mai mică de capital,

Magazine
Go Back   Computer JUICE > Computer Software > Nume, Spyware & Securitate
Reload this Page

Iexplore.exe

Inregistrare Site-ul Spy Lista de stat Doneaza Căuta Posturi de azi Marchează forumurile citite Forum Regulamentul

Register


 Default 

Iexplore.exe




Reply
Pagina 1 din 2 1 2
 
Thread Tools
  #1  
Old 15 ianuarie 2008, 11:50
Grupul de stat
  
Am citit că acest lucru este rău, nu am Internet Explorer deschis, dar este încă rulează în Task Manager (I dont cred că ar fi trebuit să fie în capitale), este încetineşte calculatorul meu. Este un virus? spyware etc?

Cum pot scoate?
  #2  
Old 15 ianuarie 2008, 11:59
Moderator Group
  
Să ia o scurtă privire.
Descărcaţi şi redenumiţi HijackThis (HJT)
  • Faceţi dublu-clic pe HJTInstall.
  • Click pe Instalaţi buton.
  • Se va transforma automat în loc HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
  • După instalare, HijackThis ar trebui să se deschidă pentru tine.
    • Inchide HijackThis şi redenumiţi-o.
    • Du-te la C: \ Program Files \ Trend Micro \HijackThis.exe
    • Click dreapta pe HijackThis.exe şi selectaţi Redenumire.
    • Tip în sniper.exe şi apăsaţi Introduceţi.
    • Clic-dreapta pe sniper.exe şi selectaţi Pentru a trimite > Spaţiul de lucru (crea shortcut)
  • De la spaţiul de lucru deschis HiackThis.
  • Dacă utilizaţi Windows Vista, asiguraţi-vă că Executare ca administrator
  • Click pe Fă-un sistem de scanare şi salva un fişier de log buton
  • HijackThis va scana şi apoi un jurnal se va deschide în Notepad.
  • Copiaţi şi lipiţi apoi conectaţi-vă posta.
    • Nu au Hijackthis repara nimic încă. Cea mai mare parte a ceea ce se constată va fi inofensiv sau chiar necesare.
Chiar dacă ne-am redenumit HijackThis la lunetist, ne vom referi în continuare să-l ca HijackThis sau HJT.
__________________
  #3  
Old 15 ianuarie 2008, 12:08
Grupul de stat
  
Pentru unii motiv pentru care am cant IEXPLORE.EXE vedea aici, dar este cu siguranţă în tm

Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 7:02:55, pe 1.15.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ PnkBstrA.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Windows Live \ Messenger \ usnsvc.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Windows \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Windows \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Windows Media Player \ wmplayer.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove SFG Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in-Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ Windows \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [În al doilea rând de lilieci de creaţie de vârf] C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & la sfârşitul OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ Windows \ system32 \ PnkBstrA.exe

--
Sfârşit de fişier - 7104 bytes
  #4  
Old 15 ianuarie 2008, 12:29
Moderator Group
  
Da ai unele rău infecţii.

Pasul 1

Vă rugăm să descărcaţi NoLop.exe pentru Desktop:
  • Închideţi toate programele pe care le-aţi rulează, deoarece este necesară o repornire
  • Faceţi dublu clic NoLop.exe pentru a rula
  • Apoi, faceţi clic pe butonul cu eticheta: Căutare şi distrugere
    <<your computer va fi acum scanate pentru infectate files>>
  • Când termină de scanare, dacă este infectat, vi se solicită să reporniţi
  • Faceţi clic pe OK
  • Acum, daţi clic pe: Reboot
  • Un Mesaj de la pop-up ar trebui să NoLop. Dacă nu, dublu clic pe programul din nou şi se va termina.
  • Post a conţinutului C: \ NoLop.log în următorul răspuns.
Notă: Dacă primiţi o eroare ", mscomctl.ocx sau într-una din dependenţele sale nu sunt înregistrate în mod corect", vă rugăm să descărcaţi mscomctl.ocx pentru a vă system32 folder apoi rulaţi din nou programul.

