Проблем при теглене с торент клиенти

[isaakhim]

Здравейте!

Няколко мои приятели се заразиха със същия вирус (Sality). Аз имам инсталиран ESET NOD32 Antivirus Version 3.0.672.0, обновен с последните дефиниции. Въпроса ми е, дали това е достатъчна защита срещу този вирус или трябва да си сложа друга антивирусна? Операционна система: Wndows XP SP3 и всички последни критични ъпдейти към нея.

Благодаря предварително!

[B-boy/StyLe/]

Добре е да се застраховаш и с браузър Mozilla Firefox + добавки от рода на WoT, AdBlock Plus, NoScript.

 

Последната е особено важна (NoScript), защото можеш да контролираш iFrame.

 

http://pic-bg.net/files/1q9jobjyr7ne4635m63g.jpg

 

А новите тактики на Sality и Virut се възползват от тях...

 

http://pcworld.bg/8504

[jandar]

здравейте и от мен,имам проблем с уторент преди като теглех торент отиваше в Е/даунлоуд,а сега нещо се прецака като кликна върху торента които ще тегля отива на декстопа и оттам с десен бутон отвори с уторент и чак тогава го зарежда станицата която ми трябва .другият проблем е че иконите на декстопа се сменят .ще съм много благодарен,ако ми помогне. благодаря предварително

[VIS]

здравейте и от мен,имам проблем с уторент преди като теглех торент отиваше в Е/даунлоуд,а сега нещо се прецака като кликна върху торента които ще тегля отива на декстопа и оттам с десен бутон отвори с уторент и чак тогава го зарежда станицата която ми трябва .другият проблем е че иконите на декстопа се сменят .ще съм много благодарен,ако ми помогне. благодаря предварително

Първия проблем зависи от браузъра, който ползваш. Трябва да го направиш да отваря винаги .torrent файловете с uTorrent без да те пита, или да ги сваля на десктопа. Но поради липса на всякаква информация за момента не мога да ти помогна.

За втория проблем същото, дай повече информация за проблема, че не можем да гадаем

[jandar]

проблема с уторента е от настроиките на мозила и е решен. за иконите на декстопа при ровене в интернет или гледане на филм,като затворя прозореца с саита и иконите се рестартират стават на бели листа и пак се оправят на икони,защо става така е вапроса.Благодаря

[VIS]

С каква операционна система си ?

Такъв проблем съм срещал само когато компютъра е много натоварен. Можеш да пробваш да почистиш с CCleaner както с Clenaer-a така и Registry.

Антивирусна програма ползваш ли ? Сканирал ли си скоро с някоя ?

[jandar]

Microsoft Windows XP professional version 2002 service pack 3 Computer; Intel[R] Core[TM] 2Duo CPU E4600@2.40GHz 2.41GHz 2,00GB of RAM;;;;; имам CCleaner но сканирам и чистя с your uninstall2008 антивирусната е Avira Antivir Personal-FREE ако не засече тя нещо,не я пипам..............

 

Avira AntiVir Personal

Report file date: 02 Май 2009 г. 22:28

 

Scanning for 1373854 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : USER-9001F7E165

 

Version information:

BUILD.DAT : 9.0.0.394 17962 Bytes 17.4.2009 г. 11:20:00

AVSCAN.EXE : 9.0.3.5 466689 Bytes 28.4.2009 г. 08:02:45

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 г. 07:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 г. 08:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 г. 07:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 г. 09:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.2.2009 г. 17:33:26

ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30.4.2009 г. 17:04:13

ANTIVIR3.VDF : 7.1.3.141 21504 Bytes 02.5.2009 г. 17:01:24

Engineversion : 8.2.0.160

AEVDF.DLL : 8.1.1.1 106868 Bytes 30.4.2009 г. 17:04:18

AESCRIPT.DLL : 8.1.1.79 385403 Bytes 30.4.2009 г. 17:04:17

AESCN.DLL : 8.1.1.10 127348 Bytes 12.4.2009 г. 00:22:55

AERDL.DLL : 8.1.1.3 438645 Bytes 29.10.2008 г. 15:24:41

AEPACK.DLL : 8.1.3.14 397685 Bytes 18.4.2009 г. 04:41:43

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.2.2009 г. 17:01:56

AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25.4.2008 г. 04:41:53

AEHELP.DLL : 8.1.2.2 119158 Bytes 26.2.2009 г. 17:01:56

AEGEN.DLL : 8.1.1.39 348532 Bytes 24.4.2008 г. 04:41:36

AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 г. 11:32:40

AECORE.DLL : 8.1.6.9 176500 Bytes 15.4.2009 г. 04:41:21

AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 г. 11:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 г. 05:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 г. 07:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 г. 11:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 г. 07:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 28.4.2009 г. 08:02:45

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 г. 07:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 г. 12:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.2.2009 г. 05:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 г. 07:32:10

RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09.2.2009 г. 08:45:45

RCTEXT.DLL : 9.0.37.0 86785 Bytes 28.4.2009 г. 08:02:45

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, E:, F:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: 02 Май 2009 г. 22:28

 

Starting search for hidden objects.

