Молба за помощ за вируси - MWSBAR.DLL

marystaneva · Февруари 8, 2008

Не съм специалист. От известно време имам някакви вируси в компютъра. Ползвам NOD32. Изтрих всички бисквитки, временни файлове и хронологията и после всичко, което успя да намери антивирусната ми програма, но когато включа компютъра отново ми изскача някакъв прозорец. В лентата за името пише RUNDLL, а в прозореца под нея - червено кръгче с бял хикс в него и надпис:

Error loading C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL

The specified module could not be found.

Преди два дни пуснах антивирусната и изтрих 17 инфектирани файла. Пуснах я втори път - нищо. А днес като я пуснах отново, пак намери заразени файлове, този път 43! Отново ги изтрих с NOD32, но тази вечер компютъра отново забива, трудно влизам в нет-а и сигурно има още.

Не знам какво да правя, а се страхувам и защото ползвам ДСК-Директ и там ми превеждат заплатата! Моля, посъветвайте ме!

Night_Raven · Февруари 8, 2008

MWSBAR.DLL е файл на My Web Search. Това е приложение, което се инсталира с някои безплатни програми за усмивки, иконки и др. По принцип не е опасно и не се води официално за adware или spyware, но не е от реално необходимите и нужни програми, така че е по-добре да се разкара. Пробвай да го деинсталираш от Add or remove programs. Там може да го има под различно име и по повече от една инстанции. Ето как можеш да го срещнеш:

My Web Search Bar
My Web Search (Smiley Central or other FWP product as applicable)
My Web Search (Outlook Express, Outlook, IncrediMail)
My Way Speedbar (Smiley Central or FWP as applicable)
My Way Speedbar (Yahoo and AOL Messengers) (for beta users only)
My Way Speedbar (Outlook Express, Outlook, IncrediMail)
Search Assistant - My Way
Search Assistant - My Web Search
Fun Web Products Easy Installer
WeatherBug Companion - powered by MySearch

Независимо дали го има и го деинсталираш или го няма, свали HijackThis 1.99.1 (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно.

Изтегли и Autoruns, след това стартирай програмата и направи следното:

1) избери Options -> Hide Microsoft Entries;

2) избери File -> Refresh;

3) избери File -> Save as;

4) запази файла някъде и след това го прикачи към темата или му копирай съдържанието.

marystaneva · Февруари 8, 2008

MWSBAR.DLL е файл на My Web Search. Това е приложение, което се инсталира с някои безплатни програми за усмивки, иконки и др. По принцип не е опасно и не се води официално за adware или spyware, но не е от реално необходимите и нужни програми, така че е по-добре да се разкара. Пробвай да го деинсталираш от Add or remove programs. Там може да го има под различно име и по повече от една инстанции. Ето как можеш да го срещнеш:

Независимо дали го има и го деинсталираш или го няма, свали HijackThis 1.99.1 (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно.
Изтегли и Autoruns, след това стартирай програмата и направи следното:
1) избери Options -> Hide Microsoft Entries;
2) избери File -> Refresh;
3) избери File -> Save as;
4) запази файла някъде и след това го прикачи към темата или му копирай съдържанието.

Благодаря! Копирам го тук!

Но останалото не ми стана много ясно, нямам почти никакъв опит с компютрите. А с такъв проблем /вирус или нещо друго/ се срещам за първи път. Дано утре измислиш по-лесен начин, а сега-лека нощ!

Logfile of HijackThis v1.99.1

Scan saved at 1:46:57 AM, on 2/9/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe

C:\Program Files\ICQLite\ICQLite.exe

C:\Program Files\Gamevance\gamevance32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\903CB56BA52F42478957BE8314837A86\PamelaPCR.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\love\Local Settings\Temporary Internet Files\Content.IE5\YZFP07W8\alabala[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ohoboho.com/?fav=1

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O2 - BHO: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - C:\Program Files\Congoo Netpass\congootb.dll

O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: XBTP04910 - {CACE4140-AB1A-4b15-B88F-8748A990DAA3} - C:\PROGRA~1\CONGOO~1\congoo.dll (file missing)

O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll

O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)

O3 - Toolbar: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - C:\Program Files\Congoo Netpass\congootb.dll

