Făcând clic pe, beeping şi ascunsă iexplore.exe proces

adhoc · #1 6 octombrie 2008, 23:30

Salut,

Orice ajutor cu această problemă mult mai apprecated. SAS, SSD şi anti-malware nu poate părea pentru a localiza vreodată ceea ce am. Iată ce se întâmplă:

1) Dacă nu este conectată la modemul meu, făcând clic pe constantă vine de la calculatorul meu (Presupun că ceva este încercarea de a deschide iexplorer.exe
2) ocazional o beebing (una spre deosebire de orice l-am auzit vreodată), beep-uri de trei sau patru ori
3) În cazul în care conectat la modem, iexplorer.exe se execută (cu toate că niciodată n-am folosi internet explorer), precum şi atunci când am oprit procesul de ea deschide dreptul de spate sus.

Multe mulţumiri pentru orice şi toate ajutor, aici e jurnalul HJT:

Logfile de HijackThis v1.99.1
Scan saved at 11:15:50, pe 10.6.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program ~ 1 \ ESRI \ A da un permis \ arcgis9x \ lmgrd.exe
C: \ Program Files \ Toshiba \ Power Management \ CeEPwrSvc.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DEFWATCH.EXE
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ WINDOWS \ system32 \ DVDRAMSV.exe
C: \ Program ~ 1 \ ESRI \ A da un permis \ arcgis9x \ ARCGIS.exe
C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protecţia Server \ winnt \ spnsrvnt.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ Toshiba \ Power Management \ CePMTray.exe
C: \ Program Files \ TOSHIBA \ TouchPad \ TPTray.exe
C: \ PROGRA ~ 1 \ symant ~ 1 \ symant ~ 1 \ vptray.exe
C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ initio \ butonul Manager v1.836 \ inihid.exe
C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ Program Files \ HijackThis \ HijackThis.exe

R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Settings ernet Int, ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ Toshiba \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Program Files \ TOSHIBA \ TouchPad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ symant ~ 1 \ symant ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe / Autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Program Files \ SpyNoMore \ SNM.exe / pornire
O4 - HKCU \ .. \ Run: [Free Download Manager] C: \ Program Files \ Free Download Manager \ fdm.exe-autorun
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" reboot AcRdB7_0_9-1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Buton v1.836.lnk Manager =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Spune Time.lnk = C: \ Program Files \ Spune Timpul \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø15 - Trusted IP range: 206.161.125.149
Ø15 - ProtocolDefaults: "protocolul HTTP" este în zona My Computer, ar trebui să fie de Internet Zone (HKLM)
O16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ Componente \ hidinputmonitorx.ocx
O16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ Componente \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Fotografii Easy Upload Tool Class) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: (E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \
O21 - SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ Windows \ system32 \ WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ Program ~ 1 \ ESRI \ A da un permis \ arcgis9x \ lmgrd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ Windows \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC - C: \ Program Files \ Toshiba \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - Toshiba Corporation - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DEFWATCH.EXE
O23 - Service: Diskeeper - Executive Software International, Inc - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd. - C: \ WINDOWS \ system32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ Windows \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Protecţia Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protecţia Server \ winnt \ spnsrvnt.exe

**evilfantasy** · #2 7 octombrie 2008, 00:28

Tu se execută o versiune depăşită de HijackThis. Vă rugăm să instalaţi noua versiune de HijackThis, dar nu a alerga it SDFix decât după ce a finalizat procesul de It's.

Descărca TrendMicro HijackThis.exe (HJT) pe desktop.

Faceţi dublu-clic pe HJTInstall.
Click pe Instalaţi buton.
Se va transforma automat în loc HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
După instalare, HijackThis ar trebui să se deschidă pentru tine.
Click pe Fă-un sistem de scanare şi salva un fişier de log buton
HijackThis va scana şi apoi un jurnal se va deschide în Notepad.
Copiaţi şi apoi inseraţi întregul conţinut al jurnalului în post.
Nu au HijackThis repara nimic încă. Cea mai mare parte a ceea ce se constată va fi inofensiv sau chiar sunt necesare.

----------

Vă rugăm să imprima aceste instrucţiuni deoarece acestea vor fi necesare mai târziu, când de acces la Internet nu este disponibilă.

Descărca SDFix de AndyManchesta şi salvaţi-l pe desktop.

Când se utilizează acest instrument, trebuie să utilizaţi Administrator de cont al sau cu un cont Drepturi administrative

Faceţi dublu clic SDFix.exe şi se va extrage fişierele% systemdrive%
(aceasta este unitatea care conţine directorul Windows, de obicei, C: \ SDFix).
Dacă nu îl folosiţi doar încă.

