yordanp Публикувано Септември 11, 2008 Report Share Публикувано Септември 11, 2008 Здравейте, компа ми работи суупер бавно, интернета също, някой от функциите му не работят, ясно е че имам вируси. Тъй-като имам касперски и го пуснах да сканира откри ми някви троянци и други подобни- изтрих ги, но въпреки това няма промени, даже май е по-зле. Та и въпроса ми е дали, ако се преинсталира компа ще се изчистят всички гадини, или ще трябва да търся някаква друга алтернатива? Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Септември 11, 2008 Report Share Публикувано Септември 11, 2008 Ако преинсталираш Windows с форматиране на системния дял, заплахите трябва да изчезнат. И все пак това обикновено е крайната мярка, когато нищо друго не помага.Изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно.Изтегли Autoruns, след това стартирай програмата и направи следното:1) избери Options -> Hide Microsoft Entries;2) кликни File -> Refresh;3) кликни File -> Export...;4) запази файла някъде и след това го прикачи към темата или му копирай съдържанието. Цитирай Link to comment Сподели другаде More sharing options...
yordanp Публикувано Септември 11, 2008 Author Report Share Публикувано Септември 11, 2008 file-hijackthis.log Logfile of HijackThis v1.99.1Scan saved at 13:20:16, on 11.9.2008 г.Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kana Launcher\Launcher.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Jordan\Desktop\alabala\alabala.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll (file missing)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: D - {2560EC68-2FF4-39DF-8AA6-D1654D543DB2} - C:\WINDOWS\system32\mmx98863.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dllO2 - BHO: (no name) - {5AF9D01A-4D94-46BA-9B08-472018CA8CCC} - C:\WINDOWS\system32\yaywtTjK.dllO2 - BHO: (no name) - {F22B7E8D-83B6-4369-A6B6-35312541D85F} - C:\WINDOWS\system32\mlJbccbc.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [\YUR78.exe] C:\Windows\system32\YUR78.exeO4 - HKLM\..\Run: [\YUR7D.exe] C:\Windows\system32\YUR7D.exeO4 - HKLM\..\Run: [\YUR7E.exe] C:\Windows\system32\YUR7E.exeO4 - HKLM\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exeO4 - HKLM\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exeO4 - HKLM\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exeO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [1c5ccb79] rundll32.exe "C:\WINDOWS\system32\yjbpsuut.dll",bO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Kana Launcher] C:\Program Files\Kana Launcher\Launcher.exeO4 - HKCU\..\Run: [\YUR78.exe] C:\Windows\system32\YUR78.exeO4 - HKCU\..\Run: [\YUR7D.exe] C:\Windows\system32\YUR7D.exeO4 - HKCU\..\Run: [\YUR7E.exe] C:\Windows\system32\YUR7E.exeO4 - HKCU\..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exeO4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exeO4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211125045855O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - O17 - HKLM\System\CCS\Services\Tcpip\..\{E01BE598-CFF2-4A8E-ADB3-CFE940B64CF4}: NameServer = 193.92.150.3 194.219.227.2O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: mlJbccbc - C:\WINDOWS\SYSTEM32\mlJbccbc.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Септември 11, 2008 Report Share Публикувано Септември 11, 2008 Моля, пусни LOG от Autoruns както съм инструктирал - скрий обектите на Microsoft. Цитирай Link to comment Сподели другаде More sharing options...
