Проблеми с вируси в компютъра

dimitariv1 · Декември 17, 2007

ЗДРАВЕИТЕ преди около месец в компютъра ми са влезли вироси(през това време несъм бил аз на компютъра) и сега компютъра ми работи много бавно.

Това ми е доклада от сканирането:

XP Antivirus 2008 system scan report.

Report generated 17.12.2007 20:13:25

Type Run type Name Details

Trojan C://windows/system32/wwin32.dll Worm.Win32.Womble.a Steals all ***** passwords from this computer and send it to the grabber.

Trojan C://windows/system32/syst032.exel Trojan.Win32.Agent.brk Trojan program that can compromise your private information stored on the hard drive.

Spyware autorun Spy.HTML.Paylap.bg #Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.

Trojan autorun Worm.Win32.NetSky #Replacing computers background with red screen and blocking some computers features.

Spyware C://windows/system32/iesetup.dll Spyware.IEMonster.d Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.

Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.

Spyware autorun Spyware.IMMonitor Program that can be used to monitor and record conversations in popular instant messaging applications.

Backdoor C://windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.

Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions)

Dialer C://windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.

Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.

Tracking Cookie Web browser scanner.adwareremover2007 C:\Documents and Settings\Dimitar.DIMITAR-DA2212C\Cookies\dimitar@scanner.adwareremover2007

Ако някои знае някаква програма или как да ги изчистя тези вируси да пише :( :( :( :( :( :( :( :( :( :( :(

Aquarius · Декември 17, 2007

Здравей!

Ще ни трябват Log-фйлове от AutoRuns и Hijackthis v2.0.2.

Стартирай файла Autoruns.exe и направи следното:

1. Избери Options -> Hide Microsoft Entries и Verify Code Signatures.

2. Избери File -> Refresh или натисни F5.

3. Избери File -> Save as.

Запази файла някъде и след това го прикачи/копирай съдържанието в темата.

1. Инстралирай HijackThis и преименувай файла HiJackThis.exe на нещо друго по твой избор.

2. Стартирай го.

3. Избери Do a system scan and save a logfile.

Запази файла някъде и след това го прикачи/копирай в темата, заедно с Log-файла от Autoruns.

dimitariv1 · Декември 17, 2007

Добре

Това е от AutoRuns:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Flashget FlashGet (Not verified) FlashGet.com c:\program files\flashget\flashget.exe

+ HP Software Update Hewlett-Packard Product Assistant (Not verified) Hewlett-Packard Development Company, L.P. c:\program files\hp\hp software update\hpwuschd2.exe

+ nod32kui NOD32 Control Center GUI (Not verified) Eset c:\program files\eset\nod32kui.exe

+ NvCplDaemon NVIDIA Display Properties Extension (Not verified) NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ NvMediaCenter NVIDIA Media Center Library (Not verified) NVIDIA Corporation c:\windows\system32\nvmctray.dll

+ nwiz NVIDIA nView Wizard, Version 100.28 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe

+ SunJavaUpdateSched Java Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_03\bin\jusched.exe

+ TrojanScanner Trojan Scanner (Verified) Simply Super Software c:\program files\trojan remover\trjscan.exe

+ WinFast2KLoadDefault WinFast Display Property Sheet Extension (Not verified) Leadtek Research Inc. c:\windows\system32\wf2kcpl.dll

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup

+ HP Digital Imaging Monitor.lnk HP Digital Imaging Monitor (Verified) Hewlett-Packard Company c:\program files\hp\digital imaging\bin\hpqtra08.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ AdwareRemover2007 File not found: C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe

+ Orb Orb (Not verified) Orb Networks c:\program files\winamp remote\bin\orbtray.exe

+ swg GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe

+ XP Antivirus c:\program files\xp antivirus\xpa.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

+ FFTI File not found: C:\Documents and Settings\Dimitar.DIMITAR-DA2212C\Application Data\Mozilla\Firefox\Profiles\yzcqzap7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ cdo Microsoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\pkmcdo.dll

+ ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll

+ skype4com Skype for COM API (Verified) Skype Technologies SA c:\program files\common files\skype\skype4com.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ jetctrl jetctrl c:\windows\jetctrl.dll

+ kopmet c:\windows\kopmet.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ AlcoholShellEx AXShlEx.dll (Not verified) Alcohol Soft Development Team c:\program files\alcohol soft\alcohol 120\axshlex.dll

