проблем с браузването

Mandragor · Юли 20, 2008

Първо здрасти на всички и да кажа регнах се тук с идеята че ще ми помогните

От скоро имам проблем,компютъра ми отваря интернет страници по избор.С FF съм пробвах и IE същата работа.Видях че в task managera се зареждат два странни процеса rundll32.exe и когато изтрия windows\system32\rundll32.exe под safe mode,се оправя но някои работи спират да работят като примерно часовника-немога да го отворя от трея да видя дата,add remove programs също не бачка и още много много проблеми.Та четох из форума имаше подобни проблеми но не и като моя.

Моля компетентните да се изкажат че се дразня много вече а не ми се преинсталира windows.

Night_Raven · Юли 20, 2008

1. Ще е добре да обясниш какви точно страници се отваря, какъв защитен софтуер ползваш и откога е така.

2. Rundll32 е критично важен процес на операционната система и не бива да се трие при никакви обстоятелства. Ще е добре да пуснеш System File Checker: поставяш инсталационния диск на Windows в устройството и в Start -> Run пишеш sfc /scannow. Това ще сканира за липсващи и/или повредени/заменени файлове и ще ги възстанови.

Mandragor · Юли 20, 2008

1. Антивирусна програма не ползвам слаба ми е машината и ме дразни забиването

2. Нямам инсталационен диск ... ужс

Отварям google пиша в търсачката нещо да търся и до там.В arena влизам,като отида на "Всички торенти" и до там.Незнам точно от колко време е проблема но е от скоро да речем 2 седмици.

пп: Намерих някакъв аматьорски диск ще го пробвам и ще пиша

Night_Raven · Юли 20, 2008

При положение, че триеш файлове на воля, не се учудвам, че имаш проблеми с браузването. Можеш да дадеш LOG файлове на HijackThis и Autoruns например, за да погледнем дали има нещо нередно:

Изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно.

Изтегли Autoruns, след това стартирай програмата и направи следното:

1) избери Options -> Hide Microsoft Entries;

2) кликни File -> Refresh;

3) кликни File -> Export...;

4) запази файла някъде и след това го прикачи към темата или му копирай съдържанието.

И все пак е възможно проблемът ти да е от триене на разни неща.

Mandragor · Юли 20, 2008

Мисля че ти стана ясно че несъм разбирач но имам мерак да оправя проблема.Сега ще Restore-на изтрития файл от Recycle Bin,ще рестартирам за да се заредят процесите отново и ще постна тези логове.

Спокойно несъм толкова болен че да трия каквото ми видят очите,просто бях в безизходица,изтрих го и проблема изчезна но се появиха разни други което е нормално

Неискаше да влезни във форума и пак го делнах през safe mode

Logfile of HijackThis v1.99.1

Scan saved at 13:02:07, on 20.7.2008 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Delqn\Desktop\alabala.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {AE9DBB78-086A-4563-A830-A1E38F384AED} - (no file)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [601450ad] rundll32.exe "C:\WINDOWS\system32\bpoqipje.dll",b

O4 - HKLM\..\Run: [bM63276331] Rundll32.exe "C:\WINDOWS\system32\ixeqwbos.dll",s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://195.24.89.35/RtspVaPgDec.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7CE28429-780F-4A44-92B4-88F4ECCE4905}: NameServer = 195.24.90.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: jkkLEUMc - jkkLEUMc.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Radmin Server V3 (RServer3) - Unknown owner - C:\WINDOWS\system32\rserver30\RServer3.exe" /service (file missing)

Autoruns:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ 601450ad c:\windows\system32\bpoqipje.dll

+ ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ BM63276331 c:\windows\system32\ixeqwbos.dll

+ Cmaudio CmiCnfg DLL C-Media Corporation c:\windows\system\cmicnfg.cpl

+ NeroFilterCheck NeroCheck Ahead Software Gmbh c:\windows\system32\nerocheck.exe

+ QuickTime Task QuickTime Task Apple Inc. c:\program files\quicktime\qttask.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ DAEMON Tools Lite DAEMON Tools main application DT Soft Ltd c:\program files\daemon tools lite\daemon.exe

HKLM\SOFTWARE\Classes\Protocols\Handler

+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ UnlockerShellExtension c:\program files\unlocker\unlockercom.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ BitComet Helper BitCometBHO BitComet c:\program files\bitcomet\tools\bitcometbho_1.2.6.26.dll

+ IeCatch2 Class jccatch Module Amaze Soft c:\program files\flashget\jccatch.dll

+ SSVHelper Class Java Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre1.6.0_02\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet Bar FlashGet IE Bar Amaze Soft c:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGet FlashGet Amaze Soft c:\program files\flashget\flashget.exe