yordanp Публикувано Септември 11, 2008 Author Report Share Публикувано Септември 11, 2008 Моля, пусни LOG от Autoruns както съм инструктирал - скрий обектите на Microsoft. File-AutoRuns.txt HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + 1c5ccb79 c:\windows\system32\yjbpsuut.dll+ \YUR1.exe File not found: C:\Windows\system32\YUR1.exe+ \YUR2.exe File not found: C:\Windows\system32\YUR2.exe+ \YUR3.exe File not found: C:\Windows\system32\YUR3.exe+ \YUR78.exe File not found: C:\Windows\system32\YUR78.exe+ \YUR7D.exe File not found: C:\Windows\system32\YUR7D.exe+ \YUR7E.exe File not found: C:\Windows\system32\YUR7E.exe+ AVP Kaspersky Anti-Virus Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe+ CnxDslTaskBar TaskBar Application Conexant Systems Inc. c:\program files\crypto\accessrunner adsl\cnxdsltb.exe+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. c:\windows\soundman.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run + \YUR1.exe File not found: C:\Windows\system32\YUR1.exe+ \YUR2.exe File not found: C:\Windows\system32\YUR2.exe+ \YUR3.exe File not found: C:\Windows\system32\YUR3.exe+ \YUR78.exe File not found: C:\Windows\system32\YUR78.exe+ \YUR7D.exe File not found: C:\Windows\system32\YUR7D.exe+ \YUR7E.exe File not found: C:\Windows\system32\YUR7E.exe+ Kana Launcher Program launcher Kana Solution c:\program files\kana launcher\launcher.exeHKLM\SOFTWARE\Classes\Protocols\Handler + skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dllHKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:HomeHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + mljbccbc.dll c:\windows\system32\mljbccbc.dllHKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll+ MRACMenu c:\program files\mail.ru\agent\mra\dll\mramenu.dllHKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dllHKLM\Software\Classes\Directory\Shellex\DragDropHandlers + ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dllHKLM\Software\Classes\Folder\Shellex\ColumnHandlers + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dllHKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll+ ImageResizer ImageResizer Shell Extension VSO Software c:\program files\vso\image resizer\rszshell.dll+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dllHKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers + ACE ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll+ ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + ALZip 4.0 Context Menu Shell Extension ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll+ Display Panning CPL Extension File not found: deskpan.dll+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\k-lite codec pack\real\rpshell.dll+ UnlockerShellExtension c:\program files\unlocker\unlockercom.dll+ Web Anti-Virus statistics Script Monitor Internet Explorer plugin Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\scieplgn.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll+ BitComet Helper BitCometBHO BitComet c:\program files\bitcomet\tools\bitcometbho_1.1.3.28.dll+ {5AF9D01A-4D94-46BA-9B08-472018CA8CCC} c:\windows\system32\yaywttjk.dll+ {F22B7E8D-83B6-4369-A6B6-35312541D85F} c:\windows\system32\mljbccbc.dllHKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + newmrasearch.dll File not found: C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dllHKLM\System\CurrentControlSet\Services + Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe+ AVP Provides protection against computer viruses and another dangerous software. Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe+ O&O Defrag O&O Defragmentation Service O&O Software GmbH c:\windows\system32\oodag.exeHKLM\System\CurrentControlSet\Services + ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys+ AmdPPM AMD Processor Driver Advanced Micro Devices c:\windows\system32\drivers\amdppm.sys+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys+ CnxEtP Conexant USB WDM Conexant c:\windows\system32\drivers\cnxetp.sys+ CnxEtU Conexant USB WDM Conexant c:\windows\system32\drivers\cnxetu.sys+ CnxTgN NDIS 5.0 WAN driver for PCI ADSL adapter Conexant Systems Inc. c:\windows\system32\drivers\cnxtgn.sys+ ctsfm2k SoundFont® Manager (WDM) Creative Technology Ltd c:\windows\system32\drivers\ctsfm2k.sys+ EL90X File not found: system32\DRIVERS\el90xnd5.sys+ FileDisk FileDisk Virtual Disk Driver iolo technologies, LLC (based on original work by Bo Branten) c:\windows\system32\drivers\filedisk.sys+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys+ kl1 Kl1 Kaspersky Lab c:\windows\system32\drivers\kl1.sys+ klif Klif Kaspersky Lab c:\windows\system32\drivers\klif.sys+ klim5 Kaspersky Lab Intermediate Network Driver Kaspersky Lab