HiJackThis/Log :Оптимизация/Анализ/Ревю

31 юли 200916 г.

Пускам си компютъра и нали зареди и преди да покаже Welcome започна да ми излиза някакъв Error Bad Image , как мога да го премахна и повече да не ми излиза,защото например отварям Firefox и ми изиза : ВИЖТЕ КАКВО

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:13:30 PM, on 7/31/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\drivers\services.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\TEMP\System.exe

C:\WINDOWS\system32\drivers\services.exe

C:\Documents and Settings\LocalService\svchost.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\drivers\services.exe

C:\Documents and Settings\Stefan\svchost.exe

C:\Program Files\GRETECH\Datecs\FlexType 2K\FType2K.exe

C:\Documents and Settings\Stefan\Start Menu\Programs\Startup\userinit.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\HiJackThis\post.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (file missing)

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvUkLFya.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: qs Class - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - C:\Program Files\altcmd\altcmd32.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll (file missing)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [uUSEE] "C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe"

O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min

O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE

O4 - HKLM\..\Run: [Windows Updater] C:\WINDOWS\TEMP\System.exe

O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE

O4 - HKLM\..\Run: [sYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe

O4 - HKLM\..\Run: [RUNDLL32] C:\WINDOWS\TEMP\rundll32.exe

O4 - HKLM\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\Stefan\svchost.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray

O4 - HKCU\..\Run: [sMS by Jeko Ianev] C:\Program Files\sms\sms.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] D:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe

O4 - HKCU\..\Run: [winlogon] C:\Documents and Settings\Stefan\svchost.exe

O4 - HKUS\S-1-5-18\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [winlogon] C:\Documents and Settings\LocalService\svchost.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (User 'Default user')

O4 - Startup: Indigo Prophecy Registration.lnk = C:\WINDOWS\Installer\MSI1B17.tmp

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: userinit.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\GRETECH\Datecs\FlexType 2K\FType2K.exe

O4 - Global Startup: Orbit.lnk = D:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &С&валяне &с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &С&валяне на всички с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &С&валяне на всичкото видео с BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll

O20 - Winlogon Notify: wvUkLFya - C:\WINDOWS\SYSTEM32\wvUkLFya.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe

--

End of file - 9030 bytes

Редактирано 31 юли 200916 г. от Luccas (преглед на промените)

31 юли 200916 г.

Luccas, системата Ви е сериозно инфектирана. Моля, следвайте инструкциите ми:

Стъпка 1:

Сега, изтеглете ATF Cleaner

Запазете го на вашия десктоп.

Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата.
Кликнете на Select All, който се намира в най-долната част на списъка.
Кликнете на бутона Empty Selected.

Ако използвате браузъра Mozilla Firefox, направете следното:

Кликнете върху Firefox, който се намира в началото и изберете Select All от списъка.
Кликнете на бутона Empty Selected.
Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.

Ако използвате браузъра Opera, направете следното:

Кликнете върху Opera който се намира в началото и изберете Select All от списъка.
Кликнете на бутона Empty Selected.
Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.

Кликнете на бутона Exit, който се намира в главното меню, за да затворите програмата.

Стъпка 2:

Изтеглете Malwarebytes' Anti-Malware от тук

Кликнете два пъти върху mbam-setup.exe за да инсталирате програмата.

* Уверете се, че има отметки на Update Malwarebytes' Anti-Malware и Launch Malwarebytes' Anti-Malware, след това кликнете на Finish.
* Ако има намерени по-нови обновления, тя ще ги изтегли и инсталира.
* Стартирайте програмата и изберете "Perform Full Scan", след това кликнете на Scan.
* Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
* Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
* Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
* Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

Бележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра Ви и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

Стъпка 3:

Създайте нов лог файл от HijackThis и го поставете в следващия си пост.

1 август 200916 г.

Malwarebytes' Anti-Malware 1.39

Database version: 2537

Windows 5.1.2600 Service Pack 2

8/1/2009 2:02:21 PM

mbam-log-2009-08-01 (14-02-21).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 150354

Time elapsed: 4 hour(s), 14 minute(s), 21 second(s)

Memory Processes Infected: 4

Memory Modules Infected: 1

Registry Keys Infected: 24

Registry Values Infected: 10

Registry Data Items Infected: 5

Folders Infected: 9

Files Infected: 32

Memory Processes Infected:

C:\Documents and Settings\Stefan\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Documents and Settings\LocalService\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

C:\Documents and Settings\Stefan\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

C:\WINDOWS\system32\drivers\services.exe (Trojan.Agent) -> Unloaded process successfully.

Memory Modules Infected:

C:\WINDOWS\system32\wvUkLFya.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuklfya (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\iyhflbzh1.qs (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7feed193-7a48-f7b6-984f-c603ce1de99b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8a555e0e-6240-dd93-198d-45f571d4fd9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8a555e0e-6240-dd93-198d-45f571d4fd9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a555e0e-6240-dd93-198d-45f571d4fd9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\iyhflbzh1.qs.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{04b31ee9-ec66-4ced-8ff4-a9e7e22d1d8b} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{6e4fada4-d0b3-4e2d-ae91-646a7ca0f311} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d69c5018-e03f-4cc4-9e6b-e798f70d72d5} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{60422bd5-70f0-4edf-9aef-3267c4db3770} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{731b8592-4001-46d4-b1a5-33ec792b4501} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{731b8682-4001-46d4-b1a5-33ec792b4501} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\altcompare (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sms by jeko ianev (Worm.P2P) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UUSEE (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Updater (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\drivers\services.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\drivers\services.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.QHost) -> Data: c:\windows\system32\wowfx.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.QHost) -> Data: system32\wowfx.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\altcmd (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Stefan\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Documents and Settings\Stefan\Local Settings\Application Data\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\application data\DoubleD\JuicyAccess Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\application data\DoubleD\juicyaccess toolbar\4.1.4.20920 (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\application data\DoubleD\juicyaccess toolbar\4.1.4.20920\bin (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\wvUkLFya.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Program Files\altcmd\altcmd32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\application data\DoubleD\juicyaccess toolbar\4.1.4.20920\bin\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\Temp\tmp0000b381 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\Temp\tmp0000d0bd (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\Temp\tmp0000ec44 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\Temp\tmp0000f7ae (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\stbup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\program files\SopCast\codec\h264dec.ax (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\program files\SopCast\codec\mpeg2dmx.ax (Backdoor.Bot) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\awttqrSK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\ddcYqrSI.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\tuvwWnki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

d:\system volume information\_restore{15668112-3435-4a8a-8049-61d8347a3d3f}\RP57\A0035632.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\program files\altcmd\altcmd.inf (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files\altcmd\uninstall.bat (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.

c:\documents and settings\Stefan\local settings\temporary internet files\{5617eca9-488d-4ba2-8562-9710b9ab78d2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\services.exe (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Stefan\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Stefan\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\digest32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wowfx.dll (Trojan.QHost) -> Quarantined and deleted successfully.

c:\userinit.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\System.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\system32\snapapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

ето и от HiJack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:16:17 PM, on 8/1/2009