Virtumonde.dll, vundo aici este meu hijack jurnal ...

mason61391 · #1 21 Sep 2008, 20:09

ca titlul spune i hhave un virus, care cred că este virtumonde.dll, ive care sa spus este o formă de vundo. Am fost haveing un calculator lent şi există multe popup pentru anti-virus şi ristry curat ... şi cele mai ciudate lucru, nu pot actualizare nimic pe computerul meu ?????? vă rog, dacă cineva ar putea spune-mi ce trebuie sa faci .... mersi heres meu hijack log

Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 4:55:10, pe 9.22.2008
Platforma: Windows XP SP3 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ WLTRYSVC.EXE
C: \ Windows \ system32 \ bcmwltry.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Program Files \ Common Files \ mcafee \ mna \ mcnasvc.exe
C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ mcafee \ mcproxy \ mcproxy.exe
C: \ Program Files \ McAfee \ VirusScan \ McShield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe
C: \ Windows \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.exe
C: \ PROGRA ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Windows \ system32 \ WLTRAY.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ Windows \ system32 \ wscntfy.exe
C: \ Windows \ system32 \ Msiexec.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ system32 \ taskmgr.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ Windows \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Glisaţi pentru disc \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / Ascundere
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKLM \ .. \ RunOnce: [SpybotDeletingA5528] comanda / c del "C: \ WINDOWS \ SchedLgU.Txt"
O4 - HKLM \ .. \ RunOnce: [SpybotDeletingC6845] cmd / c del "C: \ WINDOWS \ SchedLgU.Txt"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ Setup \ setup.exe / Start / restart / l: enu
O4 - HKCU \ .. \ Run: [DelayShred] C: \ PROGRA ~ 1 \ mcafee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ localnici ~ 1 \ TEMPOR ~ 1 \ Continut . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ localnici ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ localnici ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD4B54 ~ 1.SH!
O4 - HKCU \ .. \ RunOnce: [SpybotDeletingB6548] comanda / c del "C: \ WINDOWS \ SchedLgU.Txt"
O4 - HKCU \ .. \ RunOnce: [SpybotDeletingD1472] cmd / c del "C: \ WINDOWS \ SchedLgU.Txt"
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p-f 0x08d9 video-m-d Logitech 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f-video Logitech m-d 10.5.1.2023 (User 'Default utilizator ')
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 3 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ Windows \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee reţelei de agent (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ mcafee \ mna \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ mcafee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee de scanare în timp real (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ Windows \ system32 \ WLTRYSVC.EXE
--
Sfârşit de fişier - 7660 bytes

**evilfantasy** · #2 21 Sep 2008, 21:28

Descărca Malwarebytes' Anti-Malware (MBAM)

Faceţi dublu-clic pe mbam-setup.exe şi urmăriţi solicitările pentru a instala programul.
La sfârşitul, asiguraţi-vă că un checkmark este plasat lângă următoarele:
- Update Malwarebytes' Anti-Malware
- Lansarea Malwarebytes' Anti-Malware
Apoi, faceţi clic pe Terminare.
Dacă o actualizare este găsit, va descărca şi instala ultima versiune.
După ce programul a încărcat, selectaţi Efectuaţi rapid de scanare, Apoi faceţi clic pe Scanare.
Când scanarea este completă, faceţi clic pe OK, Apoi Afişare rezultate pentru a vedea rezultatele.
Asiguraţi-vă că totul este verificată, şi faceţi clic pe Eliminaţi selectate.
Când este completat de dezinfecţie, un jurnal se va deschide în Notepad şi aţi putea să vi se ceară să Repornire. (A se vedea Nota Extra)
De jurnal este salvat automat de MBAM şi pot fi vizualizate, făcând clic pe tab-ul Rapoarte în MBAM.
Copiaţi şi inseraţi întregul raport în următoarea replică.

Extra Notă: Dacă MBAM întâlneşte un fişier care este dificil de a elimina, va fi prezentat cu 1 din 2 solicită, faceţi clic pe OK să fie şi să MBAM continua cu procesul de dezinfecţie, dacă este solicitat pentru a reporni computerul, vă rugăm să faceţi acest lucru imediat.

----------

Acum, rulaţi un nou HijackThis scanare şi post de jurnal.