Reporniţi computerul în Safe Mode utilizând F8 metodă. Pentru a face acest lucru, reporniţi computerul şi după ascultarea computer sonor de o dată în timpul pornirii (dar înainte de Windows apare pictograma) apăsaţi tasta F8 în mod repetat. Va apărea un meniu cu mai multe opţiuni. Utilizaţi tastele săgeată pentru a naviga şi selectaţi opţiunea de a rula Windows in "Safe Mode".

Deschideţi SDFix dosar şi dublu clic RunThis.bat pentru a porni script-ul.

Tip Y pentru a începe procesul de curăţare.
Se va elimina orice Trojan Servicii sau intrările de registry găsit apoi vă solicită să apăsaţi orice tastă pentru a reporni.
Apăsaţi orice tastă şi se va reporni PC-ul.
În cazul în care PC-ul reporneşte, de Fixtool va rula din nou şi a termina procesul de eliminare apoi de afişare Terminate, Apăsaţi orice tastă pentru a termina script sarcină şi spaţiul de lucru pictograme.
Odată ce desktop icoane incarca SDFix raport se va deschide pe ecran şi, de asemenea, cu excepţia în SDFix ca dosarul Report.txt.
Copiaţi şi inseraţi conţinutul de rezultatele fişier Report.txt în următoarea replică, împreună cu un nou HijackThis log.

adhoc · #3 7 octombrie 2008, 02:15

Mulţumesc pentru ajutor,

Acesta este unul urât! Problema este încă în curs de desfăşurare, cu toate că computerul meu primit aproximativ 20 de minute de răgaz după ce execută SDFix.

SDFix şi buşteni HijackThis urmează:

Şi, din nou, multe, multe mulţumiri

SD Fix:

SDFix: Version 1.230
A alerga de către proprietarul la Mon 10.06.2008 la 11:59

Microsoft Windows XP [Version 5.1.2600]
Rularea la: C: \ SDFix

Verificarea Servicii :

Nume :
tdssserv

Cărare :
\ systemroot \ system32 \ drivers \ TDSSserv.sys

tdssserv - Deleted

Restaurarea implicit de securitate Valori
Restaurarea Implicit fişierul Hosts

Repornirea

Verificarea Fişiere :

Trojan fişierele găsite:

C: \ WINDOWS \ System32 \ CQVJNG.EXE - Deleted
C: \ WINDOWS \ System32 \ FTPUPD.EXE - Deleted
C: \ WINDOWS \ System32 \ NTBLTF.EXE - Deleted
C: \ WINDOWS \ System32 \ PUOGNR.EXE - Deleted

Ştergerea Temp Files

ADS Check :

Verificare finală :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 00:20:58
Windows 5.1.2600 Service Pack 2 NTFS

scanare ascuns procese ...

scanare ascuns servicii & sistem de stup ...

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ es servic \ d346prt \ Cfg \ 0Jf40]

scanare ascuns intrările registry ...

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ (56CA5D3B-3002-4E7B-90FE-071D8FDF3814)]
"DisplayName" = "DAEMON Tools"

scanare fişiere ascunse ...

scanare sa finalizat cu succes
ascuns procesele: 0
ascuns servicii: 0
fişiere ascunse: 0

Rămas Servicii :

