Contextadvisor - pop up-mi nebun de conducere

**christine154** · #1 22 februarie 2008, 15:46

pentru ultimele 3 zile i ţine obtinerea acestui pop sus nu sunt sigur cum sa scap de el făcut o scanare hjt, dacă există ceva acolo despre care credeţi că ar putea fi cauza sau alte probleme te rog ajută-mă cu ce să fac

Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 22:43:41, pe 22/02/2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Acer \ putere Tehnologie \ ePerformance \ MemCheck.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Windows \ system32 \ hasplms.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Acer \ putere Technology \ eLock \ LockServ.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Acer \ putere Technology \ eRecovery \ eRAgent.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Windows \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Windows \ system32 \ SysMonitor.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ Acer \ putere Technology \ eLock \ Monitor \ LockMon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Windows \ system32 \ Rundll32.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Internet Explorer \ IEXPLORE.EXE
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ Craft Robo Controller \ CRSSupervisor.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ Windows \ system32 \ wbem \ wmiapsrv.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoSTS08.exe
C: \ PROGRA ~ 1 \ Yahoo! \ COMPAN ~ 1 \ Instalează \ cpn0 \ YTBSDK.e XE
C: \ Windows \ system32 \ svchost.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE
C: \ Program Files \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Program Files \ Yahoo! \ Browser \ ybrowser.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Documents and Settings \ Christine \ Desktop \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Bara de instrumente Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: rightonads Optimizatorul - (7D9362F8-77D8-4b29-97B5-621D550890C0) - C: \ Windows \ system32 \ gzmrt.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: ads_optimizer - (9C8A568E-4201-478a-8536-526CF371D2E2) - C: \ Windows \ system32 \ nst46.dll
O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / "Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ Windows \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ Windows \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ Windows \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Imputernicirea Tehnologie Monitorul] C: \ Windows \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ putere Technology \ eLock \ Monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ putere Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ Windows \ system32 \ Rundll32.exe "C: \ Windows \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ Windows Live \ Messenger \ MsnMsgr.Exe" / fundal
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-quiet
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Craft Robo Status Supervisor.lnk =?
O4 - Global Startup: HP PSC 1000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra context menu item: & AOL Toolbar căutare - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra buton: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: http://www.photobucket.com
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection Class) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Conştient 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ putere Tehnologie \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc - C: \ Acer \ putere Tehnologie \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: cataramă License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C: \ Windows \ system32 \ hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Etichetarea Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C: \ Acer \ putere Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ Windows \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ Windows \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (fără nume) -- http://www.pspug.org/pix/pspimem1.gif
--
Sfârşit de fişier - 11705 bytes

**evilfantasy** · #2 22 februarie 2008, 20:09

Du-te la acest thread şi să facem paşi Unul Doi şi Trei.

Dupa ce acestea sunt complet făcut şi este repornit computerul rula un nou Hijackthis scanare şi post, care de asemenea jurnal.

**christine154** · #3 23 februarie 2008, 02:12

Am 3 programe de chat care nu sunt sigur ce sunt ei, care sunt
commmercial
sporire browser de instrumente rightonadz
sound'em 1.0
ar trebui să i elimina teze? de la meu Add / Remove Programs lista

**christine154** · #4 23 februarie 2008, 03:05

au rula cc curat si super anti spyware, dar în cazul în care PC repornit Am acest mesaj de eroare

Eroare la încărcarea c \ windows \ system32 \ gzmrt.dll
specificate de module nu a putut fi găsit

**evilfantasy** · #5 23 februarie 2008, 03:09

Citat:

Iniţial Adăugată pe site de christine154

au rula cc curat si super anti spyware, dar în cazul în care PC repornit Am acest mesaj de eroare

Eroare la încărcarea c \ windows \ system32 \ gzmrt.dll
specificate de module nu a putut fi găsit

Asta se datorează malware fiind eliminată de către SAS. Am nevoie de un nou log Hijackthis acum.

**christine154** · #6 23 februarie 2008, 03:15

Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 10:15:40, pe 23/02/2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ ZoneLabs \ vsmon.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Acer \ putere Tehnologie \ ePerformance \ MemCheck.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Windows \ system32 \ hasplms.exe
C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
C: \ Acer \ putere Technology \ eLock \ LockServ.exe
C: \ Windows \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Windows \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ Windows \ system32 \ SysMonitor.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe
C: \ WINDOWS \ CameraFixer.exe
C: \ Acer \ putere Technology \ eRecovery \ eRAgent.exe
C: \ WINDOWS \ tsnp2std.exe
C: \ WINDOWS \ vsnp2std.exe
C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Acer \ putere Technology \ eLock \ Monitor \ LockMon.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe
C: \ Program Files \ Craft Robo Controller \ CRSSupervisor.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoevm08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpoSTS08.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe
C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
C: \ Windows \ system32 \ wbem \ wmiapsrv.exe
C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE
C: \ Program Files \ Yahoo! \ Browser \ ybrowser.exe
C: \ Program Files \ King Kong Software \ Capture \ KingKongCapture.exe
C: \ Documents and Settings \ Christine \ Desktop \ HiJackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://kingkongsearch.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://bt.my.yahoo.com/
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://search.aol.co.uk/web?isinit=true&query =% s
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn0 \ yt.dll
O2 - BHO: Yahoo! Bara de instrumente Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn0 \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: ContextAdvisor - (87E68009-29A8-D669-F7C2-B31D08635C50) - C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn0 \ yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - (F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA) - C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
O4 - HKLM \ .. \ Run: [LaunchApp] Alaunch
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [ntiMUI] C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / "Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [IMEKRMIG6.1] C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ Windows \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ Windows \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ Windows \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Acer Imputernicirea Tehnologie Monitorul] C: \ Windows \ system32 \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [eLockMonitor] C: \ Acer \ putere Technology \ eLock \ Monitor \ LaunchMonitor.exe
O4 - HKLM \ .. \ Run: [eRecoveryService] C: \ Acer \ putere Technology \ eRecovery \ eRAgent.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [ZoneAlarm Client] "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe"
O4 - HKLM \ .. \ Run: [CameraFixer] C: \ WINDOWS \ CameraFixer.exe
O4 - HKLM \ .. \ Run: [tsnp2std] C: \ WINDOWS \ tsnp2std.exe
O4 - HKLM \ .. \ Run: [snp2std] C: \ WINDOWS \ vsnp2std.exe
O4 - HKLM \ .. \ Run: [RealTray] C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AOLDialer] C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ Windows \ system32 \ Rundll32.exe "C: \ Windows \ system32 \ gzmrt.dll" DllStart
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ Windows Live \ Messenger \ MsnMsgr.Exe" / fundal
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.EXE"-quiet
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe
O4 - Global Startup: Craft Robo Status Supervisor.lnk =?
O4 - Global Startup: HP PSC 1000 series.lnk =?
O4 - Global Startup: hpoddt01.exe.lnk =?
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra context menu item: & AOL Toolbar căutare - res: / / C: \ Program Files \ AOL Toolbar \ toolbar.dll / SEARCH.HTML
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra buton: BT Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ PROGRA ~ 1 \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O15 - Trusted Zone: http://www.photobucket.com
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (6B75345B-AA36-438A-BBE6-4078B4C6984D) (HpProductDetection Class) -- http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Conştient 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
O23 - Service: Acer ODDSpeedControl - TODO: <????> - C: \ Acer \ putere Tehnologie \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc - C: \ Acer \ putere Tehnologie \ ePerformance \ MemCheck.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: cataramă License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C: \ Windows \ system32 \ hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: LightScribeService Direct Disc Etichetarea Service (LightScribeService) - Hewlett-Packard Company - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C: \ Acer \ putere Technology \ eLock \ LockServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ Windows \ system32 \ HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C: \ Windows \ system32 \ ZoneLabs \ vsmon.exe
O24 - Desktop Component 0: (fără nume) -- http://www.pspug.org/pix/pspimem1.gif
--
Sfârşit de fişier - 11488 bytes

