Iexplore.exe virus

kfarns00 · #1 4 decembrie 2007, 11:10

Salut Baieti,
M-am uitat în jur de acest forum si multe alte site-uri, caută o soluţie la problema mea. M-am întâlnit cu câteva fire de diferite despre acest virus, asa ca imi cer scuze pentru a face unul nou, dar am încercat remedierile descrise în acestea, şi nu a primit nici mai aproape de eliminarea de acest lucru.
Când am deschis Task Manager, există 2 "iexplore.exe" procese care rulează, un obicei în jur de 10,000 folosind K mem, în timp ce ceilalţi este, de obicei, în jur de 40,000 K. Aceste procese sunt acolo, chiar dacă nu sunt folosiţi Internet Explorer. Dacă am încerca se încheie aceste procese, se întoarce în mod automat. Sunt de asemenea, obţinerea internet explorer pop-up la fiecare câteva minute, care sunt în ipoteza aceasta este cauza.

Oricum, aici este meu hijackthis log.

Logfile de HijackThis v1.99.1
Scan salvat de la 2:08:19, pe 12.4.2007
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ Windows \ system32 \ CTsvcCDA.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ UAService7.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ RUNDLL32.EXE
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ ISUSPM.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Creative \ MediaSource \ Detector \ CTDetect.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Microsoft Office \ OFFICE11 \ WINWORD.EXE
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ MSN Messenger \ livecall.exe
C: \ Program Files \ MSN Messenger \ usnsvc.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ hijackthis \ HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - (39F7E362-828A-4B5A-BCAF-5B79BFDFEA60) - C: \ Program Files \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [LogonStudio] "C: \ Program Files \ WinCustomize \ LogonStudio \ logonstudio.exe" / RANDOM
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [organism sigur instrument drv] C: \ Documents and Settings \ All Users \ Application Data \ activă a muta corpul sigur \ media bone.exe
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimizate
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / fundal
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKCU \ .. \ Run: [JoyAxis] C: \ DOCUME ~ 1 \ KENFAR ~ 1 \ APPLIC ~ 1 \ USERFL ~ 1 \ Vc cool.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [ISUSPM] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ ISUSPM.exe"-scheduler
O4 - HKCU \ .. \ Run: [Creative Detector] "C: \ Program Files \ Creative \ MediaSource \ Detector \ CTDetect.exe" / R
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O8 - Extra context menu item: & D & ownload & cu BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra context menu item: & D & ownload all video cu BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra context menu item: & D & ownload all with BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddAllLink.htm
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: BitComet Search - (461CC20B-FB6E-4f16-8FE8-C29359DB100E) - C: \ Program Files \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (00B71CFB-6864-4346-A978-C0A14556272C) (joc de dame Class) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (joc de dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN foto Încărcare Tool) -- http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook foto Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://www.shockwave.com/content/din...g.1.0.0.33.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DF780F87-FF2B-4DF8-92D0-73DB16A1543A) (PopCapLoader Object) -- http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Ataşări Control) -- http://by111fd.bay111.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: Creative Service pentru CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -% ProgramFiles% \ WinPcap \ rpcapd.exe "-d-f"% ProgramFiles% \ WinPcap \ rpcapd.ini (fişierul lipseşte)
O23 - Service: SecuROM User Access Service (v7) (UserAccess7) - Unknown owner - C: \ Windows \ system32 \ UAService7.exe

**evilfantasy** · #2 4 decembrie 2007, 12:22

Bine ati venit la TCF.

Două întrebări, înainte de a continua.

1. De ce există nici un antivirus să fie difuzate?

2. Ai Windows firewall pornit?

kfarns00 · #3 4 decembrie 2007, 12:45

Paravanul de protecţie Windows este activat, şi I dont avea un anti-virus de pe aici, chiar acum (de rau, stiu)

**evilfantasy** · #4 4 decembrie 2007, 12:55

OK, prima du-te şi descărcaţi şi să instalaţi stai! 4 Libera Home Edition de la Acest link

Post înapoi, atunci când este instalat.

Nu executa o scanare încă.

kfarns00 · #5 4 decembrie 2007, 13:19

ok, este instalat.

**evilfantasy** · #6 4 decembrie 2007, 13:27

Activaţi Vizualizarea ascunse fişierele de sistem & Foldere

1. Click dreapta Porni.
2. Selectaţi Panoul de control.
3. Selectaţi Instrumente şi faceţi clic pe meniul Opţiuni folder.
4. Selectaţi Fila Vizualizare.
5. În conformitate cu fişierele şi folderele ascunse rubrica selectaţi Afişează fişierele şi folderele ascunse.
6. Debifaţi Se ascund extensiile pentru tipurile de fişiere cunoscute opţiune.
7. Debifaţi Se ascund fişierele protejate ale sistemului de operare (recomandat) opţiune.
8. Faceţi clic pe Aplica.
9. Faceţi clic pe OK.

--------------------

1. Reporniţi în Safe Mode

* Pentru a intra în Safe Mode. Reporniţi PC-ul, şi în calitate de calculator este de a porni porni atingerea "F8 Key".
* Utilizaţi tastele săgeată pentru a trece la "Safe Mode" şi apăsaţi tasta Enter.

