וירוס..
וירוס..
מאת: ליאור ב
נכתב ב: 20/08/2008 18:06:57
אני חושב שהמחשב שלי נגוע בוירוס, אני מצרף LOG שהרצתי
מישהו יכול לעזור לי עם זה?
20/08/2008 18:07:10
הערה מאת: ליאור ב
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:12, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrator\שולחן העבודה\תוכנות\HiJackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.il/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" title="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" title="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" title="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" title="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157
R3 – URLSearchHook: (no name) – – (no file)
O2 – BHO: btorbit.com – {000123B4-9B42-4900-B3F7-F4B073EFC214} – C:\Program Files\Orbitdownloader\orbitcth.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: עוזר הכניסה של Windows Live – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\program files\google\googletoolbar2.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: Grab Pro – {C55BBCD6-41AD-48AD-9953-3609C48EACC7} – C:\Program Files\Orbitdownloader\GrabPro.dll
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 – HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 – HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 – HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 – HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 – HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 – HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 – HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 – HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 – Startup: גוזר מסך של OneNote 2007 ו- Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 – Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 – Extra context menu item: &Download by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 – Extra context menu item: &Grab video by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 – Extra context menu item: &ייצוא אל Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 – Extra context menu item: -> &MobitClick – http://www.micropay.co.il/MobitApi/GetContent.php?ver=1
O8 – Extra context menu item: Do&wnload selected by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 – Extra context menu item: Down&load all by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 – Extra button: שלח אל OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra 'Tools' menuitem: ש&לח אל OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: ICQ6 – {E59EB121-F339-4851-A3BA-FE49C35617C2} – C:\Program Files\ICQ6\ICQ.exe
O9 – Extra 'Tools' menuitem: ICQ6 – {E59EB121-F339-4851-A3BA-FE49C35617C2} – C:\Program Files\ICQ6\ICQ.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) – http://irc.msn.co.il/Night/launcher.cab
O16 – DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.ca…
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://www.update.microsoft.com/windowsupdate/v6/V5Contro…
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Cont…
O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) – http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windo…
O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsPAClie…
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 – Service: AVG Anti-Spyware Guard – GRISOFT s.r.o. – C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 – Service: AVG E-mail Scanner (AVGEMS) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: MSSQL$SONY_MEDIAMGR – Unknown owner – C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: ServiceLayer – Nokia. – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: SQLAgent$SONY_MEDIAMGR – Unknown owner – C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
–
End of file – 10933 bytes
20/08/2008 18:33:51
הערה מאת: עידו ס
אתה יכול לפרט מה המחשב שלך עושה?
כלומר, למה אתה חושב שזה וירוס?
20/08/2008 20:22:50
הערה מאת: ליאור ב
הוא סוגר לי את הדפדפן כל הזמן ותמיד שולח לי הודעות שגיאה באינטרנט ובאייסי
20/08/2008 21:28:41
הערה מאת: imper s
אתה יכול לתת פירוט להודעת השגיאה?
21/08/2008 00:23:58
הערה מאת: פבל פ
הסר את ORBITDOWNLOADER (UNINSTALL) מהמחשב שלך, ואז סרוק מחדש, סמן את הפריטים הבאים:
O2 – BHO: btorbit.com – {000123B4-9B42-4900-B3F7-F4B073EFC214} – C:\Program Files\Orbitdownloader\orbitcth.dll
O3 – Toolbar: Grab Pro – {C55BBCD6-41AD-48AD-9953-3609C48EACC7} – C:\Program Files\Orbitdownloader\GrabPro.dll
O4 – Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 – Extra context menu item: &Download by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 – Extra context menu item: &Grab video by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 – Extra context menu item: Do&wnload selected by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 – Extra context menu item: Down&load all by Orbit – res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
לחץ על 'FIX'.
עשוי לעזור.
21/08/2008 15:29:27
הערה מאת: ליאור ב
הסרתי את מה orbit downloader וסרקתי שוב, וכבר לא הופיעו הפריטים שכתבת…
21/08/2008 18:10:10
הערה מאת: פבל פ
מעולה, נסה לעבוד עם המחשב כעת. אל תשכח לדווח תוצאות!