**evilfantasy** · #7 23 februarie 2008, 03:38

Deschideţi Hijackthis şi selectaţi Fă un sistem de scanare doar apoi pune un semn de selectare lângă:

O2 - BHO: XBTB06823 Class - (BA463437-C3DE-47da-8280-87596824388A) - C: \ PROGRA ~ 1 \ GOOGLE ~ 1 \ TOOLBA ~ 1.DLL
O4 - HKLM \ .. \ Run: [postSetupCheck] C: \ Windows \ system32 \ Rundll32.exe "C: \ Windows \ system32 \ gzmrt.dll" DllStart
O24 - Desktop Component 0: (fără nume) -- http://www.pspug.org/pix/pspimem1.gif <<Dacă nu aţi adăuga acest tine apoi scoateţi-l cu Hijackthis.

Închideţi toate ferestrele cu excepţia Hijackthis şi faceţi clic pe Fix verificate.

----------

Descărca SDFix.exe şi salvaţi-l pe Desktop.

Faceţi dublu clic SDFix.exe şi se va extrage fişierele% systemdrive%
(Unitatea care conţine directorul Windows, de obicei, C: \ SDFix)

Vă rugăm să apoi reporniţi computerul în Safe Mode de a face următoarele:

Reporniţi computerul
După audiere computer sonor de o dată în timpul pornirii, dar înainte de Windows apare pictograma, atingeţi tasta F8 continuu;
În loc de Windows încărcare ca de obicei, de meniu de opţiuni avansate ar trebui să apară;
Selectaţi prima opţiune, pentru a rula Windows în Safe Mode, apoi apăsaţi Introduceţi.
Alege-ţi contul de obicei.
Deschideţi extrase SDFix dosar şi dublu clic RunThis.bat pentru a porni script-ul.
Tip Y pentru a începe procesul de curăţare.
Se va elimina orice Trojan Servicii şi intrările registry pe care le găseşte apoi vă solicită să apăsaţi orice tastă pentru a reporni.
Apăsaţi orice tastă şi se va reporni PC-ul.
În cazul în care PC-ul reporneşte Fixtool va rula din nou şi a termina procesul de eliminare apoi de afişare Terminate, Apăsaţi orice tastă pentru a termina script sarcină şi spaţiul de lucru pictograme.
Odată ce desktop icoane incarca SDFix raport se va deschide pe ecran şi, de asemenea, cu excepţia în SDFix ca dosarul Report.txt
(Report.txt De asemenea, vor fi copiate în clipboard).
În cele din urmă de a adăuga conţinut al Report.txt în următoarea post.

----------

Vă rugăm să descărcaţi Combofix de sUBs de la unul din link-urile de mai jos.
(Încearcă toate trei, dacă este necesar)

Important! Combofix.exe TREBUIE SĂ pentru a fi salvate şi a fugit de la Spaţiul de lucru.

Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc), înainte de a începe Combofix.
Important! Temporar dezactiva al tău antivirus, script-ul de blocare , precum şi orice antispyware de protecţie în timp real înainte care efectuează o scanare.
- Faceţi clic pe acest link pentru a vedea o listă de programe de securitate care ar trebui să fie cu handicap şi modul de dezactivare a lor.
- Dacă dumneavoastră nu este în listă şi nu ştiţi cum să dezactivaţi-l, vă rugăm să întrebaţi.
Atenţie: Combofix deconectează computerul de pe internet. Conexiunea este restabilit în mod automat înainte de Combofix completeaza sa fugi.
Faceţi dublu clic combofix.exe & urmăriţi solicitările.
- De la tastatura, selectaţi 1 şi apăsaţi Introduceţi
Când aţi terminat, se va produce un jurnal pentru tine.
Post-vă că intraţi în următorul răspuns.

Atenţie: Nu mouseclick combofix fereastra în timp ce se execută. Care pot determina să-l băga în grajd

Dacă Combofix rulează în dificultate şi se termină prematur, conexiunea poate fi restaurată de manual reporniţi computerul.
Important: Amintiţi-vă pentru a reactiva antivirus şi antispyware, înainte de reconnecting la Internet.

----------

HJT Dezinstalaţi lista

Deschide HijackThis> Faceţi clic pe "Misc Tools Sectiunea"
Faceţi clic pe "Deschideţi Uninstall Manager".
Faceţi clic pe "Save List".
Salvaţi-l pe Desktop.
Copiaţi conţinutul de fişier pentru a vă următoarea replică.