+ secure_del File not found: C:\Program Files\OnlineHelpmate\secure_del.dll

+ SnagIt SnagIt Add-in for Internet Explorer (Not verified) TechSmith Corporation c:\program files\techsmith\snagit 7\snagitieaddin.dll

+ Trojan Remover Shell Extension Trojan Remover Shell Extension (Verified) Simply Super Software c:\program files\trojan remover\trshlex.dll

+ TuneUp Theme Extension TuneUp Theme Extension (Beta) (Verified) TuneUp Software GmbH c:\windows\system32\uxtuneup.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ BitComet Helper BitCometBHO (Verified) Comet Network Technology Co Ltd. c:\program files\bitcomet\tools\bitcometbho_1.1.3.28.dll

+ FGCatchUrl Flashget CatchUrl Module (Not verified) www.flashget.com c:\program files\flashget\jccatch.dll

+ FlashGet GetFlash Class Flashget GetFlash Module (Not verified) www.flashget.com c:\program files\flashget\getflash.dll

+ Google Toolbar Helper Google IE Client Toolbar (Verified) Google Inc c:\program files\google\googletoolbar1.dll

+ Google Toolbar Notifier BHO GoogleToolbarNotifier (Verified) Google Inc c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll

+ HelperObject Class SnagIt Browser Helper Object for Internet Explorer (Not verified) TechSmith Corporation c:\program files\techsmith\snagit 7\snagitbho.dll

+ MSVPS System c:\windows\vipextpxm.dll

+ SSVHelper Class Java Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_03\bin\ssv.dll

+ Winamp Toolbar BHO Winamp IE Toolbar Dynamic Link Library (Verified) AOL LLC c:\program files\winamp toolbar\winamptb.dll

+ Yahoo! Toolbar Helper Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ yt.dll Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ Alcohol Toolbar File not found: C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

+ Dealio.dll File not found: C:\Program Files\Dealio\kb106\Dealio.dll

+ FlashGet Bar FlashGet IE Bar (Not verified) Amaze Soft c:\program files\flashget\fgiebar.dll

+ googletoolbar1.dll Google IE Client Toolbar (Verified) Google Inc c:\program files\google\googletoolbar1.dll

+ snagitieaddin.dll SnagIt Add-in for Internet Explorer (Not verified) TechSmith Corporation c:\program files\techsmith\snagit 7\snagitieaddin.dll

+ tevvwdgs.dll File not found: C:\WINDOWS\system32\tevvwdgs.dll

+ toolbaru.dll File not found: C:\Program Files\ICQToolbar\toolbaru.dll

+ voipwet.dll c:\windows\voipwet.dll

+ Winamp Toolbar Winamp IE Toolbar Dynamic Link Library (Verified) AOL LLC c:\program files\winamp toolbar\winamptb.dll

+ yt.dll Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn\yt.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ FlashGet FlashGet (Not verified) FlashGet.com c:\program files\flashget\flashget.exe

+ ICQ Lite File not found: C:\Program Files\ICQLite\ICQLite.exe

HKLM\System\CurrentControlSet\Services

+ C-DillaCdaC11BA C-Dilla RTS Service (Not verified) C-Dilla Ltd c:\windows\system32\drivers\cdac11ba.exe

+ NOD32krn NOD32 Kernel Service (Not verified) Eset c:\program files\eset\nod32krn.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver (Not verified) NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ Pml Driver HPZ12 PML Driver (Not verified) HP c:\windows\system32\hpzipm12.exe

+ RichVideo RichVideo Module (Verified) CyberLink c:\program files\cyberlink\shared files\richvideo.exe

+ ScsiAccess c:\program files\photodex\proshowgold\scsiaccess.exe

+ UxTuneUp Allows to use visual styles without Microsoft signature. (Verified) TuneUp Software GmbH c:\windows\system32\uxtuneup.dll

HKLM\System\CurrentControlSet\Services

+ a347bus Plug and Play BIOS Extension (Not verified) c:\windows\system32\drivers\a347bus.sys

+ a347scsi SCSI miniport (Not verified) c:\windows\system32\drivers\a347scsi.sys

+ Afc Arcsoft® ASPI Shell (Not verified) Arcsoft, Inc. c:\windows\system32\drivers\afc.sys

+ AMON Amon monitor (Not verified) Eset c:\windows\system32\drivers\amon.sys

+ ASPI32 ASPI for WIN32 Kernel Driver (Not verified) Adaptec c:\windows\system32\drivers\aspi32.sys

+ atapi c:\windows\system32\drivers\atapi.sys

+ BIOS I/O Interface driver file (Not verified) BIOSTAR Group c:\windows\system32\drivers\bios.sys