---------------

Pasul 2
Descărca SUPERAntispyware Free Edition (SAS)
  • Faceţi dublu-clic pe icoana de pe desktop pentru a rula programul de instalare.
  • Când a fost întrebată de a Actualiza programul definiţii, faceţi clic pe Da
  • Faceţi clic pe Next Preferinţe buton.
  • Faceţi clic pe Scanarea de control filă.
  • Sub Opţiuni de scanare asiguraţi-vă doar următoarele sunt verificate:
    • Inchide browsere, înainte de scanare
    • Scan pentru cookie-uri de urmărire
    • Opriţi de memorie înainte de ameninţări quarantining
    • Vă rugăm să lăsaţi pe ceilalţi bifat.
    • Faceţi clic pe butonul Închidere pentru a ieşi din Centrul de Control ecran.
  • Faceţi clic pe Închide buton pentru a ieşi din Centrul de Control ecran.
  • Pe ecranul principal clicaţi Scanaţi computerul
  • La stânga verifica C: \ fix Drive
  • În dreapta alege Efectuaţi scanare completă
  • Faceţi clic pe Următorul pentru a începe scanarea. Vă rugăm să aveţi răbdare în timp ce scanează computerul.
  • După scanare completă este un rezumat va apărea caseta. Faceţi clic pe OK
  • Asiguraţi-vă că totul în alb, are o caseta de control de lângă el, apoi faceţi clic pe Următorul
  • Este ceea ce se va carantină găsit şi în cazul în care acesta solicită, dacă doriţi să repornirea sistemului, faceţi clic pe Da
  • Pentru a prelua îndepărtarea de informaţii, vă rugăm să faceţi următoarele:
    • După repornire, faceţi dublu-clic pe icoana SUPERAntiSpyware pe desktop.
    • Faceţi clic pe Preferinţe. Faceţi clic pe Statistici / Rapoarte filă.
    • Sub Scanner Rapoarte, faceţi dublu-clic pe SUPERAntiSpyware Scan Jurnal.
    • Se va deschide in implicit editor de text (cum ar fi Notepad / Wordpad).
    • Salvaţi notepad fişierul pe spaţiul de lucru, făcând clic pe (in notepad) "Dosar""Salvare ca"
  • Salvare jurnal undeva puteţi foarte uşor să-l găsiţi. (în mod normal, pe desktop)
  • Faceţi clic pe aproape şi închide din nou, pentru a ieşi din program.
  • Vă rugăm să copiaţi şi apoi lipiţi-vă autentificaţi în post.
----------

Pasul 3

Porneşte o nouă Hijackthis scanare şi post de jurnal

----------

Înainte posta, vă rugăm să adăugaţi.
Conţinutul C: \ NoLop.log
SuperAntispyware jurnal
New Hijackthis jurnal

Este posibil să dureze mai mult de un post pentru a obţine tot de la jurnalele de post. Acest lucru este unul bun, dacă este necesar.
__________________
  #5  
Old 15 ianuarie 2008, 13:41
Grupul de stat
  
Nolop jurnal:

NoLop! Jurnal de Skate_Punk_21

Fix de la: C: \ Program Files \ Mozilla Firefox
[1.15.2008]
[7:34:10]

--- De infectare Fişiere Found/Removed---
C: \ WINDOWS \ sarcini \ ADB7C425918477B9.job

Început de Eliminare ...
Repornirea ...
Ştergerea pleoşti Leftover de fişiere / foldere ...
Editarea in registri ...
** Fix complet! **

--- Afişarea AppData sub directoarele ---

C: \ Documents and Settings \ All Users \ Application Data \ Adobe
C: \ Documents and Settings \ All Users \ Application Data \ Apple
C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
C: \ Documents and Settings \ All Users \ Application Data \ Avg7
C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat
C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus! - Empty Directory
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft
C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Ajutor
C: \ Documents and Settings \ All Users \ Application Data \ Nvidia - Gol Directory
C: \ Documents and Settings \ All Users \ Application Data \ Sony
C: \ Documents and Settings \ All Users \ Application Data \ Temp - Gol Directory
C: \ Documents and Settings \ All Users \ Application Data \ Windows Genuine Advantage
C: \ Documents and Settings \ All Users \ Application Data \ Wlinstaller
C: \ Documents and Settings \ Default User \ Application Data \ Microsoft
C: \ Documents and Settings \ LocalService \ Application Data \ Avg7 - Gol Directory
C: \ Documents and Settings \ LocalService \ Application Data \ Microsoft
C: \ Documents and Settings \ LocalService \ Application Data \ Xfire - Gol Directory
C: \ Documents and Settings \ NetworkService \ Application Data \ Microsoft
C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire - Gol Directory
C: \ Documents and Settings \ Richard \ Application Data \ Adobe
C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
C: \ Documents and Settings \ Richard \ Application Data \ Avg7
C: \ Documents and Settings \ Richard \ Application Data \ Bittorrent
C: \ Documents and Settings \ Richard \ Application Data \ Divx
C: \ Documents and Settings \ Richard \ Application Data \ Dna
C: \ Documents and Settings \ Richard \ Application Data \ Dvdcss
C: \ Documents and Settings \ Richard \ Application Data \ Fotowire
C: \ Documents and Settings \ Richard \ Application Data \ Gtk-2.0
C: \ Documents and Settings \ Richard \ Application Data \ Identities
C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
C: \ Documents and Settings \ Richard \ Application Data \ Macromedia
C: \ Documents and Settings \ Richard \ Application Data \ Microsoft
C: \ Documents and Settings \ Richard \ Application Data \ Monkeyjam
C: \ Documents and Settings \ Richard \ Application Data \ Mozilla
C: \ Documents and Settings \ Richard \ Application Data \ Publicare Providers - Gol Directory
C: \ Documents and Settings \ Richard \ Application Data \ Real
C: \ Documents and Settings \ Richard \ Application Data \ Smartftp
C: \ Documents and Settings \ Richard \ Application Data \ Sony
C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
C: \ Documents and Settings \ Richard \ Application Data \ duminică
C: \ Documents and Settings \ Richard \ Application Data \ Systemrequirementslab
C: \ Documents and Settings \ Richard \ Application Data \ VLC
C: \ Documents and Settings \ Richard \ Application Data \ Waybowsreal
C: \ Documents and Settings \ Richard \ Application Data \ Xfire