'25127' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'skypePM.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'FType2K.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'daemon.exe' - '1' Module(s) have been scanned

Scan process 'Babylon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'PDVD9Serv.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'VMSnap23.exe' - '1' Module(s) have been scanned

Scan process 'Domino.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

35 processes with 35 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '63' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'E:\'

Begin scan in 'F:\'

 

 

End of the scan: 02 Май 2009 г. 22:48

Used time: 19:36 Minute(s)

 

The scan has been done completely.

 

4892 Scanned directories

172017 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

172015 Files not concerned

1049 Archives were scanned

2 Warnings

1 Notes

25127 Objects were scanned with rootkit scan

0 Hidden objects were found

 

забравих да кажа че сканирам и с Malwarebytes Anti-Malware

 

Ccleaner-registry

registry.txt

[VIS]

Изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно.

Изтегли Autoruns, след това стартирай програмата и направи следното:

1) избери Options -> Hide Microsoft and Windows Entries;

2) кликни File -> Refresh;

3) кликни File -> Export...;

4) запази файла някъде и след това го прикачи към темата или му копирай съдържанието.

[jandar]

HijackThis Logfile of HijackThis v1.99.1

Scan saved at 02:30:44, on 04.5.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Domino.exe

C:\WINDOWS\VMSnap23.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

F:\programs install\Babylon\Babylon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Datecs\FlexType 2K\FType2K.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\CometBird\CometBird.exe

F:\programs install\DANGERS\DANGERS.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O4 - HKLM\..\Run: [bigDogPath323Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [bigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [babylon Client] F:\programs install\Babylon\Babylon.exe -AutoStart

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PUSH Wallpaper] F:\installirani\Watery Desktop 3D\Watery Desktop 3D.exe s

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://F:\programs install\Babylon\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O17 - HKLM\System\CCS\Services\Tcpip\..\{069BED30-8EF9-4115-81EE-C8EF31C1EE66}: NameServer = 83.143.183.7 83.143.183.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ avgnt Antivirus System Tray Tool Avira GmbH c:\program files\avira\antivir desktop\avgnt.exe

+ Babylon Client Babylon Information Tool Babylon Ltd. f:\programs install\babylon\babylon.exe

+ BigDogPath323Domino Vimicro Vimicro c:\windows\domino.exe

+ BigDogPath323VMSnap c:\windows\vmsnap23.exe

+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ NvMediaCenter NVIDIA Media Center Library NVIDIA Corporation c:\windows\system32\nvmctray.dll

+ nwiz NVIDIA nView Wizard, Version 111.94 NVIDIA Corporation c:\windows\system32\nwiz.exe

+ PDVD9LanguageShortcut PowerDVD Language Application CyberLink Corp. c:\program files\cyberlink\powerdvd9\language\language.exe

+ RemoteControl9 PowerDVD RC Service CyberLink Corp. c:\program files\cyberlink\powerdvd9\pdvd9serv.exe

+ RTHDCPL Realtek HD Audio Control Panel Realtek Semiconductor Corp. c:\windows\rthdcpl.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

+ FlexType 2K.lnk c:\program files\datecs\flextype 2k\ftype2k.exe

C:\Documents and Settings\User\Start Menu\Programs\Startup

+ StartupFaster File not found: C:\Documents and Settings\User\Start Menu\Programs\Startup\StartupFaster

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ BitComet File not found: C:\Program Files\BitComet\BitComet.exe

+ DAEMON Tools Lite DAEMON Tools Lite DT Soft Ltd c:\program files\daemon tools lite\daemon.exe

+ PUSH Wallpaper File not found: F:\installirani\Watery Desktop 3D\Watery Desktop 3D.exe s

+ Skype Skype Skype Technologies S.A. c:\program files\skype\phone\skype.exe

HKLM\SOFTWARE\Classes\Protocols\Handler

+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

+ Shell Extension for Malware scanning AntiVirus context menu Avira GmbH c:\program files\avira\antivir desktop\shlext.dll