+ BitComet File not found: C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Poller c:\windows\system32\ati2evxx.exe

+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe

+ Autodata Limited License Service Autodata Limited License Service File not found: C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe

HKLM\System\CurrentControlSet\Services

+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ cmuda C-Media Audio WDM Driver C-Media Inc c:\windows\system32\drivers\cmuda.sys

+ EL90X 3Com Fast EtherLink XL / EtherLink XL Network Miniport Driver 3Com Corporation c:\windows\system32\drivers\el90xnd5.sys

+ GAGPDrv File not found: C:\WINDOWS\System32\Drivers\GAGPDrv.sys

+ GVCplDrv c:\windows\system32\drivers\gvcpldrv.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ mirrorv3 Radmin Mirror Miniport Driver V3 Famatech International Corp. c:\windows\system32\drivers\rminiv3.sys

+ NPF npf CACE Technologies c:\windows\system32\drivers\npf.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ raddrvv3 Radmin Server support driver Famatech International Corp. c:\windows\system32\rserver30\raddrvv3.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ sptd c:\windows\system32\drivers\sptd.sys

+ viaagp1 VIA NT AGP Filter VIA Technologies, Inc. c:\windows\system32\drivers\viaagp1.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEvent c:\windows\system32\ati2evxx.dll

+ jkkLEUMc File not found: jkkLEUMc.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages

+ C:\WINDOWS\system32\qoMgeCVP File not found: C:\WINDOWS\system32\qoMgeCVP

Night_Raven · Юли 20, 2008

В Autoruns махни отметките на:

+ GAGPDrv File not found: C:\WINDOWS\System32\Drivers\GAGPDrv.sys
+ jkkLEUMc File not found: jkkLEUMc.dll
+ C:\WINDOWS\system32\qoMgeCVP File not found: C:\WINDOWS\system32\qoMgeCVP

В HijackThis постави отметки на следните неща, след което кликни Fix checked:

O2 - BHO: (no name) - {AE9DBB78-086A-4563-A830-A1E38F384AED} - (no file)
O4 - HKLM\..\Run: [601450ad] rundll32.exe "C:\WINDOWS\system32\bpoqipje.dll",b
O4 - HKLM\..\Run: [bM63276331] Rundll32.exe "C:\WINDOWS\system32\ixeqwbos.dll",s
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: jkkLEUMc - jkkLEUMc.dll (file missing)

Рестартирай компютъра (ако не ти се поиска рестарт).

Mandragor · Юли 20, 2008

O4 - HKLM\..\Run: [bM63276331] Rundll32.exe "C:\WINDOWS\system32\ixeqwbos.dll",s

Остана само това.С Hijack го махам после сканирам пак и пак си е там и проблема остава.

пп: Махам отметката му през autoruns и при рестарт си го прави на ново

Night_Raven · Юли 20, 2008

Сканирай и с Malwarebytes' Anti-Malware. Накрая копирай съдържанието на LOG-а тук.

Mandragor · Юли 20, 2008

Malwarebytes' Anti-Malware 1.21

Database version: 969

Windows 5.1.2600 Service Pack 3

15:06:13 20.7.2008 г.

mbam-log-7-20-2008 (15-06-13).txt

Scan type: Quick Scan

Objects scanned: 41229

Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 13

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm63276331 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\bpoqipje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ejpiqopb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Delqn\Local Settings\Temp\vuc18.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully.

C:\Documents and Settings\Delqn\Local Settings\Temp\GLK3.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

C:\Documents and Settings\Delqn\Local Settings\Temp\evb10E.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully.

C:\Documents and Settings\Delqn\Local Settings\Temp\pdy107.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully.

C:\Documents and Settings\Delqn\Local Settings\Temporary Internet Files\Content.IE5\05MZ4DAF\CAXX2V01 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Delqn\Local Settings\Temporary Internet Files\Content.IE5\C9QZOTUJ\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ixeqwbos.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\BM63276331.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM63276331.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Night Raven запиши още един разкрит случай в дневника си. Страшен си. Благодаря!!!

Night_Raven · Юли 20, 2008

Е, и Malwarebytes' Anti-Malware има заслуги.

Влез

проблем с браузването

Препоръчан пост

Mandragor

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

Mandragor

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

Mandragor

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

Mandragor

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

Mandragor

Link to comment

Сподели другаде

Night_Raven

Link to comment

Сподели другаде

Join the conversation

Разгледай

Какво ново?