Разкарай вируса, дето твърди, че е антивирус, и после изчисти Temp-файловете с CCleaner + SBMAV Disk Cleaner.

Алтернатива на CCleaner е ATF-Cleaner

Download:

http://www.atribune.org/public-beta/ATF-Cleaner.exe

Поздрави!

P.S: Само внимавайте с чистенето на Prefetch папката

Редактирано 27 юни 200817 г. от Fix (преглед на промените)

Алтернатива на CCleaner е ATF-Cleaner

Download:

http://www.atribune.org/public-beta/ATF-Cleaner.exe

Поздрави!

P.S: Само внимавайте с чистенето на Prefetch папката

Защо да внимава,даже самия Windows изчиства стари данни в Prefetch папката за по-добра производителност .Ето малко инфо :Цък

ATF-Cleaner не е алтернатива на CCleaner , единия само почиства от ненужни файлове системата,а CCleaner има още няколко инструмента в него(оптимизиране на целокупността на регистрите,де-инсталатор...) .Няма да навлизам в подробности,лесно се достига до тях.

Редактирано 27 юни 200817 г. от mihnev_sz (преглед на промените)

Направих го това и сега пак не става Когато не включа компютъра под safe mode чакам по 5 минути за всяко движение на мишката. Има нещо много странно, което преди не се случваше - когато се включи РС-то се отваря една празна конзола след това след около 30 секунди се показва син екран и започва рестарт. Май има нещо по-сериозно отколкото си мислех

Направих го това и сега пак не става Когато не включа компютъра под safe mode чакам по 5 минути за всяко движение на мишката. Има нещо много странно, което преди не се случваше - когато се включи РС-то се отваря една празна конзола след това след около 30 секунди се показва син екран и започва рестарт. Май има нещо по-сериозно отколкото си мислех

http://www.kaldata.com/forums/index.php?s=...st&p=960012

AVG Free 8 също я открива и премахва без проблем.

Сваляш я от тук :

http://www.grisoft.cz/filedir/inst/avg_fre..._8_101a1327.exe

, инсталираш я , сканираш с нея и като махне проблема , можеш да я деинсталираш , или както си решиш.

Успех

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:50:27, on 27.6.2008 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://data.bg/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WinGold - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\ksisys.dll

O2 - BHO: QXK Olive - {4B1DD1F9-BC8D-403A-A5E3-3F6B9E7AADFE} - C:\WINDOWS\gfetqaxstgm.dll

O2 - BHO: (no name) - {514B017B-B3E4-437C-BE6F-595323D14060} - C:\WINDOWS\system32\urqRigEX.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: (no name) - {CB1D982E-1EC6-4DF8-84DC-DB85083A5F70} - C:\WINDOWS\system32\ddcCTkJC.dll

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: gxvpsafm - {3AF299A2-672C-4801-8D9F-025EE2C3BA66} - C:\WINDOWS\gxvpsafm.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [lphcjn1j0ee73] C:\WINDOWS\system32\lphcjn1j0ee73.exe

O4 - HKLM\..\Run: [sMrhcnn1j0ee73] C:\Program Files\rhcnn1j0ee73\rhcnn1j0ee73.exe

O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"

O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait

O4 - HKLM\..\Run: [046781c7] rundll32.exe "C:\WINDOWS\system32\ekhntjpv.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: urqRigEX - C:\WINDOWS\SYSTEM32\urqRigEX.dll

O21 - SSODL: pntqkflv - {38C773C9-A84A-40CC-AA0A-D172A62D7735} - C:\WINDOWS\pntqkflv.dll

O21 - SSODL: qegbdmwf - {22DA6EE7-1AB5-4FAD-B498-4C1CDE448DFE} - C:\WINDOWS\qegbdmwf.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--

End of file - 9862 bytes

Това е лог файла обаче сега не знам какво да правя с него

Маркирай следните обекти и избери Fix Checked:

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: WinGold - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\WINDOWS\system32\ksisys.dll

O2 - BHO: QXK Olive - {4B1DD1F9-BC8D-403A-A5E3-3F6B9E7AADFE} - C:\WINDOWS\gfetqaxstgm.dll

O2 - BHO: (no name) - {514B017B-B3E4-437C-BE6F-595323D14060} - C:\WINDOWS\system32\urqRigEX.dll