mason61391 · #3 22 Sep 2008, 13:31

Aright am fugit ca malwarebytes .. lucru şi el a luat această

Malwarebytes' Anti-Malware 1.28
Baza de date versiune: 1194
Windows 5.1.2600 Service Pack 3
9/22/2008 8:55:50 PM
mbam-log-2008-09-22 (20-55-50). txt
Scan type: Quick Scan
Obiecte scanate: 53105
Timpul scurs: 6 minute (s), 1 secundă (e)
Memory Processes Infected: 0
Memory Modules Infected: 1
Chei de Registry Infected: 10
Registry Values Infected: 2
Registrul de date Elemente Infected: 2
Folders Infected: 1
Fişiere infectate: 15
Memory Processes Infected:
(Nici un rău elemente detectat)
Memory Modules Infected:
C: \ Windows \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> Delete pe reboot.
Chei de Registry Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (7b1b1537-fcd3-4186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_CLASSES_ROOT \ CLSID \ (7b1b1537-fcd3-4186-b5b8-e454c2fddb24) (Trojan.Vundo.H) -> Delete pe reboot.
HKEY_CLASSES_ROOT \ WR (Malware.Trace) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ dslcnnct (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ IProxyProvid is (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ aoprndtws (Trojan.Vundo) -> carantină şi a fost şters cu succes.
Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ 7c0a0557 (Trojan.Vundo) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run \ bm7f3936cb (Trojan.Agent) -> Delete pe reboot.
Registrul de date Elemente Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Notificarea pachete (Trojan.Vundo.H) -> Data: c: \ windows \ system32 \ ssqpmmnf -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ LSA \ Pachete de autentificare (Trojan.Vundo) -> Data: c: \ windows \ system32 \ ssqpmmnf -> Ştergere pe reboot.
Folders Infected:
C: \ Windows \ system32 \ kBin02 (Trojan.Agent) -> carantină şi a fost şters cu succes.
Files Infected:
C: \ Windows \ system32 \ ssqpmmNf.dll (Trojan.Vundo.H) -> Delete pe reboot.
C: \ Windows \ system32 \ fNmmpqss.ini (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ fNmmpqss.ini2 (Trojan.Vundo.H) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ qwtbatxb.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ ysirza.dll (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ vfcortyh.dll (Trojan.Vundo) -> Delete pe reboot.
C: \ Documents and Settings \ Administrator \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 7LVEI8GK \ upd105320 [1] (Trojan.Vundo) -> Delete pe reboot.
C: \ Documents and Settings \ Administrator \ Local Settings \ Temporary Internet Files \ Content.IE5 \ TPEY0D0R \ nd82m0 [1] (Trojan.Vundo) -> Delete pe reboot.
C: \ Windows \ system32 \ mcrh.tmp (Malware.Trace) -> carantină şi a fost şters cu succes.
C: \ WINDOWS \ cookies.ini (Malware.Trace) -> carantină şi a fost şters cu succes.
C: \ Windows \ system32 \ jyyubyyg.dll (Trojan.Agent) -> Delete pe reboot.
C: \ Windows \ system32 \ pac.txt (Malware.Trace) -> carantină şi a fost şters cu succes.
C: \ WINDOWS \ pskt.ini (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ WINDOWS \ BM7f3936cb.xml (Trojan.Vundo) -> carantină şi a fost şters cu succes.
C: \ WINDOWS \ BM7f3936cb.txt (Trojan.Vundo) -> carantină şi a fost şters cu succes.
*
*
*
M-am întâlnit de mai multe ori, după care, şi acum spune că nu există nimic infectate ....

Am fugit hijack .. şi acesta este rezultatul

Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 10:26:25, pe 9.22.2008
Platforma: Windows XP SP3 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ WLTRYSVC.EXE
C: \ Windows \ system32 \ bcmwltry.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Program Files \ Common Files \ mcafee \ mna \ mcnasvc.exe
C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ mcafee \ mcproxy \ mcproxy.exe
C: \ Program Files \ McAfee \ VirusScan \ McShield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe
C: \ Windows \ system32 \ svchost.exe
C: \ WINDOWS \ Explorer.exe
C: \ PROGRA ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Windows \ system32 \ WLTRAY.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Glisaţi pentru disc \ DrgToDsc.exe
C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ Skype \ Phone \ Skype.exe
C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
C: \ Program Files \ Skype \ Plugin Manager \ skypePM.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - (04F27F39-1C1B-4A4F-8B5A-A531E364B7A6) - (no file)
O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll
O2 - BHO: (no name) - (12637832-85DB-4C63-B9D6-12B3E50A52C9) - (no file)
O2 - BHO: (no name) - (2504b4df-fd95-47a5-b804-b047829925c0) - (no file)
O2 - BHO: (no name) - (41E299D0-5CFF-4705-A8AD-67B02579661C) - (no file)
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in-Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O2 - BHO: (no name) - (C089CFFD-5CAA-4DA6-BC8B-39965E47AAF9) - (no file)
O2 - BHO: (no name) - (D7C82C77-9CF6-4513-826E-B9B7ACDC4DB9) - (no file)
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ Windows \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Glisaţi pentru disc \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / Ascundere
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKLM \ .. \ Run: [Windows Defender] "C: \ Program Files \ Windows Defender \ MSASCui.exe"-hide
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [LogitechSetup] D: \ Setup \ setup.exe / Start / restart / l: enu
O4 - HKCU \ .. \ Run: [DelayShred] C: \ PROGRA ~ 1 \ mcafee \ mshr \ ShrCL.EXE / P10 / q C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ localnici ~ 1 \ TEMPOR ~ 1 \ Continut . IE5 \ 13H31947 \ KB4564 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ localnici ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ 3P4O3QQE \ KB6712 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ localnici ~ 1 \ TEMPOR ~ 1 \ Content.IE5 \ H9JXXVQS \ KB7678 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9100 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD9500 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD8A94 ~ 1.SH! C: \ DOCUME ~ 1 \ ADMINI ~ 1 \ Cookies \ AD4B54 ~ 1.SH!
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p-f 0x08d9 video-m-d Logitech 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f-video Logitech m-d 10.5.1.2023 (User 'Default utilizator ')
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 3 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll fgdygo.dll
O20 - Winlogon Notify: awtuutTk - awtuutTk.dll (fişierul lipseşte)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ Windows \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee reţelei de agent (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ mcafee \ mna \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ mcafee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee de scanare în timp real (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ Windows \ system32 \ WLTRYSVC.EXE
--
Sfârşit de fişier - 8474 bytes
*
*
*
Chiar am nevoie sa stiu ce este întâmplă aici am nevoie de acest laptop înapoi, vă mulţumesc ... Lasă-mă să ştiu dacă este ceva ce pot face pentru a ajuta la ...