Autorizat de aplicaţii cheie Export:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standard de profil \ authorizedapplications \ lista]
"% WINDIR% \ \ system32 \ \ sessmgr.exe" = "% WINDIR% \ \ syste m32 \ \ sessmgr.exe: *: activată: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe" = "C: \ \ Program Files \ \ Internet Explorer \ \ iexplore.exe: *: persoane cu handicap: Internet Explorer"
"C: \ \ Program Files \ \ BitTornado \ \ btdownloadgui.exe" = "C: \ \ Program Files \ \ BitTornado \ \ btdownloadgui.exe: *: Enabled: ownloadgui BTD"
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6.2"
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ \ Program Files \ \ GameHouse \ \ TextTwist \ \ TextTwist.exe" = "C: \ \ P rogram Files \ \ \ GameHouse \ TextTwist \ \ TextTwist.exe: *: Enabl ED: Super TextTwist"
"C: \ \ Program Files \ \ Jocuri Hexacto \ \ Limonada Tycoon \ \ Lemonade.exe" = "C: \ \ Program Files \ \ Jocuri Hexacto \ \ Limonada Tycoon \ \ Lemonade.exe: *: persoane cu handicap: Limonada"
"C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" = "C: \ \ Program Files \ \ Mozilla Firefox \ \ firefox.exe: *: Enabled: Firefox"
"C: \ \ Program Files \ \ Global Star \ \ Age of Sail II \ \ privateer.exe" = "C: \ \ Program Files \ \ Global Star \ \ Age of Sail II \ \ privateer.exe: *: Enabled : Privateer "
"C: \ \ Program Files \ \ Windows Media Player \ \ wmplayer.exe" = "C: \ \ Program Files \ \ Windows Media Player \ \ wmplayer.exe: *: persoane cu handicap: Windows Media Player"
"C: \ \ Program Files \ \ Real \ \ RealPlayer \ \ realplay.exe" = "C: \ \ Progra m Files \ \ Real \ \ RealPlayer \ \ realplay.exe: *: Enabled: Re alPlayer"
"C: \ \ Program Files \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe" = "C: \ \ Program Files \ \ Atari-Infogrames \ \ Civilization III Gold Edition \ \ Civ3PTW \ \ Civilization3x.exe: *: Enabled: Civ ilization3X "
"C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe" = "C: \ \ Program Files \ \ BitTorrent \ \ bittorrent.exe: *: Enabled: BitTor chirie"
"C: \ \ Program Files \ \ Kerio \ \ Personal Firewall \ \ PERSFW.EXE" = "C: \ \ Program Files \ \ Kerio \ \ Personal Firewall \ \ PERSFW.EXE: *: Enabled: Kerio Personal Firewall Motor"
"C: \ \ Program Files \ \ TVUPlayer \ \ TVUPlayer.exe" = "C: \ \ \ Program Files \ TVUPlayer \ \ TVUPlayer.exe: *: Enabled: TVU Player Componenta"
"C: \ \ Program Files \ \ SopCast \ \ SopCast.exe" = "C: \ \ Program Files \ \ SopCast \ \ SopCast.exe: *: Enabled: SopCast"
"C: \ \ Documents and Settings \ \ Owner \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ \ Documents and Settings \ \ Owner \ \ Application Data \ \ SopCast \ \ adv \ \ SopAdver.exe: *: Enabled: R SopAdve "
"C: \ \ Program Files \ \ QuickTime \ \ QuickTimePlayer.exe" = "C: \ \ m Program Files \ \ QuickTime \ \ QuickTimePlayer.exe: *: Enabled: Qu Player ickTime"
"C: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "C: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe: *: Enabled: Veoh Client"
"C: \ \ Documents and Settings \ \ Owner \ \ Local Settings \ \ Temp \ \ Charon.exe" = "C: \ \ Documents and Settings \ \ Owner \ \ Local Settings \ \ Temp \ \ Charon.exe: * : Enabled: Charon - o verificare proxy / program de scanare. "
"C: \ \ ruby \ \ bin \ \ ruby.exe" = "C: \ \ ruby \ \ bin \ \ ruby.exe: *: Enabled: Interpretul Ruby"
"C: \ \ Program Files \ \ Azureus \ \ Azureus.exe" = "C: \ \ Program Files \ \ Azureus \ \ Azureus.exe: *: Enabled: Azureus (2)"
"C: \ \ Program Files \ \ VideoLAN \ \ VLC \ \ vlc.exe" = "C: \ \ Program Files \ \ VideoLAN \ \ VLC \ \ vlc.exe: *: Enabled: VLC media player"
"C: \ \ Program Files \ \ Google \ \ Google Talk \ \ googletalk.exe" = "C: \ \ Program Files \ \ Google \ \ Google Talk \ \ googletalk.exe: *: Enabled: Google Talk"
"C: \ \ Program Files \ \ SopCast \ \ adv \ \ SopAdver.exe" = "C: \ \ \ Program Files \ SopCast \ \ adv \ \ SopAdver.exe: *: Enabled: T SopCas publicitate"
"C: \ \ Documents and Settings \ \ Owner \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ \ Documents and Settings \ \ Owner \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe" = "C: \ \ Documents and Settings \ \ jen \ \ Application Data \ \ PowerChallenge \ \ PowerSoccer \ \ PowerSoccer.exe: *: Enabled: PowerSoccer "
"C: \ \ Program Files \ \ Common Files \ \ SafeNet Sentinel \ \ Sentinel Protection Server \ \ WINNT \ \ spnsrvnt.exe" = "C: \ \ Program Files \ \ Common Files \ \ SafeNet Sentinel \ \ Sentinel Protection Server \ \ WINNT \ \ spnsrvnt.exe: *: persoane cu handicap: Sentinel Protection Server "
"C: \ \ Program Files \ \ NHL 2008 \ \ nhl2008.exe" = "C: \ \ Program Files \ \ NHL 2008 \ \ nhl2008.exe: *: Enabled: nhl2008"
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ Program Files \ \ Konami \ \ Pro Evolution Soccer 2008 US \ \ PES2008.exe" = "C: \ \ Program Files \ \ Konami \ \ Pro Evolution Soccer 2008 US \ \ PES2008.exe: *: Enabled : Pro Evolution Soccer 2008 "
"C: \ \ WINDOWS \ \ system32 \ \ drivers \ \ svchost.exe" = "C: \ \ WINDOWS \ \ system32 \ \ drivers \ \ svchost.exe: *: Dezactivează D: svchost"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ lista]
"% WINDIR% \ \ system32 \ \ sessmgr.exe" = "% WINDIR% \ \ syste m32 \ \ sessmgr.exe: *: activată: @ xpsp2res.dll, -22019"
"C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 6.2"