O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe

O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

O4 - HKLM\..\Run: [iCQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZN

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - C:\Program Files\Congoo Netpass\congootb.dll

O9 - Extra 'Tools' menuitem: Congoo Netpass - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - C:\Program Files\Congoo Netpass\congootb.dll

O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll

O9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\PROGRA~1\SkyCode\WEBTRA~1\wt2ie.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Posh Shop\Images\stg_drm.ocx

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-tri...Web.1.0.0.8.cab

O16 - DPF: {38A5F6F0-0B64-421B-A553-3D49A76ECDCD} (CPlayFirstMythicMarblesControl Object) - http://games.bigfishgames.com/en_mythic-ma...les.1.0.0.2.cab

O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://game7.bigfishgames.com/Reef/en_pira...rs.1.0.0.24.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} (CPlayFirstdreamControl Object) - http://games.bigfishgames.com/en_dream-chr...web.1.0.0.9.cab

O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.bigfishgames.com/online/mystery...mesLauncher.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor/mjolauncher.cab

O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://games.bigfishgames.com/en_bigcityad...BGamePlayer.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab55579.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Posh Shop\Images\armhelper.ocx

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.de/games/de_chuzzl...ploader_v10.cab

O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://games.bigfishgames.com/en_wedding-d...sh.1.0.0.47.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

А това е информацията от AUTORUNS, ако съм успяла да се справя? Копирам я, макар че нищо не разбирам от нея.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe

+ Alcmtr Realtek Azalia Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcmtr.exe

+ Gamevance c:\program files\gamevance\gamevance32.exe

+ Google Desktop Search Google Desktop Google c:\program files\google\google desktop search\googledesktop.exe

+ ICQ Lite ICQLite ICQ Ltd. c:\program files\icqlite\icqlite.exe

+ kgsystray Kuma_Tray c:\program files\kuma games\kgsystray\kuma_tray.exe

+ My Web Search Bar File not found: C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL

+ MyWebSearch Email Plugin File not found: C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe

+ NeroFilterCheck NeroCheck Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ nod32kui NOD32 Control Center GUI Eset c:\program files\eset\nod32kui.exe

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ NvMediaCenter NVIDIA Media Center Library NVIDIA Corporation c:\windows\system32\nvmctray.dll

+ nwiz NVIDIA nView Wizard, Version 110.44 NVIDIA Corporation c:\windows\system32\nwiz.exe

+ RTHDCPL Realtek HD Audio Control Panel Realtek Semiconductor Corp. c:\windows\rthdcpl.exe

+ SkyTel Realtek Voice Manager Realtek Semiconductor Corp. c:\windows\skytel.exe

+ SunJavaUpdateSched Java 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_09\bin\jusched.exe

+ WinampAgent c:\program files\winamp\winampa.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ FlexType 2K.lnk c:\program files\datecs\flextype 2k\ftype2k.exe

+ Google Updater.lnk Google Updater Google c:\program files\google\google updater\googleupdater.exe

+ Metacafe.lnk Metacafe c:\program files\metacafe\metacafeagent.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Skype Skype. Take a deep breath Skype Technologies S.A. c:\program files\skype\phone\skype.exe

+ swg GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe

HKLM\SOFTWARE\Classes\Protocols\Handler

+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: http://www.bigfishgames.com/email/mac/macnl_header.jpg

+ 1 File not found: About:Home

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ CopyPath Sharing Bertorello c:\windows\system32\skyspaceext_1.0.2.dll

+ ICQLiteMenu ICQLiteShell Module c:\program files\icqlite\icqliteshell.dll

+ MyPictures3D TODO: <File description> TODO: <Company name> c:\program files\my pictures 3d\my pictures 3d screensaver\bin\mypiccontext.dll

+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll

+ Picajet Organizer c:\program files\picajet\pjext.dll

+ WebAlbum3D Web Album Context Menu Module VicMan Software c:\program files\web photo album\webalbumcontext.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ CopyPath Sharing Bertorello c:\windows\system32\skyspaceext_1.0.2.dll

+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll

+ Picajet Organizer c:\program files\picajet\pjext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ ICQLiteMenu ICQLiteShell Module c:\program files\icqlite\icqliteshell.dll