c:\windows\system32\drivers\klim5.sys+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys+ MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys+ NVENETFD NVIDIA Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvenetfd.sys+ nvnetbus NVIDIA Networking Bus Driver. NVIDIA Corporation c:\windows\system32\drivers\nvnetbus.sys+ ossrv Creative OS Services Driver (WDM) Creative Technology Ltd. c:\windows\system32\drivers\ctoss2k.sys+ P17 File not found: system32\drivers\P17.sys+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys+ pfc Padus® ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys+ ssm_bus Samsung Mobile USB Device II 1.0 Driver MCCI c:\windows\system32\drivers\ssm_bus.sys+ ssm_mdm Samsung Mobile USB Port II 1.0 Drivers MCCI c:\windows\system32\drivers\ssm_mdm.sys+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sysHKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + OODBS O&O BootTimeDefrag O&O Software GmbH c:\windows\system32\oodbs.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll+ klogon Logon Visualizer Kaspersky Lab c:\windows\system32\klogon.dll+ mlJbccbc c:\windows\system32\mljbccbc.dllHKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages + C:\WINDOWS\system32\yaywtTjK c:\windows\system32\yaywttjk.dll Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Септември 11, 2008 Report Share Публикувано Септември 11, 2008 Лошо! Има доооста проблемни обекти.Изтегли SUPERAntiSpyware Free и Malwarebytes' Anti-Malware, обнови ги преди да сканираш и след това сканирай. Ето как:- в SUPERAntiSpyware кликни Scan your Computer, вляво избери дял C:, вдясно кликни Perform Complete Scan и накрая кликни Next, за да започне сканирането. Премахни всички обекти, които програмата открие.- в Malwarebytes' Anti-Malware избери Perform quick scan и кликни бутон Scan. Също премахни всички открити обекти.След това рестартирай и направи това:Изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно.Изтегли Autoruns, след това стартирай програмата и направи следното:1) избери Options -> Hide Microsoft and Windows Entries;2) кликни File -> Refresh;3) кликни File -> Export...;4) запази файла някъде и след това го прикачи към темата или му копирай съдържанието. Цитирай Link to comment Сподели другаде More sharing options...
yordanp Публикувано Септември 11, 2008 Author Report Share Публикувано Септември 11, 2008 hijackthis.log Logfile of HijackThis v1.99.1Scan saved at 15:32:35, on 11.9.2008 г.Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kana Launcher\Launcher.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\System32\svchost.exeC:\Documents and Settings\Jordan\Desktop\alabala\alabala.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll (file missing)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dllO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Crypto\AccessRunner ADSL\CnxDslTb.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Kana Launcher] C:\Program Files\Kana Launcher\Launcher.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1211125045855O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - O17 - HKLM\System\CCS\Services\Tcpip\..\{E01BE598-CFF2-4A8E-ADB3-CFE940B64CF4}: NameServer = 193.92.150.3 194.219.227.2O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exeO23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice (file missing)O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe AutoRuns.txt HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + AVP Kaspersky Anti-Virus Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe+ CnxDslTaskBar TaskBar Application Conexant Systems Inc. c:\program files\crypto\accessrunner adsl\cnxdsltb.exe+ SoundMan Realtek Sound Manager Realtek Semiconductor Corp. c:\windows\soundman.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run + Kana Launcher Program launcher Kana Solution c:\program files\kana launcher\launcher.exe+ SUPERAntiSpyware SUPERAntiSpyware Application SUPERAntiSpyware.com c:\program files\superantispyware\superantispyware.exeHKLM\SOFTWARE\Classes\Protocols\Handler + skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dllHKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:HomeHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + SABShellExecuteHook Class ShellExecuteHook SuperAdBlocker.com c:\program files\superantispyware\sasseh.dllHKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll+ MRACMenu c:\program files\mail.ru\agent\mra\dll\mramenu.dll+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dllHKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers + MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dllHKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dllHKLM\Software\Classes\Directory\Shellex\DragDropHandlers + ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dllHKLM\Software\Classes\Folder\Shellex\ColumnHandlers + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dllHKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll+ ImageResizer ImageResizer Shell Extension VSO Software c:\program files\vso\image resizer\rszshell.dll+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\shellex.dll+ MagicISO MagicISO Shell Extension Module MagicISO, Inc. c:\program files\magiciso\misosh.dll+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation c:\program files\malwarebytes' anti-malware\mbamext.dllHKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers + ACE ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll+ ALZip ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + ALZip 4.0 Context Menu Shell Extension ALZip ContextMenu Module ESTsoft c:\program files\estsoft\alzip\azctm.dll+ Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll+ Display Panning CPL Extension File not found: deskpan.dll+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\k-lite codec pack\real\rpshell.dll+ UnlockerShellExtension c:\program files\unlocker\unlockercom.dll+ Web Anti-Virus statistics Script Monitor Internet Explorer plugin Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\scieplgn.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll+ BitComet Helper BitCometBHO BitComet c:\program files\bitcomet\tools\bitcometbho_1.1.3.28.dllHKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + newmrasearch.dll File not found: C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dllHKLM\System\CurrentControlSet\Services + Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe+ AVP Provides protection against computer viruses and another dangerous software. Kaspersky Lab c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe+ O&O Defrag O&O Defragmentation Service O&O Software GmbH c:\windows\system32\oodag.exeHKLM\System\CurrentControlSet\Services + ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys+ AmdPPM AMD Processor Driver Advanced Micro Devices c:\windows\system32\drivers\amdppm.sys+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys+ CnxEtP Conexant USB WDM Conexant c:\windows\system32\drivers\cnxetp.sys+ CnxEtU Conexant USB WDM Conexant c:\windows\system32\drivers\cnxetu.sys+ CnxTgN NDIS 5.0 WAN driver for PCI ADSL adapter Conexant Systems Inc. c:\windows\system32\drivers\cnxtgn.sys+ ctsfm2k SoundFont® Manager (WDM) Creative Technology Ltd c:\windows\system32\drivers\ctsfm2k.sys+ EL90X File not found: system32\DRIVERS\el90xnd5.sys+ FileDisk FileDisk Virtual Disk Driver iolo technologies, LLC (based on original work by Bo Branten) c:\windows\system32\drivers\filedisk.sys+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys+ kl1 Kl1 Kaspersky Lab c:\windows\system32\drivers\kl1.sys+ klif Klif Kaspersky Lab c:\windows\system32\drivers\klif.sys+ klim5 Kaspersky Lab Intermediate Network Driver Kaspersky Lab c:\windows\system32\drivers\klim5.sys+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys+ MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys+ NVENETFD NVIDIA Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvenetfd.sys+ nvnetbus NVIDIA Networking Bus Driver. NVIDIA Corporation c:\windows\system32\drivers\nvnetbus.sys+ ossrv Creative OS Services Driver (WDM) Creative Technology Ltd. c:\windows\system32\drivers\ctoss2k.sys+ P17 File not found: system32\drivers\P17.sys+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys+ pfc Padus® ASPI Shell Padus, Inc. c:\windows\system32\drivers\pfc.sys+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys+ SASDIFSV SASDIFSV.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasdifsv.sys+ SASENUM SASENUM.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\sasenum.sys+ SASKUTIL SASKUTIL.SYS SUPERAdBlocker.com and SUPERAntiSpyware.com c:\program files\superantispyware\saskutil.sys+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys+ ssm_bus Samsung Mobile USB Device II 1.0 Driver MCCI c:\windows\system32\drivers\ssm_bus.sys+ ssm_mdm Samsung Mobile USB Port II 1.0 Drivers MCCI c:\windows\system32\drivers\ssm_mdm.sys+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sysHKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + OODBS O&O BootTimeDefrag O&O Software GmbH c:\windows\system32\oodbs.