+ Trojan Remover File not found: F:\INSTAL~1\YOURUN~1\TROJAN~1\Trshlex.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation f:\programs install\malwarebytes' anti-malware\mbamext.dll

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

+ jetAudio Shell Extension for jetAudio COWON America c:\program files\jetaudio\jetflext.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

+ jetAudio Shell Extension for jetAudio COWON America c:\program files\jetaudio\jetflext.dll

+ MBAMShlExt Malwarebytes' Anti-Malware Malwarebytes Corporation f:\programs install\malwarebytes' anti-malware\mbamext.dll

+ Shell Extension for Malware scanning AntiVirus context menu Avira GmbH c:\program files\avira\antivir desktop\shlext.dll

+ Trojan Remover File not found: F:\INSTAL~1\YOURUN~1\TROJAN~1\Trshlex.dll

+ WinRAR c:\program files\winrar\rarext.dll

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

+ 00nView NVIDIA Desktop Explorer, Version 111.94 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ NvCplDesktopContext NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop Explorer NVIDIA Desktop Explorer, Version 111.94 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 111.94 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ jetAudio Shell Extension for jetAudio COWON America c:\program files\jetaudio\jetflext.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 111.94 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ Shell Extension for Malware scanning AntiVirus context menu Avira GmbH c:\program files\avira\antivir desktop\shlext.dll

+ Trojan Remover Shell Extension File not found: F:\INSTAL~1\YOURUN~1\TROJAN~1\Trshlex.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ Skype add-on (mastermind) Skype add-on for IE Skype Technologies S.A. c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

HKLM\System\CurrentControlSet\Services

+ AntiVirSchedulerService Service to schedule Avira AntiVir Personal - Free Antivirus jobs and updates. Avira GmbH c:\program files\avira\antivir desktop\sched.exe

+ AntiVirService Offers permanent protection against viruses and malware with the AntiVir search engine. Avira GmbH c:\program files\avira\antivir desktop\avguard.exe

+ getPlus® Helper getPlus® Helper NOS Microsystems Ltd. c:\program files\nos\bin\getplus_helpersvc.exe

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ PnkBstrA PunkBuster Service Component [v1028] http://www.evenbalance.com c:\windows\system32\pnkbstra.exe

+ PnkBstrB PunkBuster Service Component [v1.805 PBSVC] http://www.evenbalance.com c:\windows\system32\pnkbstrb.exe

HKLM\System\CurrentControlSet\Services

+ AtcL001 Attansic L1 Gigabit Ethernet Controller ndis miniport driver Attansic Technology corporation. c:\windows\system32\drivers\atl01_xp.sys

+ avgio Avira AntiVir Support for Minifilter Avira GmbH c:\program files\avira\antivir desktop\avgio.sys

+ avgntflt Avira files mini-filter driver Avira GmbH c:\windows\system32\drivers\avgntflt.sys

+ avipbb Avira's Driver for RootKit Detection Avira GmbH c:\windows\system32\drivers\avipbb.sys

+ catchme File not found: C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys

+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys

+ EagleNT File not found: C:\WINDOWS\system32\drivers\EagleNT.sys

+ HDAudBus High Definition Audio Bus Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys

+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys

+ InCDPass File not found: system32\drivers\InCDPass.sys

+ InCDRm File not found: system32\drivers\InCDRm.sys

+ IntcAzAudAddService Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys

+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys

+ Maplom Maplom.sys SlySoft Inc. c:\windows\system32\drivers\maplom.sys

+ MaplomL Maplom.sys SlySoft Inc. c:\windows\system32\drivers\maploml.sys

+ MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.24 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys

+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys

+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys

+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys

+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys

+ PPDrv File not found: C:\Protector Plus\PPDrv.sys

+ PPEMSCAN File not found: C:\Protector Plus\PPEMSCAN.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ sptd c:\windows\system32\drivers\sptd.sys

+ ssmdrv Avira Snapshot Driver Avira GmbH c:\windows\system32\drivers\ssmdrv.sys

+ vmfilter323 VC323, MRD, Feature(VGA), FaceTracking Vimicro Corporation c:\windows\system32\drivers\vmfilter323.sys

+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

+ ZSMC326 VM323 Video Driver Vimicro Corporation c:\windows\system32\drivers\usbvm323.sys

[VIS]

Я за пробата: Start menu -> Run -> Msconfig -> Startup -> Махни отметките на:

O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Babylon Client] F:\programs install\Babylon\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PUSH Wallpaper] F:\installirani\Watery Desktop 3D\Watery Desktop 3D.exe s
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

-> Apply -> Ok -> Рестартирай и виж дали пак е така.

