exe');
     DeleteFile('E:\autorun.inf');
     DeleteFile('E:\mlburmh.exe');
     DeleteFile('F:\autorun.inf');
     DeleteFile('F:\mlburmh.exe');
     BC_ImportDeletedList;
     BC_Activate;
     ExecuteRepair(9);
     ExecuteSysClean;
     RebootWindows(true);
    end.
    После выполнения скрипта компьютер перезагрузится.

    Код (Text):
    begin
     CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
    end.


    Пофиксить в HijackThis следующие строчки
    Код (Text):
    O24 - Desktop Component 0: (no name) - http://line.mole.ru/metoyou/16112007_1_02_30_9_15_17_Hcce0eaf1e8-eceae520-f3e6e5 __.gif
    У Вас два антивируса? Вижу Нод и Kaspersky

    Скачайте OTMoveIt3 by OldTimer или с зеркала и сохраните на рабочий стол.
    Запустите OTMoveIt3 (в ОС Windows Vista необходимо запускать через правую кн. мыши от имени администратора)
    временно выключите антивирус, firewall и другое защитное программное обеспечение. Выделите и скопируйте текст ниже (Ctrl+C)
    Код (Text):

    :Processes
    explorer.exe

    :Services
    ati2avxx
    :Files
    C:\WINDOWS\system32\IMES.dll
    C:\WINDOWS\SETE5.tmp
    C:\WINDOWS\SETE8.tmp
    C:\WINDOWS\SETF4.tmp
    C:\WINDOWS\NV1304316.TMP
    C:\WINDOWS\system32\aoupbie.dll
    C:\mlburmh.exe
    C:\WINDOWS\system32\ati2avxx.exe
    :Reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2823fa6d-a5ca-11dd-9686-101111111111}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bb6a18-f471-11dd-9a15-0080482fb263}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e5db280-1c96-11de-9c28-0080482fb263}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495e1be-ed3c-11dd-99b7-0080482fb263}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8715501-a745-11dd-9692-101111111111}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e923c42e-0766-11de-9b18-0080482fb263}]
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
     
    В OTMoveIt3 под панелью "Paste Instructions for Items to be Moved" (под желтой панелью) вставьте скопированный текст и нажмите кнопку "MoveIt!". Выделите (Ctrl+A) и скопируйте (Ctrl+C) текст из окна под панелью "Results" (правая зеленая панель) в следующее сообщение.
    Прим: Если файлы и папки не могут быть перемещены немедленно и появиться запись <deleted on reboot>, потребуется перезагрузка. После перезагрузки откройте папку "C:\_OTMoveIt\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение.
     
  10. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.455
    Симпатии:
    13.954
    Если не облегчения не наступило, то:
    Очистите временные файлы через Пуск-Программы-Стандартные-Служебные-Очистка диска или с помощью ATF Cleaner
    - скачайте ATF Cleaner или с зеркала, запустите, поставьте галочку напротив Select All и нажмите Empty Selected.
    - если вы используете Firefox, нажмите Firefox - Select All - Empty Selected
    - нажмите No, если вы хотите оставить ваши сохраненные пароли
    - если вы используете Opera, нажмите Opera - Select All - Empty Selected
    - нажмите No, если вы хотите оставить ваши сохраненные пароли


    Скачайте SDFix, загрузитесь в безопасном режиме, запустите утилиту (запустить RunThis.bat - подтвердить, нажав "Y"), после окончания сканирования скопируйте текст из C:\Report.txt и вставьте в следующее сообщение или запакуйте файл C:\Report.txt и прикрепите к сообщению
    Описание SDFix есть здесь


    Скачайте ComboFix здесь, здесь или здесь и сохраните на рабочий стол.