Super anti spyware jurnal:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generat 01.15.2008 la 08:32

Application Version: 3-9-1008

Reguli de bază pentru baze de date Version: 3380
Trace Regulamentul Database Version: 1374

Scan type: Complete Scan
Total Scan Ora: 00:46:41

Memorie articole scanate: 385
Memorie ameninţările detectate: 0
Registrul articole scanate: 5574
Registrul ameninţările detectate: 0
Elemente de fişiere scanate: 40825
File ameninţările detectate: 66

Adware.Tracking Cookie
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ cassava [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ fastclick [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ casalemedia [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.ppctracking [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ servire-sys [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.adserver5 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ carphonewarehouse .112.2 O7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@m1.webstats.motig o [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.vlaze [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@reduxads.valuead [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@rotator.adjuggler [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 888 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ Regatul Unit [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adfarm1.adition [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@login.tracking101 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@stats.channel4 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ azjmp [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@partygaming.122.2 O7 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ dubluclick [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ publicitate [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@bs.serving-sys [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ bluestreak [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anad.tacoda [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ehg-youtube.hitbox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.carnavalca sino [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 60915153 [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@tracking.foxnews [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.veoh [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@www.clash-media [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@a.websponsors [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.casino.bla ckpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@prospect.adbureau [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ adrevolver [3]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@banner.bingo.blac kpoolclub.co [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ p [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ Lycos-de [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@eas.apm.emediate [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ad.zanox [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ net-venituri [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ hitbox [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ revsci [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@statse.webtrendsl ive [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ questionmarket [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@ads.addynamix [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ 2o7 [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ pacificpoker [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ mediaplex [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@media.xfire [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ atdmt [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ apmebf [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ partypoker [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ zedo [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ adrevolver [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ tradedoubler [2]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ richard@adserver.filefron t [1]. Txt
C: \ Documents and Settings \ Richard \ Cookies \ Richard @ o [1]. Txt

Adware.180solutions/ZangoSearch
C: \ SYSTEM VOLUM INFORMAŢII \ _Restore (39B7D61A-C471-441E-B6D4-5930E1D582CD) \ RP37 \ A0003673.EXE

Max Jack jurnal:

Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 8:38:58, pe 1.15.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ PnkBstrA.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ svchost.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ Windows \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Windows \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove SFG Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in-Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ Windows \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [În al doilea rând de lilieci de creaţie de vârf] C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & la sfârşitul OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ Windows \ system32 \ PnkBstrA.exe

--
Sfârşit de fişier - 7041 bytes


Sper că acest lucru este suficient
  #6  
Old 15 ianuarie 2008, 13:57
Moderator Group
  
Deschide HijackThis şi selectaţi Fă-un sistem de scanare numai apoi puneţi un semn de selectare lângă:

O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)


Închideţi toate ferestrele cu excepţia HijackThis şi faceţi clic pe Fix verificate

Exit Hijackthis.

----------

Vă rugăm să descărcaţi Combofix de sUBs de la unul din link-urile de mai jos.
(Încearcă toate trei, dacă este necesar)IMPORTANT - Combofix.exe TREBUIE SĂ fi salvate, pentru a-ţi-vă Spaţiul de lucru.
  • Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc)
  • Inchide / dezactiva toate anti-virus si anti malware programe astfel încât acestea să nu interfereze cu Combofix. <- IMPORTANT
    • Faceţi clic pe acest link pentru a vedea o lista de programe care ar trebui să fie dezactivat. Dacă dumneavoastră nu este în listă şi nu ştiţi cum să dezactivaţi-l, vă rugăm să întrebaţi.
  • Faceţi dublu clic combofix.exe & urmăriţi solicitările.
    • De la tastatura, selectaţi 1 şi apăsaţi Introduceţi
  • Când aţi terminat, se va produce un jurnal pentru tine.
  • Post-vă că intraţi în următorul răspuns.
Nu mouseclick combofix fereastra în timp ce se execută.
De scanare va dezactiva temporar pe desktop.
Dacă s-ar putea lăsa întreruptă pe computer congelate.
Dacă se întâmplă acest lucru, vă rugăm să reporniţi sistemul pentru a restaura spaţiul de lucru.


----------

Înainte post
Combofix jurnal
__________________
  #7  
Old 15 ianuarie 2008, 14:06
Grupul de stat
  
ComboFix 08-01-15.4 - Richard 2008-01-15 21:03:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.587 [GMT 0:00]
Rularea de la: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
* Creat un nou punct de restabilire

AVERTISMENT-această maşină nu are instalat Consola de recuperare!!
.