+ CdaC15BA c:\windows\system32\drivers\cdac15ba.sys

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ hamachi Hamachi Virtual Network Interface Driver (Verified) LogMeIn, Inc. c:\windows\system32\drivers\hamachi.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ InCDPass File not found: C:\WINDOWS\System32\Drivers\InCDPass.sys

+ InCDRm File not found: C:\WINDOWS\System32\Drivers\InCDRm.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ MA-620 MA-620 Infrared Driver. (Not verified) Mobile Action Tech. Inc. c:\windows\system32\drivers\ma-620.sys

+ mcdbus File not found: C:\WINDOWS\System32\Drivers\mcdbus.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 71.25 (Not verified) NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ pfc Padus® ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ sptd c:\windows\system32\drivers\sptd.sys

+ St320hg File not found: C:\WINDOWS\System32\Drivers\St320hg.sys

+ Tcpip TCP/IP Protocol Driver (Not verified) Microsoft Corporation c:\windows\system32\drivers\tcpip.sys

+ vcdrom File not found: C:\WINDOWS\System32\Drivers\vcdrom.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

+ WFIOCTL WinFast MultiMedia Device Driver (Not verified) Leadtek Research Inc. c:\program files\winfast\wftvfm\wfioctl.sys

HKCU\Control Panel\Desktop\Scrnsave.exe

+ none File not found: none

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ NOD32 NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll

+ NOD32 protected [MSAFD Tcpip [RAW/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll

+ NOD32 protected [MSAFD Tcpip [TCP/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll

+ NOD32 protected [MSAFD Tcpip [uDP/IP]] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll

+ NOD32 protected [RSVP TCP Service Provider] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll

+ NOD32 protected [RSVP UDP Service Provider] NOD32 IMON - Internet scanning support (Not verified) Eset c:\windows\system32\imon.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ HP Standard TCP/IP Port Standard TCP/IP Port Monitor DLL (Not verified) Hewlett Packard c:\windows\system32\hptcpmon.dll

+ Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging (Not verified) Microsoft Corporation c:\windows\system32\mdimon.dll

А това е от hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:19:31 PM, on 12/17/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\FlashGet\FlashGet.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Winamp Remote\bin\OrbTray.exe

C:\Program Files\XP Antivirus\xpa.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Winamp Remote\bin\Orb.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: 77.70.15.26 *.85851.com

O1 - Hosts: *.85851.com 77.70.15.26

O1 - Hosts: 77.70.15.26 update1.bitcomet.com

O1 - Hosts: update1.bitcomet.com 77.70.15.26

O1 - Hosts: 77.70.15.26 goen.85851.com

O1 - Hosts: goen.85851.com 77.70.15.26

O1 - Hosts: image.didai.com 77.70.15.26

O1 - Hosts: 77.70.15.26 image.didai.com

O1 - Hosts: post.bitcomet.com 77.70.15.26

O1 - Hosts: 77.70.15.26 post.bitcomet.com

O1 - Hosts: sidebar.bitcomet.com 77.70.15.26

O1 - Hosts: 77.70.15.26 sidebar.bitcomet.com

O1 - Hosts: snapshot.bitcomet.com 77.70.15.26

O1 - Hosts: 77.70.15.26 snapshot.bitcomet.com

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll

O2 - BHO: (no name) - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)

O2 - BHO: MSVPS System - {74C44274-2A2D-4A99-B00B-CCA3912349F3} - C:\WINDOWS\vipextpxm.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tevvwdgs.dll (file missing)

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - C:\WINDOWS\voipwet.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe

O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Dimitar.DIMITAR-DA2212C\Application Data\Mozilla\Firefox\Profiles\yzcqzap7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Dimitar.DIMITAR-DA2212C\Application Data\Mozilla\Firefox\Profiles/yzcqzap7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZR

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &С&валяне &с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &С&валяне всички видео с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &С&валяне всички с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Сваляне на всички с FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Сваляне с FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Е&кспортирай в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A423266-04EA-4CEB-9A6C-684BBE823C54}: NameServer = 192.168.20.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: jetctrl - {D35312DA-8835-415B-B116-118F18123076} - C:\WINDOWS\jetctrl.dll

O21 - SSODL: kopmet - {A240FC45-7F80-4598-8FD1-DFE25E9DF31D} - C:\WINDOWS\kopmet.dll

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--

End of file - 10630 bytes

Aquarius · Декември 17, 2007

Oт Log-файлове на AutoRuns и HijackThis ясно се вижда наличие на зловреден код. Има доста неща, които могат да се махнат, за да се пестят системни ресурси, но първо трябва да премахнем зловредния код.

