[Coolyxxx]

Salut,
Ei bine, mama descarcat ceva şi firewall a venit cu unele mesaj. Cumva-l-am instalat înainte ca ea mi-a spus. Deci, scanează se execută în prezent, s-ar putea să ia ceva timp pentru ca este o incetinire computer. Nu ştiu ce este numit deşi, e ciudat toate simbolurile, şi nu poate fi citită. Ai un log HijackThis deşi, cel puţin un singur lucru nu a durat mult până la ...

Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 8:53:31, pe 31/10/2008
Platforma: Windows XP SP3 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ SearchIndexer.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ Program Files \ DAP \ DAP.EXE
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe
C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Avast4 \ ashSimpl.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe
C: \ Program Files \ Avast4 \ Setup \ avast.setup

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Window title = Windows Internet Explorer furnizate de către administrator Kevin
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = locale
R3 - URLSearchHook: (no name) - (0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Descărcaţi Plug-in-ului şi a înregistra pentru Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in-Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Întârzierea
O4 - HKLM \ .. \ Run: [stai!] C: \ PROGRA ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ RunOnce: [Malwarebytes' Anti-Malware] C: \ Program Files \ Malwarebytes' Anti-Malware \ mbamgui.exe / install / silenţios
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - Startup: AEO ÉËÙÍÁ ¯ ¶ ¶ ¹. Lnk =?
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download cu & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra buton: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra 'Tools' MENUITEM:?? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Conştient 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
O23 - Service: stai! iAVS4 serviciu de control (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ Windows \ system32 \ ati2sgag.exe
O23 - Service: stai! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: stai! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: stai! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON starea imprimantei Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
Sfârşit de fişier - 7692 bytes
_______________________________________________
Orice ajutor este apreciat.
BTW. Nu pot găsi o pictogramă care arată ca "dezinstalare" pentru mine, asa ca dezinstalarea nu va fi o optiune ...

[Coolyxxx]

Bine. Am plecat de la scanează pentru a rula peste noapte, dar SuperAntiSpyware păstrate pe care întâmpină probleme şi a închis ... Am MalwareBytes autentifica aici:

Malwarebytes' Anti-Malware 1.30
Baza de date versiune: 1343
Windows 5.1.2600 Service Pack 3

1/11/2008 9:19:03 AM
mbam-log-2008-11-01 (09.19.03). txt

Scan type: Full Scan (C: \ | D: \ | E: \ |)
Obiecte scanate: 190626
Timpul scurs: 3 ora (e), 56 minute (s), 28 secunde (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Chei de Registry Infected: 0
Registry Values Infected: 0
Registrul de date Elemente Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(Nici un rău elemente detectat)

Memory Modules Infected:
(Nici un rău elemente detectat)

Chei de Registry Infected:
(Nici un rău elemente detectat)

Registry Values Infected:
(Nici un rău elemente detectat)

Registrul de date Elemente Infected:
(Nici un rău elemente detectat)

Folders Infected:
(Nici un rău elemente detectat)

Files Infected:
C: \ Windows \ system32 \ _005069_.tmp.dll (Trojan.Agent) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ _005101_.tmp.dll (Trojan.Agent) -> carantină şi a fost şters cu succes.

[Glaswegian]

Salut

Continuaţi cu scanează o executaţi, apoi urmaţi aceste instrucţiuni.

Descărca ComboFix de la una din aceste locatii:

Link 1
Link 2
Link 3

* IMPORTANT!!! Salvaţi ComboFix.exe pe Desktop

• Dezactivaţi-vă aplicaţii antivirus şi antispyware, de obicei, printr-un click dreapta pe pictograma tavă. Altfel, acestea pot interfera cu instrumentele noastre
• Faceţi dublu clic pe ComboFix.exe & urmăriţi solicitările.
• Ca parte a procesului este, ComboFix va verifica, pentru a vedea dacă Microsoft, Consola de recuperare Windows este instalat. Infecţii cu malware fiind ca acestea sunt de azi, este recomandat să aveţi această pre-instalat pe calculatorul dumneavoastră înainte de a face orice malware eliminare. Aceasta vă va permite să boot-o până în special de recuperare / Mod de reparaţii, care ne va permite mai uşor să vă ajute să vă computerul ar trebui să aibă o problemă, după o tentativă de eliminare a malware-ului.
• Urmaţi solicitările pentru a permite ComboFix să descărcaţi şi să instalaţi Microsoft Windows Recovery Console, şi atunci când vi se cere, de acord cu Termenii licenţei pentru utilizatorul final pentru a instala Consola de recuperare Microsoft Windows.

** Vă rugăm să reţineţi: Dacă Microsoft Consola de recuperare Windows este deja instalat, va continua ComboFix este malware eliminarea procedurilor.