O2 - BHO: (no name) - {CB1D982E-1EC6-4DF8-84DC-DB85083A5F70} - C:\WINDOWS\system32\ddcCTkJC.dll

O3 - Toolbar: gxvpsafm - {3AF299A2-672C-4801-8D9F-025EE2C3BA66} - C:\WINDOWS\gxvpsafm.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [lphcjn1j0ee73] C:\WINDOWS\system32\lphcjn1j0ee73.exe

O4 - HKLM\..\Run: [sMrhcnn1j0ee73] C:\Program Files\rhcnn1j0ee73\rhcnn1j0ee73.exe

O4 - HKLM\..\Run: [046781c7] rundll32.exe "C:\WINDOWS\system32\ekhntjpv.dll",b

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: urqRigEX - C:\WINDOWS\SYSTEM32\urqRigEX.dll

O21 - SSODL: pntqkflv - {38C773C9-A84A-40CC-AA0A-D172A62D7735} - C:\WINDOWS\pntqkflv.dll

O21 - SSODL: qegbdmwf - {22DA6EE7-1AB5-4FAD-B498-4C1CDE448DFE} - C:\WINDOWS\qegbdmwf.dll

O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)

O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)

O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - D:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

Премахнал съм и някои от ненужните неща (според мен), които се стартират с Операционната Система.

Чрез програмката StartupLite, можеш да провериш за още такива.

За следните услуги направи следното:

Start => run => sc delete MSSQL$SONY_MEDIAMGR

Start => run => sc delete NOD32krn

Start => run => sc delete SQLAgent$SONY_MEDIAMGR

Накрая провери с MalwareBytes' Anti-Malware 1.18 !

Пробвай с тук.

Malwarebytes' Anti-Malware 1.18

Database version: 895

21:59:22 27.6.2008 г.

mbam-log-6-27-2008 (21-59-22).txt

Scan type: Full Scan (C:\|)

Objects scanned: 101348

Time elapsed: 15 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 10

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\ddcCTkJC.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\urqRigEX.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2dacb6d0-8d1a-4f6e-bbde-116007f8e59c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2dacb6d0-8d1a-4f6e-bbde-116007f8e59c} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{514b017b-b3e4-437c-be6f-595323d14060} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{514b017b-b3e4-437c-be6f-595323d14060} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrigex (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gxvpsafm.bmpe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gxvpsafm.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{514b017b-b3e4-437c-be6f-595323d14060} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcctkjc -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ddcctkjc -> Delete on reboot.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ddcCTkJC.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\CJkTCcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\CJkTCcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqRigEX.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\rncmekmb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Това е след анти-малуер скан дано да помогне

Поправи ли нещата в HijackThis?

Има ли подобрение ?

Няма да е лошо да провериш с Combofix, Smitfraudfix, Vundofix и да дадеш нов лог от HijackThis.

http://www.kaldata.com/forums/index.php?s=...st&p=877249

Направих всичко, което ми написа и включих РС-то този път не под safe mode и като че ли нищо не съм правил. Просто се включва и не мога да натисна нищо защото веднага зацепва и трябва да го рестартирам не знам какво му стана

Защо просто не форматираш.. и след това не си забраниш Ъпдейта от уиндоус и да го качваш ръчно, чрез някоя програмка..и разбира се, да внимаваш какво теглиш...

Според мен имаш проблем с Vundo. Опитай да сканираш с някои от тези инструменти:

http://www.kaldata.com/forums/index.php?sh...5&start=105

Успех! И все пак ако преинсталираш направи си един бекъп на драйвърите с : http://www.download.bg/index.php?cls=progr...t&id=409713

Ето го лога от hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:25:44, on 28.6.2008 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

D:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe

C:\Program Files\Trend Micro\HijackThis\hjt.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kaldata.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {514B017B-B3E4-437C-BE6F-595323D14060} - C:\WINDOWS\system32\urqRigEX.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O2 - BHO: (no name) - {EEADE4F9-E68A-4EE1-B519-B65533576B25} - C:\WINDOWS\system32\ddcCTkJC.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [lphcjn1j0ee73] C:\WINDOWS\system32\lphcjn1j0ee73.exe