((((((((((((((((((((((((( Fişierele create de 2007-12-15 la 2008-01-15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51,200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2,297,552 - a ------ C: \ Windows \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22,328 - a ------ C: \ Documents and Settings \ Richard \ Application Data \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54,608 - a ------ C: \ Windows \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Trăi
2008-01-03 18:00. 2008-01-15 19:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ WayBowsReal
2008-01-03 18:00. 2008-01-15 16:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ şoaptă Tehnologie
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2.5 Setup Files
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Publicare Providers
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Sony Setup
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - a ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286,720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73,216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10,880 - a ------ C: \ Windows \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a - c --- C: \ Windows \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - o ------ C: \ Windows \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - a - c --- C: \ Windows \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271.224 - a ------ C: \ Windows \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - a ------ C: \ Windows \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - a ------ C: \ Windows \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ gtk-2.0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Miniaturi
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNA
2007-12-22 15:39. 2008-01-15 20:56 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ a ADN-ului
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - a ------ C: \ Windows \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - a ------ C: \ Windows \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr.-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Ajutor
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ VLC
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ xing partajate
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-15 17:46 22.328 ---- Aw C: \ Windows \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:46 107.832 ---- Aw C: \ Windows \ system32 \ PnkBstrB.exe
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 ---- Aw C: \ Program Files \ install.log
2008-01-11 19:06 66.872 ---- Aw C: \ Windows \ system32 \ PnkBstrA.exe
2008-01-11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007-12-08 22:50 12.464 ---- Aw C: \ Windows \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 499.712 ---- Aw C: \ Windows \ system32 \ msvcp71.dll
2007-12-07 18:43 348.160 ---- Aw C: \ Windows \ system32 \ msvcr71.dll
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
2007-12-07 17:44 4.716 ---- Aw C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 01:33 823.296 ---- Aw C: \ Windows \ system32 \ divx_xx0c.dll
2007-12-04 01:33 823.296 ---- Aw C: \ Windows \ system32 \ divx_xx07.dll
2007-12-04 01:33 802.816 ---- Aw C: \ Windows \ system32 \ divx_xx11.dll
2007-12-04 01:33 682.496 ---- Aw C: \ Windows \ system32 \ DivX.dll
2007-11-29 22:30 524.288 ---- Aw C: \ Windows \ system32 \ DivXsm.exe
2007-11-29 22:30 3.596.288 ---- Aw C: \ Windows \ system32 \ qt-dx331.dll
2007-11-29 22:30 200.704 ---- Aw C: \ Windows \ system32 \ ssldivx.dll
2007-11-29 22:30 1.044.480 ---- Aw C: \ Windows \ system32 \ libdivx.dll
2007-11-29 22:28 81.920 ---- Aw C: \ Windows \ system32 \ dpl100.dll
2007-11-29 22:28 196.608 ---- Aw C: \ Windows \ system32 \ dtu100.dll
2007-11-28 21:55 156.992 ---- Aw C: \ Windows \ system32 \ DivXCodecVersionChecker.exe
2007-11-28 21:53 593.920 ---- Aw C: \ Windows \ system32 \ dpuGUI11.dll
2007-11-28 21:53 57.344 ---- Aw C: \ Windows \ system32 \ dpv11.dll
2007-11-28 21:53 53.248 ---- Aw C: \ Windows \ system32 \ dpuGUI10.dll
2007-11-28 21:53 344.064 ---- Aw C: \ Windows \ system32 \ dpus11.dll
2007-11-28 21:53 294.912 ---- Aw C: \ Windows \ system32 \ dpu11.dll
2007-11-28 21:53 294.912 ---- Aw C: \ Windows \ system32 \ dpu10.dll
2007-11-28 21:52 12.288 ---- Aw C: \ Windows \ system32 \ DivXWMPExtType.dll
2007-11-21 18:23 81.920 ---- Aw C: \ Windows \ system32 \ frapsvid.dll
2007-10-18 11:31 51.224 ---- Aw C: \ Windows \ system32 \ sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent a ADN-ului" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe" [2008-01-15 16:32 443904]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ Windows \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ Windows \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"În al doilea rând bat de creaţie de vârf" = "C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe" [2008-01-15 20:37 1348608]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004-02-14 04:09]

* Newly Created Service * - PROCEXP90
.
Cuprins de la "Activităţi programate" dosar
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 21:04:58
Windows 5.1.2600 Service Pack 2 NTFS

scanare ascuns procese ...

scanare ascuns autostart intrări ...

scanare fişiere ascunse ...

scanare sa finalizat cu succes
fişiere ascunse: 0

************************************************** ************************
.
Completion time: 2008-01-15 21:05:11
.
2008-01-05 21:00:15 --- EOF ---
  #8  
Old 15 ianuarie 2008, 14:58
Moderator Group
  
Ştergeţi aceste fişiere / foldere, după cum urmează:

1. Du-te la Porni > Fugi > Tip Notepad.exe şi faceţi clic pe OK pentru a deschide Notepad.
El / ea trebui fi Notepad, nu Wordpad.
  • Faceţi clic pe Porni , Apoi Fugi
  • Tip notepad.exe în perioada premergătoare Box.
2. Copiaţi bold textul de mai jos prin evidenţierea tuturor text şi apăsând Ctrl + C