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + !SASWinLogon SUPERAntiSpyware WinLogon Processor SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll+ AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll+ klogon Logon Visualizer Kaspersky Lab c:\windows\system32\klogon.dllHKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages + C:\WINDOWS\system32\yaywtTjK File not found: C:\WINDOWS\system32\yaywtTjK Mbam-log-2.txt Malwarebytes' Anti-Malware 1.28Database version: 1138Windows 5.1.2600 Service Pack 2 11.9.2008 г. 15:26:35mbam-log-2008-09-11 (15-26-25).txt Scan type: Quick ScanObjects scanned: 41496Time elapsed: 4 minute(s), 33 second(s) Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 3Registry Values Infected: 13Registry Data Items Infected: 2Folders Infected: 0Files Infected: 13 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:C:\WINDOWS\system32\yjbpsuut.dll (Trojan.Vundo) -> No action taken. Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken. Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1c5ccb79 (Trojan.Vundo.H) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur78.exe (Trojan.Agent) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7d.exe (Trojan.Agent) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7e.exe (Trojan.Agent) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> No action taken.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur78.exe (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7d.exe (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur7e.exe (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur1.exe (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur2.exe (Trojan.Agent) -> No action taken.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\yur3.exe (Trojan.Agent) -> No action taken. Registry Data Items Infected:HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> No action taken. Folders Infected:(No malicious items detected) Files Infected:C:\WINDOWS\system32\yjbpsuut.dll (Trojan.Vundo.H) -> No action taken.C:\WINDOWS\system32\tuuspbjy.ini (Trojan.Vundo.H) -> No action taken.C:\WINDOWS\system32\mx98863.dll (Trojan.FakeAlert) -> No action taken.C:\x (Trojan.FakeAlert) -> No action taken.C:\Documents and Settings\Jordan\Local Settings\Temp\IXP001.TMP\IIFWBM~1.EXE (Trojan.Agent) -> No action taken.C:\Documents and Settings\Jordan\Local Settings\Temporary Internet Files\Content.IE5\BP7UP229\CAC9QJCP (Trojan.Vundo) -> No action taken.C:\Documents and Settings\Jordan\Local Settings\Temporary Internet Files\Content.IE5\PV1WWJAJ\upd105320[1] (Trojan.Vundo) -> No action taken.C:\Program Files\MSA\msa0.dat (Rogue.MSAntivirus) -> No action taken.C:\Program Files\MSA\msa1.dat (Rogue.MSAntivirus) -> No action taken.C:\Program Files\MSA\MSA.ooo (Rogue.MSAntivirus) -> No action taken.C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.C:\WINDOWS\mqgldfvo.exe (Trojan.FakeAlert) -> No action taken.C:\Documents and Settings\Jordan\Application Data\Adobe\Manager.exe (Trojan.Agent) -> No action taken. за SUPERAntiSpywaresss не успях да създада лог файл, но ми откри 79зарази :( Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Септември 11, 2008 Report Share Публикувано Септември 11, 2008 Първо. Според LOG-а на Malwarebytes' Anti-Malware не си предприел никакви действия, затова ще попитам: когато сканирането приключи, кой бутон натисна: Remove Selected или някой друг? В HijackThis можеш да поставиш отметки на следните обекти, след което да кликнеш Fix checked:R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll (file missing)O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) В Autoruns можеш да изтриеш следните обекти::+ newmrasearch.dll File not found: C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll+ C:\WINDOWS\system32\yaywtTjK File not found: C:\WINDOWS\system32\yaywtTjK Като изключим тези неща, логовете вече са чисти. Има някои излишни неща според мен, но няма нищо опасно. Цитирай Link to comment Сподели другаде More sharing options...
yordanp Публикувано Септември 11, 2008 Author Report Share Публикувано Септември 11, 2008 Първо. Според LOG-а на Malwarebytes' Anti-Malware не си предприел никакви действия, затова ще попитам: когато сканирането приключи, кой бутон натисна: Remove Selected или някой друг? В HijackThis можеш да поставиш отметки на следните обекти, след което да кликнеш Fix checked: В Autoruns можеш да изтриеш следните обекти:: Като изключим тези неща, логовете вече са чисти. Има някои излишни неща според мен, но няма нищо опасно. Да, във последствие натиснах бутона Remove Selected, всичко е изтрито. Променините бяха направени. Усещам че компютъра ми взе да диша по спокойно ! Благодаря за съветите!!! Цитирай Link to comment Сподели другаде More sharing options...
