Plik nvsvc32.exe-wirus z facebooka

**Posty:** 1 · przez **guzikjg** 10 Sty 2011, 21:17

mam doładnie ten sam problem.
Moja siostra otworzyła owy link z FB, i rozdała później tego wirusa całej rodzinie. Próbowałam usuwac różnymi antywirusami, ale nic to nie pomogło. Wklejam więc owe logi z programu OTL.

Windows XP 32-bitowy.

Log OTL.txt ---> http://www.wklej.org/id/454397/

extras.txt ----> http://www.wklej.org/id/454416/

Windows XP 32- bitowy z nakładką CrystalXP (OLA, żeby byo łatwiej)

extras.txt ----> http://www.wklej.org/id/454434/
logOtl.txt -----> http://www.wklej.org/id/454439/

Bardzo proszę o pomoc, wirus jest wyjątkowo uciążliwy, a nie potrafię usunąć go sama...

**Posty:** 18165 · przez **wojtas** 10 Sty 2011, 21:47

a Gdzie log z Gmera ? też jest wymagany u nas...
jest też infekcja z pendriva:
1 komp:

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
O4 - HKU\S-1-5-21-1177238915-746137067-1343024091-1004..\Run: [amva] C:\WINDOWS\system32\amvo.exe ()
O32 - AutoRun File - [2011-01-10 19:28:24 | 000,000,392 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-06-03 19:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008-05-27 15:40:14 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0d51f900-10d7-11e0-be25-c02e42b8de10}\Shell - "" = AutoRun
O33 - MountPoints2\{0d51f900-10d7-11e0-be25-c02e42b8de10}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008-06-03 19:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{25995041-15bf-11e0-be44-00096b5febc4}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{7355cdc0-10d6-11e0-be24-b986dac3a110}\Shell - "" = AutoRun
O33 - MountPoints2\{7355cdc0-10d6-11e0-be24-b986dac3a110}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008-06-03 19:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c6d48940-1784-11e0-be4c-00096b5febc4}\Shell\AutoRun\command - "" = E:\2.exe -- File not found
O33 - MountPoints2\{c6d48940-1784-11e0-be4c-00096b5febc4}\Shell\open\Command - "" = E:\2.exe -- File not found
O33 - MountPoints2\{d19d8860-1cdf-11e0-be5d-00096b5febc4}\Shell\AutoRun\command - "" = E:\2.exe -- File not found
O33 - MountPoints2\{d19d8860-1cdf-11e0-be5d-00096b5febc4}\Shell\open\Command - "" = E:\2.exe -- File not found
O33 - MountPoints2\{e3d33e80-10fd-11e0-be28-d93963fbbf32}\Shell - "" = AutoRun
O33 - MountPoints2\{e3d33e80-10fd-11e0-be28-d93963fbbf32}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008-06-03 19:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e3d33e82-10fd-11e0-be28-d93963fbbf32}\Shell - "" = AutoRun
O33 - MountPoints2\{e3d33e82-10fd-11e0-be28-d93963fbbf32}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008-06-03 19:46:20 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:3078E216

:Files
autorun.inf /alldrives
2.exe /alldrives
RECYCLER /alldrives
C:\WINDOWS\tasks\SystemToolsDailyTest.job
C:\WINDOWS\System32\cvnmhg0.dll
C:\WINDOWS\System32\cvnmhg1.dll
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\bootstat.dat
C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). Przy podpiętym urządzeniu przenośnym (pendrive, telefon - to co jest podłączane do kompa) , uruchom USBFIX z opcji Listing i pokaż raport na forum.