File::
C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe
C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe

Registrul::
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"curblicense" =-
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"În al doilea rând bat de creaţie de vârf" =-


3. Du-te la fereastră şi faceţi clic pe Notepad Editare > Lipire
4. Apoi, faceţi clic pe Dosar > Economisi
5. Nume de fişier CFScript.txt - Salvaţi fişierul pe spaţiul de lucru
6. Apoi, glisaţi CFScript (ţineţi butonul stânga al mouse-ului în timp ce fişierul de lungă durată) şi fixaţi-l (de eliberare din stânga mouse-ul) în ComboFix.exe după cum puteţi vedea în imaginea de mai jos. Important: Efectua această instrucţiune cu atenţie!



ComboFix vor începe să execute, urmaţi solicitările.
După repornirea sistemului (în cazul în care le cere să reporniţi), aceasta va produce un jurnal pentru tine.
Post că jurnal (Combofix.txt) în următoarea replică.

Notă: Nu mouseclick combofix fereastra în timp ce se execută. Care pot determina sistemul dvs. pentru a se congela

----------

Porneşte o nouă Hijackthis scanare şi post de jurnal.

----------

Înainte post
Combofix jurnal
New Hijackthis jurnal
__________________
  #9  
Old 15 ianuarie 2008, 15:07
Grupul de stat
  
ComboFix 08-01-15.4 - Richard 2008-01-15 22:03:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.560 [GMT 0:00]
Rularea de la: C: \ Documents and Settings \ Richard \ Desktop \ ComboFix.exe
Command comutatoare utilizat:: C: \ Documents and Settings \ Richard \ Desktop \ CFScript.txt
* Creat un nou punct de restabilire

AVERTISMENT-această maşină nu are instalat Consola de recuperare!!

FILE
C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe
.

Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe
C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe

.
((((((((((((((((((((((((( Fişierele create de 2007-12-15 la 2008-01-15 ))))))))))) ))))))))))))))))))))
.