    1. Необходимо установить Recovery Console по инструкции - how-to-use-combofix:
    • Скачайте установочный файл для своей ОС и сохраните на рабочий стол.
      Windows XP Professional с пакетом обновления 2 (SP2)
      Windows XP Home Edition с пакетом обновления 2 (SP2)

      Установочный файл Recovery Console для Windows XP SP3 идентичен Windows XP SP2

      Если Вы используете Windows XP с пакетом обновления 1 (SP1) или Исходный выпуск Windows XP, то необходимо обязательно ознакомится со статьей Как получить установочные диски Windows XP и скачать установочный файл Recovery Console, который соответствует виду Вашей системы.

    • Закройте все остальные приложения и мышкой перенесите установочный файл на иконку ComboFix, подтвердите лицензионное соглашение и установите Microsoft Recovery Console.


    2. Внимание! Обязательно закройте все браузеры, временно выключите антивирус, firewall и другое защитное программное обеспечение. Не запускайте других программ во время работы Combofix. Combofix может отключить интернет через некоторое время после запуска, не переподключайте интернет пока Combofix не завершит работу. Если интернет не появился после окончания работы Combofix, перезагрузите компьютер. Во время работы Combofix не нажимайте кнопки мыши, это может стать причиной зависания Combofix.
    3. Запустите combofix.exe, когда процесс завершится, скопируйте текст из C:\ComboFix.txt и вставьте в следующее сообщение или запакуйте файл C:\ComboFix.txt и прикрепите к сообщению.
    Прим: В случае, если ComboFix не запускается, переименуйте combofix.exe в combo-fix.exe


    скачайте Gmer или с зеркала. Запустите программу. После автоматической экспресс-проверки, отметьте галочкой все жесткие диски и нажмите на кнопку Scan. После окончания проверки сохраните его
     
  11. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Service\Driver ati2avxx not found.
    Service\Driver ati2avxx not found.
    ========== FILES ==========
    LoadLibrary failed for C:\WINDOWS\system32\IMES.dll
    C:\WINDOWS\system32\IMES.dll NOT unregistered.
    C:\WINDOWS\system32\IMES.dll moved successfully.
    C:\WINDOWS\SETE5.tmp moved successfully.
    C:\WINDOWS\SETE8.tmp moved successfully.
    C:\WINDOWS\SETF4.tmp moved successfully.
    C:\WINDOWS\NV1304316.TMP moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\aoupbie.dll
    C:\WINDOWS\system32\aoupbie.dll NOT unregistered.
    C:\WINDOWS\system32\aoupbie.dll moved successfully.
    File/Folder C:\mlburmh.exe not found.
    C:\WINDOWS\system32\ati2avxx.exe moved successfully.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2823fa6d-a5ca-11dd-9686-101111111111}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45bb6a18-f471-11dd-9a15-0080482fb263}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e5db280-1c96-11de-9c28-0080482fb263}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8495e1be-ed3c-11dd-99b7-0080482fb263}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8715501-a745-11dd-9692-101111111111}\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e923c42e-0766-11de-9b18-0080482fb263}\\ deleted successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\Администратор\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Network Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_192558

    Files moved on Reboot...
     
  12. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.455
    Симпатии:
    13.954
    Как состояние?
     
  13. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    HijackThis не запускается, процесс ati2avxx висит
     
  14. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.455
    Симпатии:
    13.954
  15. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    попробывать SDfix не получилось, компьютер не загружаетя в безопаном режиме
     
  16. akok
    Оффлайн

    akok Команда форума Администратор

    Сообщения:
    12.455
    Симпатии:
    13.954
    Пропускаем шаг.
     
  17. antispy
    Оффлайн

    antispy Активный пользователь

    Сообщения:
    107
    Симпатии:
    450
    Поробуйте в IceSword: Запустите программу.
    Появится аналог проводника. Найдите в нем файл C:\WINDOWS\system32\ati2avxx.exe
     
  18. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    пропускаем..
     
    Последнее редактирование: 6 апр 2009
  19. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    к сожалению, Айссворд тоже не загружается
     
  20. adamgills
    Оффлайн

    adamgills Активный пользователь

    Сообщения:
    14
    Симпатии:
    0
    после комбыча вроде все нормально стало, Нод заработал...
    вот логи посмотрите
     
Статус темы:
Закрыта.

Поделиться этой страницей