- This topic has 12 תגובות, 4 משתתפים, and was last updated לפני 15 years, 4 months by
.
-
תגובות
-
אהלן
חלונות EXPLORER קופצים עם הכתובת של SRATIM4U
POP UP BLOCKER + כל תוכנת רוגלות מאתר זה או אחר לא
הצליחו לאתר.+ משום מה הויינדווס לא מצליח לאתחל ב-SAFE MODE.
תודה ויומטוב
רועיהעלה לכאן לוג של HijackThis
אהלן
במטותא שולח את הפירוט של HIJACK THIS אם אפשר
לכוון אותי איזו תוכנה להפסיק או למחוק, תודהLogfile of HijackThis v1.99.1
Scan saved at 13:17:01, on 28/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir
Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir
Desktop\avshadow.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Java\Java
Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft
Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HijackThis\HijackThis.exeR0 – HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
https://service.isracard.co.il/I_logon.jsp
R1 – HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
R1 –
HKCU\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings,ProxyOverride = *.local
R3 – URLSearchHook: (no name) – {31c7d459-9cc3-
44f2-9dca-fc11795309b4} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-
4283-A596-FA578C2EBDC3} – C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dl
l
O2 – BHO: Java(tm) Plug-In 2 SSV Helper –
{DBC80044-A445-435b-BC74-9C25C1C588A9} –
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-
17CE-4C07-BC86-EABFE594F69C} – C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 – HKLM\..\Run: [PRONoMgr.exe] C:\Program
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 – HKLM\..\Run: [HP Software Update]
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter]
RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarI
nit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Program
Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [NokiaMusic FastStart]
"C:\Program Files\Nokia\Ovi
Player\NokiaOviPlayer.exe" /command:faststart
O4 – HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-
b109a192b4c2}] C:\Program Files\Google\Gmail
Notifier\gnotify.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 – HKLM\..\Run: [Adobe ARM] "C:\Program
Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Common Files\Java\Java
Update\jusched.exe"
O4 – HKLM\..\Run: [UserLog] C:\windows\8780.exe
O4 – HKLM\..\Run: [avgnt] "C:\Program
Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 – HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Google Update] "C:\Documents
and Settings\Bro\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 – Startup: Internet.lnk = ?
O4 – Startup: Launch Microsoft Office Outlook.lnk =
C:\Program Files\Microsoft
Office\OFFICE11\OUTLOOK.EXE
O8 – Extra context menu item: &Download with
&DAP – C:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with
DAP – C:\Program Files\DAP\dapextie2.htm
O9 – Extra button: ???? – {92780B25-18CC-41C8-
B9BE-3C9C571A8263} –
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.
DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-
82b7-f2ba38496583} – %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra 'Tools' menuitem: @xpsp3res.dll,-20001 –
{e2e2dd38-d088-4134-82b7-f2ba38496583} –
%windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
O9 – Extra button: Messenger – {FB5F1910-F110-
11d2-BB9E-00C04F795683} – C:\Program
Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger –
{FB5F1910-F110-11d2-BB9E-00C04F795683} –
C:\Program Files\Messenger\msmsgs.exe
O10 – Unknown file in Winsock LSP: c:\program
files\bonjour\mdnsnsp.dll
O11 – Options group: [INTERNATIONAL]
International*
O11 – Options group: [TABS] Tabbed Browsing
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-
444553540000} (Shockwave Flash Object) –
http://fpdownload2.macromedia.com/get/shockwav
e/cabs/flash/swflash.cab
O18 – Protocol: skype4com – {FFC8B962-9B40-
4DFF-9458-1830C7DD7F5D} –
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DL
L
O20 – Winlogon Notify: dimsntfy –
%SystemRoot%\System32\dimsntfy.dll (file missing)
O20 – Winlogon Notify: WgaLogon –
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 – SSODL: WPDShServiceObj – {AAA288BA-
9A4C-45B0-95D7-94D524869DB5} –
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 – Service: Avira AntiVir Scheduler
(AntiVirSchedulerService) – Avira GmbH –
C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService)
– Avira GmbH – C:\Program Files\Avira\AntiVir
Desktop\avguard.exe
O23 – Service: Bonjour Service – Apple Inc. –
C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: ????? Google Update
(gupdate1c9c0128bfadc2c) (gupdate1c9c0128bfadc2c)
– Unknown owner – C:\Program
Files\Google\Update\GoogleUpdate.exe" /svc (file
missing)
O23 – Service: InstallDriver Table Manager
(IDriverT) – Macrovision Corporation – C:\Program
Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 – Service: Java Quick Starter
(JavaQuickStarterService) – Unknown owner –
C:\Program Files\Java\jre6\bin\jqs.exe" -service –
config "C:\Program
Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 – Service: NBService – Nero AG – C:\Program
Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 – Service: Intel NCS NetService (NetSvc) –
Intel(R) Corporation – C:\Program
Files\Intel\NCS\Sync\NetSvc.exe
O23 – Service: NVIDIA Display Driver Service
(NVSvc) – NVIDIA Corporation –
C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP –
C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: ServiceLayer – Nokia – C:\Program
Files\Nokia\PC Connectivity
Solution\ServiceLayer.exe
O23 – Service: Spyware Terminator Realtime Shield
Service (sp_rssrv) – Crawler.com – C:\Program
Files\Spyware Terminator\sp_rsser.exeמחק את התהליכים הנ"ל
RUNDLL32.EXE
RUNDLL32.EXE
Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [UserLog] C:\windows\8780.exe
O10 – Unknown file in Winsock LSP: c:\program
אהלן
מחקתי את כולם אך עדיין קופץ
מצורפת בדיקת HIJACK שעשיתי אחריLogfile of HijackThis v1.99.1
Scan saved at 17:26:49, on 01/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Bro\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Bro\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Bro\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Uniblue\DriverScanner\DriverScanner.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Documents and Settings\Bro\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HijackThis\HJT1991.exeR0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://service.isracard.co.il/I_logon.jsp
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?
LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?
LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?
LinkId=69157
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 – URLSearchHook: (no name) – {31c7d459-9cc3-44f2-9dca-fc11795309b4} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 – HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe"
/command:faststart
O4 – HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail
Notifier\gnotify.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 – HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 – HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bro\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 – Startup: Internet.lnk = ?
O4 – Startup: Launch Microsoft Office Outlook.lnk = C:\Program Files\Microsoft
Office\OFFICE11\OUTLOOK.EXE
O8 – Extra context menu item: &Download with &DAP – C:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\Program Files\DAP\dapextie2.htm
O9 – Extra button: ???? – {92780B25-18CC-41C8-B9BE-3C9C571A8263} –
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra 'Tools' menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} –
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program
Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program
Files\Messenger\msmsgs.exe
O11 – Options group: [INTERNATIONAL] International*
O11 – Options group: [TABS] Tabbed Browsing
O16 – DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) –
http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSm artScan.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) –
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/s wflash.cab
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} –
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – Winlogon Notify: dimsntfy – %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 – Winlogon Notify: WgaLogon – C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 – SSODL: WPDShServiceObj – {AAA288BA-9A4C-45B0-95D7-94D524869DB5} –
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program
Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir
Desktop\avguard.exe
O23 – Service: ????? Google Update (gupdate1c9c0128bfadc2c) (gupdate1c9c0128bfadc2c) – Unknown owner –
C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Unknown owner – C:\Program
Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 – Service: NBService – Nero AG – C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 – Service: Intel NCS NetService (NetSvc) – Intel(R) Corporation – C:\Program
Files\Intel\NCS\Sync\NetSvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation –
C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: ServiceLayer – Nokia – C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: Spyware Terminator Realtime Shield Service (sp_rssrv) – Crawler.com – C:\Program Files\Spyware
Terminator\sp_rsser.exeשוב תודה ושבוע טוב
עדיין יש תהליכים לא רצויים הסר אותם
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O20 – Winlogon Notify: dimsntfy – %SystemRoot%\System32\dimsntfy.dll (file missing)
אהלן
מחקתי את 2 אלה + את:
R0 – HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =ועדיין קופצים….
זו התצוגה האחרונה שהוא נותן: (למחוק עוד משהו?)
Logfile of HijackThis v1.99.1
Scan saved at 00:37:08, on 02/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir
Desktop\avguard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir
Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Java\Java
Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft
Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Bro\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HijackThis\HJT1991.exeR0 – HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
https://service.isracard.co.il/I_logon.jsp
R1 – HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R3 – URLSearchHook: (no name) – {31c7d459-9cc3-
44f2-9dca-fc11795309b4} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-
4283-A596-FA578C2EBDC3} – C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dl
l
O2 – BHO: Java(tm) Plug-In 2 SSV Helper –
{DBC80044-A445-435b-BC74-9C25C1C588A9} –
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-
17CE-4C07-BC86-EABFE594F69C} – C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 – HKLM\..\Run: [PRONoMgr.exe] C:\Program
Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 – HKLM\..\Run: [HP Software Update]
C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [NokiaMusic FastStart]
"C:\Program Files\Nokia\Ovi
Player\NokiaOviPlayer.exe" /command:faststart
O4 – HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-
b109a192b4c2}] C:\Program Files\Google\Gmail
Notifier\gnotify.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
O4 – HKLM\..\Run: [Adobe ARM] "C:\Program
Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Common Files\Java\Java
Update\jusched.exe"
O4 – HKLM\..\Run: [avgnt] "C:\Program
Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 – HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Google Update] "C:\Documents
and Settings\Bro\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 – Startup: Internet.lnk = ?
O4 – Startup: Launch Microsoft Office Outlook.lnk =
C:\Program Files\Microsoft
Office\OFFICE11\OUTLOOK.EXE
O8 – Extra context menu item: &Download with
&DAP – C:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with
DAP – C:\Program Files\DAP\dapextie2.htm
O9 – Extra button: ???? – {92780B25-18CC-41C8-
B9BE-3C9C571A8263} –
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.
DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-
82b7-f2ba38496583} – %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 – Extra 'Tools' menuitem: @xpsp3res.dll,-20001 –
{e2e2dd38-d088-4134-82b7-f2ba38496583} –
%windir%\Network Diagnostic\xpnetdiag.exe (file
missing)
O9 – Extra button: Messenger – {FB5F1910-F110-
11d2-BB9E-00C04F795683} – C:\Program
Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger –
{FB5F1910-F110-11d2-BB9E-00C04F795683} –
C:\Program Files\Messenger\msmsgs.exe
O11 – Options group: [INTERNATIONAL]
International*
O11 – Options group: [TABS] Tabbed Browsing
O16 – DPF: {74DBCB52-F298-4110-951D-
AD2FF67BC8AB} (NVIDIA Smart Scan) –
http://www.nvidia.com/content/DriverDownload/nf
orce/NvidiaSmartScan.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-
444553540000} (Shockwave Flash Object) –
http://fpdownload2.macromedia.com/get/shockwav
e/cabs/flash/swflash.cab
O18 – Protocol: skype4com – {FFC8B962-9B40-
4DFF-9458-1830C7DD7F5D} –
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DL
L
O20 – Winlogon Notify: !SASWinLogon –
C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O20 – Winlogon Notify: WgaLogon –
C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 – SSODL: WPDShServiceObj – {AAA288BA-
9A4C-45B0-95D7-94D524869DB5} –
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 – Service: Avira AntiVir Scheduler
(AntiVirSchedulerService) – Avira GmbH –
C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService)
– Avira GmbH – C:\Program Files\Avira\AntiVir
Desktop\avguard.exe
O23 – Service: ????? Google Update
(gupdate1c9c0128bfadc2c) (gupdate1c9c0128bfadc2c)
– Unknown owner – C:\Program
Files\Google\Update\GoogleUpdate.exe" /svc (file
missing)
O23 – Service: InstallDriver Table Manager
(IDriverT) – Macrovision Corporation – C:\Program
Files\Common Files\InstallShield\Driver\1150\Intel
32\IDriverT.exe
O23 – Service: Java Quick Starter
(JavaQuickStarterService) – Unknown owner –
C:\Program Files\Java\jre6\bin\jqs.exe" -service –
config "C:\Program
Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 – Service: NBService – Nero AG – C:\Program
Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 – Service: Intel NCS NetService (NetSvc) –
Intel(R) Corporation – C:\Program
Files\Intel\NCS\Sync\NetSvc.exe
O23 – Service: NVIDIA Display Driver Service
(NVSvc) – NVIDIA Corporation –
C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP –
C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: ServiceLayer – Nokia – C:\Program
Files\Nokia\PC Connectivity
Solution\ServiceLayer.exe
O23 – Service: Spyware Terminator Realtime Shield
Service (sp_rssrv) – Crawler.com – C:\Program
Files\Spyware Terminator\sp_rsser.exeתודה רועי
אני מציע לך להתקין ל30 יום ניסיון את האנטי וירוס קספרסקי ולמחוק את הוירוסים
ואז או לקנות אותו או להסיר אותו ולהתקין אנטי וירוס אחר.
אהלן
עשיתי חיפוש במחשב לקובץ 8070.EXE ומחקתי אותו ונראה
שזה עזרתודה רבה רבה על הסבלנות והעזרה ויומעולה
רועיטוב, אני לא יודע מה אתה עשית, אבל אני בדקתי את ה"ווירוס" הזה לעומק קצת.
דבר ראשון זה "ווירוס" מאוד חובבני ולא נפוץ בכלל, זה למה גם תוכנות האנטיווירוס לא עולות עליו.
דבר שני, איך הוא עובד.
הקובץ שם עצמו בתוך C:\windows בשם "append.exe" והוא יוצר 6 משימות מתוזמנות רגילות שפועלות כל שעתיים שעושות pop up ומפעילות את append.exe עוד פעם וחוזר חלילה.
זה הכל ווירוס חובבני ומפגר.איך נפתרים ממנו? פשוט:
1) מוחקים את כל המשימות המתוזמנות מלוח הבקרה. (הן מתחילות ב- at1,at2,at3….)
2) מוחקים את הקובץ c:\windows\append.exe.
3) מוחקים את הערך בregistry שנמצא ב- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run
שאני לא זוכר איך קוראים לא אבל אתם תראו ש המידע שהוא מכיל זה: c:\windows\append.exeזהו.
ואם זה עדיין לא עובד, או שאתם מסתבכים, תמיד אפשר להכנס לשירותים, (קליק ימני על המחשב שלי, ניהול, שירותים ויישומים, שירותים) ללחוץ פעמיים על "task scheduler" ללחוץ על "עצור" ולשנות את שיטת האתחול ל "Disabled".
- יש להתחבר למערכת על מנת להגיב.