podobnie robisz z 2 kompem:
w panelu sterowania odinstaluj Ask.com

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
MOD - [2011-01-10 18:24:29 | 000,089,600 | RHS- | M] () -- C:\WINDOWS\system32\cvnmhg0.dll
SRV - File not found [Disabled | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -- (McShield)
O4 - HKU\S-1-5-21-802903181-1686869318-1197383242-1005..\Run: [amva] C:\WINDOWS\system32\amvo.exe ()
O32 - AutoRun File - [2011-01-10 19:59:44 | 000,000,392 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-01-10 19:59:44 | 000,000,392 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011-01-10 19:59:46 | 000,000,392 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{1852a194-0db2-11df-b3fb-0c6076e27f7c}\Shell - "" = AutoRun
O33 - MountPoints2\{1852a194-0db2-11df-b3fb-0c6076e27f7c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{215d8200-d580-11de-b3ac-002454158d55}\Shell - "" = AutoRun
O33 - MountPoints2\{215d8200-d580-11de-b3ac-002454158d55}\Shell\AutoRun\command - "" = E:\Launcher.exe -- File not found
O33 - MountPoints2\{3779a7ce-93dd-11de-ae2d-001377b526a5}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found
O33 - MountPoints2\{3c7e1d6a-14db-11e0-b5f5-0c6076e27f7c}\Shell\AutoRun\command - "" = E:\2.exe -- [2009-01-12 06:36:54 | 000,107,555 | RHS- | M] ()
O33 - MountPoints2\{3c7e1d6a-14db-11e0-b5f5-0c6076e27f7c}\Shell\open\Command - "" = E:\2.exe -- [2009-01-12 06:36:54 | 000,107,555 | RHS- | M] ()
O33 - MountPoints2\{5d0dc2f2-ee6a-11df-b57f-a3786a268bbe}\Shell - "" = AutoRun
O33 - MountPoints2\{5d0dc2f2-ee6a-11df-b57f-a3786a268bbe}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{86f8f98c-d580-11de-b3ad-002454158d55}\Shell - "" = AutoRun
O33 - MountPoints2\{86f8f98c-d580-11de-b3ad-002454158d55}\Shell\AutoRun\command - "" = F:\Launcher.exe -- File not found
O33 - MountPoints2\{90cc938e-48a7-11df-b4b1-0c6076e27f7c}\Shell\AutoRun\command - "" = E:\2.exe -- [2009-01-12 06:36:54 | 000,107,555 | RHS- | M] ()
O33 - MountPoints2\{90cc938e-48a7-11df-b4b1-0c6076e27f7c}\Shell\open\Command - "" = E:\2.exe -- [2009-01-12 06:36:54 | 000,107,555 | RHS- | M] ()
O33 - MountPoints2\{9994e9c4-d6bc-11de-b3b9-002454158d55}\Shell - "" = AutoRun
O33 - MountPoints2\{9994e9c4-d6bc-11de-b3b9-002454158d55}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c31360aa-014b-11df-b3e1-0c6076e27f7c}\Shell - "" = AutoRun
O33 - MountPoints2\{c31360aa-014b-11df-b3e1-0c6076e27f7c}\Shell\AutoRun\command - "" = E:\Launcher.exe -- File not found
O33 - MountPoints2\{e5ac35c8-d6bd-11de-b3ba-002454158d55}\Shell - "" = AutoRun
O33 - MountPoints2\{e5ac35c8-d6bd-11de-b3ba-002454158d55}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{fe70baa2-1519-11e0-b5f6-0c6076e27f7c}\Shell\AutoRun\command - "" = E:\2.exe -- [2009-01-12 06:36:54 | 000,107,555 | RHS- | M] ()
O33 - MountPoints2\{fe70baa2-1519-11e0-b5f6-0c6076e27f7c}\Shell\open\Command - "" = E:\2.exe -- [2009-01-12 06:36:54 | 000,107,555 | RHS- | M] ()
O33 - MountPoints2\{fe70baa3-1519-11e0-b5f6-0c6076e27f7c}\Shell\AutoRun\command - "" = F:\2.exe -- File not found
O33 - MountPoints2\{fe70baa3-1519-11e0-b5f6-0c6076e27f7c}\Shell\open\Command - "" = F:\2.exe -- File not found

:Files
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
autorun.inf /alldrives
C:\WINDOWS\System32\ddr.exe
2.exe /alldrives
C:\WINDOWS\System32\amvo.exe
C:\WINDOWS\System32\cvnmhg0.dll

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""

:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie). Przy podpiętym urządzeniu przenośnym (pendrive, telefon - to co jest podłączane do kompa) , uruchom USBFIX z opcji Listing i pokaż raport na forum.

reasumując dajesz log z Gmera z kompa 32 bitowego, z każdego nowy log z OTL i z każdego log z USBFix