2. Deschide HijackThis şi selectaţi Nu doar un sistem de scanare şi apoi puneţi un semn de selectare lângă:

O4 - HKLM \ .. \ Run: [organism sigur instrument drv] C: \ Documents and Settings \ All Users \ Application Data \ activă a muta corpul sigur \ media bone.exe
O4 - HKCU \ .. \ Run: [JoyAxis] C: \ DOCUME ~ 1 \ KENFAR ~ 1 \ APPLIC ~ 1 \ USERFL ~ 1 \ Vc cool.exe

Acum faceţi clic pe Fix verificate.

3. Faceţi dublu clic pe Computerul meu pe desktop şi găsiţi următoarele fişiere / foldere şi ştergeţi-le (dacă există)

C: \ Windows \ system32 \ cool.exe

C: \ Documents and Settings \ KENFAR ~ 1 \ Application Data \ USERFL ~ 1 \ Vc cool.exe (de ~ 1 este calea abreviat)

C: \ Documents and Settings \ All Users \ Application Data \ activă a muta corpul sigur \ media bone.exe

C: \ Windows \ system32 \ media bone.exe

Reporniţi în mod normal de boot.

--------------------

Dezinstalaţi copie a HijackThis pe care le-aţi şi instalaţi noua versiune de la Acest link

Apoi, după un nou log HijackThis.

kfarns00 · #7 4 decembrie 2007, 13:40

Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 4:40:27, pe 12.4.2007
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Windows \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
C: \ WINDOWS \ RTHDCPL.EXE
C: \ Windows \ system32 \ CTsvcCDA.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Windows \ system32 \ nvsvc32.exe
C: \ Windows \ system32 \ svchost.exe
C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
C: \ Windows \ system32 \ UAService7.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ ISUSPM.exe
C: \ Program Files \ Creative \ MediaSource \ Detector \ CTDetect.exe
C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - (39F7E362-828A-4B5A-BCAF-5B79BFDFEA60) - C: \ Program Files \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - (53707962-6F74-2D53-2644-206D7942484F) - C: \ Program Files \ Spybot - Search & Destroy \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM \ .. \ Run: [SkyTel] SkyTel.EXE
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [LogonStudio] "C: \ Program Files \ WinCustomize \ LogonStudio \ logonstudio.exe" / RANDOM
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimizate
O4 - HKLM \ .. \ Run: [stai!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Program Files \ MSN Messenger \ MsnMsgr.Exe" / fundal
O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe"-quiet
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [ISUSPM] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ ISUSPM.exe"-scheduler
O4 - HKCU \ .. \ Run: [Creative Detector] "C: \ Program Files \ Creative \ MediaSource \ Detector \ CTDetect.exe" / R
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O8 - Extra context menu item: & D & ownload & cu BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddLink.htm
O8 - Extra context menu item: & D & ownload all video cu BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddVideo.htm
O8 - Extra context menu item: & D & ownload all with BitComet - res: / / C: \ Program Files \ BitComet \ BitComet.exe / AddAllLink.htm
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra button: BitComet Search - (461CC20B-FB6E-4f16-8FE8-C29359DB100E) - C: \ Program Files \ BitComet \ tools \ BitCometBHO_1.1.7.4.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra 'Tools' MENUITEM: Yahoo! Messenger - (E5D12C4E-7B4F-11D3-B5C9-0050045C3C96) - C: \ Program Files \ Yahoo! \ Messenger \ YahooMessenger.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (00B71CFB-6864-4346-A978-C0A14556272C) (joc de dame Class) -- http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: (20A60F0D-9AFA-4515-A0FD-83BD84642501) (joc de dame Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Program Files \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) (MSN foto Încărcare Tool) -- http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook foto Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19) (CPlayFirstddfotgControl Object) -- http://www.shockwave.com/content/din...g.1.0.0.33.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: (DF780F87-FF2B-4DF8-92D0-73DB16A1543A) (PopCapLoader Object) -- http://www.shockwave.com/content/bej...loader_v10.cab
O16 - DPF: (F04A8AE2-A59D-11D2-8792-00C04F8EF29D) (Hotmail Ataşări Control) -- http://by111fd.bay111.hotmail.msn.co...x/HMAtchmt.ocx
O23 - Service: stai! iAVS4 serviciu de control (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: stai! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: stai! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: stai! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe
O23 - Service: Creative Service pentru CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C: \ Program Files \ WinPcap \ rpcapd.exe
O23 - Service: SecuROM User Access Service (v7) (UserAccess7) - Unknown owner - C: \ Windows \ system32 \ UAService7.exe

--
Sfârşit de fişier - 7759 bytes

**evilfantasy** · #8 4 decembrie 2007, 13:53

Jurnalul arată bine, cum este acum la computer?

kfarns00 · #9 4 decembrie 2007, 14:15

E mare lucru acum. iexplore.exe de sarcini nu au venit înapoi, nu am avut nici un pop-up, şi acesta pare să fie difuzate mai repede acum, un pic prea.
Mulţumesc mult pentru ajutor! după ce cauta in jurul de zile, pentru a afla cum sa scap de asta, ai rezolvat-o în cel mai scurt timp haha, multumesc din nou

**evilfantasy** · #10 4 decembrie 2007, 14:26

Nici o problemă.

Ar trebui să rulaţi un virus de scanare acum stai că este instalat.
De asemenea, să descărcaţi şi să rulaţi Superantispyware (SAS) SUPERAntispyware Free Edition pentru a vă asigura că nimic nu mai e acolo ca HijackThis nu a putut fi găsit.

Uitaţi-vă gratuit în instrumente acest post

Safe surfing ........