----------

Înainte posta, vă rugăm să adăugaţi
SDFix jurnal
Combofix jurnal
Dezinstalaţi lista

**christine154** · #8 23 februarie 2008, 05:03

problemă uşoară a făcut tot ce-ai întrebat cu sdfix jurnal, dar sa noware a fost găsit de jurnal, care este? Pot să vă spun că nu găsesc nici o trojons aici este alte liste
dezinstalaţi lista
Acer eAcoustics Management
Acer eLock Management
Acer Imputernicirea Tehnologie
Acer ePerformance Management
Ad-Conştient 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Apple Software Update
AVG 7.5
Browser Optimizatorul Adssite
BT Yahoo! Aplicatii
BT Yahoo! TrueSwitch Wizard
CCleaner (elimina numai)
comercial
ContextAdvisor
Craft Robo Controller
Creaţi-A-Face 3.2
Cricut DesignStudio
Browser Enhancement Instrumente Rightonadz
Galaxy din Brain Games
Graphtec DesignMaster Web (C: \ Graphtec DesignMaster Wep)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Remedierea rapidă pentru Windows Media Format 11 SDK (KB929399)
Remedierea rapidă pentru Windows Media Player 11 (KB939683)
Remedierea rapidă pentru Windows XP (KB893357)
Remedierea rapidă pentru Windows XP (KB896256)
Remedierea rapidă pentru Windows XP (KB906569)
Remedierea rapidă pentru Windows XP (KB914440)
Remedierea rapidă pentru Windows XP (KB915865)
Remedierea rapidă pentru Windows XP (KB926239)
Remedierea rapidă pentru Windows XP (KB935448)
HP foto şi Imagine 2.0 - All-In-One
HP foto şi Imagine 2.0 - All-In-One Drivere
HP foto şi Imagine 2.0 - HP PSC seria 1200
HP Produs de detectare a
HP PSC seria 1200
J2SE Runtime Environment 5.0 Update 6
Java (TM) 6 Update 3
Java (TM) 6 Update 4
King Kong Captură (elimina numai)
Learn2 Player (Dezinstalaţi Doar)
MAX Consola
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1
Microsoft. NET Framework 1.1 Hotfix (KB928366)
Microsoft. NET Framework 2.0
Microsoft Compression Client Pack 1.0 pentru Windows XP
Microsoft internaţional Domain Names atenuare API-uri
Microsoft suport pentru limbile naţionale Downlevel API-uri
Microsoft Office XP Standard pentru studenti si profesori
Microsoft User-Mode Driver-cadru Feature Pack 1.0
Microsoft Visual C + + 2005 redistribuibil
Mozilla Firefox (2.0.0.12)
NTI Backup ACUM! 4
NTI CD & DVD-Maker
NVIDIA Drivere
OCA Client istoria instrument instala
OLYMPUS CAMEDIA Master 4.0
Paint Shop Pro 7 Anniversary Edition
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Robo Master
Actualizare de securitate pentru CAPICOM (KB931906)
Actualizare de securitate pentru CAPICOM (KB931906)
Actualizare de securitate pentru Step by Step Interactive Training (KB898458)
Actualizare de securitate pentru Windows Internet Explorer 7 (KB938127)
Actualizare de securitate pentru Windows Internet Explorer 7 (KB942615)
Actualizare de securitate pentru Windows Internet Explorer 7 (KB944533)
Actualizare de securitate pentru Windows Media Player (KB911564)
Actualizare de securitate pentru Windows Media Player 11 (KB936782)
Actualizare de securitate pentru Windows Media Player 6.4 (KB925398)
Actualizare de securitate pentru Windows Media Player 9 (KB936782)
Actualizare de securitate pentru Windows XP (KB883939)
Actualizare de securitate pentru Windows XP (KB890046)
Actualizare de securitate pentru Windows XP (KB893756)
Actualizare de securitate pentru Windows XP (KB896358)
Actualizare de securitate pentru Windows XP (KB896422)
Actualizare de securitate pentru Windows XP (KB896423)
Actualizare de securitate pentru Windows XP (KB896424)
Actualizare de securitate pentru Windows XP (KB896428)
Actualizare de securitate pentru Windows XP (KB899587)
Actualizare de securitate pentru Windows XP (KB899588)
Actualizare de securitate pentru Windows XP (KB899589)
Actualizare de securitate pentru Windows XP (KB899591)
Actualizare de securitate pentru Windows XP (KB900725)
Actualizare de securitate pentru Windows XP (KB901017)
Actualizare de securitate pentru Windows XP (KB901190)
Actualizare de securitate pentru Windows XP (KB901214)
Actualizare de securitate pentru Windows XP (KB902400)
Actualizare de securitate pentru Windows XP (KB903235)
Actualizare de securitate pentru Windows XP (KB904706)
Actualizare de securitate pentru Windows XP (KB905414)
Actualizare de securitate pentru Windows XP (KB905749)
Actualizare de securitate pentru Windows XP (KB905915)
Actualizare de securitate pentru Windows XP (KB908519)
Actualizare de securitate pentru Windows XP (KB908531)
Actualizare de securitate pentru Windows XP (KB911562)
Actualizare de securitate pentru Windows XP (KB911567)
Actualizare de securitate pentru Windows XP (KB911927)
Actualizare de securitate pentru Windows XP (KB912812)
Actualizare de securitate pentru Windows XP (KB912919)
Actualizare de securitate pentru Windows XP (KB913433)
Actualizare de securitate pentru Windows XP (KB913446)
Actualizare de securitate pentru Windows XP (KB913580)
Actualizare de securitate pentru Windows XP (KB914388)
Actualizare de securitate pentru Windows XP (KB914389)
Actualizare de securitate pentru Windows XP (KB917344)
Actualizare de securitate pentru Windows XP (KB918118)
Actualizare de securitate pentru Windows XP (KB919007)
Actualizare de securitate pentru Windows XP (KB920213)
Actualizare de securitate pentru Windows XP (KB920670)
Actualizare de securitate pentru Windows XP (KB920683)
Actualizare de securitate pentru Windows XP (KB920685)
Actualizare de securitate pentru Windows XP (KB921503)
Actualizare de securitate pentru Windows XP (KB922819)
Actualizare de securitate pentru Windows XP (KB923191)
Actualizare de securitate pentru Windows XP (KB923414)
Actualizare de securitate pentru Windows XP (KB923980)
Actualizare de securitate pentru Windows XP (KB924270)
Actualizare de securitate pentru Windows XP (KB924496)
Actualizare de securitate pentru Windows XP (KB924667)
Actualizare de securitate pentru Windows XP (KB925902)
Actualizare de securitate pentru Windows XP (KB926255)
Actualizare de securitate pentru Windows XP (KB926436)
Actualizare de securitate pentru Windows XP (KB927779)
Actualizare de securitate pentru Windows XP (KB927802)
Actualizare de securitate pentru Windows XP (KB928255)
Actualizare de securitate pentru Windows XP (KB928843)
Actualizare de securitate pentru Windows XP (KB929123)
Actualizare de securitate pentru Windows XP (KB930178)
Actualizare de securitate pentru Windows XP (KB931261)
Actualizare de securitate pentru Windows XP (KB931784)
Actualizare de securitate pentru Windows XP (KB932168)
Actualizare de securitate pentru Windows XP (KB933729)
Actualizare de securitate pentru Windows XP (KB935839)
Actualizare de securitate pentru Windows XP (KB935840)
Actualizare de securitate pentru Windows XP (KB936021)
Actualizare de securitate pentru Windows XP (KB937894)
Actualizare de securitate pentru Windows XP (KB938127)
Actualizare de securitate pentru Windows XP (KB938829)
Actualizare de securitate pentru Windows XP (KB941202)
Actualizare de securitate pentru Windows XP (KB941568)
Actualizare de securitate pentru Windows XP (KB941569)
Actualizare de securitate pentru Windows XP (KB941644)
Actualizare de securitate pentru Windows XP (KB942615)
Actualizare de securitate pentru Windows XP (KB943055)
Actualizare de securitate pentru Windows XP (KB943460)
Actualizare de securitate pentru Windows XP (KB943485)
Actualizare de securitate pentru Windows XP (KB944653)
Actualizare de securitate pentru Windows XP (KB946026)
Sound'Em 1.0
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Sigur Bucăţi A Lot 1.004
Actualizare pentru Windows XP (KB894391)
Actualizare pentru Windows XP (KB896727)
Actualizare pentru Windows XP (KB898461)
Actualizare pentru Windows XP (KB900485)
Actualizare pentru Windows XP (KB904942)
Actualizare pentru Windows XP (KB910437)
Actualizare pentru Windows XP (KB911280)
Actualizare pentru Windows XP (KB912945)
Actualizare pentru Windows XP (KB916595)
Actualizare pentru Windows XP (KB920872)
Actualizare pentru Windows XP (KB922120)
Actualizare pentru Windows XP (KB922582)
Actualizare pentru Windows XP (KB927891)
Actualizare pentru Windows XP (KB930916)
Actualizare pentru Windows XP (KB938828)
Actualizare pentru Windows XP (KB942763)
Actualizare pentru Windows XP (KB942840)
USB2.0 PC Camera (SN9C201 & 202)
Punct de vedere Media Player
Windows Driver Package - Advanced Micro Devices (AmdK8) Procesor (05/27/2006 1.3.2.0)
Windows Driver Package - FTDI MDC Driver Package (06/27/2007 2.02.04)
Windows Driver Package - FTDI MDC Driver Package (06/27/2007 2.02.04)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
ZoneAlarm
ZoneAlarm Spy Blocker

