[sungod000]

Bună ziua,
Am observat am avut o problemă, atunci când am auzit muzica misterios joc. Am verificat şi am văzut o grămadă de procese IEXPLORE.EXE rulează.

Am fugit NAV, Ad-Conştient, Defender, apoi a urmat instrucţiunile care le-aţi furnizat. Multumesc anticipat pentru ajutor. Aici sunt jurnalele:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generat 01.19.2008 la 08:53

Application Version: 3-9-1008

Reguli de bază pentru baze de date Version: 3384
Trace Regulamentul Database Version: 1378

Scan type: Complete Scan
Total Scan Ora: 01:01:52

Memorie articole scanate: 576
Memorie ameninţările detectate: 0
Registrul articole scanate: 7837
Registrul ameninţările detectate: 0
Elemente de fişiere scanate: 66011
File ameninţările detectate: 60

Adware.Tracking Cookie
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ advertpro [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ revsci [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ cgi-bin [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ eyewonder [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ HC [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@sales.liveperson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ html [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.burstnet [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@www.crackpassword [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@umkxup22.unitedme dia [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@click.mgg01 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adcentriconline [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ad1.soundpedia [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ adbrite [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ indiads [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@microsoftwga.112. 2o7 [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.cnn [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.monster [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.iad.livepe rson [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads3.blastro [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@mailtrack.rnm [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@track.bestbuy [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ atwola [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ 85084061 [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@server.lon.livepe rson [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ partypoker [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep@ads.as4x.tmcs [2]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ xiti [1]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ tribalfusion [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman AGER [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ad.yieldman AGER [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ adbrite [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ adecn [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@ads.128b [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@adserver.ea syad [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ apmebf [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ atdmt [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ banner [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ clicksor [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ dubluclick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ spori [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ euros4click [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ fastclick [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ findwhat [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ partypoker [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ pro-piaţă [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ statcounter [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@stats.adbri te [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ toseeka [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@tracker.aff istats [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.findit-quick [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [2]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goaltra ffic [3]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.goodcli ckz [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ system@www.kikclic k [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ zedo [1]. Txt
C: \ Documents and Settings \ NetworkService \ Cookies \ SYSTEM @ zedo [3]. Txt
C: \ Documents and Settings \ sundeep \ Cookies \ sundeep @ burstnet [2]. Txt







# Versiune = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2806 (20080118)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 5ac60436be4e8c4d8b34206de1ddeb01
# Sfârşitul = terminat
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-01-19 03:34:06
# Local_time = 2008-01-19 10:34:06 (-0500, Eastern Standard Time)
# Ţară = "Statele Unite"
# Osver = 5.1.2600 NT Service Pack 2
# Scanat = 394948
# Găsit = 14
# Scan_time = 2493
C: \ MSInfnd.exe, probabil, o variantă a Win32/Hupigon Trojan (în imposibilitatea de a curăţa - eliminat) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc multiple infiltrations (eliminat) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» BlackBox.class o variantă de Java / ClassLoader Trojan (eroare în timp ce de curăţare - exploatare indisponibil pentru acest tip de de obiect - eroare la ştergerea - exploatare indisponibil pentru acest tip de obiect - a fost o parte a şters obiect) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» VerifierBug.class JS / IEStart.G Trojan (eroare în timp ce de curăţare - exploatare indisponibil pentru acest tip de obiect - eroare la ştergerea - exploatare indisponibil pentru acest tip de obiect - a fost o parte a şters obiect) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-34ef6dbc »ZIP» Dummy.class Java / NoCheat.B Trojan (eroare în timp ce de curăţare - exploatare indisponibil pentru acest tip de obiect - eroare la ştergerea - exploatare indisponibil pentru acest tip de obiect - a fost o parte a şters obiect) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-o variantă a 3f7c5e12 Java / ClassLoader Trojan (eliminat) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-3f7c5e12 »ZIP» BlackBox.class o variantă de Java / ClassLoader Trojan (eroare în timp ce de curăţare - exploatare indisponibil pentru acest tip de de obiect - eroare la ştergerea - exploatare indisponibil pentru acest tip de obiect - a fost o parte a şters obiect) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d multiple infiltrations (eliminat) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» BlackBox.class o variantă de Java / ClassLoader Trojan (eroare în timp ce de curăţare - exploatare indisponibil pentru acest tip de de obiect - eroare la ştergerea - exploatare indisponibil pentru acest tip de obiect - a fost o parte a şters obiect) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» VerifierBug.class JS / IEStart.G Trojan (eroare în timp ce de curăţare - exploatare indisponibil pentru acest tip de obiect - eroare la ştergerea - exploatare indisponibil pentru acest tip de obiect - a fost o parte a şters obiect) 00000000000000000000000000000000
C: \ Documents and Settings \ NetworkService \ Application Data \ duminică \ Java \ Deployment \ cache \ 6.0 \ 58 \ 7589253a-7685bc3d »ZIP» Dummy.class Java / NoCheat.B Trojan (eroare în timp ce de curăţare - exploatare indisponibil pentru acest tip de obiect - eroare la ştergerea - exploatare indisponibil pentru acest tip de obiect - a fost o parte a şters obiect) 00000000000000000000000000000000
C: \ Program Files \ Common Files \ Microsoft Shared \ MSInfo \ MSInfnd.exe, probabil, o variantă a Win32/Hupigon troieni (în imposibilitatea de a curăţa - eliminat) 00000000000000000000000000000000
C: \ Windows \ system32 \ _MSInfnd.exe, probabil, o variantă a Win32/Hupigon Trojan (în imposibilitatea de a curăţa - eliminat) 00000000000000000000000000000000
D: \ MSInfnd.exe, probabil, o variantă a Win32/Hupigon troieni (în imposibilitatea de a curăţa - eliminat) 00000000000000000000000000000000








Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 10:55:08, pe 01.19.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ bin \ EvtEng.exe
C: \ Program Files \ Intel \ Wireless \ bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ bin \ WLKeeper.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Program Files \ Widcomm \ Bluetooth Software \ bin \ btwdins.exe
C: \ Windows \ system32 \ cisvc.exe
C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
C: \ Program Files \ Intel \ Wireless \ bin \ RegSrvc.exe
C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Program Files \ Intel \ Wireless \ bin \ ifrmewrk.exe
C: \ Program Files \ Dell \ QuickSet \ quickset.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ Windows \ system32 \ Rundll32.exe
C: \ Program Files \ Intel \ Wireless \ bin \ Dot1XCfg.exe
C: \ Windows \ system32 \ hkcmd.exe
C: \ Windows \ system32 \ igfxpers.exe
C: \ Windows \ system32 \ igfxsrvc.exe
C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ DOCUME ~ 1 \ sundeep \ localnici ~ 1 \ temp \ clclean.0001
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Widcomm \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ Msiexec.exe
C: \ Windows \ system32 \ cidaemon.exe
C: \ Windows \ system32 \ cidaemon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = *. local
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Program Files \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Wireless \ bin \ ifrmewrk.exe" / tf Intel PROSet / Wireless
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Program Files \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe" / pornire
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Persistenţa] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel-ului şi hardware abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra context menu item: Send to & Bluetooth Device ... - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (fişierul lipseşte)
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (fişierul lipseşte)
O9 - Extra button: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie.htm
O10 - Broken de acces la Internet, pentru că de la furnizorul de LSP "C: \ Program Files \ Bonjour \ mdnsnsp.dll" lipseşte
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932290562
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Conştient 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ Widcomm \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licenţiere Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec Detect de licenţiere a conexiunii la Internet (DJSNETCN) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo-cadru de servicii (MSInfoFrv) - Unknown owner - C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (fişierul lipseşte)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
O23 - Service: Norton Protecţia Center Service (NSCService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown owner - C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ bin \ WLKeeper.exe

--
Sfârşit de fişier - 11743 bytes

[evilfantasy]

Bine ati venit la TCF.


Deschideţi HJT şi selectaţi Fă-un sistem de scanare numai apoi puneţi un semn de selectare lângă:

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O9 - Extra button: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (fişierul lipseşte)
O9 - Extra 'Tools' MENUITEM: PartyPoker.com - (B7FE5D70-9AA2-40F1-9C6B-12A255F085E1) - C: \ Program Files \ PartyGaming \ PartyPoker \ RunApp.exe (fişierul lipseşte)

Închideţi toate ferestrele cu excepţia HJT şi faceţi clic pe Fix verificate.

----------

• Faceţi dublu clic pe fişierul descărcat pentru a rula instalarea.