Rămas Fişiere :

File backups: - C: \ SDFix \ backups \ backups.zip

Fişiere cu Ascuns Atribute :

Miercuri 13 octombrie 2004 1694208 .. SH. --- "C: \ Program Files \ Messenger \ msmsgs.exe"
Luni 15 septembrie 2008 1562960 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll"
Luni 7 iulie 2008 1429840 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe"
Luni 7 iulie 2008 4891472 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe"
Marti 16 septembrie 2008 1833296 A. SHR --- "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe"
Vineri 27 ianuarie 2006 4348 A.Sh. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Sambata 14 iunie 2008 50688 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL0001.tmp"
Sambata 14 iunie 2008 50176 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ ~ WRL1778.tmp"
Luni 3 martie 2008 176128 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ Interop.NetworkCore.dll"
Luni 3 martie 2008 36864 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ LelaAccount.dll"
Luni 3 martie 2008 200704 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ LelaNetwork.dll"
Luni 3 martie 2008 143360 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ LelaNetworkLib.dll"
Luni 3 martie 2008 20480 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ LelaPrint.dll"
Luni 3 martie 2008 176128 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ LelaResource.dll"
Luni 3 martie 2008 151552 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ LelaServices.dll"
Luni 3 martie 2008 110592 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe"
Luni 3 martie 2008 18879808 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ LinksysUpdaterSetup.exe"
Luni 3 martie 2008 270336 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ log4net.dll"
Luni 3 martie 2008 8353080 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ PlatformSetup.exe"
Luni 23 aprilie 2007 0 A.Sh. --- "C: \ Documents and Settings \ All Users \ DRM \ cache \ Indiv01.tmp"
Joi 16 august 2007 0 A.Sh. --- "C: \ Documents and Settings \ All Users \ DRM \ cache \ Indiv02.tmp"
Joi 16 august 2007 0 A.Sh. --- "C: \ Documents and Settings \ All Users \ DRM \ cache \ Indiv03.tmp"
Sambata 20 octombrie 2007 0 A.Sh. --- "C: \ Documents and Settings \ All Users \ DRM \ cache \ Indiv04.tmp"
Duminica 21 octombrie 2007 87552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL0029.tmp"
Duminica 21 octombrie 2007 85504 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL0207.tmp"
Duminica 21 octombrie 2007 88576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL0362.tmp"
Duminica 21 octombrie 2007 88576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL1369.tmp"
Duminica 21 octombrie 2007 81920 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL1945.tmp"
Duminica 21 octombrie 2007 84992 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL2108.tmp"
Duminica 21 octombrie 2007 88576 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL2659.tmp"
Duminica 21 octombrie 2007 87552 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL2779.tmp"
Duminica 21 octombrie 2007 86016 ... H. --- "C: \ Documents and Settings \ jen \ Desktop \ analist Oct2007 \ ~ WRL2918.tmp"
Sambata 9 iunie 2007 33280 ... H. --- "C: \ Documents and Settings \ jen \ Local Settings \ Temp \ ~ WRL1284.tmp"
Marti 27 decembrie 2005 33280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0003.tmp"
Marti 27 decembrie 2005 33792 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0774.tmp"
Marti 27 decembrie 2005 34816 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL0804.tmp"
Marti 27 decembrie 2005 33792 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL1393.tmp"
Marti 27 decembrie 2005 36864 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL1707.tmp"
Marti 27 decembrie 2005 33280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL2134.tmp"
Marti 27 decembrie 2005 35840 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL2768.tmp"
Marti 27 decembrie 2005 33280 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL3330.tmp"
Marti 27 decembrie 2005 36352 ... H. --- "C: \ Documents and Settings \ jen \ My Documents \ seasmoke \ ~ WRL3500.tmp"
Luni 3 ianuarie 2005 25,088 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scanează meu \ ~ WRL2003.tmp"
Luni 3 ianuarie 2005 25,088 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scanează meu \ ~ WRL3264.tmp"
Luni 17 aprilie 2006 40960 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ~ WRL2617.tmp"
Luni 25 septembrie 2006 38400 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ~ WRL2726.tmp"
Duminica 24 septembrie 2006 30720 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ~ WRL3228.tmp"
Duminica 16 aprilie 2006 38912 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ~ WRL3396.tmp"
Luni 3 martie 2008 81920 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ ar \ LelaResource.resources.dll"
Luni 3 martie 2008 69632 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ da \ LelaResource.resources.dll"
Luni 3 martie 2008 73728 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ de \ LelaResource.resources.dll"
Luni 3 martie 2008 94208 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ el \ LelaResource.resources.dll"
Luni 3 martie 2008 77824 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ en-US \ LelaAccount.resources.dll"
Luni 3 martie 2008 446464 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ en-US \ LelaNetwork.resources.dll"
Luni 3 martie 2008 11407360 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ en-US \ LelaResource.resources.dll"
Luni 3 martie 2008 1916928 A. SHR --- "C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ en-US \ Linksys EasyLink Advisor.resources.dll"
Marti 25 martie 2008 26112 ... H. --- "C: \ Documents and Settings \ All Users \ Documents \ Happy House Info \ 2008 \ ~ WRL0454.tmp"
Joi 27 martie 2008 22016 ... H. --- "C: \ Documents and Settings \ All Users \ Documents \ Happy House Info \ 2008 \ ~ WRL1118.tmp"
Vineri 7 aprilie 2006 3595264 ... H. --- "C: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL2168.tmp"