Odată ce Microsoft Consola de recuperare Windows este instalat folosind ComboFix, ar trebui să vedeţi următorul mesaj:




Faceţi clic pe Da, Pentru a continua scanare pentru malware-ului.

Când aţi terminat, ComboFix se produce un jurnal pentru tine. Vă rugăm să includeţi în C: \ ComboFix.txt în următoarea replică, alog cu alte jurnale.

[Coolyxxx]

Pentru unele motive, ComboFix închis SuperAntiSpyware scanare în timp ce aceasta a fost, deci este repornit acum. Si stai! nu începe până la implicit mai ... Am deschis acest program, dar nu este încă în tava de sistem de lucru ... Şi programul descarcat de faptul că mama este setat pentru a rula pe de pornire ... Jurnal oricum aici:

ComboFix 08-10-30.13 - VIP 2008-11-01 9:36:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.732 [11:00 GMT]
Rularea de la: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
* Creat un nou punct de restabilire
.

Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Warcraft III \ _desktop.ini
C: \ Windows \ system32 \ _005058_.tmp.dll
C: \ Windows \ system32 \ _005059_.tmp.dll
C: \ Windows \ system32 \ _005060_.tmp.dll
C: \ Windows \ system32 \ _005061_.tmp.dll
C: \ Windows \ system32 \ _005068_.tmp.dll
C: \ Windows \ system32 \ _005070_.tmp.dll
C: \ Windows \ system32 \ _005071_.tmp.dll
C: \ Windows \ system32 \ _005072_.tmp.dll
C: \ Windows \ system32 \ _005073_.tmp.dll
C: \ Windows \ system32 \ _005074_.tmp.dll
C: \ Windows \ system32 \ _005075_.tmp.dll
C: \ Windows \ system32 \ _005076_.tmp.dll
C: \ Windows \ system32 \ _005077_.tmp.dll
C: \ Windows \ system32 \ _005078_.tmp.dll
C: \ Windows \ system32 \ _005079_.tmp.dll
C: \ Windows \ system32 \ _005080_.tmp.dll
C: \ Windows \ system32 \ _005081_.tmp.dll
C: \ Windows \ system32 \ _005082_.tmp.dll
C: \ Windows \ system32 \ _005084_.tmp.dll
C: \ Windows \ system32 \ _005087_.tmp.dll
C: \ Windows \ system32 \ _005088_.tmp.dll
C: \ Windows \ system32 \ _005092_.tmp.dll
C: \ Windows \ system32 \ _005093_.tmp.dll
C: \ Windows \ system32 \ _005094_.tmp.dll
C: \ Windows \ system32 \ _005095_.tmp.dll
C: \ Windows \ system32 \ _005096_.tmp.dll
C: \ Windows \ system32 \ _005097_.tmp.dll
C: \ Windows \ system32 \ _005098_.tmp.dll
C: \ Windows \ system32 \ _005099_.tmp.dll
C: \ Windows \ system32 \ _005100_.tmp.dll
C: \ Windows \ system32 \ _005102_.tmp.dll
C: \ Windows \ system32 \ _005103_.tmp.dll
C: \ Windows \ system32 \ _005104_.tmp.dll
C: \ Windows \ system32 \ _005106_.tmp.dll
C: \ Windows \ system32 \ _005107_.tmp.dll
C: \ Windows \ system32 \ _005108_.tmp.dll
C: \ Windows \ system32 \ _005109_.tmp.dll
C: \ Windows \ system32 \ _005110_.tmp.dll
C: \ Windows \ system32 \ _005111_.tmp.dll
C: \ Windows \ system32 \ _005112_.tmp.dll
C: \ Windows \ system32 \ _005115_.tmp.dll
C: \ Windows \ system32 \ _005116_.tmp.dll
C: \ Windows \ system32 \ _005117_.tmp.dll
C: \ Windows \ system32 \ _005118_.tmp.dll
C: \ Windows \ system32 \ _005119_.tmp.dll
C: \ Windows \ system32 \ _005121_.tmp.dll
C: \ Windows \ system32 \ _005122_.tmp.dll
C: \ Windows \ system32 \ _005123_.tmp.dll
C: \ Windows \ system32 \ _005125_.tmp.dll
C: \ Windows \ system32 \ _005128_.tmp.dll
C: \ Windows \ system32 \ _005129_.tmp.dll
C: \ Windows \ system32 \ _005133_.tmp.dll
C: \ Windows \ system32 \ _005134_.tmp.dll
C: \ Windows \ system32 \ _005136_.tmp.dll
C: \ Windows \ system32 \ _005137_.tmp.dll
C: \ Windows \ system32 \ _005139_.tmp.dll
C: \ Windows \ system32 \ _005141_.tmp.dll
C: \ Windows \ system32 \ _005142_.tmp.dll
C: \ Windows \ system32 \ _005143_.tmp.dll
C: \ Windows \ system32 \ _005144_.tmp.dll
C: \ Windows \ system32 \ _005147_.tmp.dll
C: \ Windows \ system32 \ _005148_.tmp.dll
C: \ Windows \ system32 \ _005149_.tmp.dll
C: \ Windows \ system32 \ _005150_.tmp.dll
C: \ Windows \ system32 \ _005151_.tmp.dll
C: \ Windows \ system32 \ _005156_.tmp.dll
C: \ Windows \ system32 \ _005158_.tmp.dll
C: \ Windows \ system32 \ Cache
C: \ Windows \ system32 \ Cfx32.lic
C: \ Windows \ system32 \ cfx32.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivere / Servicii )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_NPF