popo Публикувано Декември 29, 2008 Report Share Публикувано Декември 29, 2008 Здравейте.Аз имам подобен проблем-компа ми бави,променят ми се пароли,някой ми влиза във WoW акаунта.Сканирам с Касперски и той не открива нищо.Ще се радвам да ми помогнете защото вече сериозно мисля за преинстал на Уиндоус. hijackthis.log Logfile of HijackThis v1.99.1Scan saved at 12:42:05, on 29.12.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeE:\Skype\Phone\Skype.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeE:\Skype\Plugin Manager\skypePM.exeC:\Documents and Settings\user\Desktop\alabala.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\ievkbd.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Помощ за влизане на Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exeO4 - HKLM\..\Run: [vsttfnv] C:\Program Files\Common Files\Microsoft Shared\sirwnmi.exeO4 - HKLM\..\Run: [mxlrqdc] C:\Program Files\Common Files\System\sudlces.exeO4 - HKLM\..\Run: [AVP] "E:\Program Files\avp.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [skype] "E:\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exeO4 - Startup: Registration Driver Parallel Lines.LNK = E:\Games\Driver-Parallel lines\Register\RegistrationReminder.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\SCIEPlgn.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [iNTERNATIONAL] International*O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLLO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: E:\PROGRA~1\mzvkbd.dll,E:\PROGRA~1\mzvkbd3.dllO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - E:\Program Files\avp.exe" -r (file missing)O23 - Service: Eset HTTP Server (EHttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe А ето и лога от Autoruns HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe+ AVP Kaspersky Anti-Virus Kaspersky Lab e:\program files\avp.exe+ egui File not found: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe+ mxlrqdc File not found: C:\Program Files\Common Files\System\sudlces.exe+ NodLogin File not found: C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll+ vsttfnv File not found: C:\Program Files\Common Files\Microsoft Shared\sirwnmi.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup + InterVideo WinCinema Manager.lnk WinCinema Manager c:\program files\intervideo\common\bin\wincinemamgr.exeC:\Documents and Settings\user\Start Menu\Programs\Startup + Registration Driver Parallel Lines.LNK File not found: E:\Games\Driver-Parallel lines\Register\RegistrationReminder.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Run + Skype Skype Skype Technologies S.A. e:\skype\phone\skype.exe+ vamsoft c:\windows\system32\vamsoft.exeHKLM\SOFTWARE\Classes\Protocols\Handler + skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dllHKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:HomeHKLM\SOFTWARE\Microsoft\Active Setup\Installed Components + n/a File not found: C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exeHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks + krni32drv.dll File not found: C:\WINDOWS\system32\krni32drv.dllHKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + 7-Zip 7-Zip Shell Extension Igor Pavlov c:\program files\7-zip\7-zip.dll+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab e:\program files\shellex.dll+ NBShellHook Class Nero BackItUp Application Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + 7-Zip 7-Zip Shell Extension Igor Pavlov c:\program files\7-zip\7-zip.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Shellex\DragDropHandlers + 7-Zip 7-Zip Shell Extension Igor Pavlov c:\program files\7-zip\7-zip.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Shellex\CopyHookHandlers + Nokia Phone Browser Nokia c:\program files\nokia\nokia pc suite 6\phonebrowser.dllHKLM\Software\Classes\Folder\Shellex\ColumnHandlers + NeroDigitalColumnHandler Class Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dllHKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab e:\program files\shellex.dll+ NBShellHook Class Nero BackItUp Application Nero AG c:\program files\nero\nero 7\nero backitup\nbshell.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers + 00nView NVIDIA Desktop Explorer, Version 110.48 NVIDIA Corporation c:\windows\system32\nvshell.dll+ NvCplDesktopContext NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll+ XpertVisionShlExt TBPanelExt Module c:\program files\xpertvision\tbpanelext.