O4 - HKLM\..\Run: [sMrhcnn1j0ee73] C:\Program Files\rhcnn1j0ee73\rhcnn1j0ee73.exe

O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"

O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O20 - Winlogon Notify: urqRigEX - C:\WINDOWS\SYSTEM32\urqRigEX.dll

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe

--

End of file - 8741 bytes

Вижте сега какво е положението - компютъра ми е още в гаранция така че не трябва да му преинсталирам Windows-a. Но ако го дам на сервиза им има да чакам 1 месец, а пък аз се надявам ако може да помогнете и да го оправя сам Но каквото и да правя когато включа РС-то без сейф мод нищо не става. Просто зацепва и трябва да рестартирам Ако мислите че е сериозно положението и се налага да го давам на сервиз ОК, но все пак искрено се надявам да може да се направи нешо по въпроса

P.S. След малко ще дам лог файла от анти малуер

ето го и него:

Malwarebytes' Anti-Malware 1.18

Database version: 895

13:47:03 28.6.2008 г.

mbam-log-6-28-2008 (13-47-03).txt

Scan type: Quick Scan

Objects scanned: 63744

Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 7

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\ddcCTkJC.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\WINDOWS\system32\urqRigEX.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eeade4f9-e68a-4ee1-b519-b65533576b25} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{eeade4f9-e68a-4ee1-b519-b65533576b25} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{514b017b-b3e4-437c-be6f-595323d14060} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{514b017b-b3e4-437c-be6f-595323d14060} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrigex (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{514b017b-b3e4-437c-be6f-595323d14060} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ddcCTkJC.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\CJkTCcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\CJkTCcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\urqRigEX.dll (Trojan.Vundo) -> Delete on reboot.

C:\Documents and Settings\user\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\user\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

1. Отвори ADD/Remove programs и деинсталирай:

*Crawler Toolbar...

*Kaspersky Anti-Virus Personal Pro - май е доста вехта версия и PANDA Internet Security =>

2. Копирай това в Notepad:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""

Запази файла с име Fixme.reg и го стартирай за да оправи проблема - "R3 - Default URLSearchHook is missing"

3. В HijackThis сложи отметки на следните редове и избери Fix Checked;

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {514B017B-B3E4-437C-BE6F-595323D14060} - C:\WINDOWS\system32\urqRigEX.dll

O2 - BHO: (no name) - {EEADE4F9-E68A-4EE1-B519-B65533576B25} - C:\WINDOWS\system32\ddcCTkJC.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [lphcjn1j0ee73] C:\WINDOWS\system32\lphcjn1j0ee73.exe

O4 - HKLM\..\Run: [sMrhcnn1j0ee73] C:\Program Files\rhcnn1j0ee73\rhcnn1j0ee73.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)

O20 - Winlogon Notify: urqRigEX - C:\WINDOWS\SYSTEM32\urqRigEX.dll

НИЩО НЕ СИ ПОПРАВИЛ ОТ ПРЕДИШНИЯ ЛОГ !!! Добавил съм и някои ненужни неща стартиращи с Операционната Система нямащи връзка със заразата на машината, а по-скоро ще се ускори малко стартирането на Windows.

Потърси и ръчно за следните файлове и ги изтрий: - ако са заключени използвай FileASSASSIN от Malwarebytes' Anti-Malware 1.18 за да ги изтриеш:

C:\WINDOWS\system32\lphcjn1j0ee73.exe

C:\Program Files\rhcnn1j0ee73\rhcnn1j0ee73.exe

Сега след като си деинсталирал Kaspersky и PANDA, както препоръчах по-нагоре си инсталирай Avira AntiVir Personal 8.1.0.295 и и направи следните настройки...

Avira => configuration => сложи отметка пред expert mode

Scanner:

Scan =>

Files => All files

Additional settings => всички отметки

Action for concerning files

Automatic

Copy file to quarantine

primary action => repair

secondary action => delete

Further action => махаш отметката пред Acoustic Alert

Archives => All archives types

Heuristic => тук е по-желание...колкото по-голяма е нивото на евристиката, толкова повече фалшиви тревоги можеш да очакваш и все пак аз съм избрал High detection level.Предпочитам програмата да ме предупреждава и аз да преценя, какво ще е бъдещето на дадения файл...