combofix jurnal
ComboFix 08-02-23.2 - Christine 2008-02-23 11:39:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.294 [GMT 0:00]
Rularea de la: C: \ Documents and Settings \ Christine \ Desktop \ ComboFix.exe
* Creat un nou punct de restabilire
AVERTISMENT-această maşină nu are instalat Consola de recuperare!!
.
Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat
----- BITS: posibile site-uri infectate -----
hxxp: / / au.download.windowsupdate
.
((((((((((((((((((((((((( Fişierele create de 2008-01-23 la 2008-02-23 ))))))))))) ))))))))))))))))))))
.
2008-02-23 11:29. 2008-02-23 11:29 <DIR> d -------- C: \ WINDOWS \ ERUNT
2008-02-23 10:42. 2008-02-23 11:36 <DIR> d -------- C: \ SDFix
2008-02-23 09:01. 2008-02-23 09:14 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-02-23 09:01. 2008-02-23 09:01 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ SUPERAntiSpyware.com
2008-02-23 09:01. 2008-02-23 09:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-02-23 08:59. 2008-02-23 08:59 <DIR> d -------- C: \ Program Files \ CCleaner
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Program Files \ Apple Software Update
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-02-22 23:07. 2008-02-22 23:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-02-19 22:23. 2008-02-20 21:13 <DIR> d -------- C: \ Program Files \ FBrowsingAdvisor
2008-02-19 22:23. 2008-02-19 22:27 <DIR> d -------- C: \ Program Files \ FBrowserAdvisor
2008-02-19 22:23. 2008-02-23 03:45 <DIR> d -------- C: \ Program Files \ ContextAdvisor
2008-02-19 22:11. 2008-02-19 22:36 <DIR> d -------- C: \ Program Files \ LimeWire
2008-02-19 22:11. 2008-02-19 22:26 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ LimeWire
2008-02-19 21:11. 2008-02-19 21:11 <DIR> d -------- C: \ Program Files \ Cricut Software
2008-02-16 23:34. 2008-02-16 23:34 <DIR> d -------- C: \ Program Files \ TrueSwitch
2008-02-16 23:34. 2008-02-16 23:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ TrueSwitch
2008-02-16 23:33. 2008-02-23 11:37 <DIR> d -------- C: \ Program Files \ TrueSwitchBTYahoo
2008-02-16 04:57. 2008-02-16 04:57 <DIR> d -------- C: \ Program Files \ Common Files \ Aladdin partajate
2008-02-15 18:47. 2008-02-22 22:32 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Yahoo!
2008-02-15 18:44. 2008-02-15 18:51 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Yahoo!
2008-02-15 18:44. 2002-02-21 18:56 24.576 - a ------ C: \ Windows \ system32 \ msxml3a.dll
2008-02-15 18:43. 2002-01-05 06:18 84,992 - a ------ C: \ Windows \ system32 \ ATL70.DLL
2008-02-15 18:43. 2001-10-11 11:26 65,536 - a ------ C: \ Windows \ system32 \ YCRWin32.dll
2008-02-15 16:28. 2008-02-15 16:28 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Citrix
2008-02-15 16:27. 2008-02-15 16:27 61.480 - a ------ C: \ Documents and Settings \ Christine \ GoToAssistDownloadHelper.exe
2008-02-14 15:06. 2008-02-14 15:12 <DIR> d -------- C: \ WINDOWS \ SxsCaPendDel
2008-02-14 13:38. 2008-02-14 13:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ OLYMPUS
2008-02-14 13:37. 2008-02-14 13:37 <DIR> d -------- C: \ Program Files \ OLYMPUS
2008-02-08 18:04. 2008-02-08 18:24 <DIR> d -------- C: \ temp \ AOL
2008-02-08 11:34. 2008-02-08 11:34 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ ArcSoft
2008-02-07 16:55. 2008-02-07 16:55 <DIR> d -------- C: \ Program Files \ Common Files \ Scanner
2008-02-07 16:11. 2008-02-15 09:05 10 - a ------ C: \ WINDOWS \ msoffice.ini
2008-02-07 16:02. 2008-02-07 18:18 <DIR> d -------- C: \ WINDOWS \ occache
2008-02-07 16:02. 2008-02-07 16:02 <DIR> d -------- C: \ Program Files \ Learn2.com
2008-02-07 16:02. 2008-02-08 18:09 <DIR> d -------- C: \ Program Files \ Common Files \ aolback
2008-02-07 16:02. 2008-02-07 16:02 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ ai Imagini Screensaver
2008-02-07 16:02. 2007-10-11 05:57 1,498,112 - a ------ C: \ Windows \ system32 \ shdocvw.bak
2008-02-07 16:02. 1998-06-26 00:00 644,400 - a ------ C: \ Windows \ system32 \ MSComCt2.ocx
2008-02-07 16:02. 2000-05-22 00:00 203.976 - a ------ C: \ Windows \ system32 \ RichTx32.ocx
2008-02-07 16:02. 1998-06-24 00:00 115,016 - a ------ C: \ Windows \ system32 \ MSInet.ocx
2008-02-07 16:02. 2001-11-21 10:15 102,400 - a ------ C: \ Windows \ system32 \ SimpleRegistry.dll
2008-02-07 16:02. 1999-04-17 01:06 10,752 - a ------ C: \ Windows \ system32 \ aamd532.dll
2008-02-07 16:02. 2008-02-08 18:10 719 - a ------ C: \ WINDOWS \ aolback.exe.lnk
2008-02-07 16:01. 2008-02-22 23:08 <DIR> d -------- C: \ Program Files \ QuickTime
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Program Files \ Common Files \ Real
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ My Music
2008-02-07 16:01. 2008-02-07 16:01 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ QuickTime
2008-02-07 16:01. 2008-02-07 16:01 24,576 - a ------ C: \ Windows \ system32 \ prefscpl.cpl
2008-02-07 16:01. 2008-02-07 16:01 8.552 - a ------ C: \ Windows \ system32 \ drivers \ asctrm.sys
2008-02-07 16:00. 2005-05-12 12:36 29,184 - a ------ C: \ Windows \ system32 \ popup.ocx
2008-02-07 15:45. 2008-02-22 18:50 <DIR> d - h ----- C: \ temp
2008-02-06 15:32. 2008-02-06 15:13 19,558 --------- C: \ WINDOWS \ hpoins01.dat.temp
2008-02-06 15:32. 2006-09-27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat.temp
2008-02-06 15:16. 2008-02-23 10:46 526 - a ------ C: \ hpfr3420.xml
2008-02-06 15:14. 2008-02-06 15:14 <DIR> d -------- C: \ Documents and Settings \ Christine \ Application Data \ Hewlett-Packard
2008-02-06 15:12. 2008-02-06 15:12 <DIR> d -------- C: \ Program Files \ Common Files \ Hewlett-Packard