((((((((((((((((((((((((( Fişierele create de 2008-09-28 la 2008-10-31 ))))))))))) ))))))))))))))))))))
.

2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008-10-31 20:33. 2008-10-31 20:33 <DIR> d -------- C: \ Program Files \ Tudou
2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- c --- C: \ Windows \ system32 \ dllcache \ netapi32.dll
2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- c --- C: \ Windows \ system32 \ dllcache \ Win32k.sys
2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- c --- C: \ Windows \ system32 \ dllcache \ srv.sys
2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- c --- C: \ Windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrpamp.exe
2008-09-18 19:05. 2008-10-31 20:52 <DIR> d -------- C: \ Program Files \ Avast4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware
2008-10-31 09:32 --------- d --- Aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-10-22 05:10 38.496 ---- Aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2008-10-22 05:10 15.504 ---- Aw C: \ Windows \ system32 \ drivers \ mbam.sys
2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead
2008-09-08 10:41 333.824 ---- Aw C: \ Windows \ system32 \ drivers \ srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001-07-09 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]

C: \ Documents and Settings \ Vip \ Start Menu \ Programs \ Startup \
"" Ôîú ÓëÖμôû.lnk - C: \ Program Files \ Tudou \ ú ÓëTudou \ TudouVa.exe [2008-07-06 3248128]

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk]
backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon de pornire

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Adobe Reader Synchronizer.lnk]
backup = C: \ WINDOWS \ pss \ Adobe Reader Synchronizer.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ WinZip Quick Pick.lnk]
backup = C: \ WINDOWS \ pss \ WinZip Quick Pick.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ Azureus Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ Azureus Ultra Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ BitTorrent Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ eMule Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ eMule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ LimeWire Pe Startup.lnk]
backup = C: \ WINDOWS \ pss \ LimeWire Pe Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ LimeWire Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ LimeWire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ PowerReg Scheduler V3.exe]
backup = C: \ WINDOWS \ pss \ PowerReg Scheduler V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ inregistrare Tom Clancy's Rainbow Six]
backup = C: \ WINDOWS \ pss \ de inregistrare Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ SpeedFan.lnk]
backup = C: \ WINDOWS \ pss \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ WordWeb.lnk]
backup = C: \ WINDOWS \ pss \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \! AVG Anti-Spyware
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Boss-cheie
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LogonStudio
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ swg
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Adobe Photo Downloader]
- a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ DAEMON Tools]
- a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LanguageShortcut]
- a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Limbă \ Language.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl]
- a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Steam]
- a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WinampAgent]
- a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BluetoothAuthenticationA gorobete]
- a ------ 2008-04-14 06:42 110592 C: \ Windows \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ C-Media Mixer]
- a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ servicii]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LiveUpdate Notice Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"Pml Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"OSE" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista]
"% WINDIR% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"<NO Name>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe
"% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" =
"C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" =
"C: \ \ Program Files \ \ Tudou \ \ ÉËÙTudou \ \ TudouVa.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Lista]
"3389: TCP" = 3389: TCP: *: Disabled: @ xpsp2res.dll, -22009
"15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP
"15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP
"6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP
"6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP

R1 aswSP; stai! Self Protecţia; C: \ Windows \ system32 \ drivers \ aswSP.sys [2008-07-20 78416]
R1 atitray; atitray; C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088]
R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008-07-20 20560]
R2 ROCKEYNT; ROCKEYNT; C: \ Windows \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223]
R2 SBKUPNT; SBKUPNT; C: \ WINDOWS \ system32 \ drivers \ SBKUPN T. SYS [2001-07-13 14976]
S3 motccgp; Motorola USB Composite Device Driver; C: \ WINDOWS \ system32 \ drivers \ motccgp.sys [2007-06-18 17920]
S3 motccgpfl; MotCcgpFlService; C: \ Windows \ system32 \ DRI Preţ \ motccgpfl.sys [2007-01-22 7680]
S3 MotDev; Motorola Inc USB Device; C: \ WINDOWS \ system32 \ drivers \ motodrv.sys [2007-05-07 42112]
S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ wg111v2.sys [2006-03-16 167808]
S3 XDva042; XDva042; C: \ Windows \ system32 \ XDva042.sys []
.
Cuprins de la "Activităţi programate" dosar