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + 7-Zip Shell Extension 7-Zip Shell Extension Igor Pavlov c:\program files\7-zip\7-zip.dll+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.48 NVIDIA Corporation c:\windows\system32\nvshell.dll+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.48 NVIDIA Corporation c:\windows\system32\nvshell.dll+ Display Panning CPL Extension File not found: deskpan.dll+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll+ NeroDigitalIconHandler Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll+ NeroDigitalPropSheetHandler Nero Digital Shell Extension Nero AG c:\program files\common files\ahead\lib\nerodigitalext.dll+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.48 NVIDIA Corporation c:\windows\system32\nvshell.dll+ PhoneBrowser Phone Browser Nokia c:\program files\nokia\nokia pc suite 6\phonebrowser.dll+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll+ Web traffic protection statistics Script Monitor Internet Explorer plugin Kaspersky Lab e:\program files\scieplgn.dll+ WinRAR shell extension c:\program files\winrar\rarext.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll+ IEVkbdBHO Class IE Virtual Keyboard Kaspersky Lab e:\program files\ievkbd.dll+ Megaupload Toolbar MegaUpload Toolbar MEGAUPLOAD c:\program files\megauploadtoolbar\megauploadtoolbar.dllHKLM\Software\Microsoft\Internet Explorer\Extensions + ICQ6 ICQ Library ICQ, Inc. c:\program files\icq6\icq.exeHKLM\System\CurrentControlSet\Services + AVP Provides protection against viruses and other malicious software. Kaspersky Lab e:\program files\avp.exe+ ekrn Eset Service File not found: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exeHKLM\System\CurrentControlSet\Services + ADIHdAudAddService High Definition Audio Function Driver(Release Candidate 1) Analog Devices, Inc. c:\windows\system32\drivers\adihdaud.sys+ AEAudioService Andrea Audio Noise Cancellation Driver Andrea Electronics Corporation c:\windows\system32\drivers\aeaudio.sys+ AVPsys File not found: C:\WINDOWS\system32\drivers\cdaudio.sys+ Cardex Display Control Program Windows ® 2000 DDK provider c:\windows\system32\drivers\tbpanel.sys+ Cdaudio File not found: C:\WINDOWS\System32\Drivers\Cdaudio.sys+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys+ dtscsi c:\windows\system32\drivers\dtscsi.sys+ eamon Eset file on-access scanner ESET c:\windows\system32\drivers\eamon.sys+ ENTECH EnTech Taiwan c:\windows\system32\drivers\entech.sys+ epfwtdir EPFW Filter Driver c:\windows\system32\drivers\epfwtdir.sys+ hamachi Hamachi Virtual Network Interface Driver LogMeIn, Inc. c:\windows\system32\drivers\hamachi.sys+ HdAudAddService High Definition Audio Function Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudio.sys+ HDAudBus High Definition Audio Bus Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys+ InCDPass File not found: system32\drivers\InCDPass.sys+ InCDRm File not found: system32\drivers\InCDRm.sys+ kl1 Kl1 Kaspersky Lab c:\windows\system32\drivers\kl1.sys+ klbg Kaspersky Lab Boot Guard Kaspersky Lab c:\windows\system32\drivers\klbg.sys+ KLFLTDEV Kaspersky Lab Pnp Device Filter Kaspersky Lab c:\windows\system32\drivers\klfltdev.sys+ KLIF Kaspersky Lab Interceptor and Filter Kaspersky Lab c:\windows\system32\drivers\klif.sys+ klim5 Kaspersky Lab Intermediate Network Driver Kaspersky Lab c:\windows\system32\drivers\klim5.sys+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys+ MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys+ Nokia USB Generic Nokia USB Phone Generic Client Nokia c:\windows\system32\drivers\nmwcdc.sys+ Nokia USB Modem Nokia USB Phone Modem Client Nokia c:\windows\system32\drivers\nmwcdcm.sys+ Nokia USB Phone Parent Nokia USB Phone Bus Driver Nokia c:\windows\system32\drivers\nmwcd.sys+ Nokia USB Port Nokia USB Phone Modem Client Nokia c:\windows\system32\drivers\nmwcdcj.sys+ NPF npf.sys (NT5/6 x86) Kernel Driver CACE Technologies c:\windows\system32\drivers\npf.sys+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.47 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys+ Revolution1 File not found: C:\Documents and Settings\user\Desktop\SHAK3.sys+ RTLE8023xp Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtenicxp.sys+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys+ SenFiltService Sensaura WDM 3D Audio Driver Sensaura c:\windows\system32\drivers\senfilt.sys+ sptd c:\windows\system32\drivers\sptd.sys+ TBPanel Display Control Program Windows ® 2000 DDK provider c:\windows\system32\drivers\tbpanel.sys+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys+ XScanPF File not found: C:\Documents and Settings\user\Desktop\Hacking\X-Scan-v3.3\dat\xpf.sysHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls + E:\PROGRA~1\mzvkbd.dll Mozilla 2 Virtual Keyboard Kaspersky Lab e:\program files\mzvkbd.dll+ E:\PROGRA~1\mzvkbd3.dll Mozilla 3 Virtual Keyboard Kaspersky Lab e:\program files\mzvkbd3.dllHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + klogon Logon Visualizer Kaspersky Lab c:\windows\system32\klogon.dllHKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors + PDFConverter c:\windows\system32\pdfmonnt.dll Цитирай Link to comment Сподели другаде More sharing options...