2008-02-06 15:10. 2008-02-06 15:11 <DIR> d -------- C: \ Program Files \ Hewlett-Packard
2008-02-06 15:10. 2006-09-27 19:23 233,528-ra ------ C: \ Windows \ system32 \ HPZidr12.dll
2008-02-06 15:10. 2006-09-27 19:23 167,936-ra ------ C: \ Windows \ system32 \ HPZipr12.dll
2008-02-06 15:10. 2006-09-27 19:23 94,208-ra ------ C: \ Windows \ system32 \ HPZipt12.dll
2008-02-06 15:10. 2006-09-27 19:23 65,795-ra ------ C: \ Windows \ system32 \ HPZipm12.exe
2008-02-06 15:10. 2006-09-27 19:23 61,699-ra ------ C: \ Windows \ system32 \ HPZinw12.exe
2008-02-06 15:10. 2006-09-27 19:23 57,344-ra ------ C: \ Windows \ system32 \ HPZisn12.dll
2008-02-06 15:10. 2006-09-27 19:23 51,024-ra ------ C: \ Windows \ system32 \ drivers \ hpzid412.sys
2008-02-06 15:10. 2006-09-27 19:23 16,080-ra ------ C: \ Windows \ system32 \ drivers \ HPZipr12.sys
2008-02-06 15:09. 2006-09-27 19:24 237,568-ra ------ C: \ Windows \ system32 \ HPZc3212.dll
2008-02-06 15:09. 2006-09-27 19:23 21,456-ra ------ C: \ Windows \ system32 \ drivers \ HPZius12.sys
2008-02-06 15:07. 2008-02-06 15:13 19,558 --------- C: \ WINDOWS \ hpoins01.dat
2008-02-06 15:07. 2006-09-27 19:24 16.606 --------- C: \ WINDOWS \ hpomdl01.dat
2008-02-06 14:21. 2008-02-06 14:21 <DIR> d -------- C: \ Program Files \ HP
2008-02-06 08:52. 2008-02-06 08:52 <DIR> d -------- C: \ Program Files \ ambarcaţiunilor Edge
2008-02-04 14:52. 2008-02-04 14:52 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2
2008-02-04 14:50. 2008-02-04 14:50 <DIR> d -------- C: \ Windows \ system32 \ LogFiles
2008-02-04 14:50. 2008-02-04 14:51 <DIR> d -------- C: \ Windows \ system32 \ drivers \ UMDF
2008-02-03 14:37. 1995-08-01 04:44 212,480 - a ------ C: \ WINDOWS \ PCDLIB32.DLL
2008-02-03 14:37. 2003-09-19 15:45 21,248 - a ------ C: \ Windows \ system32 \ drivers \ pfc.sys
2008-02-03 14:35. 2008-02-03 14:35 <DIR> d -------- C: \ Program Files \ Common Files \ snp2std
2008-02-03 14:35. 2005-09-21 13:31 8,816,128 - a ------ C: \ Windows \ system32 \ drivers \ snp2sxp.sys
2008-02-03 14:34. 2005-10-03 11:23 20.480 --------- C: \ WINDOWS \ CameraFixer.exe
2008-02-02 23:31. 2004-08-03 23:07 59.264 - a ------ C: \ Windows \ system32 \ drivers \ USBAUDIO.sys
2008-02-02 23:31. 2004-08-03 23:07 59.264 - a - c --- C: \ Windows \ system32 \ dllcache \ usbaudio.sys
2008-02-02 15:14. 2008-02-04 09:26 147 - a ------ C: \ WINDOWS \ fcp5.cfg
2008-02-02 11:39. 2008-02-02 11:39 <DIR> d -------- C: \ Program Files \ Jasc Software Inc
2008-02-01 01:09. 2007-03-20 19:33 43.520 - a ------ C: \ Windows \ system32 \ libusb0.dll
2008-02-01 01:09. 2007-03-20 19:33 28.672 - a ------ C: \ Windows \ system32 \ drivers \ libusb0.sys
2008-02-01 01:04. 2008-02-10 08:07 <DIR> d -------- C: \ Documents and Settings \ admin \ Application Data \ AOL
2008-02-01 01:03. 2008-02-10 08:08 <DIR> d -------- C: \ Documents and Settings \ admin \ Application Data \ AVG7
2008-01-31 23:13. 2008-01-31 23:13 90.112 - a ------ C: \ Windows \ system32 \ QuickTimeVR.qtx
2008-01-31 23:13. 2008-01-31 23:13 57.344 - a ------ C: \ Windows \ system32 \ QuickTime.qts
2008-01-28 05:24. 2007-06-27 21:10 202.048 - a ------ C: \ Windows \ system32 \ ftd2xx.dll
2008-01-28 05:24. 2007-06-27 21:10 111.936 - a ------ C: \ Windows \ system32 \ ftbusui.dll
2008-01-28 05:24. 2007-06-27 21:10 107.840 - a ------ C: \ Windows \ system32 \ FTLang.dll
2008-01-28 05:24. 2007-06-27 21:04 71.488 - a ------ C: \ Windows \ system32 \ drivers \ ftser2k.sys
2008-01-28 05:24. 2007-06-27 21:05 53.184 - a ------ C: \ Windows \ system32 \ drivers \ ftdibus.sys
2008-01-28 05:24. 2007-06-27 21:06 47.432 - a ------ C: \ Windows \ system32 \ ftserui2.dll
2008-01-27 08:28. 2008-01-27 08:28 268 - ah ----- C: \ sqmdata19.sqm
2008-01-27 08:28. 2008-01-27 08:28 244 - ah ----- C: \ sqmnoopt19.sqm
2008-01-26 07:27. 2008-02-03 15:52 268 - ah ----- C: \ sqmdata18.sqm
2008-01-26 07:27. 2008-02-03 15:52 244 - ah ----- C: \ sqmnoopt18.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 11:40 15.783.968 - SHA-w C: \ Windows \ system32 \ drivers \ fidbox.dat
2008-02-23 11:25 185.732 - SHA-w C: \ Windows \ system32 \ drivers \ fidbox.idx
2008-02-23 10:52 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AVG7
2008-02-23 09:01 --------- d ----- w C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-02-22 23:12 --------- d ----- w C: \ Program Files \ Java
2008-02-15 18:47 --------- d ----- w C: \ Program Files \ Yahoo!
2008-02-15 09:41 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008-02-15 09:36 --------- d ----- w C: \ Program Files \ Common Files \ AOL
2008-02-15 09:06 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AOL
2008-02-15 09:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-02-14 15:07 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008-02-07 16:23 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2008-02-07 16:23 --------- d ----- w C: \ Program Files \ Google Toolbar
2008-02-05 12:00 --------- d ----- w C: \ Program Files \ Craft Robo Controller
2008-02-05 11:59 --------- d ----- w C: \ Program Files \ Robo Master
2008-02-04 13:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2008-02-03 15:21 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-28 05:24 --------- d ----- w C: \ Program Files \ DIFX
2008-01-23 00:41 5.607 ---- Aw C: \ WINDOWS \ ~ GLH0000.TMP
2008-01-23 00:41 137.504 ---- Aw C: \ WINDOWS \ ~ GLC0000.TMP
2008-01-22 03:55 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ InstallShield
2008-01-22 02:21 --------- d ----- w C: \ Program Files \ eGames
2008-01-22 00:01 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ CyberLink