2008-10-01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007-05-14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008-10-25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.
- - - - ORFANI ELIMINAT - - - --

URLSearchHooks-(0A94B116-4504-4e26-AB05-E61E474AA38B) - (no file)
ShellIconOverlayIdentifiers-hex (2): 7b, 38,41,34,32,44,46,42,46,2 d, 37,38,36,38,2 D, 34,30,32,39,2 D, 39, 35,38, \ - (no file)
ShellExecuteHooks-(E0D8FD38-6F36-4C9F-AE43-EDFA2BB266BA) - (no file)
MSConfigStartUp-COMODO Firewall Pro - C: \ Program Files \ COMODO \ Firewall \ cfp.exe
MSConfigStartUp-EzPrint - C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
MSConfigStartUp-FaxCenterServer - C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe
MSConfigStartUp-TkBellExe - C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
MSConfigStartUp-Uniblue SpyEraser - C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe


.
------- Suplimentare Scan -------
.
Firefox -: Profil - C: \ Documents and Settings \ Vip \ Application Data \ Mozilla \ Firefox \ Profiles \ 19piaa5b.default \
Firefox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / hk.yahoo.com /
.
.
------- Asocierile de fişiere -------
.
txtfile = C: \ WINDOWS \ NOTEPAD.EXE% 1
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 09:42:02
Windows 5.1.2600 Service Pack 3 NTFS

scanare ascuns procese ...

scanare ascuns autostart intrări ...

scanare fişiere ascunse ...

scanare sa finalizat cu succes
fişiere ascunse: 0

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Windows \ system32 \ ati2evxx.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ Windows \ system32 \ ati2evxx.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ Windows \ system32 \ searchindexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ Windows \ system32 \ imapi.exe
.
************************************************** ************************
.
Completion time: 2008-11-01 9:47:03 - masina a fost repornită
ComboFix-carantină-files.txt 2008-10-31 22:46:53

Pre-Run: 17476198400 bytes liber
Post-Run: 17429176320 bytes liber

WindowsXP-KB310994-SP2-Pro-boot-ENU.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[sisteme de operare]
C: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect

335 --- EOF --- 2008-10-24 09:01:23
__________________________________________________ _________________________________________________

EDIT: Am fost în jur de un clic şi am găsit o pictogramă care arăta ca dezinstala. Nu faceţi clic pe el şi a început dezinstalarea (sau cel puţin sper că a fost) pentru că a fost în ciudat simboluri.

[Coolyxxx]

SuperAntiSpyware jurnal. Am avut de a face rapid scanare, pentru că întotdeauna va veni cu o eroare atunci când am făcut complet de scanare.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generat 11.01.2008 la 11:45

Application Version: 4.21.1004

Reguli de bază pentru baze de date Version: 3618
Trace Regulamentul Database Version: 1603

Scan type: Quick Scan
Total Scan Ora: 00:35:28

Memorie articole scanate: 490
Memorie ameninţările detectate: 0
Registrul articole scanate: 436
Registrul ameninţările detectate: 0
Elemente de fişiere scanate: 33788
File ameninţările detectate: 2

Trojan.Vundo-Varianta / F
C: \ Windows \ system32 \ AZIPCONTMN.DLL
C: \ Windows \ system32 \ SYSFOLDERAZIPCNT.DLL

[Glaswegian]

Buna din nou

Vă rugăm să nu faceţi clic pe ceva mai mult sau rula orice scanează cu excepţia cazului în care te sfătuiesc să aşa. El chiar a face lucruri confuze, pentru mine - am văzut o intrare într-un jurnal, dar e plecat de la următorul şi aşa mai departe - multumesc.

Cred că aceasta este problema

C: \ Program Files \ Tudou

cu excepţia cazului în care mama dvs. este un fan al chineză versiune de YouTube.

Vreau să am o privire la cele două fişiere găsite de către SAS.


Vă rugăm să mergeţi la: VirusTotal

• În mijlocul paginii veţi găsi o "Răsfoire"Buton.
  
  
  
  Faceţi clic pe "Browse" şi butonul pentru a parcurge acest fişier în RED:
  
  C: \ Windows \ system32 \ AZIPCONTMN.DLL

• Faceţi clic pe "Deschide".
• Apoi, faceţi clic pe "Trimite fişier"Butonul din partea de jos a paginii VirusTotal.
• Aceasta va scana fişier. Vă rugăm să aveţi răbdare.
• După ce a scanat, copiaţi şi inseraţi rezultate în următoarea replică.