2008-01-15 21:03. 2000-08-31 08:00 51,200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 19:41. 2008-01-15 20:38 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:41. 2008-01-15 19:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-01-15 19:34. 2008-01-15 19:36 <DIR> d -------- C: \ NoLopBackups
2008-01-15 19:01. 2008-01-15 19:01 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 16:32. 2008-01-15 16:32 <DIR> d -------- C: \ Program Files \ WayBowsReal
2008-01-11 10:27. 2005-05-26 15:34 2,297,552 - a ------ C: \ Windows \ system32 \ d3dx9_26.dll
2008-01-11 10:26. 2008-01-11 10:26 22,328 - a ------ C: \ Documents and Settings \ Richard \ Application Data \ PnkBstrK.sys
2008-01-11 10:25. 2008-01-11 10:25 319 - a ------ C: \ WINDOWS \ game.ini
2008-01-11 10:15. 2008-01-11 10:15 <DIR> d -------- C: \ Program Files \ Activision
2008-01-11 10:14. 2008-01-11 10:14 <DIR> d - hs ---- C: \ WINDOWS \ ftpcache
2008-01-11 00:29. 2008-01-11 00:29 54,608 - a ------ C: \ Windows \ system32 \ xfcodec.dll
2008-01-05 21:00. 2008-01-05 21:00 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-03 18:41. 2008-01-03 18:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Messenger Plus!
2008-01-03 18:00. 2008-01-03 18:00 <DIR> d -------- C: \ Program Files \ Messenger Plus! Trăi
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ WayBowsReal
2008-01-03 18:00. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat
2007-12-30 16:54. 2007-12-30 16:54 <DIR> d -------- C: \ Program Files \ şoaptă Tehnologie
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client 2.5 Setup Files
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Program Files \ SmartFTP Client
2007-12-30 16:36. 2007-12-30 16:36 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ SmartFTP
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony
2007-12-30 07:48. 2007-12-30 07:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Publicare Providers
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Vstplugins
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Program Files \ Sony
2007-12-30 07:45. 2007-12-30 07:45 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Sony
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Program Files \ Sony Setup
2007-12-30 07:39. 2007-12-30 07:39 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ Sony Setup
2007-12-29 23:30. 2008-01-15 17:00 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2007-12-29 23:30. 2007-12-29 23:30 1.409 - a ------ C: \ WINDOWS \ QTFont.for
2007-12-29 15:45. 2007-12-29 15:45 <DIR> d -------- C: \ Program Files \ FPS
2007-12-29 15:45. 2007-12-29 15:45 286,720 --------- C: \ WINDOWS \ Setup1.exe
2007-12-29 15:45. 2007-12-29 15:45 73,216 - a ------ C: \ WINDOWS \ ST6UNST.EXE
2007-12-29 12:08. 2004-08-03 23:10 10,880 - a ------ C: \ Windows \ system32 \ drivers \ NdisIP.sys
2007-12-29 12:08. 2004-08-03 23:10 10.880 - a - c --- C: \ Windows \ system32 \ dllcache \ ndisip.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - o ------ C: \ Windows \ system32 \ drivers \ MSTEE.sys
2007-12-29 12:08. 2004-08-03 22:58 5.504 - a - c --- C: \ Windows \ system32 \ dllcache \ mstee.sys
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ SXS
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Logitech
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Program Files \ Common Files \ FotoWire
2007-12-29 12:04. 2007-12-29 12:04 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ FotoWire
2007-12-29 12:03. 2007-12-29 12:03 <DIR> d -------- C: \ Program Files \ Common Files \ Logitech
2007-12-28 19:09. 2007-12-28 19:46 <DIR> d -------- C: \ Program Files \ eMule
2007-12-28 17:29. 2007-12-28 17:29 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ DivX
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Fraps
2007-12-27 00:05. 2007-12-27 00:05 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2007-12-24 17:11. 2007-07-30 19:19 271.224 - a ------ C: \ Windows \ system32 \ mucltui.dll
2007-12-24 17:11. 2007-07-30 19:19 207.736 - a ------ C: \ Windows \ system32 \ muweb.dll
2007-12-24 17:11. 2007-07-30 19:19 30.072 - a ------ C: \ Windows \ system32 \ mucltui.dll.mui
2007-12-23 21:01. 2008-01-03 20:48 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ gtk-2.0
2007-12-23 21:01. 2007-12-23 21:01 <DIR> d -------- C: \ Documents and Settings \ Richard \. Miniaturi
2007-12-23 21:00. 2007-12-23 21:00 <DIR> d -------- C: \ Program Files \ GIMP-2.0
2007-12-23 21:00. 2008-01-03 20:54 <DIR> d -------- C: \ Documents and Settings \ Richard \. Gimp-2.4
2007-12-22 15:39. 2007-12-22 15:39 <DIR> d -------- C: \ Program Files \ DNA
2007-12-22 15:39. 2008-01-15 22:03 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ a ADN-ului
2007-12-22 15:39. 2007-12-28 19:40 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ BitTorrent
2007-12-22 15:22. 2007-12-22 15:22 <DIR> d -------- C: \ Program Files \ Audacity
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Program Files \ MonkeyJam
2007-12-22 15:21. 2007-12-22 15:21 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ MonkeyJam
2007-12-22 15:21. 2005-02-27 17:11 424.960 - a ------ C: \ Windows \ system32 \ wavdest.ax
2007-12-21 15:27. 2007-12-21 15:27 <DIR> d -------- C: \ Program Files \ Microsoft Works
2007-12-21 15:27. 2006-10-26 19:56 32.592 - a ------ C: \ Windows \ system32 \ msonpmon.dll
2007-12-21 15:26. 2007-12-21 15:26 <DIR> d -------- C: \ Program Files \ MSBuild
2007-12-21 15:23. 2007-12-21 15:26 <DIR> d -------- C: \ WINDOWS \ SHELLNEW
2007-12-21 15:22. 2007-12-21 15:22 <DIR> dr.-h ----- C: \ MSOCache
2007-12-21 15:22. 2007-12-21 15:27 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Microsoft Ajutor
2007-12-19 19:56. 2007-12-28 13:01 <DIR> d -------- C: \ Program Files \ DivX
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Program Files \ VideoLAN
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ VLC
2007-12-15 23:51. 2007-12-15 23:51 <DIR> d -------- C: \ Documents and Settings \ Richard \ Application Data \ dvdcss
2007-12-15 23:36. 2007-12-22 15:29 <DIR> d -------- C: \ Program Files \ Real
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ xing partajate
2007-12-15 23:36. 2007-12-15 23:36 <DIR> d -------- C: \ Program Files \ Common Files \ Real