2008-01-21 22:27 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ Avocent AdminWorks
2008-01-21 22:27 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Avocent AdminWorks
2008-01-21 21:28 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ CyberLink
2008-01-21 07:06 171.520 ---- Aw C: \ WINDOWS \ Internet Logs \ xDB1.tmp
2008-01-21 01:58 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-01-21 01:33 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft
2008-01-21 01:32 --------- d ----- w C: \ Program Files \ Lavasoft
2008-01-20 19:42 --------- d ----- w C: \ Program Files \ Microsoft ActiveSync
2008-01-20 05:50 --------- d ----- w C: \ Documents and Settings \ Christine \ Application Data \ AdobeUM
2008-01-20 02:46 --------- d ----- w C: \ Program Files \ Software King Kong
2008-01-20 02:45 --------- d ----- w C: \ Program Files \ Creaţi-A-Face 3.2
2008-01-20 02:15 --------- d ----- w C: \ Program Files \ GRAPHTEC
2008-01-20 02:05 --------- d ----- w C: \ Program Files \ ZoneAlarmSB
2008-01-20 02:04 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ MailFrontier
2008-01-20 02:03 --------- d ----- w C: \ Program Files \ Zone Labs
2008-01-20 01:51 --------- d ----- w C: \ Program Files \ Microsoft CAPICOM 2.1.0.2
2008-01-19 16:48 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-01-19 16:33 --------- d ----- w C: \ Program Files \ Real
2008-01-19 14:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Yahoo! Companion
2008-01-19 14:45 --------- d ----- w C: \ Program Files \ Common Files \ Nullsoft
2008-01-19 14:44 --------- d ----- w C: \ Program Files \ punct de vedere
2008-01-19 14:44 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ punct de vedere
2008-01-19 14:34 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2008-01-19 14:34 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2008-01-19 14:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ AOL Descărcări
2008-01-19 14:29 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-01-19 14:29 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-01-19 14:09 --------- d ----- w C: \ Program Files \ Acer
2008-01-19 14:02 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-21 14:39 10.752 ---- Aw C: \ Windows \ system32 \ WhoisCL.exe
2007-12-14 19:32 12.632 ---- Aw C: \ Windows \ system32 \ lsdelete.exe
2007-12-07 02:21 824.832 ---- Aw C: \ Windows \ system32 \ Wininet.dll
2007-12-04 18:38 550.912 ------ w C: \ Windows \ system32 \ oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (87E68009-29A8-D669-F7C2-B31D08635C50)]
2007-12-30 20:48 1019904 - a ------ C: \ Program Files \ ContextAdvisor \ ContextAdvisor-3.dll
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA)]
2008-01-20 02:05 262144 - a ------ C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88)
(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)
[HKEY_CLASSES_ROOT \ CLSID \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Toolbar \ WebBrowser]
"(F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA)" = C: \ Program Files \ ZoneAlarmSB \ bar \ 1.bin \ SPYBLOCK.DLL [2008-01-20 02:05 262144]
[HKEY_CLASSES_ROOT \ CLSID \ (f0d4b239-da4b-4daf-81e4-dfee4931a4aa)]
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"MsnMsgr" = "C: \ Program Files \ Windows Live \ Messenger \ MsnMsgr.exe" []
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004-10-13 16:24 1694208]
"Yahoo! Pager" = "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ YAHOOM ~ 1.exe" [2007-08-30 17:43 4670704]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"LaunchApp" = "Alaunch" []
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2006-07-11 22:19 7626752]
"nwiz" = "nwiz.exe" [2006-07-11 22:19 1519616 C: \ Windows \ system32 \ nwiz.exe]
"RTHDCPL" = "RTHDCPL.EXE" [2006-06-01 00:48 16208384 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 02:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"ntiMUI" = "C: \ Program Files \ NewTech Infosystems \ NTI CD & DVD-Maker 7 \ ntiMUI.exe" [2005-05-12 00:15 45056]
"RemoteControl" = "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-03 03:24 32768]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.e XE" [2004-08-04 05:00 208952]
"IMEKRMIG6.1" = "C: \ WINDOWS \ ime \ imkr6_1 \ IMEKRMIG.EXE" [2004-08-04 05:00 44032]
"MSPY2002" = "C: \ Windows \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync" = "C: \ Windows \ system32 \ IME \ TINTLGNT \ TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A" = "C: \ Windows \ system32 \ IME \ TINTLGNT \ TIN TSETP.exe" [2004-08-04 05:00 455168]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2006-07-11 22:19 86016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe" [2007-12-14 03:42 144784]
"Acer putere Tehnologie Monitor" = "C: \ Windows \ system32 \ SysMonitor.exe" [2006-04-19 03:54 49152]
"eLockMonitor" = "C: \ Acer \ putere Technology \ eLock \ Monitor \ LaunchMonitor.exe" [2006-03-31 18:14 16384]
"eRecoveryService" = "C: \ Acer \ putere Technology \ eRecovery \ eRAgent.exe" [2006-06-01 22:40 413696]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-19 16:21 579072]
"ZoneAlarm Client" = "C: \ Program Files \ Zone Labs \ ZoneAlarm \ zlclient.exe" [2007-11-15 00:05 919016]
"CameraFixer" = "C: \ WINDOWS \ CameraFixer.exe" [2005-10-03 11:23 20480]
"tsnp2std" = "C: \ WINDOWS \ tsnp2std.exe" [2005-11-03 10:12 106496]
"snp2std" = "C: \ WINDOWS \ vsnp2std.exe" [2005-08-16 21:54 339968]
"RealTray" = "C: \ Program Files \ Real \ RealPlayer \ RealPlay.exe" [2008-02-07 16:01 26112]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-01-31 23:13 385024]