Vineri 7 aprilie 2006 3593728 ... H. --- "C: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL2962.tmp"
Miercuri 5 aprilie 2006 4252160 ... H. --- "C: \ Documents and Settings \ Owner \ Application Data \ Microsoft \ Word \ ~ WRL3217.tmp"
Vineri 27 ianuarie 2006 ... 4348 H. --- "C: \ Documents and Settings \ Owner \ My Documents \ My Music \ de licenţă Backup \ drmv1key.bak"
Sambata 30 septembrie 2006 20 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ My Music \ de licenţă Backup \ drmv1lic.bak"
Vineri 27 ianuarie 2006 400 A.Sh. --- "C: \ Documents and Settings \ Owner \ My Documents \ My Music \ de licenţă Backup \ drmv2key.bak"
Luni 18 septembrie 2006 32256 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Biotech 206b \ ~ WRL0004.tmp"
Marti 31 octombrie 2006 114688 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Biotech 206b \ ~ WRL1340.tmp"
Duminica 17 septembrie 2006 30720 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Biotech 206b \ ~ WRL2439.tmp"
Luni 18 septembrie 2006 32256 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Biotech 206b \ ~ WRL3767.tmp"
Miercuri 21 Sep 2005 26.624 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ ~ WRL0005.tmp"
Sambata 26 noiembrie 2005 27136 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ ~ WRL3662.tmp"
Luni 13 iunie 2005 30208 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL0386.tmp"
Duminica 5 iunie 2005 25088 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL0788.tmp"
Duminica 5 iunie 2005 25600 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL0794.tmp"
Luni 13 iunie 2005 30208 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL1533.tmp"
Mie 1 Jun 2005 24.064 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL1817.tmp"
Luni 13 iunie 2005 31232 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL2720.tmp"
Marti 14 iunie 2005 35840 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL2966.tmp"
Marti 14 iunie 2005 36864 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL3073.tmp"
Joi 9 iunie 2005 28160 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Eng 150 \ ~ WRL3453.tmp"
Joi 2 februarie 2006 382464 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL0003.tmp"
Vineri 7 aprilie 2006 3594240 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL0004.tmp"
Miercuri 5 aprilie 2006 4243968 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL0010.tmp"
Miercuri 5 aprilie 2006 4254720 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL0303.tmp"
Sambata 4 februarie 2006 928256 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL0501.tmp"
Duminica 5 februarie 2006 591360 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL0928.tmp"
Miercuri 5 aprilie 2006 4254720 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL1029.tmp"
Miercuri 5 aprilie 2006 24064 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL1104.tmp"
Sambata 4 februarie 2006 384000 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL1259.tmp"
Miercuri 5 aprilie 2006 4243456 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL1375.tmp"
Miercuri 5 aprilie 2006 4244992 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL1969.tmp"
Joi 6 aprilie 2006 710656 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL2066.tmp"
Vineri 31 martie 2006 35840 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL2175.tmp"
Marti 28 martie 2006 185856 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL2368.tmp"
Vineri 31 martie 2006 65024 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL2573.tmp"
Marti 4 aprilie 2006 4242944 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL2686.tmp"
Duminica 5 februarie 2006 891904 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL2700.tmp"
Sambata 4 februarie 2006 507392 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL2881.tmp"
Miercuri 5 aprilie 2006 4244480 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL2992.tmp"
Miercuri 5 aprilie 2006 24576 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL3160.tmp"
Miercuri 5 aprilie 2006 4242432 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL3277.tmp"
Sambata 4 februarie 2006 928768 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL3387.tmp"
Miercuri 5 aprilie 2006 4251648 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL3591.tmp"
Sambata 4 februarie 2006 383488 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL3770.tmp"
Miercuri 5 aprilie 2006 4243456 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL3900.tmp"
Miercuri 5 aprilie 2006 4243456 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL3905.tmp"
Sambata 4 februarie 2006 382976 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ ENVR 253 \ ~ WRL4065.tmp"
Joi 23 martie 2006 27648 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Envrionmental \ ~ WRL3569.tmp"
Sambata 25 noiembrie 2006 20480 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Geog 220 \ ~ WRL1016.tmp"
Luni 4 decembrie 2006 27648 ... H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Geog 220 \ ~ WRL2705.tmp"
Duminica 6 martie 2005 56832 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ fizica 11 \ ~ WRL3235.tmp"
Duminica 20 februarie 2005 36864 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ fizica 11 \ ~ WRL3307.tmp"
Duminica 13 noiembrie 2005 27648 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ teoria Chem \ ~ WRL0952.tmp"
Duminica 13 noiembrie 2005 27648 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ teoria Chem \ ~ WRL1162.tmp"
Duminica 13 noiembrie 2005 26112 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ teoria Chem \ ~ WRL1539.tmp"
Duminica 13 noiembrie 2005 24576 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ teoria Chem \ ~ WRL1964.tmp"
Duminica 13 noiembrie 2005 27136 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ teoria Chem \ ~ WRL2068.tmp"
Duminica 13 noiembrie 2005 28672 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ teoria Chem \ ~ WRL3230.tmp"
Duminica 13 noiembrie 2005 27648 A.. H. --- "C: \ Documents and Settings \ Owner \ My Documents \ Scoala \ Chem 120 laboratoare de \ teoria Chem \ ~ WRL3512.tmp"

