Вирус win32/. Се нагдезди при мен

[CNews]

Здравейте!

Вчера теглих един крак за Windows Vista BUsiness каквато е и моята,защотоп е пиратска,а триала свършва след 2 дена.Имам Kaspersky Internet Security Suite 7 който го намери на няколко пъти,но в лога пишеше че от 4-5 пъти единият път вирусът е бил намерен,но в последствие се е скрил и преметил,като все още е при мен!

Сканирайх пак с Kaspersky-нищоо.Ad-Aware SE 2007 Free намериточно 100 заплахи но явно вируса е Rootkit и се е усетил и блокира програмата.Сканирах с SUPERAntispyware но не намери нищо.A Squared Free 3.5 пък намери 5 Заплахи с ниво ''Medium'' от тип SpyWare.

Използвам следната конфигурация:

Windows Vista Bussines(Trial Version),Процесор AMD Athlon 64 X2 Dual Core 4600+ 2.41 GHZ,2GB RAM.

Като защита съм с Kaspersky InternetSecurity Suite 7,A Squared 3(A2).

Компщтъра се е забавил и почти не ще,екранът ми примигва в черно в интервал долу-горе половин час.

Моля,ви,помогнете ми.

 

Благодаря предварително!

 

P.S.:В Kaspersky дадох Desinfect Като ги намери,ама явно...Вирусът беше win32./trojan.downloader който преди мсхах,сега шо неще...

[panevdd]

Добре е да сканираш с някоя антивирусна програма (например Dr.Web CureIt!) в режим Safe Mode. Друг вариант е да направиш списък с програмите, които се стартират автоматично и да го публикуваш, както е описано тук.

[CNews]

ЛОГ на HiJAck_This

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:36 ч., on 5.5.2008 г.

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Safe mode with network support

 

Running processes:

C:\Windows\Explorer.EXE

C:\Program Files\SwitchType\SwitchType.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hide IP NG\hideipng.exe

C:\Program Files\Hide IP NG\guardian.exe

E:\Programs\SEC012\Ad-Aware.exe

C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{447A8CC0-0931-476E-B793-64A58AE7AA5D}: NameServer = 192.168.0.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\r3hook.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll"

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Programs\SEC012\aawservice.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: Диспечер на Google Desktop 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

--

End of file - 6057 bytes

 

-----------------------------------------

AutoRuns Лог Файл:

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ NvMediaCenter NVIDIA Media Center Library NVIDIA Corporation c:\windows\system32\nvmctray.dll

+ NvSvc NVIDIA Driver Helper Service, Version 169.06 NVIDIA Corporation c:\windows\system32\nvsvc.dll

+ RtHDVCpl HD Audio Control Panel Realtek Semiconductor c:\windows\rthdvcpl.exe

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky internet security 7.0\shellex.dll

+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

+ a-squared Free Shell Extension a-squared Free shell extension Emsi Software GmbH c:\program files\a-squared free\a2freecontmenu.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ a-squared Free Shell Extension a-squared Free shell extension Emsi Software GmbH c:\program files\a-squared free\a2freecontmenu.dll

+ Kaspersky Anti-Virus Windows Shell Extension Kaspersky Lab c:\program files\kaspersky lab\kaspersky internet security 7.0\shellex.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ SASContextMenu Class SUPERAntiSpyware Context Menu Extension SUPERAntiSpyware.com c:\program files\superantispyware\sasctxmn.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

+ NvCplDesktopContext NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ Haali Column Provider c:\program files\haali\matroskasplitter\mmfinfo.dll

+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ a-squared Free Shell Extension a-squared Free shell extension Emsi Software GmbH c:\program files\a-squared free\a2freecontmenu.dll

+ Haali Column Provider c:\program files\haali\matroskasplitter\mmfinfo.dll

+ Haali Matroska Shell Property Page c:\program files\haali\matroskasplitter\mmfinfo.dll

+ Haali Matroska Thumbnail Extractor c:\program files\haali\matroskasplitter\mmfinfo.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ Web Anti-Virus statistics Script Monitor Internet Explorer plugin Kaspersky Lab c:\program files\kaspersky lab\kaspersky internet security 7.0\scieplgn.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll

+ Spybot-S&D IE Protection SBSD IE Protection Safer Networking Limited c:\program files\spybot - search & destroy\sdhelper.dll

HKLM\System\CurrentControlSet\Services

+ a2free Scans the PC for unwanted software and provides protection from malicious code Emsi Software GmbH c:\program files\a-squared free\a2service.exe

+ aawservice Protects your computer from spyware Lavasoft e:\programs\sec012\aawservice.exe

+ AVP Provides protection against computer viruses and spyware, hacker attacks, cyber-crime and spam. Kaspersky Lab c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe

+ SBSDWSCService Spybot-S&D Security Center integration Safer Networking Ltd. c:\program files\spybot - search & destroy\sdwinsec.exe

HKLM\System\CurrentControlSet\Services

+ a66lftet File not found: C:\Windows\System32\Drivers\a66lftet.sys

+ AVG Anti-Rootkit AVG Anti-Rootkit Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgarkt.sys

+ AvgArCln AVG7 Clean Driver GRISOFT, s.r.o. c:\windows\system32\drivers\avgarcln.sys

+ BrFiltLo Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver Brother Industries, Ltd. c:\windows\system32\drivers\brfiltlo.sys

+ BrFiltUp Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver Brother Industries, Ltd. c:\windows\system32\drivers\brfiltup.sys

+ BrUsbSer Brother USB Serial Driver Brother Industries Ltd. c:\windows\system32\drivers\brusbser.sys