За начало отвори HijackThis и избери Do a system scan only. Когато се появи списъка с обекти постави отметки пред следните неща и кликни на бутона Fix Checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O1 - Hosts: 77.70.15.26 *.85851.com
O1 - Hosts: *.85851.com 77.70.15.26
O1 - Hosts: 77.70.15.26 update1.bitcomet.com
O1 - Hosts: update1.bitcomet.com 77.70.15.26
O1 - Hosts: 77.70.15.26 goen.85851.com
O1 - Hosts: goen.85851.com 77.70.15.26
O1 - Hosts: image.didai.com 77.70.15.26
O1 - Hosts: 77.70.15.26 image.didai.com
O1 - Hosts: post.bitcomet.com 77.70.15.26
O1 - Hosts: 77.70.15.26 post.bitcomet.com
O1 - Hosts: sidebar.bitcomet.com 77.70.15.26
O1 - Hosts: 77.70.15.26 sidebar.bitcomet.com
O1 - Hosts: snapshot.bitcomet.com 77.70.15.26
O1 - Hosts: 77.70.15.26 snapshot.bitcomet.com
O2 - BHO: (no name) - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: MSVPS System - {74C44274-2A2D-4A99-B00B-CCA3912349F3} - C:\WINDOWS\vipextpxm.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tevvwdgs.dll (file missing)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\tevvwdgs.dll (file missing)
O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - C:\WINDOWS\voipwet.dll
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Dimitar.DIMITAR-DA2212C\Application Data\Mozilla\Firefox\Profiles\yzcqzap7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Dimitar.DIMITAR-DA2212C\Application Data\Mozilla\Firefox\Profiles/yzcqzap7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O21 - SSODL: jetctrl - {D35312DA-8835-415B-B116-118F18123076} - C:\WINDOWS\jetctrl.dll
O21 - SSODL: kopmet - {A240FC45-7F80-4598-8FD1-DFE25E9DF31D} - C:\WINDOWS\kopmet.dll

Затвори HijackThis и стартирай Autoruns. Ако се визуализират следните записи, чрез клавиша Delete ги премахни:

+ FFTI File not found: C:\Documents and Settings\Dimitar.DIMITAR-DA2212C\Application Data\Mozilla\Firefox\Profiles\yzcqzap7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
+ jetctrl jetctrl c:\windows\jetctrl.dll
+ kopmet c:\windows\kopmet.dll
+ MSVPS System c:\windows\vipextpxm.dll
+ voipwet.dll c:\windows\voipwet.dll
+ Alcohol Toolbar File not found: C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
+ Dealio.dll File not found: C:\Program Files\Dealio\kb106\Dealio.dll
+ toolbaru.dll File not found: C:\Program Files\ICQToolbar\toolbaru.dll
+ tevvwdgs.dll File not found: C:\WINDOWS\system32\tevvwdgs.dll

След като свършиш, рестартирай машината, виж как се държи и пусни нови LOG-файлове от AutoRuns и HijackThis. AutoRuns показва и следи от NOD32. Наличието на повече от еднин anti-threat продукт може да причини сериозни проблеми. Хубаво е да сканираш системата с добър антивирус и съсредоточена програмата срещу spyware/adware като Spybot - S&D и AVG Anti-Spyware. Разбира се след инсталация трябва да бъдат актуализирани. Може да погледнеш и тази тема.

Night_Raven · Декември 17, 2007

Към AVG Anti-Spyware и Spybot - Search & Destroy бих добавил и SUPERAntiSpyware (5.64MB) и a-squared Free.

Независимо с коя/кои от тях сканираш, ще е хубаво да сканираш и с Rogue Remover Free, която сканира специално за фалшиви антивирусни и програми за борба с "бацили". Препоръчвам я, защото видях това, което също е редно да се махне:

O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpa.exe

dimitariv1 · Декември 18, 2007

да готово издеглих ги и ся какво???

Night_Raven · Декември 18, 2007

да готово издеглих ги и ся какво???

"Ся" 'земи да сканираш с тях, т'ва е!

Влез

Проблеми с вируси в компютъра

Препоръчан пост

dimitariv1

Link to comment

Сподели другаде

Aquarius

Link to comment

Сподели другаде

dimitariv1

Link to comment

Сподели другаде

Aquarius

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

dimitariv1

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

Join the conversation

Разгледай

Какво ново?