Finished!

Hijack This:

Logfile de Trend Micro HijackThis v2.0.2
Scan saved at 2:12:20, pe 10.7.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program ~ 1 \ ESRI \ A da un permis \ arcgis9x \ lmgrd.exe
C: \ Program Files \ Toshiba \ Power Management \ CeEPwrSvc.exe
C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DEFWATCH.EXE
C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
C: \ Program ~ 1 \ ESRI \ A da un permis \ arcgis9x \ ARCGIS.exe
C: \ WINDOWS \ system32 \ DVDRAMSV.exe
C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protecţia Server \ winnt \ spnsrvnt.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ Toshiba \ Power Management \ CePMTray.exe
C: \ Program Files \ TOSHIBA \ TouchPad \ TPTray.exe
C: \ PROGRA ~ 1 \ symant ~ 1 \ symant ~ 1 \ vptray.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe
C: \ WINDOWS \ HCWemMON.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ SpyNoMore \ SNM.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ initio \ butonul Manager v1.836 \ inihid.exe
C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ QH8jvpp4.exe
C: \ Program ~ 1 \ WINZIP \ winzip32.exe
C: \ Documents and Settings \ Owner \ Local Settings \ Temp \ HIJACKTHIS.EXE
C: \ Program Files \ Windows NT \ Accesorii \ WORDPAD.EXE