Se repetă de mai sus pentru acest dosar, de asemenea.

C: \ Windows \ system32 \ SYSFOLDERAZIPCNT.DLL




Combofix

• Închideţi orice deschide browsere.
• Deschide notepad şi copie / lipi textul în caseta de mai jos în el:

Cod:

  Dosar::
  C: \ Program Files \ Tudou 

Privind la imaginea de mai jos ca exemplu



Salvaţi-l ca CFScript.txt, În aceeaşi locaţie ca ComboFix.exe




Referindu-se la poza de mai sus, glisaţi CFScript pe ComboFix.exe.

Când aţi terminat, se va produce un jurnal pentru tine la "C: \ ComboFix.txt"

Nu mouseclick combofix fereastra în timp ce se execută. Acest lucru poate cauza aceasta pentru a se bloca.

ATENTIE! Altcineva gândire de a folosi script-ul de mai sus face acest lucru pe propria răspundere - s-ar putea să sfârşesc prin a avea de a re-instala Windows!


Vă rugăm să post de jurnal C: \ ComboFix.txt , A VirusTotal rezultate şi de un nou HijackThis Log pentru mai mult de revizuire.

[Coolyxxx]

Da mama ceasuri unele chineză videoclipuri ... Nu am putut găsi fişierele atunci când răsfoiţi în VirusTotal. Am mers chiar la ei în Explorer, şi nu am putut găsi atât de ei. Am jurnalele:
ComboFix:

ComboFix 08-11-01.01 - VIP 2008-11-02 10:36:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.865 [11:00 GMT]
Rularea de la: C: \ Documents and Settings \ Vip \ Desktop \ ComboFix.exe
Command comutatoare utilizat:: C: \ Documents and Settings \ Vip \ Desktop \ CFScript.txt
* Creat un nou punct de restabilire
.

Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Program Files \ Tudou

.
((((((((((((((((((((((((( Fişierele create de 2008-10-01 la 2008-11-01 ))))))))))) ))))))))))))))))))))
.

2008-11-01 09:55. 2008-11-01 09:55 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Uniblue
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ SUPERAntiSpyware.com
2008-10-31 20:45. 2008-10-31 20:45 <DIR> d -------- C: \ Documents and Settings \ Vip \ Application Data \ Malwarebytes
2008-10-24 12:04. 2008-10-16 03:34 337.408 ----- c --- C: \ Windows \ system32 \ dllcache \ netapi32.dll
2008-10-15 20:43. 2008-09-15 23:12 1.846.400 ----- c --- C: \ Windows \ system32 \ dllcache \ Win32k.sys
2008-10-15 20:43. 2008-09-08 21:41 333.824 ----- c --- C: \ Windows \ system32 \ dllcache \ srv.sys
2008-10-15 20:42. 2008-08-14 21:11 2.189.184 ----- c --- C: \ Windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-15 20:42. 2008-08-14 21:09 2.145.280 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-15 20:42. 2008-08-14 20:33 2.066.048 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-15 20:42. 2008-08-14 20:33 2.023.936 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 22:38 --------- d ----- w C: \ Program Files \ Warcraft III
2008-10-31 22:30 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-10-31 09:52 --------- d ----- w C: \ Program Files \ Avast4
2008-10-31 09:47 --------- d ----- w C: \ Program Files \ Malwarebytes' Anti-Malware
2008-10-31 09:32 --------- d --- Aw C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-10-22 05:10 38.496 ---- Aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2008-10-22 05:10 15.504 ---- Aw C: \ Windows \ system32 \ drivers \ mbam.sys
2008-10-09 06:46 --------- d ----- w C: \ Program Files \ PPStream
2008-10-09 03:31 --------- d ----- w C: \ Program Files \ SUPERAntiSpyware
2008-10-09 03:28 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-09-18 08:42 --------- d ----- w C: \ Documents and Settings \ Vip \ Application Data \ Ahead
2008-09-15 12:12 1.846.400 ---- Aw C: \ Windows \ system32 \ Win32k.sys
2008-09-08 10:41 333.824 ---- Aw C: \ Windows \ system32 \ drivers \ srv.sys
2008-08-28 07:46 74.752 ---- Aw C: \ Windows \ system32 \ msw3prt.dll
2008-08-28 07:46 104.960 ---- Aw C: \ Windows \ system32 \ win32spl.dll
2008-08-26 07:24 826.368 ---- Aw C: \ Windows \ system32 \ Wininet.dll
2008-08-14 10:11 2.189.184 ---- Aw C: \ Windows \ system32 \ ntoskrnl.exe
2008-08-14 09:33 2.066.048 ---- Aw C: \ Windows \ system32 \ ntkrnlpa.exe
2008-07-29 12:05 32.768 - SHA-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ istoric \ History.IE5 \ MSHist012008072920080 730 \ index.dat
.