[jandar]

Направих всичко което ми каза,надявам се компютърът ми да е чист. Проблемите с иконите си остава при рестарт пак стават бели листа и после стават както трябва да са. Малко ме дразни,но е ефектно? Огромни БЛАГОДАРНОСТИ на V I S за търпението и компетентноста му. БЛАГОДАРЯ на сайта че го има за непросветените като мен.

[Night_Raven]

Изтегли ESET SysInspector и:

1) стартирай я и изчакай да събере информацията;

2) меню File -> Save Log;

3) потвърди с Yes;

4) не променяй изходния ZIP формат, запази файла на удобно за теб място и го прикачи после към коментара си (не го разархивирай).

[jandar]

Голям зор докато го изтегля,mozila,cometbird,internet explorer. Недава и недава security warning? Пипах в настроиките на explorer, downloads; enable,enable,enable. и така стана.SysInspector_USER_9001F7E165_090505_2043.zip

[Night_Raven]

Ако в момента за тапет ползваш JPG, бих ти предложил да го смениш с BMP файл. Ако държиш да ползваш същия, го конвертирай в BMP и си го постави отново него.

 

Не е желателно да стартираш ComboFix, освен ако не си бил посъветван за това изрично. Това не е инструмент за профилактично сканиране.

Инструменти за профилактично сканиране, които ще ти препоръчам да ползва сега са SUPERAntiSpyware Free и Malwarebytes' Anti-Malware.

 

Сканирай с тях, като не пропускай да ги обновиш:

 

За SUPERAntiSpyware:

- стартирай програмата;

- кликни бутон Scan your Computer;

- вляво избери само дял C:, а вдясно избери Perform Complete Scan;

- кликни Next и изчакай да сканира;

- кликни Next, за да се премахнат гадинките и накрая Finish;

- кликни бутон Preferences... и иди на подпрозорец Statistics/Logs, маркирай последния лог и кликни бутон View Log...;

- копирай съдържанието му тук.

 

За Malwarebytes' Anti-Malware:

- стартирай програмата;

- избери Perform quick scan и кликни бутон Scan;

- като приключи сканирането кликни бутон Remove Selected;

- ще се появи текстов файл (лог), копирай съдържанието му тук.

 

Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага.

 

Допълнителен съвет: препоръчително е да разкараш боклука FlexType и да ползваш кирилицата на Windows. Информация как да се премахне FlexType и да се почисти след това има из форума.

[jandar]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/06/2009 at 09:14 AM

 

Application Version : 4.26.1002

 

Core Rules Database Version : 3879

Trace Rules Database Version: 1827

 

Scan type : Complete Scan

Total Scan Time : 00:08:44

 

Memory items scanned : 418

Memory threats detected : 0

Registry items scanned : 5283

Registry threats detected : 0

File items scanned : 10549

File threats detected : 5

 

Adware.Tracking Cookie

C:\Documents and Settings\User\Cookies\user@ads.kaldata[1].txt

C:\Documents and Settings\User\Cookies\user@imrworldwide[2].txt

C:\Documents and Settings\User\Cookies\user@apmebf[1].txt

C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt

C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt

 

 

Malwarebytes' Anti-Malware 1.36

Версия на базата от данни: 2080

Windows 5.1.2600 Service Pack 3

 

06.5.2009 г. 09:27:47

mbam-log-2009-05-06 (09-27-47).txt

 

Тип сканиране: Бързо сканиране

Сканирани обекти: 73795

Изминало време: 51 second(s)

 

Заразени процеси в паметта: 0

Заразени модули в паметта: 0

Заразени ключове в регистратурата: 0

Заразени стойности в регистратурата: 0

Заразени информационни обекти в регистратурата: 1

Заразени папки: 0

Заразени файлове: 0

 

Заразени процеси в паметта:

(Не бяха открити заплахи)

 

Заразени модули в паметта:

(Не бяха открити заплахи)

 

Заразени ключове в регистратурата:

(Не бяха открити заплахи)

 

Заразени стойности в регистратурата:

(Не бяха открити заплахи)

 

Заразени информационни обекти в регистратурата:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Заразени папки:

(Не бяха открити заплахи)

 

Заразени файлове:

(Не бяха открити заплахи)

 

 

Махнах тапета и сложих BMP. За Flex Type четох в форума,но аз нямам диска с windowsXP SP3 трябва ли да го изтегля от някъде и да го запиша на диск за да направя нужната деинсталация.