R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = www.google.ca
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Local Page =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Settings ernet Int, ProxyServer = 64.34.113.100:80
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [CeEPOWER] C: \ Program Files \ Toshiba \ Power Management \ CePMTray.exe
O4 - HKLM \ .. \ Run: [TPNF] C: \ Program Files \ TOSHIBA \ TouchPad \ TPTray.exe
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ symant ~ 1 \ symant ~ 1 \ vptray.exe
O4 - HKLM \ .. \ Run: [Samsung PanelMgr] C: \ WINDOWS \ Samsung \ PanelMgr \ ssmmgr.exe / Autorun
O4 - HKLM \ .. \ Run: [emMON] HCWemMON.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [AtiPTA] atiptaxx.exe
O4 - HKLM \ .. \ Run: [SNM] C: \ Program Files \ SpyNoMore \ SNM.exe / pornire
O4 - HKCU \ .. \ Run: [Free Download Manager] C: \ Program Files \ Free Download Manager \ fdm.exe-autorun
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [updateMgr] "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" reboot AcRdB7_0_9-1
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'SISTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [swg] C: \ WINDOWS \ system32 \ CTFMON.EXE (User '? ")
O4 - Startup: Adobe Media Player.lnk =?
O4 - Global Startup: Buton v1.836.lnk Manager =?
O4 - Global Startup: instiki.bat
O4 - Global Startup: Linksys EasyLink Advisor.lnk = C: \ Program Files \ Linksys \ Linksys EasyLink Advisor \ Linksys EasyLink Advisor.exe
O4 - Global Startup: Spune Time.lnk = C: \ Program Files \ Spune Timpul \ SayTime.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C: \ Program Files \ ArcSoft \ TotalMedia Backup & Record \ uBBMonitor.exe
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_06 \ bin \ ssv.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll
Ø15 - Trusted IP range: 206.161.125.149
Ø15 - ProtocolDefaults: "protocolul HTTP" este în zona My Computer, ar trebui să fie de Internet Zone (HKLM)
O16 - DPF: ppctlcab -- http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: (04E214E5-63AF-4236-83C6-A7ADCBF9BD02) (HouseCall Control) -- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: (22E5D91F-89E6-4405-AD9C-0AF27BA6F06B) (HidInputMonitorX Control) - file: / / D: \ Componente \ hidinputmonitorx.ocx
O16 - DPF: (4F63D44B-6274-4D60-8AB1-CAA7116B8AF3) (A9Helper.A9) - file: / / D: \ Componente \ A9.ocx
O16 - DPF: (74D05D43-3236-11D4-BDCD-00C04F9A3B61) (HouseCall Control) -- http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: (BAC01377-73DD-4796-854D-2A8997E3D68A) (Yahoo! Fotografii Easy Upload Tool Class) -- http://us.dl1.yimg.com/download.yaho...opper1_4us.cab
O16 - DPF: (E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD) -- http://download.abacast.com/download...basetup145.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Unknown owner - C: \ Program ~ 1 \ ESRI \ A da un permis \ arcgis9x \ lmgrd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ Windows \ system32 \ ati2sgag.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC - C: \ Program Files \ Toshiba \ Power Management \ CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - Toshiba Corporation - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: DefWatch - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ DEFWATCH.EXE
O23 - Service: Diskeeper - Executive Software International, Inc - C: \ Program Files \ Executive Software \ Diskeeper \ DkService.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co, Ltd. - C: \ WINDOWS \ system32 \ DVDRAMSV.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C: \ Program Files \ Hotspot Shield \ bin \ openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C: \ Program Files \ Symantec_Client_Security \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ Windows \ system32 \ HPZipm12.exe
O23 - Service: Sentinel Protecţia Server (SentinelProtectionServer) - SafeNet, Inc - C: \ Program Files \ Common Files \ SafeNet Sentinel \ Sentinel Protecţia Server \ winnt \ spnsrvnt.exe

--
End of file - 9148 bytes

**evilfantasy** · #4 7 octombrie 2008, 09:48

Dezactivaţi Spybot lui TeaTimer

În timp ce TeaTimer este un excelent instrument de prevenire a spyware, poate interfera cu HijackThis remedieri. Vă rugăm să dezactivaţi TeaTimer de acum până când nu sunt curate.

1. Right click Spybot în system tray (arata ca un calendar cu un lacăt simbol). Alege Exit Spybot S & D Rezident
2. Fugi Spybot S & D
3. Du-te la Mod de meniu, Şi asiguraţi-vă Modul avansat este selectat.
4. Pe partea stângă, alegeţi Instrumente > Rezident
debifaţi Rezident TeaTimer şi OK orice prompt şi Reporniţi computer.

Notă: Dacă TeaTimer vă dă un avertisment dupa aceea că unii s-au făcut modificări, permit acest lucru în loc de blocare a acesteia.

Dacă TeaTimer nu se va opri apoi dezinstalaţi Spybot, până când am terminat de curăţare.

----------

Deschide HijackThis şi selectaţi Fă-un sistem de scanare numai.

Se pune un semn de selectare lângă următoarele menţiuni: (dacă există)

Ø15 - Trusted IP range: 206.161.125.149
Ø15 - ProtocolDefaults: "protocolul HTTP" este în zona My Computer, ar trebui să fie de Internet Zone (HKLM)

Important: Închideţi toate ferestrele deschise cu excepţia HijackThis apoi faceţi clic pe Fix verificate.

Odată finalizat, ieşire HijackThis.

----------

Descarca ComboFix de sUBs de la unul din link-urile de mai jos. Asiguraţi-vă că aţi început să-l salvaţi în Spaţiul de lucru.

Link # 1
Link # 2

** Notă: Este important că este salvat direct pe Desktop

Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc), înainte de a începe ComboFix.