"AOLDialer" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" []
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 22:16 39792]
"YBrowser" = "C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.ex e" [2006-07-21 16:19 129536]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-19 16:21 219136]
C: \ Documents and Settings \ Christine \ Start Menu \ Programs \ Startup \
TrueAssistant.lnk - C: \ Program Files \ TrueSwitchBTYahoo \ TrueWizard.exe [2008-02-06 15:54:00 1060864]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Craft Robo Status Supervisor.lnk - C: \ Program Files \ Craft Robo Controller \ CRSSupervisor.exe [2008-02-05 12:00:04 32768]
HP PSC 1000 series.lnk - C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpohmr08.exe [2003-04-09 18:21:38 147456]
hpoddt01.exe.lnk - C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpotdd01.exe [2003-04-09 18:11:12 28672]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001-02-13 10:01:04 83360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Acer putere Technology.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Acer putere Technology.lnk
backup = C: \ WINDOWS \ pss \ Acer putere Technology.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Acer WLAN 11G USB Dongle.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Acer WLAN 11G USB Dongle.lnk
backup = C: \ WINDOWS \ pss \ Acer WLAN 11G USB Dongle.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Speed Launch.lnk
backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon de pornire
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ AdminWorks Tray]
C: \ Acer \ LANScope Agent \ awtray.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ eDataSecurity Loader]
C: \ Acer \ putere Tehnologie \ eDataSecurity \ eDSloader.exe
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista]
"% WINDIR% \ \ system32 \ \ sessmgr.exe" =% WINDIR% \ \ system32 \ \ sessmgr.exe: @ xpsp2res.dll, -22019
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avginet.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgamsvr.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgcc.exe" =
"C: \ \ Program Files \ \ Grisoft \ \ AVG7 \ \ avgemc.exe" =
"C: \ \ Program Files \ \ AOL 9.0 VR \ \ waol.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ TopSpeed \ \ 3.0 \ \ aoltpsd3.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ System Information \ \ sinf.exe" =
"% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" =% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe: @ xpsp3res.dll, -20000
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1200753845 \ \ ee \ \ aolsoftware.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ AOL \ \ RC \ \ regClient.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLAcsd.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ ACS \ \ AOLDial.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ 1202403305 \ \ ee \ \ aolsoftware.exe" =
"C: \ \ Program Files \ \ AOL 9.0 \ \ waol.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YahooMessenger.exe" =
"C: \ \ Program Files \ \ Yahoo! \ \ Messenger \ \ YServer.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Lista]
"1947: TCP" = 1947: TCP: cataramă SRM
"1947: UDP" = 1947: UDP: cataramă SRM
R0 UBHelper; UBHelper; C: \ Windows \ system32 \ drivers \ UBHe lper.sys [2004-12-17 02:14]
R2 aksfridge; aksfridge; C: \ Windows \ system32 \ drivers \ ak sfridge.sys [2007-03-13 04:48]
R2 eLock2BurnerLockDriver; eLock2BurnerLockDriver; C: \ W INDOWS \ system32 \ eLock2BurnerLockDriver.sys [2006-06-05 19:30]
R2 eLock2FSCTLDriver; eLock2FSCTLDriver; C: \ WINDOWS \ sys tem32 \ eLock2FSCTLDriver.sys [2006-06-07 02:36]
R2 hasplms; balama License Manager; C: \ Windows \ system32 \ hasplms.exe [2007-03-15 22:48]
R2 LockServ; LockServ; C: \ Acer \ putere Technology \ eLock \ LockServ.exe [2006-05-29 20:25]
R3 int15.sys; int15.sys; C: \ Acer \ putere Technology \ eRecovery \ int15.sys [2005-01-13 22:46]
R3 SNP2STD; USB2.0 PC Camera (SNP2STD); C: \ WINDOWS \ system32 \ drivers \ snp2sxp.sys [2005-09-21 13:31]
S3 Acer ODDSpeedControl; Acer ODDSpeedControl; "C: \ Acer \ putere Tehnologie \ eAcoustics \ ODDSpeedCtl \ speedcontrol.exe" [2005-02-15 17:02]
S3 CADlink; CADlink; C: \ Graphtec DesignMaster Web \ CADlink.sys [2007-09-25 17:10]
S3 libusb0; LibUsb-Win32 - Kernel driver, versiunea 0.1.12.1; C: \ Windows \ system32 \ drivers \ libusb0.sys [2007-03-20 19:33]
S3 psdfilter; psdfilter; C: \ WINDOWS \ system32 \ drivers \ ps dfilter.sys []
S3 psdvdisk; psdvdisk; C: \ WINDOWS \ system32 \ drivers \ psdv disk.sys []
S3 ZD1211BU (ZyDAS); ZyDAS ZD1211B IEEE 802.11 b + g Wireless LAN Driver (USB) (ZyDAS); C: \ WINDOWS \ system32 \ drivers \ zd1211Bu. sys []
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (a8054a34-c869-11dc-abff-806d6172696f)]
\ Shell \ AutoRun \ command - E: \ CDM.EXE
.
Cuprins de la "Activităţi programate" dosar
"2008-02-22 23:07:37 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
"2008-02-06 15:27:09 C: \ WINDOWS \ Tasks \ FRU Task # # Hewlett-Packard HP PSC seria 1200 # 1202310815.job"
- C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ bin \ hpqfrucl.exe4-am
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:41:00
Windows 5.1.2600 Service Pack 2 NTFS
scanare ascuns procese ...
scanare ascuns autostart intrări ...
scanare fişiere ascunse ...
scanare sa finalizat cu succes
fişiere ascunse: 0
************************************************** ************************
.
Completion time: 2008-02-23 11:41:41
ComboFix-carantină-files.txt 2008-02-23 11:41:38
.
2008-02-15 09:53:53 --- EOF ---

