PavBckPT.exe - Vai man ir nolaupīti?

**vic66** · #1 1 oktobris 2007, 20:08

Hi everyone, tā ir bijis, bet, bija slimnīcā 2weeks.
Mana ģimene nolēma pārsteigt mani un ka tie nav!
pievienoja dažas jaunas programmas!
Labi, šeit ir mana problēma.
Es esmu gaitas panda platinum security.which ir sava antispyware programmas.
Ģimene nolēma pievienot bo tīrs, spyware Blaster, spyware terminater ar reālā laika aizsardzības avg antispyware 7,5 arī ar reālā laika aizsardzību.
Man ir arī pēc pieprasījuma, skeneri reklāmas zina Spybot (tēja taimeris izslēgta) un brusas.
kad es saņēmu mājās darbojās skenerus un konstatēja, ka 17 Trojas zirgi un dažas Adware junk.
Es tagad wooried es varētu tikt nolaupītas.
var kāds ņemt apskatīt lūdzu.

Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 3:38:57, par 02-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ pavsrv51.exe
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ AVENGINE.EXE
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ TPSrv.exe
C: \ Programas \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programas \-squared Free \ a2service.exe
C: \ Programas \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ Programas \ Ficheiros Comuns \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ PsCtrls.exe
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ PavFnSvr.exe
C: \ Programas \ Ficheiros Comuns \ Panda Software \ PavShld \ pavprsrv.exe
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ AntiSpam \ pskmssvc.exe
c: \ programas \ Panda Software \ Panda Internet Security 2007 \ firewall \ PSHOST.EXE
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ psimsvc.exe
C: \ Programas \ SiteAdvisor \ 6.172 \ SAService.exe
C: \ Programas \ Spyware Terminator \ sp_rsser.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Windows \ Explorer.exe
C: \ WINDOWS \ system32 \ RunDll32.exe
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ APVXDWIN.EXE
C: \ Programas \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ PROGRA ~ 1 \ Comodo \ CBOClean \ BOC425.exe
C: \ Programas \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Programas \ Spyware Terminator \ SpywareTerminatorShield.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Programas \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ SRVLOAD.EXE
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ WebProxy.exe
C: \ programas \ SITEADVISOR \ 6.172 \ SITEADV.EXE
C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ PavBckPT.exe
C: \ Programas \ uTorrent \ uTorrent.exe
C: \ Programas \ Bowlfish \ eMule.exe
C: \ Programas \ Internet Explorer \ iexplore.exe
C: \ Programas \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Fabio \ Definições locais \ Temporary Internet Files \ Content.IE5 \ GSE4YWAK \ HijackThis [2]. Exe
C: \ Programas \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.pt/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.pt/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL (Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Local Page =
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = Hiperligações
R3 - URLSearchHook: WorldTV Bar Toolbar - (44c0b463-5a8a-452c-8e72-dc751dac6ec1) - C: \ Programas \ WorldTV_Bar \ tbWorl.dll
R3 - URLSearchHook: World Tv Center Toolbar - (e077da94-6.314-41f1-9f08-6607df65952e) - C: \ Programas \ World_Tv_Center \ tbWor1.dll
O2 - BHO: IE7Pro - (00.011.268-E188-40DF-A514-835FCD78B1BF) - C: \ Programas \ IE7Pro \ IE7Pro.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programas \ Ficheiros Comuns \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (089FD14D-132B-48FC-8.861-0048AE113215) - C: \ Programas \ SiteAdvisor \ 6.172 \ SiteAdv.dll
O2 - BHO: Spybot-S & D IE Protection - (53.707.962-6F74-2D53-2.644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programas \ Windows Live Toolbar \ msntb.dll
O2 - BHO: World Tv Center Toolbar - (e077da94-6.314-41f1-9f08-6607df65952e) - C: \ Programas \ World_Tv_Center \ tbWor1.dll
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Programas \ Windows Live Toolbar \ msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4.351-9.252-17FE6E806AA0) - C: \ Programas \ SiteAdvisor \ 6.172 \ SiteAdv.dll
O3 - Toolbar: World Tv Center Toolbar - (e077da94-6.314-41f1-9f08-6607df65952e) - C: \ Programas \ World_Tv_Center \ tbWor1.dll
O4 - HKLM \ .. \ Run: [Cmaudio] RunDll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [APVXDWIN] "C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ APVXDWIN.EXE" / s