((((((((((((((((((((((((((((( Instantaneu @ 2008-11-01_ 9.46.14.14 ))))))))))) ))))))))))))))))))))))))))))))
.
- 2008-10-31 22:41:26 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat
+ 2008-11-01 23:26:02 16.384 ---- atw C: \ WINDOWS \ Temp \ Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ Windows \ system32 \ NeroCheck.e XE" [2001-07-09 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"ATICCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" [2006-01-02 45056]
"stai" = "C: \ Program Files \ Avast4 \ ashDisp.exe" [2008-07-20 78008]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ policies \ system]
"DisableChangePassword" = 1 (0x1)

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Policies \ Explorer]
"NoAutoUpdate" = 1 (0x1)
"MaxRecentDocs" = 1 (0x1)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2006-04-24 282624]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"UIHost" = "C: \ \ WINDOWS \ \ system32 \ \ logonuiX.exe"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
2008-10-09 14:31 352256 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32]
"VIDC.I420" = i420vfw.dll
"aux" = ctwdm32.dll
"VIDC.HFYU" = huffyuv.dll
"VIDC.X264" = x264vfw.dll
"VIDC.3iv2" = 3ivxVfWCodec.dll
"VIDC.VP31" = vp31vfw.dll
"msacm.l3fhg" = mp3fhg.acm
"msacm.ac3filter" = ac3filter.acm

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Adobe Reader Speed Launch.lnk]
backup = C: \ WINDOWS \ pss \ Adobe Reader Speed Launch.lnkCommon de pornire

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Adobe Reader Synchronizer.lnk]
backup = C: \ WINDOWS \ pss \ Adobe Reader Synchronizer.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ WinZip Quick Pick.lnk]
backup = C: \ WINDOWS \ pss \ WinZip Quick Pick.lnkCommon Startup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ Azureus Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ Azureus Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ Azureus Ultra Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ Azureus Ultra Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ BitTorrent Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ BitTorrent Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ eMule Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ eMule Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ LimeWire Pe Startup.lnk]
backup = C: \ WINDOWS \ pss \ LimeWire Pe Startup.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ LimeWire Turbo Accelerator.lnk]
backup = C: \ WINDOWS \ pss \ LimeWire Turbo Accelerator.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ PowerReg Scheduler V3.exe]
backup = C: \ WINDOWS \ pss \ PowerReg Scheduler V3.exeStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ inregistrare Tom Clancy's Rainbow Six]
backup = C: \ WINDOWS \ pss \ de inregistrare Tom Clancy's Rainbow SixStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ SpeedFan.lnk]
backup = C: \ WINDOWS \ pss \ SpeedFan.lnkStartup

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ Thoosje Sidebar.lnk]

[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Kevin Start Menu ^ Programs ^ Startup ^ WordWeb.lnk]
backup = C: \ WINDOWS \ pss \ WordWeb.lnkStartup
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \! AVG Anti-Spyware
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BitTorrent
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Boss-cheie
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CmCardRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CursorXP
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ EasyTuneVPro
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ iTunesHelper
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LogonStudio
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ OrderReminder
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RecordPadRun
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpeedOptimizer
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ swg
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Veoh

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Adobe Photo Downloader]
- a ------ 2005-09-09 01:18 57344 C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BgMonitor_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)]
- a ------ 2006-04-21 18:03 94208 C: \ Program Files \ Common Files \ Ahead \ Lib \ NMBgMonitor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ DAEMON Tools]
- a ------ 2005-12-11 01:57 133016 C: \ Program Files \ DAEMON Tools \ daemon.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ LanguageShortcut]
- a ------ 2006-04-13 12:09 49152 C: \ Program Files \ CyberLink \ PowerDVD \ Limbă \ Language.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ QuickTime Task]
- a ------ 2008-03-29 00:37 413696 C: \ Program Files \ K-Lite Codec Pack \ QuickTime \ QTTask.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl]
- a ------ 2005-12-07 23:57 30208 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SpybotSD TeaTimer]
-rahs ---- 2008-09-16 12:16 1833296 C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Steam]
- a ------ 2008-03-29 09:39 1271032 C: \ Valve \ Steam \ Steam.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue RegistryBooster 2]
- a ------ 2007-12-05 16:06 1885464 C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Uniblue SpeedUpMyPC]
- a ------ 2008-01-29 09:46 9442584 C: \ Program Files \ Uniblue \ SpeedUpMyPC 3 \ SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ WinampAgent]
- a ------ 2008-04-02 05:49 36352 C: \ Program Files \ Winamp \ winampa.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ BluetoothAuthenticationA gorobete]
- a ------ 2008-04-14 06:42 110592 C: \ Windows \ system32 \ bthprops.cpl