GUARD:

Files => All files

Archives => scan archives

Action for concerning files => махаш отметката пред Acoustic Alert

Heuristic => ситуацията е същата

General:

Extended threat categories => select all

Security => всички отметки (първата можеш да я махнеш, аз съм премахнал първата, защото нежелая програмата да ми напомня да обновя приложението)

Преди да я пуснеш да сканира направи обаче това:

1. Спри System Restore и почисти стартите точки за възстановяване:

Десен бутон на My Computer => Properties => System Restore => слагаш отметка пред Turn Off System Restore

Start => run => cleanmgr => More Options => System Restore => Clean UP

2. Почисти си кеша след сърфирането с браузърите:

CCleaner

3. Пусни пълна проверка с AVIRA (с новите настройки тя ще изтрие намерените напасти без да те тормози с диалогови прозорци).

4. Ако проблемите останат - още си чакам логовете от проверката с SmitfraudFix, COMBOFIX, SDFIX и Vundofix, както и нов лог от HijackThis => да видим дали ТОЗИ ПЪТ си го почистил.

Ако не следваш упътванията спирам да пиша, защото няма смисъл да продължаваме така !

Редактирано 28 юни 200817 г. от B-boy[StyLe] (преглед на промените)

когато въведа cleanmgr ми се показва само прозорче кой харддраив искам да почистя, а няма повече опции

Избираш кой дял да почистиш(В случая C:) => Чакаш => и след това ще ти изкара опции .

2. Ако още не си изтрил файловете които ти каза B-Boy , може ли да ми ги изпратиш на мейла за анализ?

email: [email protected]

3 . Лог файл от Combofix , SmitFraudFix , VundoFix не виждам ..

Avira AntiVir Personal

Report file date: 30 Юни 2008 г. 09:10

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode with network

Username: Administrator

Computer name: USER-EEB2A36EFE

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09.4.2008 г. 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.3.2008 г. 08:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07.2.2008 г. 07:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28.2.2008 г. 07:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21.2.2008 г. 07:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 г. 09:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.3.2008 г. 12:08:58

ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21.3.2008 г. 18:12:34

ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25.3.2008 г. 07:27:50

Engineversion : 8.1.0.28

AEVDF.DLL : 8.1.0.5 102772 Bytes 25.2.2008 г. 08:58:21

AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07.4.2008 г. 14:34:44

AESCN.DLL : 8.1.0.12 115060 Bytes 07.4.2008 г. 14:34:44

AERDL.DLL : 8.1.0.19 418164 Bytes 07.4.2008 г. 14:34:44

AEPACK.DLL : 8.1.1.0 364918 Bytes 18.3.2008 г. 10:20:42

AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07.4.2008 г. 14:34:44

AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07.4.2008 г. 14:34:44

AEHELP.DLL : 8.1.0.11 115061 Bytes 07.4.2008 г. 14:34:43

AEGEN.DLL : 8.1.0.15 299379 Bytes 07.4.2008 г. 14:34:43

AEEMU.DLL : 8.1.0.5 430450 Bytes 07.4.2008 г. 14:34:43

AECORE.DLL : 8.1.0.25 168309 Bytes 08.4.2008 г. 08:58:32

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.1.2008 г. 16:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18.2.2008 г. 09:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16.4.2007 г. 12:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 23.1.2008 г. 16:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12.2.2008 г. 07:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.2.2008 г. 07:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.1.2008 г. 16:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.1.2008 г. 16:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 25.1.2008 г. 11:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.3.2008 г. 13:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06.3.2008 г. 11:02:11

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: delete

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, E:, F:, Z:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: 30 Юни 2008 г. 09:10

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

15 processes with 15 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '29' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\'

D:\Program Files\English\Energy for Bulgaria\Energy_Linux

[DETECTION] Contains suspicious code HEUR/ELF.Malformed

[NOTE] The fund was classified as suspicious.

[NOTE] A backup was created as '48cd813b.qua' ( QUARANTINE )

Begin scan in 'E:\'

Begin scan in 'F:\'

Search path F:\ could not be opened!

The device is not ready.

Begin scan in 'Z:\'

Search path Z:\ could not be opened!

