Ajutor curatare calculator de virusi

 Rog ajutor, cunostintele mele sunt foarte reduse in acest domeniu. Am scanat calculatorul cu Avira si am primit urmatorul raport:
Avira AntiVir Personal
Report file date: Sunday, March 29, 2009  20:33

Scanning for 1328914 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    HOME

Version information:
BUILD.DAT     : 8.2.0.347      16934 Bytes   3/16/2009 14:45:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  11/18/2008 07:21:26
AVSCAN.DLL    : 8.1.4.0        40705 Bytes   5/26/2008 06:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes   6/12/2008 11:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes   5/26/2008 06:58:52
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  10/27/2008 10:30:36
ANTIVIR1.VDF  : 7.1.2.12     3336192 Bytes   2/11/2009 18:50:10
ANTIVIR2.VDF  : 7.1.2.199    1008640 Bytes   3/22/2009 15:36:04
ANTIVIR3.VDF  : 7.1.2.228     257024 Bytes   3/27/2009 18:37:01
Engineversion : 8.2.0.129 
AEVDF.DLL     : 8.1.1.0       106868 Bytes   1/30/2009 17:05:32
AESCRIPT.DLL  : 8.1.1.70      369019 Bytes   3/27/2009 18:37:08
AESCN.DLL     : 8.1.1.8       127346 Bytes    3/7/2009 13:29:08
AERDL.DLL     : 8.1.1.3       438645 Bytes   11/4/2008 12:58:38
AEPACK.DLL    : 8.1.3.11      397687 Bytes   3/27/2009 18:37:07
AEOFFICE.DLL  : 8.1.0.36      196987 Bytes   2/27/2009 13:19:13
AEHEUR.DLL    : 8.1.0.111    1679736 Bytes   3/27/2009 18:37:05
AEHELP.DLL    : 8.1.2.2       119158 Bytes   2/27/2009 13:19:09
AEGEN.DLL     : 8.1.1.31      340341 Bytes   3/27/2009 18:37:02
AEEMU.DLL     : 8.1.0.9       393588 Bytes  10/14/2008 09:05:56
AECORE.DLL    : 8.1.6.6       176501 Bytes   2/19/2009 18:51:26
AEBB.DLL      : 8.1.0.3        53618 Bytes  10/14/2008 09:05:56
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    7/9/2008 07:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes   5/16/2008 08:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes   7/31/2008 11:02:15
AVREG.DLL     : 8.0.0.1        33537 Bytes    5/9/2008 10:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes   2/12/2008 07:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes   6/12/2008 11:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes   1/22/2008 16:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes   6/12/2008 11:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes   1/25/2008 11:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes   6/12/2008 12:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes   6/27/2008 12:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, March 29, 2009  20:33

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'opera.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned
Scan process 'MFIndexer.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!
Boot sector 'E:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P1BHGYED\upgrade[1].cab
    [0] Archive type: CAB (Microsoft)
      --> upgrade.exe
        [1] Archive type: NSIS
        --> [UnknownDir]/seekeen.exe
          [DETECTION] Is the TR/BHO.OneStepSearch.56 Trojan
    [NOTE]      The file was moved to '4a36b191.qua'!
C:\Documents and Settings\user\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\CursorManiaSetup2.3.50.26.ZCman000.exe
    [0] Archive type: RSRC
      --> Object
        [1] Archive type: CAB (Microsoft)
        --> mwsSetup.CommonCodebase.exe
          [DETECTION] Contains recognition pattern of the DR/MyWebSearch.AU dropper
    [NOTE]      The file was moved to '4a41b204.qua'!
C:\Documents and Settings\user\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\vlc-0.9.8a-win32.exe
    [0] Archive type: NSIS
    --> ProgramFilesDir/libquicktime_plugin.dll
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\user\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\X12-30196.exe
    [0] Archive type: CAB SFX (self extracting)
    --> README.HTM
      [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{447D541C-204F-4385-B3F1-7144A4121CA5}\RP203\A0192300.exe
    [0] Archive type: RSRC
      --> Object
        [1] Archive type: CAB (Microsoft)
        --> mwsSetup.CommonCodebase.exe
          [DETECTION] Contains recognition pattern of the DR/MyWebSearch.AU dropper
    [NOTE]      The file was moved to '4a00b5fe.qua'!
C:\WINDOWS\Temp\SEE16F.tmp\upgrade.exe
    [0] Archive type: NSIS
    --> [UnknownDir]/seekeen.exe
      [DETECTION] Is the TR/BHO.OneStepSearch.56 Trojan
    [NOTE]      The file was moved to '4a36b8ed.qua'!
Begin scan in 'D:\' <Local Disk (D:)>
Begin scan in 'E:\' <FILME/JOCURY/MUZIKA!!!>
E:\jocury\pestisorul\pestisorul.ace
    [0] Archive type: ACE
    --> FeedingFrenzy.exe
      [WARNING]   No further files can be extracted from this archive. The archive will be closed


End of the scan: Sunday, March 29, 2009  21:22
Used time: 48:16 Minute(s)

The scan has been done completely.

   5141 Scanning directories
 544458 Files were scanned
      4 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      4 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 544453 Files not concerned
   8606 Archives were scanned
      4 Warnings
      4 Notes
 Ce trebue sa fac pentru devirusare??????

Descarca Dr. Web CureIt: ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

Scaneaza cu el full.

crysty2k5, on Mar 29 2009, 20:27, said:

  Am scanat si mi-a dat urmatorul rezultat:


 mwssrcas.dll    c:/program files/mywebsear...   Adware.Websearch.13

20090220202235.reg  C:/Program Files/Abexo/afr...   ProbablySCRIPT.Virus

MWSSRCAS.DLL  C:/Program Files/MyWebSe...  Adware.Websearch.13

Bun. Curata alea.

Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop.
Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.
Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan.
La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected.
La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

crysty2k5, on Mar 30 2009, 18:42, said:

Malwarebytes' Anti-Malware 1.35
Database version: 1919
Windows 5.1.2600 Service Pack 2

30.03.2009 21:44:33
mbam-log-2009-03-30 (21-44-33).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 144556
Time elapsed: 28 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\MSWINSCK.OCX (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.

Bun. Fa update la Avira si ruleaza cu el un scan

Poate chiar si upgrade la versiunea 9 de la Avira

crysty2k5, on Mar 30 2009, 21:02, said:

 Respectele mele crysty2k5, l-am updatat si un full scan si am detections 0. Multe, multe, multumiri. Sunt !!!!!!!!!!!!!!!!!!!

E ok atunci.

Daca mai ai probleme, revino aici