O4 - HKLM \ .. \ Run: [SCANINICIO] "C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ Inicio.exe"
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Programas \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimāla
O4 - HKLM \ .. \ Run: [BOC-425] C: \ PROGRA ~ 1 \ Comodo \ CBOClean \ BOC425.exe
O4 - HKLM \ .. \ Run: [WinPatrol] "C: \ Programas \ BillP Studios \ WinPatrol \ WinPatrol.exe"
O4 - HKLM \ .. \ Run: [SpywareTerminator] "C: \ Programas \ Spyware Terminator \ SpywareTerminatorShield.exe"
O4 - HKCU \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Serviço LOCAL ")
O4 - HKUS \ S-1-5-20 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "Serviço de rede")
O4 - HKUS \ S-1-5-18 \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [CTFMON.EXE] C: \ WINDOWS \ system32 \ CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C: \ Programas \ SAGEM \ SAGEM F @ st 800-840 \ dslmon.exe
Ø8 - ārpus konteksta menu item: & Windows Live Search - res: / / C: \ Programas \ Windows Live Toolbar \ msntb.dll / search.htm
Ø8 - ārpus konteksta izvēlnes vienums: Pievienot Windows & Live favorīti -- http://favorites.live.com/quickadd.aspx
Ø8 - ārpus konteksta menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ EXCEL.EXE/3000
Ø8 - ārpus konteksta izvēlnes vienums: Atvērt jaunā background tab - res: / / C: \ Programas \ Windows Live Toolbar \ Komponentes \ en-us \ msntabres.dll.mui/229? 23e13882b2f34d2fb527e50edfede195
Ø8 - ārpus konteksta izvēlnes vienums: Atvērt jaunu zināšanu tab - res: / / C: \ Programas \ Windows Live Toolbar \ Komponentes \ en-us \ msntabres.dll.mui/230? 23e13882b2f34d2fb527e50edfede195
Ø9 - Extra button: IE7Pro Preferences - (0026439F-A980-4f18-8C95-4F1CBBF9C1D8) - C: \ Programas \ IE7Pro \ IE7Pro.dll
Ø9 - Extra 'Tools' MENUITEM: IE7Pro Preferences - (0026439F-A980-4f18-8C95-4F1CBBF9C1D8) - C: \ Programas \ IE7Pro \ IE7Pro.dll
Ø9 - Extra button: Pesquisar - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ Micros ~ 2 \ Office11 \ REFIEBAR.DLL
Ø9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
Ø9 - Extra button: (no name) - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20.001 - (e2e2dd38-d088-4.134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programas \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programas \ Messenger \ msmsgs.exe
Ø16 - DPF: (5ED80217-570B-4DA9-BF44-BE107C0EC166) -- http://cdn.scan.onecare.live.com/res...scbase8300.cab
Ø16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl klase) -- http://www.update.microsoft.com/micr...?1189781903812
Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444.553.540.000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Ø17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EBEDA096-3520-470A-9F4F-E70844D02643): NameServer = 212.55.154.174
Ø20 - Winlogon Paziņot:! SASWinLogon - C: \ Programas \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service:-squared Free dienests (a2free) - Emsi Software GmbH - C: \ Programas \-squared Free \ a2service.exe
O23 - Service: Ad-Aware 2.007 dienests (aawservice) - Lavasoft AB - C: \ Programas \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Programas \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: BOCore - Unknown īpašnieks - (no file)
O23 - Service: NBService - Nero AG - C: \ Programas \ Nero \ Nero 7 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Programas \ Ficheiros Comuns \ Ahead \ Lib \ NMIndexingService.exe
O23 - Service: FLEX Driver Helper dienests (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ PavFnSvr.exe
O23 - Service: Panda Process aizsardzības dienests (PavPrSrv) - Panda Software International - C: \ Programas \ Ficheiros Comuns \ Panda Software \ PavShld \ pavprsrv.exe
O23 - Service: Panda Anti-virus dienesta (PAVSRV) - Panda Software International - C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ AntiSpam \ pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c: \ programas \ Panda Software \ Panda Internet Security 2007 \ firewall \ PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ psimsvc.exe
O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown īpašnieks - C: \ Programas \ SiteAdvisor \ 6.172 \ SAService.exe
O23 - Service: Spyware Terminator reālā Shield dienests (sp_rssrv) - Crawler.com - C: \ Programas \ Spyware Terminator \ sp_rsser.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C: \ Programas \ Panda Software \ Panda Internet Security 2007 \ TPSrv.exe
--
End of failu - 10.407 bytes