.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 19:36 --------- d ----- w C: \ Program Files \ Xfire
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ AVG7
2008-01-15 17:54 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ avg7
2008-01-15 17:46 22.328 ---- Aw C: \ Windows \ system32 \ drivers \ PnkBstrK.sys
2008-01-15 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Xfire
2008-01-11 23:18 --------- d ----- w C: \ Program Files \ SpeedFan
2008-01-11 22:26 5.615 ---- Aw C: \ Program Files \ install.log
2008-01-11 10:25 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2007-12-22 15:26 --------- d ----- w C: \ Program Files \ Common Files \ InstallShield
2007-12-21 18:56 --------- d ----- w C: \ Program Files \ Wolfenstein - Enemy Territory
2007-12-12 21:45 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2007-12-12 21:43 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ NVIDIA
2007-12-12 21:31 --------- d ----- w C: \ Program Files \ SystemRequirementsLab
2007-12-12 20:38 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ Apple Computer
2007-12-12 20:32 --------- d ----- w C: \ Program Files \ Windows Media Connect 2
2007-12-12 20:04 --------- d ----- w C: \ Program Files \ QuickTime
2007-12-12 20:03 --------- d ----- w C: \ Program Files \ Apple Software Update
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2007-12-12 20:03 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Apple
2007-12-10 22:14 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ Xfire
2007-12-10 22:01 --------- d ----- w C: \ Documents and Settings \ NetworkService \ Application Data \ Xfire
2007-12-10 18:58 --------- d ----- w C: \ Program Files \ CCleaner
2007-12-10 18:02 --------- d ----- w C: \ Program Files \ Java
2007-12-10 18:02 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ SystemRequirementsLab
2007-12-10 18:00 --------- d ----- w C: \ Program Files \ Common Files \ Java
2007-12-10 17:54 --------- dcsh - w C: \ Program Files \ Common Files \ WindowsLiveInstaller
2007-12-10 17:54 --------- d ----- w C: \ Program Files \ Windows Live
2007-12-10 17:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ WLInstaller
2007-12-10 17:39 --------- d ----- w C: \ Program Files \ RivaTuner v2.06
2007-12-08 22:50 12.464 ---- Aw C: \ Windows \ system32 \ drivers \ secdrv.sys
2007-12-07 18:43 --------- d ----- w C: \ Documents and Settings \ LocalService \ Application Data \ AVG7
2007-12-07 18:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Grisoft
2007-12-07 18:24 --------- d ----- w C: \ Program Files \ AquaMark3
2007-12-07 17:45 --------- d ----- w C: \ Program Files \ Realtek
2007-12-07 17:45 --------- d ----- w C: \ Documents and Settings \ Richard \ Application Data \ InstallShield
2007-12-07 17:44 4.716 ---- Aw C: \ WINDOWS \ gdrv.sys
2007-12-07 17:43 --------- d ----- w C: \ Program Files \ Intel
2007-12-07 17:42 --------- d ----- w C: \ Program Files \ Yahoo!
2007-12-07 17:37 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
.

((((((((((((((((((((((((((((( Snapshot@2008-01-15_21.05.00.95 )))))))))) )))))))))))))))))))))))))))))))
.
- 2008-01-15 21:03:50 225.280 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000001 \ NTUSER.DAT
+ 2008-01-15 22:03:02 225.280 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000001 \ NTUSER.DAT
- 2008-01-15 21:03:50 8.192 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000002 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000002 \ UsrClass.dat
- 2008-01-15 21:03:50 229.376 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000003 \ NTUSER.DAT
+ 2008-01-15 22:03:02 229.376 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000003 \ NTUSER.DAT
- 2008-01-15 21:03:50 8.192 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000004 \ UsrClass.dat
+ 2008-01-15 22:03:02 8.192 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000004 \ UsrClass.dat
- 2008-01-15 21:03:50 3.670.016 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000005 \ NTUSER.DAT
+ 2008-01-15 22:03:02 3.670.016 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000005 \ NTUSER.DAT
- 2008-01-15 21:03:50 208.896 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000006 \ UsrClass.dat
+ 2008-01-15 22:03:02 208.896 ---- Aw C: \ WINDOWS \ erdnt \ HIV-backup \ Users \00000006 \ UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2004-08-04 12:00 15360]
"BitTorrent a ADN-ului" = "C: \ Program Files \ DNA \ btdna.exe" [2007-12-22 15:39 290112]
"curblicense" = "C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe" []
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"RTHDCPL" = "RTHDCPL.EXE" [2006-11-14 09:21 16270848 C: \ WINDOWS \ RTHDCPL.exe]
"SkyTel" = "SkyTel.EXE" [2006-05-16 10:04 2879488 C: \ WINDOWS \ SkyTel.exe]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-20 16:29 579072]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2007-10-19 20:16 286720]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz" = "nwiz.exe" [2007-09-17 01:07 1626112 C: \ Windows \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2007-09-17 01:07 81920]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2007-12-15 23:36 185896]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 00:47 31016]
"LVCOMSX" = "C: \ Windows \ system32 \ LVCOMSX.EXE" [2004-02-25 16:15 221184]
"LogitechVideoRepair" = "C: \ Program Files \ Logitech \ Video \ ISStart.exe" [2004-02-25 17:15 454656]
"LogitechVideoTray" = "C: \ Program Files \ Logitech \ Video \ LogiTray.exe" [2004-02-25 17:06 212992]
"În al doilea rând bat de creaţie de vârf" = "C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe" []

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-07 18:42 219136]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ shellexecutehooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

S3 gdrv; gdrv; C: \ WINDOWS \ gdrv.sys [2007-12-07 17:44]
S3 PhilCam8116; Logitech QuickCam Pro 3000 (PID_08B0); C: \ WINDOWS \ system32 \ drivers \ CamDrL2 1.sys [2004-02-14 04:09]

.
Cuprins de la "Activităţi programate" dosar
"2007-12-12 20:03:45 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job"
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:05:20
Windows 5.1.2600 Service Pack 2 NTFS

scanare ascuns procese ...

scanare ascuns autostart intrări ...

scanare fişiere ascunse ...

scanare sa finalizat cu succes
fişiere ascunse: 0

************************************************** ************************
.
Completion time: 2008-01-15 22:06:11 - masina a fost repornită
ComboFix-carantină-files.txt 2008-01-15 22:06:09
ComboFix2.txt 2008-01-15 21:05:12
.
2008-01-05 21:00:15 --- EOF ---


Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 10:07:19, pe 1.15.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ PnkBstrA.exe
C: \ Windows \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe
C: \ Windows \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Windows \ system32 \ LVCOMSX.EXE
C: \ Program Files \ Logitech \ Video \ LogiTray.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Logitech \ Video \ FxSvr2.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Windows \ system32 \ notepad.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.yahoo.com
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ ycomp5_6_0_1.d ll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Groove SFG Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in-Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: & Yahoo! Companion - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ ycomp5_6_0_1.d ll
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [LVCOMSX] C: \ Windows \ system32 \ LVCOMSX.EXE
O4 - HKLM \ .. \ Run: [LogitechVideoRepair] C: \ Program Files \ Logitech \ Video \ ISStart.exe
O4 - HKLM \ .. \ Run: [LogitechVideoTray] C: \ Program Files \ Logitech \ Video \ LogiTray.exe
O4 - HKLM \ .. \ Run: [În al doilea rând de lilieci de creaţie de vârf] C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & la sfârşitul OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1197308803562
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ GR99D3 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C: \ Windows \ system32 \ PnkBstrA.exe

--
Sfârşit de fişier - 6716 bytes
  #10  
Old 15 ianuarie 2008, 15:29
Moderator Group
  
Du-te la My Computer-> Tools-> Folder Options-> View TAB:
  • În conformitate cu fişierele şi folderele ascunse rubrica:
  • Selectaţi Afişează fişierele şi folderele ascunse.
  • Debifaţi Ascundere fişierele protejate ale sistemului de operare (recomandat) opţiune.
  • De asemenea, asiguraţi-vă că nu există nici o checkmark lângă Ascunde fişier extensiile pentru tipurile de fişiere cunoscute.
  • Faceţi clic pe OK

----------

Apăsaţi Ctrl + Alt + şterge pentru a aduce procesul de Monitor. Faceţi clic pe fila Procese şi-l omoare pe procese de

lite.exe <<Sau mort Lite.exe
noun.exe <<Sau Nurb mai multe noun.exe

----------

Deschide HijackThis şi selectaţi Fă-un sistem de scanare numai apoi puneţi un semn de selectare lângă: (dacă este găsit)

O4 - HKLM \ .. \ Run: [În al doilea rând de lilieci de creaţie de vârf] C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \ mort lite.exe
O4 - HKCU \ .. \ Run: [curblicense] C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \ Nurb mai multe noun.exe

Închideţi toate ferestrele cu excepţia HijackThis şi faceţi clic pe Fix verificate

Exit Hijackthis.

----------

Deschideţi Computerul meu de pe desktop şi locathe şi şterge aceste fişiere. (dacă este găsit)

C: \ Documents and Settings \ All Users \ Application Data \ Axa Readme În al doilea rând Bat \mort lite.exe

C: \ DOCUME ~ 1 \ Richard \ APPLIC ~ 1 \ WAYBOW ~ 1 \Nurb mai multe noun.exe

----------

Vă rugăm să rulaţi F-Secure Online Scanner

Notă: Acest Scanner lucrează numai cu Internet Explorer!
  • Defilaţi la partea de jos a paginii şi faceţi clic pe butonul Start scanare. O fereastra va apărea pe neaşteptate.
  • Se lasă Active X control pentru a fi instalat pe computer, apoi faceţi clic pe butonul Accept
  • Faceţi clic pe Scanare completă a sistemului şi permite de a componentelor pentru a descărca şi de scanare pentru a finaliza.
  • Dacă malware-ului este găsit, verificaţi Prezinte mostre pentru F-Secure apoi selectaţi Automat de curăţare
  • Când de curăţare a finitished, faceţi clic pe Afişare raport (acest lucru se va deschide o fereastra de Internet Explorer care conţine raport)
  • Evidenţiaţi şi Copy (Ctrl + C) în raport complet, şi Lipire (CTRL + V), într-un nou răspuns la această postare
    • Dacă curăţare automată cu prezinte mostre se blochează, faceţi clic pe Anulare, Apoi New Scan
  • În cazul în care opţiunea de curăţare este prezentat, Debifaţi Prezinte mostre pentru F-Secure
  • Faceţi clic pe Automat de curăţare
  • Când de curăţare a finitished, faceţi clic pe Afişare raport (acest lucru se va deschide o fereastra de Internet Explorer care conţine raport)
  • Evidenţiaţi şi Copy (Ctrl + C) în raport complet, şi Lipire (CTRL + V), într-un nou răspuns la această postare
  • Această scanare poate dura destul de mult timp, aşa că vă rugăm să aveţi răbdare

----------

Înainte post adăuga
F-Secure jurnal
New Hijackthis jurnal
__________________
Reply
Pagina 1 din 2 1 2

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Suc.
Contact -- Confidentialitate -- Harta site-ului -- Vârf

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd. SEO de vBSEO © 2009, Crawlability, Inc