+ MyPictures3D TODO: <File description> TODO: <Company name> c:\program files\my pictures 3d\my pictures 3d screensaver\bin\mypiccontext.dll

+ WebAlbum3D Web Album Context Menu Module VicMan Software c:\program files\web photo album\webalbumcontext.dll

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

+ 00nView NVIDIA Desktop Explorer, Version 110.44 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ NvCplDesktopContext NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ AlcoholShellEx AXShlEx.dll Alcohol Soft Development Team c:\program files\alcohol soft\alcohol 120\axshlex.dll

+ Desktop Explorer NVIDIA Desktop Explorer, Version 110.44 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 110.44 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ ICQ Lite Shell Extension ICQLiteShell Module c:\program files\icqlite\icqliteshell.dll

+ NOD32 Context Menu Shell Extension c:\program files\eset\nodshex.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 110.44 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

+ Big Fish Games Toolbar Big Fish Games Toolbar from bigfishgames.com Big Fish Games, Inc. c:\program files\bfgtoolbar\bfgtoolbar.dll

+ BitComet Helper BitCometBHO BitComet c:\program files\bitcomet\tools\bitcometbho_1.1.7.4.dll

+ Congoo Netpass CongooToolbar Congoo LLC c:\program files\congoo netpass\congootb.dll

+ Google Toolbar Helper Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar1.dll

+ Google Toolbar Notifier BHO GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\2.1.615.5858\swg.dll

+ Mario Forever Toolbar Helper Mario Forever Toolbar c:\program files\mario forever toolbar\v3.2.0.0\marioforever_toolbar.dll

+ mwsBar BHO File not found: C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL

+ My Search BHO My Search Bar My Search c:\program files\mysearch\bar\1.bin\s4bar.dll

+ MyWebSearch Search Assistant BHO File not found: C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL

+ Skype add-on (mastermind) Skype add-on for IE Skype Technologies S.A. c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

+ SSVHelper Class Java 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_09\bin\ssv.dll

+ XBTP04910 Class File not found: C:\PROGRA~1\CONGOO~1\congoo.dll

+ XTTBPos00 Class IE Toolbar IE Toolbar c:\program files\icqtoolbar\toolbaru.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ ICQ Toolbar IE Toolbar IE Toolbar c:\program files\icqtoolbar\toolbaru.dll

+ MWSSRCAS.DLL File not found: C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ Big Fish Games Toolbar from bigfishgames.com Big Fish Games, Inc. c:\program files\bfgtoolbar\bfgtoolbar.dll

+ &Google Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar1.dll

+ Congoo Netpass CongooToolbar Congoo LLC c:\program files\congoo netpass\congootb.dll

+ ICQ Toolbar IE Toolbar IE Toolbar c:\program files\icqtoolbar\toolbaru.dll

+ Mario Forever Toolbar Mario Forever Toolbar c:\program files\mario forever toolbar\v3.2.0.0\marioforever_toolbar.dll

+ My Search Bar My Search Bar My Search c:\program files\mysearch\bar\1.bin\s4bar.dll

+ My Web Search File not found: C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ ICQ Lite ICQLite ICQ Ltd. c:\program files\icqlite\icqlite.exe

Task Scheduler

+ Norton Security Scan.job Norton Security Scan Symantec Corporation c:\program files\norton security scan\nss.exe

HKLM\System\CurrentControlSet\Services

+ ForcewareWebInterface Apache Apache Software Foundation c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe

+ gusvc gusvc Google c:\program files\google\common\google updater\googleupdaterservice.exe

+ NOD32krn NOD32 Kernel Service Eset c:\program files\eset\nod32krn.exe

+ nSvcIp ActiveArmor Firewall IP Service NVIDIA Corporation c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe

+ nSvcLog nSvcLog NVIDIA Corporation c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ STI Simulator c:\windows\system32\pastisvc.exe

HKLM\System\CurrentControlSet\Services

+ a347bus Plug and Play BIOS Extension c:\windows\system32\drivers\a347bus.sys

+ a347scsi SCSI miniport c:\windows\system32\drivers\a347scsi.sys

+ AmdK8 AMD Processor Driver Advanced Micro Devices c:\windows\system32\drivers\amdk8.sys