Temporar dezactiva al tău antivirus, Precum şi orice antispyware de protecţie în timp real înainte care efectuează o scanare. Faceţi clic pe acest link pentru a vedea o listă de programe de securitate care ar trebui să fie cu handicap şi modul de dezactivare a lor.

Faceţi dublu clic combofix.exe & urmăriţi solicitările.
Când aţi terminat ComboFix va produce un jurnal pentru tine.
Post de ComboFix jurnal în următoarea replică.

Important: Nu mouseclick ComboFix de fereastră în timp ce se execută. Care pot determina să-l băga în grajd.

Amintiţi-vă să vă reactiva de protecţie antivirus şi antispyware, atunci când ComboFix este completă.

adhoc · #5 7 octombrie 2008, 18:34

Multumesc EF you rock,

Jurnal ComboFix este imens aşa că este ataşat ca un fisier zip:
combofixlog.zip

**evilfantasy** · #6 7 octombrie 2008, 18:44

[*] Click START apoi RUN[*] Acum, de tip Combofix / u în runbox [*] Asiguraţi-vă că există un spaţiu între Combofix şi / u [*], apoi apăsaţi Introduceţi.

----------

Descărca OTMoveIt2 de Oldtimer şi salvaţi-o să-ţi Spaţiul de lucru.

Notă: Dacă rulaţi pe Vista, faceţi clic dreapta pe OTMoveIt2.exe şi alegeţi Executare ca administrator.

1. Faceţi dublu-clic pe OTMoveIt2.exe să îl rulaţi.
2. Copiere de linii în codebox de mai jos.

Cod:

[Explorer ucide] C: \ WINDOWS \ system32 \ C xVB47F7a.exe: \ DOCUME ~ 1 \ Owner \ LOCALS ~ 1 \ Temp \ RGI5.tmp EmptyTemp [Explorer start]

3. Întoarceţi-vă la OTMoveIt2, click dreapta în Lipire Lista de fişiere / foldere pentru a Mutare fereastră (în galben bar) şi alegeţi Lipire
4. Faceţi clic pe roşu Moveit! buton.
5. Copiaţi totul în Rezultatele fereastra (sub bara verde) şi inseraţi-l în următoarea replică.
6. Închide OTMoveIt2

Notă: Dacă un fişier sau un dosar nu poate fi mutat imediat ce i se poate cere să reporniţi computerul pentru a termina procesul de mutare. Dacă a cerut pentru a reporni, alegeţi Da. Dacă nu, oricum reboot.

----------

După postarea de OTMoveIt2 jurnal.

1. Faceţi dublu clic OTMoveIt2.exe de a lansa o.
Vista users click dreapta şi alegeţi Executare ca administrator
2. Click pe CleanUp! buton.
3. OTMoveIt2 va descărca o listă de pe Internet, în cazul în firewall sau alte programe de aparare alerte tine, îi permit accesul.
4. Faceţi clic pe YES la următoarea prompt (lista de descarcat, vrei, pentru a începe procesul de curăţare?)

Când aţi terminat de ieşire din OTMoveIt2

----------

Run CCleaner.

----------

Rulaţi acest scanare online.

Această scanare necesită Internet Explorer

Utilizaţi Nod32 ESET Online Scanner

1. Bifaţi caseta de lângă Da, accept Termenii de utilizare.
2. Faceţi clic pe Porni
3. Atunci când sunt întrebaţi, permite controlul ActiveX pentru a instala
4. Faceţi clic pe Porni
5. Asiguraţi-vă că opţiunea Eliminaţi găsit ameninţări şi opţiunea Scan nedorit aplicaţii se verifica marcat.
6. Faceţi clic pe Scanare
7. Aşteptaţi de scanare pentru a termina
8. Folosiţi Notepad pentru a deschide LogFile situat la C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Adăuga de C: \ Program Files \ EsetOnlineScanner \ log.txt conectaţi-vă la următorul răspuns.

Similar Threads
Fir	Thread Starter	Forum	Răspunsurile	Ultimul mesaj
Nume: iexplore.exe ca sistemul de proces	mkjuan	Nume, Spyware & Securitate	14	7 noiembrie 2008 00:14
Computerul nu este de lucru e-beeping!	PyroTails	General Hardware Chat	8	15 Sep 2008 13:08
Ciudat beeping zgomot	sam182666	General Hardware Chat	6	26 aprilie 2008 12:23
Probleme cu pop-up şi rulează procesul iexplore	1carly1	Nume, Spyware & Securitate	3	15 februarie 2008 10:36
Beeping la boot Sus	nuteck	Procesoare, Placi de baza si RAM	11	21 Jan 2008 05:55