The device is not ready.

End of the scan: 30 Юни 2008 г. 09:51

Used time: 40:58 min

The scan has been done completely.

6871 Scanning directories

197628 Files were scanned

0 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

197628 Files not concerned

2836 Archives were scanned

1 Warnings

1 Notes

Това е лога от АВИРА

sifon4o, не знам до къде сте стигнали с B-Boy, но ето ти нещо с което да изтриеш вируса:

http://www.spywareremove.com/removeAntivirus2008.html

Просто следвай стъпките внимателно и чети всичко.

B-Boy мнооооооооого ти благодаря за помощта в момента не съм под safe mode Обаче това което ме притеснява е че на десктопа все още си седи това съобщение за spyware-а Компютъра се включва мноого бавно, налага ми се да чакам по 3-4 минути след като ми се включи, но нали все пак вече тръгва

B-Boy мнооооооооого ти благодаря за помощта в момента не съм под safe mode Обаче това което ме притеснява е че на десктопа все още си седи това съобщение за spyware-а Компютъра се включва мноого бавно, налага ми се да чакам по 3-4 минути след като ми се включи, но нали все пак вече тръгва

Нека видим сега какво е положението:

Изтегли програмата HijackThis.

Преименувай я на HJTInstall.

Стартирай я и избери Do a system scan and save a logfile.

Копирай съдържанието на текстовия файл в следващия си пост.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:59:08, on 30.6.2008 г.

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\WINDOWS\Explorer.EXE

D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

C:\WINDOWS\System32\svchost.exe

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Games\CS_1.6\HJTInstall.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s1.bg.gladiatus.com/game/index.php?...a2a6f5607d241b4

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

O23 - Service: AVP Control Centre Service (AVPCC) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)

--

End of file - 8223 bytes

Ето го лога

SmitFraudFix v2.301

Scan done at 12:18:09,56, 30.06.2008 Ј.

Run from D:\Program Files\Smitfraudfix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\WINDOWS\Explorer.EXE

D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE

C:\WINDOWS\System32\svchost.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport

DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{24E272E0-BD3F-4D52-8D75-86F1F3FA225D}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{24E272E0-BD3F-4D52-8D75-86F1F3FA225D}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{24E272E0-BD3F-4D52-8D75-86F1F3FA225D}: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Това беше лога от smitfraudfix

Стартирай HJTInstall и избери Do a system scan only и сложи отметка на това:

O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe

Избери Fix Checked.

След това направи и една оптимизация на твоя Windows и ще придобие положителна промяна:

Оптимизация на операционните системи Microsoft Windows

ComboFix 08-06-20.4 - user 2008-06-30 12:25:09.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.636 [GMT 3:00]

Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\Downloaded Program Files\setup.inf

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\pejatrfg.ini

.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))

.

2008-06-30 12:18 . 2008-06-30 12:18 2,522 --a------ C:\WINDOWS\system32\tmp.reg

2008-06-30 10:33 . 2008-06-30 10:33 <DIR> d-------- C:\Program Files\Avira

2008-06-28 14:34 . 2008-06-30 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-28 14:14 . 2008-06-28 14:14 156 --a------ C:\Fixme.reg

2008-06-27 22:35 . 2006-06-03 08:42 4,184,634 --a------ C:\Documents and Settings\Administrator\Dr.Web-г­ЁўҐаб «­ зЁбв зЄ .exe

2008-06-27 22:11 . 2008-06-27 22:11 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes

2008-06-27 21:15 . 2008-06-27 21:15 91,520 --a------ C:\WINDOWS\system32\mdpxxxye.dll

2008-06-27 20:47 . 2008-06-27 20:47 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-27 20:43 . 2008-06-27 20:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-27 20:43 . 2008-06-27 20:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-06-27 20:43 . 2008-06-27 20:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2008-06-27 20:43 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys

2008-06-27 20:43 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-06-27 18:03 . 2008-06-27 18:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson

2008-06-27 15:00 . 2008-06-27 15:00 <DIR> d-------- C:\Program Files\CCleaner

2008-06-27 14:56 . 2008-06-27 14:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\rhcnn1j0ee73

2008-06-27 14:53 . 2008-06-27 14:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Thinstall