+ E1G60 Intel® PRO/1000 Adapter NDIS 6 deserialized driver Intel Corporation c:\windows\system32\drivers\e1g60i32.sys

+ IntcAzAudAddService Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkvhda.sys

+ IpInIp IP in IP Tunnel Driver File not found: system32\DRIVERS\ipinip.sys

+ kl1 Kaspersky Unified Driver Kaspersky Lab c:\windows\system32\drivers\kl1.sys

+ KLIF Kaspersky Lab Interceptor and Filter Kaspersky Lab c:\windows\system32\drivers\klif.sys

+ KLIM6 Kaspersky Anti-Virus NDIS 6 Filter Kaspersky Lab c:\windows\system32\drivers\klim6.sys

+ NVENETFD NVIDIA MCP Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvmfdx32.sys

+ nvlddmkm NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 169.06 NVIDIA Corporation c:\windows\system32\drivers\nvlddmkm.sys

+ nvstor NVIDIA® nForce Sata Performance Driver NVIDIA Corporation c:\windows\system32\drivers\nvstor.sys

+ nvstor32 NVIDIA® nForce Sata Performance Driver NVIDIA Corporation c:\windows\system32\drivers\nvstor32.sys

+ NwlnkFlt IPX Traffic Filter Driver File not found: system32\DRIVERS\nwlnkflt.sys

+ NwlnkFwd IPX Traffic Forwarder Driver File not found: system32\DRIVERS\nwlnkfwd.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ RTL8023xp Realtek 10/100 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtnicxp.sys

+ SASDIFSV File not found: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

+ SASENUM File not found: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

+ SASKUTIL File not found: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

+ secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ sptd c:\windows\system32\drivers\sptd.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ lsdelete c:\windows\system32\lsdelete.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls

+ "C:\PROGRA~1\Google\Google File not found: C:\PROGRA~1\Google\Google

+ 7.0\adialhk.dll File not found: 7.0\adialhk.dll

+ 7.0\r3hook.dll File not found: 7.0\r3hook.dll

+ C:\PROGRA~1\Kaspersky File not found: C:\PROGRA~1\Kaspersky

+ C:\PROGRA~1\Kaspersky File not found: C:\PROGRA~1\Kaspersky

+ Desktop File not found: Desktop

+ Internet File not found: Internet

+ Internet File not found: Internet

+ Lab\Kaspersky File not found: Lab\Kaspersky

+ Lab\Kaspersky File not found: Lab\Kaspersky

+ Search\GoogleDesktopNetwork3.dll" File not found: Search\GoogleDesktopNetwork3.dll"

+ Security File not found: Security

+ Security File not found: Security

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ !SASWinLogon File not found: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

+ klogon Logon Visualizer Kaspersky Lab c:\windows\system32\klogon.dll

C:\Users\VALIO\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

+ App Launcher v3 Launch apps easily from the sidebar. Dean Laforet C:\Users\VALIO\AppData\Local\Microsoft\Windows Sidebar\Gadgets\AppLauncherV3.3.4.6[1].gadget\Gadget.xml

+ IneptSearch Enjoy this Mini Google Search. Ineptitude FTW!!! IneptSearch C:\Users\VALIO\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IneptSearch[1].gadget\Gadget.xml

+ IneptSearch Enjoy this Mini Google Search. Ineptitude FTW!!! IneptSearch C:\Users\VALIO\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IneptSearch[1].gadget\Gadget.xml

+ RDP.gadget 2.0 Connect to any remote computer from your sidebar. Frameworkx Inc. C:\Users\VALIO\AppData\Local\Microsoft\Windows Sidebar\Gadgets\fxRDP[1].gadget\Gadget.xml

+ Super Search Bar Super Search Bar for Windows Live, Google, Yahoo, YouTube, Wikipedia and eBay. PC C:\Users\VALIO\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SuperSearchBar[1].gadget\Gadget.xml

+ Super Search Bar Super Search Bar for Windows Live, Google, Yahoo, YouTube, Wikipedia and eBay. PC C:\Users\VALIO\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SuperSearchBar[1].gadget\Gadget.xml

[Night_Raven]

Преименувай EXE-то на HijackThis и пусни нов LOG.

[Maniac]

Пусни и един лог файл от ESET SysInspector.

 

Изтеглеи ESET SysInspector

http://www.eset.com/download/sysinspector.php

 

1. Стартирай програмата чрез SysInspector.exe

2. Когато log файлът е готов , избери File > Save Log

3. Потвърдете желанието си.

 

Изпрати ми log файла си от SysInspector на nod32fen @ abv.bg

[CNews]

Оправих се.

Всичко вече е нормално.Елиминирах го.BSPlayer е Spyware!

[blood]

Изпрати ми log файла си от SysInspector на nod32fen @ abv.bg

Тук помагаме на място, не си пращаме по мейлите логове.

Предвид добавките от Трагеди със скрития текст, още повече няма нужда..

[IVAN]

Тук помагаме на място, не си пращаме по мейлите логове.

Предвид добавките от Трагеди със скрития текст, още повече няма нужда..

В тея логове, които се дават има един символ, който този таг не го приема ( не помня точно кой ) и съответно не става да се ползва за момента :/

[anni]

BSPlayer е Spyware!

- и то отдавна.

 

Не разбрах, тоя крак дето направил белата, ти сканира ли го с касперския преди да го активираш?

[CNews]

- и то отдавна.

 

Не разбрах, тоя крак дето направил белата, ти сканира ли го с касперския преди да го активираш?

 

Крака не се активира.Беше в vista_no_activacija_krack.rar но KIS7 го махна...или не.

Опостоших вируса със A Squared,Kaspersky,Ad-AwareSE