PS soory par pareizrakstības kļūdām ir zāles LOL

**evilfantasy** · #2 1 oktobris 2007, 20:15

Hello Vic. Ceru, ka viss ir labi.

Man būs apskatīt žurnāla un atgriezties jums maz.

**vic66** · #3 1 oktobris 2007, 20:18

Thanks very much evilfantasy.
Un jā sāk justies labāk.

**vic66** · #4 1 oktobris 2007, 20:26

Ir 4 no rīta šeit man vajag dažas miega būs atpakaļ pēc 8 no rīta.
Solījums nav neko darīt kamēr es šeit no jums.
Paldies ļoti daudz par jūsu laiku un palīdzību.

**evilfantasy** · #5 1 oktobris 2007, 20:36

Doties uz
C: \ Documents and Settings \ Fabio \ Definições locais \ Temporary Internet Files \ Content.IE5 \ GSE4YWAK \ HijackThis [2]. Exe
Dzēst šo visu failu.

============

Tagad dodieties uz
C: \ Programas \ Trend Micro \ HijackThis \ HijackThis.exe
Labais klikšķis HijackThis.exe un izvēlieties Pārdēvēt. Vārdā tā Analyze.exe un nospiediet ienākt.

============

Vai šis ir jūsu interneta pakalpojumu sniedzējs?
PT.COM - Comunicações INTERACTIVAS SA

============

Paskatās uz tīriem.

Tiešām, kā jūs jau paziņoja, jums ir pārāk daudz aizsardzību. Taču, kamēr tas ir tikai viens antivīruss, un vienu firewall nevajadzētu būt konflikti. Jums var palēnina kam tik darbojas.

Izskatās, ka jūsu drošības skenē izņemt visu, kas tiem nav atrasti.

**vic66** · #6 1 oktobris 2007, 22:47

Paldies evilfantasy savu atbildi, bet rememeber i newbie!
Kā man to darīt šīs prasības

"

**vic66** · #7 1 oktobris 2007, 22:50

oops
pt. com ir sniedzējs

**vic66** · #8 Oktobris 2, 2007, 01:37

rūpējās par nolaupīt žurnāla un tagad ir análise .. exe
bet aprunāt atrast C Documents and Settings jebkurā gadījumā
please help
THANKS

**evilfantasy** · #9 Oktobris 2, 2007, 07:14

Open HijackThis un izvēlieties "Vai sistēmas skenēšanu only.
Vieta atzīme blakus
C: \ Documents and Settings \ Fabio \ Definições locais \ Temporary Internet Files \ Content.IE5 \ GSE4YWAK \ HijackThis [2]. Exe
Tad noklikšķiniet uz Labot pārbaudīt.

**vic66** · #10 Oktobris 2, 2007, 07:46

Atvainojiet evilfantasy bet nevaru to atrast. Vai tur numurs
kā 04 or23 vai 06 kaut ko es varu guide sevi ar

Similar Threads
Pavediens	Thread Starter	Forums	Replies	Last Post
Hotmail kontu nolaupītas - risinājumi?	JodyM	E-pasts, VoIP & IP Discussion	6	1 jūlijs 2008 23:48