2008-06-27 14:51 . 2008-06-27 14:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX

2008-06-27 13:12 . 2008-06-28 14:05 <DIR> d-------- C:\Program Files\Crawler

2008-06-27 13:12 . 2008-06-27 13:22 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator

2008-06-27 12:54 . 2008-06-27 12:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback

2008-06-26 20:38 . 2008-06-26 20:38 <DIR> d-------- C:\Program Files\InCode Solutions

2008-06-26 20:17 . 2008-06-28 15:27 <DIR> d-------- C:\Documents and Settings\Administrator

2008-06-26 16:05 . 2008-06-26 16:05 <DIR> d-------- C:\Documents and Settings\user_2\Application Data\Sony Ericsson

2008-06-26 16:05 . 2008-06-26 16:05 <DIR> d-------- C:\Documents and Settings\user_2\Application Data\rhcnn1j0ee73

2008-06-26 15:53 . 2008-06-26 15:53 <DIR> d-------- C:\Program Files\Kaspersky Lab

2008-06-26 15:53 . 2008-06-26 15:54 <DIR> d-------- C:\Program Files\Common Files\KAV Shared Files

2008-06-26 15:42 . 2008-06-26 15:42 <DIR> d-------- C:\Documents and Settings\user\Application Data\rhcnn1j0ee73

2008-06-26 15:42 . 2008-06-27 22:11 90,838 --a------ C:\WINDOWS\system32\phcjn1j0ee73.bmp

2008-06-26 15:42 . 2008-06-27 22:11 60,928 --a------ C:\WINDOWS\system32\blphcjn1j0ee73.scr

2008-06-21 16:40 . 2008-06-21 16:40 <DIR> d-------- C:\Documents and Settings\user\Application Data\Thinstall

2008-06-14 18:20 . 2006-11-30 15:14 90,800 -ra------ C:\WINDOWS\system32\drivers\se45unic.sys

2008-06-14 18:20 . 2006-11-30 15:14 18,704 -ra------ C:\WINDOWS\system32\drivers\se45nd5.sys

2008-06-14 18:20 . 2006-11-30 15:14 4,128 -ra------ C:\WINDOWS\system32\drivers\se45cr.sys

2008-06-14 18:09 . 2006-11-30 15:14 88,624 -ra------ C:\WINDOWS\system32\drivers\se45mgmt.sys

2008-06-14 18:09 . 2006-11-30 15:14 86,432 -ra------ C:\WINDOWS\system32\drivers\se45obex.sys

2008-06-14 12:36 . 2006-11-30 15:14 97,088 -ra------ C:\WINDOWS\system32\drivers\se45mdm.sys

2008-06-14 12:36 . 2006-11-30 15:14 9,360 -ra------ C:\WINDOWS\system32\drivers\se45mdfl.sys

2008-06-14 12:36 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cmnt.sys

2008-06-14 12:36 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cm.sys

2008-06-14 11:31 . 2006-11-30 15:13 61,536 -ra------ C:\WINDOWS\system32\drivers\se45bus.sys

2008-06-14 11:31 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-06-14 11:31 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-06-14 11:31 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45whnt.sys

2008-06-14 11:31 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45wh.sys

2008-06-14 11:30 . 2008-06-14 11:30 <DIR> d-------- C:\Documents and Settings\user\Application Data\Teleca

2008-06-14 11:29 . 2008-06-14 11:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\Sony Ericsson

2008-06-14 11:28 . 2008-06-14 11:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Program Files\Sony Ericsson

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca

2008-06-14 11:27 . 2008-06-14 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-05-24 15:53 . 2008-05-24 15:53 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-05-24 15:53 . 2008-05-24 15:53 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-05-24 15:43 . 2008-05-24 15:43 8,192 --a------ C:\WINDOWS\REGULOCS.OLD

2008-05-15 11:22 . 2008-05-15 11:22 298 --a------ C:\WINDOWS\EReg072.dat

2008-05-14 19:47 . 2008-05-14 19:48 <DIR> d-------- C:\Program Files\3D Online Pool

2008-05-14 19:36 . 2008-05-14 19:36 20 --a------ C:\WINDOWS\mafosav.INI

2008-05-09 13:52 . 2008-05-09 13:52 <DIR> d-------- C:\Logs

2008-05-08 11:26 . 2008-05-25 16:22 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment