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ C-Media Mixer]
- a ------ 2003-03-20 17:21 1855488 C: \ WINDOWS \ mixer.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ servicii]
"WMPNetworkSvc" = 3 (0x3)
"gusvc" = 3 (0x3)
"RichVideo" = 2 (0x2)
"BthServ" = 2 (0x2)
"iPod Service" = 3 (0x3)
"Apple Mobile Device" = 2 (0x2)
"LiveUpdate Notice Service" = 2 (0x2)
"VideoAcceleratorEngine" = 3 (0x3)
"MDM" = 2 (0x2)
"IDriverT" = 3 (0x3)
"aawservice" = 3 (0x3)
"PDEngine" = 3 (0x3)
"PDAgent" = 3 (0x3)
"Pml Driver HPZ12" = 3 (0x3)
"CPUCooLServer" = 2 (0x2)
"usnjsvc" = 3 (0x3)
"AdobeActiveFileMonitor4.0" = 2 (0x2)
"WLSetupSvc" = 3 (0x3)
"cmdAgent" = 2 (0x2)
"FLEXnet Licensing Service" = 3 (0x3)
"Bonjour Service" = 2 (0x2)
"OSE" = 3 (0x3)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista]
"% WINDIR% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ DAP \ \ DAP.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"<NO Name>" = "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe" "C: \ \ Program Files \ \ PPStream \ \ PPStream.exe
"% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ UT2004 \ \ System \ \ UT2004.exe" =
"C: \ \ Program Files \ \ DeusEx \ \ System \ \ DeusEx.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Lista]
"3389: TCP" = 3389: TCP: *: Disabled: @ xpsp2res.dll, -22009
"15394: TCP" = 15394: TCP: *: Disabled: BitComet 15394 TCP
"15394: UDP" = 15394: UDP: *: Disabled: BitComet 15394 UDP
"6555: TCP" = 6555: TCP: *: Disabled: BitComet 6555 TCP
"6555: UDP" = 6555: UDP: *: Disabled: BitComet 6555 UDP

R1 aswSP; stai! Self Protecţia; C: \ Windows \ system32 \ drivers \ aswSP.sys [2008-07-20 78416]
R1 atitray; atitray; C: \ Program Files \ Ray Adams \ ATI Tray Tools \ atitray.sys [2007-05-22 18088]
R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008-07-20 20560]
R2 ROCKEYNT; ROCKEYNT; C: \ Windows \ system32 \ drivers \ Rock eynt.sys [2005-01-04 18223]
R2 SBKUPNT; SBKUPNT; C: \ WINDOWS \ system32 \ drivers \ SBKUPN T. SYS [2001-07-13 14976]
S3 motccgp; Motorola USB Composite Device Driver; C: \ WINDOWS \ system32 \ drivers \ motccgp.sys [2007-06-18 17920]
S3 motccgpfl; MotCcgpFlService; C: \ Windows \ system32 \ DRI Preţ \ motccgpfl.sys [2007-01-22 7680]
S3 MotDev; Motorola Inc USB Device; C: \ WINDOWS \ system32 \ drivers \ motodrv.sys [2007-05-07 42112]
S3 RTLWUSB; NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ wg111v2.sys [2006-03-16 167808]
S3 XDva042; XDva042; C: \ Windows \ system32 \ XDva042.sys []
.
Cuprins de la "Activităţi programate" dosar

2008-10-01 C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job
- C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-27 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC Nag.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2007-05-14 C: \ WINDOWS \ Tasks \ Uniblue SpeedUpMyPC.job
- C: \ Program Files \ Uniblue \ SpeedUpMyPC \ SpeedUpMyPC.exe []

2008-10-25 C: \ WINDOWS \ Tasks \ Uniblue SpyEraser Nag.job
- C: \ Program Files \ Uniblue \ SpyEraser \ SpyEraser.exe []
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 10:39:31
Windows 5.1.2600 Service Pack 3 NTFS

scanare ascuns procese ...

scanare ascuns autostart intrări ...

scanare fişiere ascunse ...

scanare sa finalizat cu succes
fişiere ascunse: 0

************************************************** ************************
.
Completion time: 2008-11-02 10:41:44
ComboFix-carantină-files.txt 2008-11-01 23:41:32
ComboFix2.txt 2008-10-31 22:47:05

Pre-Run: 17222828032 bytes liber
Post-Run: 17200967680 bytes liber

233 --- EOF --- 2008-10-24 09:01:23
__________________________________________________ _________________________

HijackThis:

Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 10:50:19, pe 2.11.2008
Platforma: Windows XP SP3 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Avast4 \ ashServ.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ SearchIndexer.exe
C: \ Program Files \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Avast4 \ ashWebSv.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ Avast4 \ ashDisp.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Documents and Settings \ Vip \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com.hk/
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = locale
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Descărcaţi Plug-in-ului şi a înregistra pentru Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Windows Live Sign-in-Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Windows \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [ATICCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ cli.exe" runtime-Întârzierea
O4 - HKLM \ .. \ Run: [stai] C: \ Program Files \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O8 - Extra context menu item: & Clean Traces - C: \ Program Files \ DAP \ Privacy Package \ dapcleanerie.htm
O8 - Extra context menu item: & Download cu & DAP - C: \ Program Files \ DAP \ dapextie.htm
O8 - Extra context menu item: Download & all with DAP - C: \ Program Files \ DAP \ dapextie2.htm
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra buton: QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra 'Tools' MENUITEM:?? QQ - (c95fe080-8f5d-11D2-a20b-00aa003c157b) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: (4F1E5B1A-2A80-42CA-8532-2D05CB959537) -- http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) -- http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1133040258574
O16 - DPF: (8E0D4DE5-3180-4024-A327-4DFAD1796A8D) -- http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL
O23 - Service: Ad-Conştient 2007 Service (aawservice) - Lavasoft AB - C: \ Program Files \ Lavasoft \ Ad-Conştient 2007 \ aawservice.exe
O23 - Service: stai! iAVS4 serviciu de control (aswUpdSv) - ALWIL Software - C: \ Program Files \ Avast4 \ aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ Windows \ system32 \ ati2sgag.exe
O23 - Service: stai! Antivirus - ALWIL Software - C: \ Program Files \ Avast4 \ ashServ.exe
O23 - Service: stai! Mail Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashMaiSv.exe
O23 - Service: stai! Web Scanner - ALWIL Software - C: \ Program Files \ Avast4 \ ashWebSv.exe
O23 - Service: EPSON starea imprimantei Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C: \ Program Files \ Common Files \ EPSON \ EBAPI \ SAgent2.exe

--
Sfârşit de fişier - 6734 bytes

[Glaswegian]

Salut

Aceste două fişiere nu au fost găsite de către combofix, asa ca nu am fost foarte aştepta să fie acolo.

Cum este sistemul rulează acum?

Să folosească un scanare online.

Realizaţi o scanare online cu Panda ActiveScan

• Faceţi clic pe Scan PC Acum
• A "pop up" va apărea fereastra, sau un nou tab-ul se va deschide.
• Faceţi clic pe Inregistrare
• Alegeţi opţiunea vă place cel mai mult, dar vă recomandăm Libere de inregistrare.
• Faceţi clic pe Inregistrare
• Introduceţi adresa de e-mail, precum şi crearea unei parole.
• Selectaţi "Eu nu doresc să primească orice tip de informaţii". (Cu excepţia cazului în care doriţi să primiţi astfel de informaţii)
• Faceţi clic pe Trimite
• Confirmare de înregistrare, precum şi prin introducerea în continuare numele de utilizator şi parola, apoi faceţi clic pe Introduceţi
• Selectaţi Full Scanare, apoi faceţi clic pe Acum, Scanare
• Aşteptaţi de componente pentru a fi încărcate şi instalat. Nu închide această fereastră sau să mergeţi la o altă pagină în timp ce acesta este descărcat. Puteţi continua cu ajutorul Internet-o altă fereastră prin deschiderea în browser.
• În cazul în care constată orice malware-ului se poate dezinfecta, a dezinfecta buton va fi activat. Faceţi clic pe Dezinfecta
• Vă rugăm să ignoraţi de oferta pentru a cumpara acest program. Faceţi clic pe Pentru a Export
  
• Export din jurnal şi salvaţi-l pe desktop.
• Te rog ataşa conţinutul de acest registru pentru a-ţi răspunde, împreună cu un nou log HijackThis.

* Opriţi scanare în timp real, din orice program antivirus existente, în timp ce desfăşoară activitatea de scanare online.

[Coolyxxx]

Citat:

Iniţial Adăugată pe site de Glaswegian

• Te rog ataşa conţinutul de acest registru pentru a-ţi răspunde, împreună cu un nou log HijackThis.

Ei bine, te-ai spune ataşaţi, în roşu, aşa că am crezut că am să ataşaţi. Nu sunteţi sigur ce diferenta este intre ataşează şi copie / lipire, cu excepţia pentru un post mai ... De Panda Active Scan găsit nişte lucruri, dar as putea dezinfecta numai una, de un vierme, deoarece pentru ceilalţi, acesta a spus că trebuie să-l cumpere.

[Glaswegian]

Buna din nou

Scuze pentru nu se întorc la tine, mai devreme - viata reala este destul de ocupat în acest moment.

Cum este sistemul rulează acum?


Singurul element este PowerRegScheduler - puteţi elimina dacă doriţi.