Maniac Публикувано Декември 29, 2008 Report Share Публикувано Декември 29, 2008 Да, ти в действителност си заразен, но проблемът е, че имаш две антивирусни програми, които си пречат и в крайна сметка не си защитен. 1. Деинсталирай Kaspersky, като използваш този инструмент:http://4storing.com/z4umg/fe9efad32c8958dd...ac0aa63bf3.html 2. Деинсталирай ESET NOD32 Antivirus: 1. Влез в Start -> Settings -> Control Panel -> Add or Remove Programs и деинсталирай ESET NOD32 Antivirus, а също и Megaupload Toolbar. 2. Рестартирай компютъра си3. След рестарта изтрий папките с име "ESET" (ако ги има).C:\Program files\ESETC:\Documents and Settings\All users\Application data\EsetC:\Documents and Settings\~username~\Local Settings\Application data\Eset 3. Отвори HiJackThis, избери Do a System Scan only и сложи отметки на следните редове: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - E:\Program Files\avp.exe" -r (file missing)O23 - Service: Eset HTTP Server (EHttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Накрая избери Fix Checked. 4. Прикрепи към поста си следните файлове:C:\WINDOWS\system32\vamsoft.exeC:\WINDOWS\system32\klogon.dll Очаквам и да ми кажеш коя антивирусна от двете избираш да ползваш. Цитирай Link to comment Сподели другаде More sharing options...
popo Публикувано Декември 29, 2008 Report Share Публикувано Декември 29, 2008 Да, ти в действителност си заразен, но проблемът е, че имаш две антивирусни програми, които си пречат и в крайна сметка не си защитен. 1. Деинсталирай Kaspersky, като използваш този инструмент:http://4storing.com/z4umg/fe9efad32c8958dd...ac0aa63bf3.html 2. Деинсталирай ESET NOD32 Antivirus: 3. Отвори HiJackThis, избери Do a System Scan only и сложи отметки на следните редове: Накрая избери Fix Checked. 4. Прикрепи към поста си следните файлове:C:\WINDOWS\system32\vamsoft.exeC:\WINDOWS\system32\klogon.dll Очаквам и да ми кажеш коя антивирусна от двете избираш да ползваш.Направих това,което каза обаче файловете C:\WINDOWS\system32\vamsoft.exeC:\WINDOWS\system32\klogon.dll ги няма. При Search пише files not found. Цитирай Link to comment Сподели другаде More sharing options...
Maniac Публикувано Декември 29, 2008 Report Share Публикувано Декември 29, 2008 Добре, не е загуба. Благодаря все пак! Коя от двете антивирусни реши в крайна сметка, че ще ползваш? Изтеглете ESET SysInspectorhttp://www.eset.bg/download/sysinspector.html - Стартирайте програмата чрез SysInspector.exeПрограмата ще започне да събира информация за ситуацията на машината Ви.- Когато "Инспекторът" е готов и log файлът - генериран , изберете File > Save Log- Потвърдете желанието си Изберете да запазите файла някъде и след това го прикрепете към поста си. Цитирай Link to comment Сподели другаде More sharing options...
popo Публикувано Декември 29, 2008 Report Share Публикувано Декември 29, 2008 Еми аз досега бях с Касперски и мислех че съм деинсталирал Нода,но явно деинстала се е бъгнал.Коя програма според теб е по-добра? Аз поне съм чувал доста добри отзиви за Касперски до сега. П.П. Лога е прикаченSysInspector_PRIVATE_2F26186_081229_1442.zip Цитирай Link to comment Сподели другаде More sharing options...
Maniac Публикувано Декември 29, 2008 Report Share Публикувано Декември 29, 2008 Сигурен ли си, че си изтрил тази папка?C:\Program Files\ESET Все още виждам инсталиран ESET NOD32 Antivirus. Влез в Start -> Settings -> Control Panel -> Add or Remove Programs и я деинсталирай. Виж дали откриваш този файл C:\WINDOWS\system32\krni32drv.dll И ако го откриваш го прикрепи към поста си. След това: 1. Изтегли: MalwareBytes' Anti-Malware2. Инсталирайте го.3. Кликвате на иконата “Malwarebytes’ Anti-Malware“.Първото и най-важно нещо е да отидете в категорията “Update” и да изберете бутончето “Check For Updates“.4. След това се насочете към секцията “Scanner” и изберете опцията “Quick Scan” (особено ако за първи път стартирате приложението.Щраквате на бутончето “Scan“, посочвате кои дялове ма компютъра да бъдат проверени.Можете да маркирате и само дяла на който е инсталирана Операционната Система и натискате “Start Scan“.5. След края на проверката ще получите или съобщение, че вредители не са намерени или ще получите възможност да ги маркирате и изтриете.6. Най-накрая ще получите лог файл с извършените процедури. Моля, копирайте го и го поставете тук, за да видим какво е станало. И за двете антивирусни програми има добри отзиви. Както си решите, аз препоръчвам ESET NOD32 Antivirus. Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.