În timpul instalării:

• Plecare la toate setările implicite cu excepţia TeaTimer (Asiguraţi-vă că aţi debifaţi opţiunea de instalare în timpul)
• Teatimer poate fi un porc de resurse şi, de asemenea, eliminarea în bloc a unor probleme de malware.
  • Dacă aveţi deja TeaTimer activată, în partea de jos a vedea acest post cu privire la modul de a dezactiva.
• Fă-a recomandat copii de rezervă de registry.
• În timpul instalării de acord să de căutare pentru actualizări acum pentru a instala orice actualizări.
• De acord să Imuniza sistemul.
• Asiguraţi-vă că lăsaţi SDhelper (IE rău download blocker) verificate pentru a instala.

După instalare:

• Verificaţi întotdeauna înainte de actualizare pentru care rulează o scanare.
• Dacă primiţi rea de control eroare la încercarea de a actualizare, trebuie doar să alegeţi un alt server de locaţie.
• De asemenea, caut Imuniza Spybot în funcţie şi să-l utilizaţi.
  • În primul rând, în coloana din stânga, faceţi clic pe icoana imuniza şi se va verifica pentru a vedea ce trebuie să fie imuniza.
  • Dupa ce va finaliza, lăsaţi setările implicite şi faceţi clic pe verde semnul plus în partea de sus pe care scrie Imuniza.
• Închide TOATEferestrele de browser.
• Acum, faceţi clic pe Search & Destroy pictograma. (stânga sus)
  
• Apoi, pe partea de sus faceţi clic pe meniul Verificaţi pentru probleme buton pentru a începe scanarea.
  
  • Ai rabdare, acest lucru poate dura ceva timp pentru a rula.
    
  • Progresul va fi afişată în bara de stare din partea de jos a ferestrei.
    
  • Nu rula orice alte Spybot scanează în timp ce se execută.
• În cazul în care completează scanare asiguraţi-vă că selectaţi totul apoi faceţi clic pe Fix selectate probleme pe bara de meniu sus.

NOTĂ: Oricand vă instalaţi actualizări pentru Spybot, verifica pentru noi Immunizations, urmând paşii de mai sus.

----------

Porneşte o nouă scanare cu HJT şi post de jurnal Spybot după ce sa terminat.

[sungod000]

Ok, aici este noul log:

Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 5:09:34, pe 01.19.2008
Platforma: Windows XP SP2 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Intel \ Wireless \ bin \ EvtEng.exe
C: \ Program Files \ Intel \ Wireless \ bin \ S24EvMon.exe
C: \ Program Files \ Intel \ Wireless \ bin \ WLKeeper.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
C: \ Program Files \ Widcomm \ Bluetooth Software \ bin \ btwdins.exe
C: \ Windows \ system32 \ cisvc.exe
C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
C: \ Program Files \ Intel \ Wireless \ bin \ RegSrvc.exe
C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ fxssvc.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe
C: \ Program Files \ Intel \ Wireless \ bin \ ifrmewrk.exe
C: \ Program Files \ Dell \ QuickSet \ quickset.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ Intel \ Wireless \ bin \ Dot1XCfg.exe
C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe
C: \ Windows \ system32 \ Rundll32.exe
C: \ Windows \ system32 \ hkcmd.exe
C: \ Windows \ system32 \ igfxsrvc.exe
C: \ Windows \ system32 \ igfxpers.exe
C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
C: \ DOCUME ~ 1 \ sundeep \ localnici ~ 1 \ temp \ clclean.0001
C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe
C: \ Program Files \ Widcomm \ Bluetooth Software \ BTTray.exe
C: \ Program Files \ Hamachi \ hamachi.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
C: \ Windows \ system32 \ cidaemon.exe
C: \ Windows \ system32 \ cidaemon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.ca/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = *. local
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: NAV Helper - (A8F38D8D-E480-4D52-B7A2-731BB6995FDD) - C: \ Program Files \ Yahoo! \ NAV \ NavShExt.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [IntelZeroConfig] "C: \ Program Files \ Intel \ Wireless \ bin \ ZCfgSvc.exe"
O4 - HKLM \ .. \ Run: [IntelWireless] "C: \ Program Files \ Intel \ Wireless \ bin \ ifrmewrk.exe" / tf Intel PROSet / Wireless
O4 - HKLM \ .. \ Run: [Dell QuickSet] C: \ Program Files \ Dell \ QuickSet \ quickset.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [Google Desktop Search] "C: \ Program Files \ Google \ Google Desktop Search \ GoogleDesktop.exe" / pornire
O4 - HKLM \ .. \ Run: [CTSysVol] C: \ Program Files \ Creative \ SBAudigy \ Surround Mixer \ CTSysVol.exe / r
O4 - HKLM \ .. \ Run: [MBMon] rundll32 CTMBHA.DLL, MBMon
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ Windows \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ Windows \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [Persistenţa] C: \ Windows \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [KernelFaultCheck]% systemroot% \ system32 \ dumprep 0-k
O4 - HKLM \ .. \ Run: [Kernel-ului şi hardware abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [PNAgent] "C: \ Program Files \ PhatNoise Music Manager \ PNAgent.exe"
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKLM \ .. \ RunServices: [DJSNetCN] C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU \ .. \ Run: [WeatherEye] C: \ Program Files \ TheWeatherNetwork \ WeatherEye \ WeatherEye.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: Hamachi.lnk = C: \ Program Files \ Hamachi \ hamachi.exe
O4 - Global Startup: Bluetooth.lnk =?
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O8 - Extra context menu item: Send to & Bluetooth Device ... - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie_ctx.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: @ btrez.dll, -4015 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra 'Tools' MENUITEM: @ btrez.dll, -12650 - (CCA281CA-C863-46ef-9331-5C8D4460577F) - C: \ Program Files \ Widcomm \ Bluetooth Software \ btsendto_ie.htm
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O10 - Broken de acces la Internet, pentru că de la furnizorul de LSP "C: \ Program Files \ Bonjour \ mdnsnsp.dll" lipseşte
O16 - DPF: (05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8) (Office Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932319484
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1192932290562
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Ad-Conştient 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C: \ Program Files \ Widcomm \ Bluetooth Software \ bin \ btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Creative Labs Licenţiere Service - Creative Labs - C: \ Program Files \ Common Files \ Creative Labs Shared \ Service \ CreativeLicensing.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C: \ Program Files \ Diskeeper Corporation \ Diskeeper \ DkService.exe
O23 - Service: Symantec Detect de licenţiere a conexiunii la Internet (DJSNETCN) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ DJSNETCN.exe
O23 - Service: Intel (R) PROSet / Wireless Event Log (EvtEng) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ bin \ EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1050 \ Intel 32 \ IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: LVCOMSer - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVCOMSER \ LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ LVMVFM \ LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: MSInfo-cadru de servicii (MSInfoFrv) - Unknown owner - C: \ Program Files \ Common Files \ Microsoft Shared \ MSINFO \ MSInfnd.exe (fişierul lipseşte)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ IWP \ NPFMntor.exe
O23 - Service: Norton Protecţia Center Service (NSCService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Console \ NSCSRVCE.EXE
O23 - Service: Intel (R) PROSet / Wireless Registry Service (RegSrvc) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ bin \ RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service (CRVS) (RichVideo) - Unknown owner - C: \ Program Files \ CyberLink \ Shared Files \ RichVideo.exe
O23 - Service: Intel (R) PROSet / Wireless Service (S24EventMonitor) - Intel Corporation - C: \ Program Files \ Intel \ Wireless \ bin \ S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C: \ Program Files \ Yahoo! \ NAV \ SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
O23 - Service: Intel (R) PROSet / Wireless SSO Service (WLANKEEPER) - Intel (R) Corporation - C: \ Program Files \ Intel \ Wireless \ bin \ WLKeeper.exe

--
Sfârşit de fişier - 11469 bytes

[evilfantasy]

Am incurcat parte din directiile de la mai devreme.

Jurnalul arată bine, deşi, cum este PC-ul acum?

[sungod000]

Sa dus! Multumesc mult pentru ajutor!

[evilfantasy]

Sună bine. L-am lăsat afară pe legătura Descărcare, de la post # 2 pentru Spybot. Aş sugera instalarea şi rulează o scanare cu el. Descărca Spybot-S & D Instrucţiunile de utilizare de la post # 2 a stabilit-o corect.