**evilfantasy** · #9 23 februarie 2008, 12:37

Elemente pentru a dezinstala

Browser Optimizatorul Adssite
comercial
Browser Enhancement Instrumente Rightonadz
J2SE Runtime Environment 5.0 Update 6
Java (TM) 6 Update 3
Punct de vedere Media Player

----------

Descărca Vundofix.exe pe desktop.

Faceţi dublu-clic pe VundoFix.exe să îl rulaţi.
Pune-o verificare de lângă Run VundoFix ca o activitate.
Veţi primi un mesaj care spune vundofix va închide şi re-deschide într-un minut sau mai puţin. Faceţi clic pe OK
Când VundoFix re-deschide, faceţi clic pe Scan for Vundo buton.
După ce a fost făcut de scanare, faceţi clic pe Remove Vundo buton.
Veţi primi un prompt solicitând, dacă doriţi să eliminaţi fişierele, faceţi clic pe YES
După ce faceţi clic pe Da, spaţiul de lucru va fi gol ca incepe eliminarea Vundo.
Atunci când se completează, se va solicita ca va închidere pe computer, faceţi clic pe OK.
Întoarce-vă din nou pe computer.
Vă rugăm să posta conţinutul C: \vundofix.txt.

Notă: Este posibil ca VundoFix întâlnite un fişier nu a putut elimina. În acest caz, va fi difuzat pe VundoFix repornirea sistemului, trebuie doar să urmaţi instrucţiunile de mai sus pornind de la "Faceţi clic pe Scan for Vundo butonul" VundoFix, atunci când apare la repornirea sistemului.

Vă rugăm să Vundo termina, uneori poate dura mai multe trece

----------

Vă rugăm să mergeţi la acest post pentru a instala, de scanare şi a salva de la jurnal AVG antispyware.

----------

Înainte post
Vundofix jurnal
Du-te la C: \ SDFix şi căutaţi un fişier numit Report.txt şi post, care de asemenea jurnal.

**christine154** · #10 23 februarie 2008, 13:37

hi fugit Vundo dar i cant posta un jurnal în care nu au produs o ea a spus ca nu au existat fişierele infectate, de asemenea, nu a putut elimina comerciale de la programe a venit de eroare vă rugăm să vedeţi ecranul împuşcat şi i-au ataşat spybot instalat pe PC-ul meu, care i rula tot timpul pentru spyware, aşa că am făcut eu chiar trebuie să instaleze un alt mea de pe PC-ul?