2008-05-05 12:41 . 2008-05-18 10:59 <DIR> d-------- C:\Documents and Settings\user\Application Data\GanymedeNet

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-28 11:12 --------- d-----w C:\Program Files\Common Files\Panda Software

2008-06-26 13:18 --------- d-----w C:\Documents and Settings\user_2\Application Data\skypePM

2008-06-26 13:13 --------- d-----w C:\Documents and Settings\user_2\Application Data\Skype

2008-06-26 12:53 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-14 17:13 --------- d-----w C:\Documents and Settings\user\Application Data\Skype

2008-06-12 20:28 --------- d-----w C:\Documents and Settings\user\Application Data\skypePM

2008-04-27 17:03 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 21:12 253,954 ----a-w C:\WINDOWS\system32\lteml14n.dll

2008-02-06 18:11 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-03-24 16:44 1,478,751 ----a-w C:\Documents and Settings\user\ghоst h4х.exe

2006-06-03 05:42 4,184,634 ----a-w C:\Documents and Settings\Administrator\Dr.Web-универсална чистачка.exe

2003-04-14 14:35 10,752 ----a-w C:\Documents and Settings\user\ghоst h4х.dll

.

------- Sigcheck -------

2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\explorer.exe

2007-01-16 23:05 1033216 42d32722b805d7df42d30487a0bcbd78 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2007-06-13 14:26 975360 31ec9657d9c76143f6e61fc19851445f C:\WINDOWS\system32\dllcache\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 12:22 7618560]

"VirtualCloneDrive"="D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 16:21 94208]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 20:00 98304]

"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 12:06 11776]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]

"NvMediaCenter"="NvMCTray.dll" [2006-06-01 12:22 86016 C:\WINDOWS\system32\nvmctray.dll]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:56 15360]

C:\Documents and Settings\user_2\Start Menu\Programs\Startup\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02 630784]

TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 22:41:18 65536]

UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 10:43:08 180224]

Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 10:43:14 155648]

C:\Documents and Settings\user\Start Menu\Programs\Startup\

RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 01:05:02 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^TransBar.lnk]

path=C:\Documents and Settings\user\Start Menu\Programs\Startup\TransBar.lnk

backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^UberIcon.lnk]

path=C:\Documents and Settings\user\Start Menu\Programs\Startup\UberIcon.lnk

backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Y'z Shadow.lnk]

path=C:\Documents and Settings\user\Start Menu\Programs\Startup\Y'z Shadow.lnk

backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVPCC]

--a------ 2003-09-08 13:53 479296 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

--a------ 2006-06-23 20:00 3394048 D:\Program Files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Felix]

--a------ 2007-09-23 13:09 321184 C:\Program Files\ScreenMates\felix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeGuard RegChecker]

--a------ 2001-09-12 15:33 24576 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-04-23 17:45 22058792 D:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"D:\\Program Files\\BitComet\\BitComet.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"D:\\Program Files\\JustVoip\\JustVoip.exe"=

"C:\\WINDOWS\\system32\\ftp.exe"=

"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=

"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"25642:TCP"= 25642:TCP:BitComet 25642 TCP

"25642:UDP"= 25642:UDP:BitComet 25642 UDP

"21089:TCP"= 21089:TCP:BitComet 21089 TCP

"21089:UDP"= 21089:UDP:BitComet 21089 UDP

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-03-26 15:35]

R2 antivirwebservice;Avira AntiVir Premium WebGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE" [2008-04-09 15:57]

R2 AVEService;Avira AntiVir Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-02-07 10:06]

R2 AVPCC;AVP Control Centre Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service []

R2 KAVMonitorService;KAV Monitor Service;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service []

R3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-09-05 04:59]

S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys []

S2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys []

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-30 12:30:31

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe

.

**************************************************************************

.

Completion time: 2008-06-30 12:33:30 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-30 09:33:26

Pre-Run: 35,619,192,832 bytes free

Post-Run: 39,687,438,336 bytes free

211 --- E O F --- 2008-04-14 19:39:11

Това беше лога от combofix

Имаш две антивирусни в реално време!

Деинсталирай една от двете и сканирай отново!