Acesta este un moment bun pentru a vă goli infectate cu sistem de puncte de restaurare şi de a stabili un nou punct de restabilire curat:

• Du-te la Porni > Toate programele > Accesorii > Instrumente de sistem > System Restore
• Selectaţi Crearea unui punct de restaurareŞi faceţi clic pe Următorul.
• Apoi, mergeţi la Porni > Fugi şi de tip în cleanmgr
• Selectaţi Mai multe opţiuni fila
• Înainte să faceţi clic pe System Restore Curat ...

Aceasta va şterge toate punctele de restaurare cu excepţia unei noi pe care tocmai aţi creat.


Check out acest post gratuit pentru instrumente şi sfaturi pentru a menţine PC-te în siguranţă şi în viitor.

Acest post a instrumentelor şi consiliere gratuită pentru a menţine PC-ul să ruleze fără probleme în viitor.

[Localhost]

Ai fost infectat cu o RAT (Remote Administration Tool). Mi-ar face o căutare pentru un klog .* fişier şi de a şterge-o, ar trebui să fie în mod normal, fie system32 sau Windows folder.

RAT lui sunt foarte populare, cu script kiddies şi de a folosi cryptors pentru a preveni AV detectia si lianti pentru ca aceştia să poată angaja trojan la apps.

Când am aflat m-am tocat de un şobolan, prin descărcarea Warez, am avut o privire la programul de mine şi ea a avut un rahat încărcături de caracteristici keylog, webcam viewer, parola cache. Deci, sunt şanse când ai auzit muzica, a fost cineva care trece prin manual fişierele şi de deschidere a acestora.

Dacă veniţi din întreaga aceleaşi activităţi, cum ar fi redarea de muzică, sau chiar a schimbat parola dvs. webcam pornit apoi în loc de a instala o grămadă de programe şi inutil AV Malware eliminarea prostii. Verificaţi-vă Instalat Componente în registry.

HKEY_LOCAL_MACHINE> Software> Microsoft> active Setup> Instalat Componente şi doar să faceţi clic pe fiecare din folderele şi uite pentru o intrare care drept are o STUBPATH care indică un. exe în system32 sau ferestrele folder.

Pentru a vedea daca este asta. Exe în active de pornire, navigaţi la aceasta şi să îl rulaţi. Dacă se spune că acesta este utilizat de către un alt program, precum şi numele de. Exe isnt arată în lista dvs. de proces, atunci ea este injectat într-un alt proces, cum ar fi defualt broswer (IE). Apoi puteţi folosi HJT pentru a şterge acest fişier la reporniţi şi, evident, de a şterge intrarea de registry.

RAT lui sunt la fel ca IRCBOT, ci doar un şobolan are o interfaţă grafică, mi-ar recomanda un Firewall, prin urmare, în cazul în care un program vrea sa aleator a vă conecta la Internet puteţi nega asta şi încă mai utilizează programul. Pentru că este Trojan binded la fişierul de instalare, de troieni extracte şi execută atunci când te duci pentru a instala şi va încerca să facă o legătură şi exteernal dacă bloc atunci aveţi un trojan dar arnt infectat, pentru că va sta într-un director faci nimic.

Imi pare rau ca pe palavragiu, sper acest lucru a dat un orizont mai larg cu privire la potenţialul pericol pe şobolan şi IRCbots.

Brad

[sungod000]

Brad Hei, mersi pentru info.
Am făcut ceea ce aţi spus şi de toate. Exe referite de stubpaths dublu clic pe care le-am fost nu sunt utilizate de către un alt program. Deci ... Asta inseamna ca sunt ok?

Mulţumesc pentru ajutor.

[evilfantasy]

Localhost ar tine minte-mi dai câteva referiri cu privire la eliminarea malware-ului dvs. de fundal? La ce forum vrei să sprijine în mod normal în eliminarea malware-ului.

[Localhost]

Citat:

Iniţial Adăugată pe site de sungod000

Brad Hei, mersi pentru info.
Am făcut ceea ce aţi spus şi de toate. Exe referite de stubpaths dublu clic pe care le-am fost nu sunt utilizate de către un alt program. Deci ... Asta inseamna ca sunt ok?

Mulţumesc pentru ajutor.

A făcut-o doar un spectacol stubpath şi nimic altceva? Ai putea fi uitat la greşit cheie. Se spune că doar stubpath apoi pur si simplu o locaţie.