+ AMON Amon monitor Eset c:\windows\system32\drivers\amon.sys

+ arm30znp File not found: C:\WINDOWS\System32\Drivers\arm30znp.sys

+ atapi c:\windows\system32\drivers\atapi.sys

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ IntcAzAudAddService Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ lmimirr File not found: system32\DRIVERS\lmimirr.sys

+ nod32drv c:\windows\system32\drivers\nod32drv.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.36 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ nvata NVIDIA® nForce IDE Performance Driver NVIDIA Corporation c:\windows\system32\drivers\nvata.sys

+ NVENETFD NVIDIA Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvenetfd.sys

+ nvnetbus NVIDIA Networking Bus Driver. NVIDIA Corporation c:\windows\system32\drivers\nvnetbus.sys

+ PAC207 c:\windows\system32\drivers\pfc027.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ sptd c:\windows\system32\drivers\sptd.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

+ C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL Google Desktop Google c:\program files\google\google desktop search\googledesktopnetwork3.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\system32\WINTER~1.SCR c:\windows\system32\winter afternoon.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ NOD32 NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ NOD32 protected [MSAFD Tcpip [RAW/IP]] NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ NOD32 protected [MSAFD Tcpip [TCP/IP]] NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ NOD32 protected [MSAFD Tcpip [uDP/IP]] NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ NOD32 protected [RSVP TCP Service Provider] NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

+ NOD32 protected [RSVP UDP Service Provider] NOD32 IMON - Internet scanning support Eset c:\windows\system32\imon.dll

А дали е възможно да съм си "лепнала" нещо оттук? Понякога получавам разни спамове. Преди известно време проявих лакомия, днес пак ми го пратиха. Изтрих го вече, но това са му данните.

Return-Path: <webmaster@promote-biz.net>

Delivered-To: mary_staneva@mbox.contact.bg

Received: (qmail 20393 invoked from network); 9 Feb 2008 17:27:22 -0000

Received: from unknown (HELO promote-biz.net) (58.244.217.40)

by 0 with SMTP; 9 Feb 2008 17:27:22 -0000

Reply-To: webmaster@promote-biz.net

From: BlogBlaster

To: mary_staneva@mbox.contact.bg

Subject: "How would you like to have your ad on 2 Million Websites ?"

Date: 10 Feb 2008 01:00:24 -0800

Message-ID: <20080210010023.F3A819F7FD59D1C7@from.header.has.no.domain>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0012_F5B3115B.3D325C03"

Night_Raven · Февруари 10, 2008

Пусни отново HijackThis, кликни Do a system scan only, постави отметки на следните обекти и кликни Fix checked, като потвърждаваш с Yes на всички прозорци:

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)
O2 - BHO: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - C:\Program Files\Congoo Netpass\congootb.dll
O2 - BHO: XBTP04910 - {CACE4140-AB1A-4b15-B88F-8748A990DAA3} - C:\PROGRA~1\CONGOO~1\congoo.dll (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Congoo Netpass - {40498DEF-8B13-44A6-A1A7-69DFE36E9210} - C:\Program Files\Congoo Netpass\congootb.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\5.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\5.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - C:\Program Files\Congoo Netpass\congootb.dll
O9 - Extra 'Tools' menuitem: Congoo Netpass - {0AD475F1-D955-40a7-9FFF-C3BF075F04AA} - C:\Program Files\Congoo Netpass\congootb.dll
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: Congoo Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

В Autoruns махни отметките на:

+ 0 File not found: http://www.bigfishgames.com/email/mac/macnl_header.jpg
+ 1 File not found: About:Home
+ Display Panning CPL Extension File not found: deskpan.dll
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

Това са по-ненужните неща. Не че няма и други ненужни шарении и боклуци (като FlexType), но приемам, че ги ползваш.

marystaneva · Февруари 10, 2008

http://s.rimg.info/01421250dfc621093b749f02d002fc7a.gif

Ще го направя, надявам се да помогне!

Много ти благодаря за отделеното време!

С уважение: Мариянка

Влез

Молба за помощ за вируси - MWSBAR.DLL

Препоръчан пост

marystaneva

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

marystaneva

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

marystaneva

Link to comment

Сподели другаде

Join the conversation

Разгледай

Какво ново?