**evilfantasy** · #4 22 Sep 2008, 16:47

Dezactivare Windows Defender

Avem nevoie de dumneavoastră pentru a dezactiva Windows Defender în timp real de protecţie, deoarece poate interfera cu remedierile de care avem nevoie pentru a face.

Deschide Windows Defender
Faceţi clic pe Instrumente, Setări generale
Derulaţi în jos şi debifaţi Porniţi în timp real de protecţie (recomandat)
După ce debifaţi aceasta, faceţi clic pe Economisi buton şi a închide Windows Defender.

După toate remedierile sunt complete, este foarte important pe care îl permite în timp real de protecţie din nou.

----------

Deschide HijackThis şi selectaţi Fă-un sistem de scanare numai.

Se pune un semn de selectare lângă următoarele menţiuni: (dacă există)

O2 - BHO: (no name) - (04F27F39-1C1B-4A4F-8B5A-A531E364B7A6) - (no file)
O2 - BHO: (no name) - (12637832-85DB-4C63-B9D6-12B3E50A52C9) - (no file)
O2 - BHO: (no name) - (2504b4df-fd95-47a5-b804-b047829925c0) - (no file)
O2 - BHO: (no name) - (41E299D0-5CFF-4705-A8AD-67B02579661C) - (no file)
O2 - BHO: (no name) - (C089CFFD-5CAA-4DA6-BC8B-39965E47AAF9) - (no file)
O2 - BHO: (no name) - (D7C82C77-9CF6-4513-826E-B9B7ACDC4DB9) - (no file)
O18 - Protocol: linkscanner - (F274614C-63F8-47D5-A4D1-FBDDE494F8D1) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll zlpxgp.dll fgdygo.dll
O20 - Winlogon Notify: awtuutTk - awtuutTk.dll (fişierul lipseşte)

Important: Închideţi toate ferestrele cu excepţia HijackThis apoi faceţi clic pe Fix verificate.

Exit HijackThis şi reporniţi computerul pentru a înregistra modificările făcute de către HijackThis.

----------

Descarca ComboFix de sUBs de la unul din link-urile de mai jos. Asiguraţi-vă că aţi început să-l salvaţi în Spaţiul de lucru.

Link # 1
Link # 2

** Notă: Este important că este salvat direct pe Desktop

Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc), înainte de a începe ComboFix.

Temporar dezactiva al tău antivirus, Precum şi orice antispyware de protecţie în timp real înainte care efectuează o scanare. Faceţi clic pe acest link pentru a vedea o listă de programe de securitate care ar trebui să fie cu handicap şi modul de dezactivare a lor. (McAfee ar putea să nu transforma complet off. Doar rulaţi ComboFix oricum şi lăsaţi-l să ruleze nimic dacă încearcă să-l blocheze.)

Faceţi dublu clic combofix.exe & urmăriţi solicitările.
Când aţi terminat ComboFix va produce un jurnal pentru tine.
Post de ComboFix jurnal şi un nou HijackThis log în următoarea replică.

Important: Nu mouseclick ComboFix de fereastră în timp ce se execută. Care pot determina să-l băga în grajd.

Amintiţi-vă să vă reactiva de protecţie antivirus şi antispyware, atunci când ComboFix este completă.

mason61391 · #5 22 Sep 2008, 19:14

ok am fugit Combo fixa, aici este reslults ...

ComboFix 08-09-20.05 - Administrator 2008-09-23 4:07:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.526 [GMT 2:00]
Rularea de la: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Creat un nou punct de restabilire
AVERTISMENT-această maşină nu are instalat Consola de recuperare!!
.
Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Windows \ system32 \ djynmrpe.ini
C: \ Windows \ system32 \ EMVwxyay.ini
C: \ Windows \ system32 \ fxdehybr.ini
C: \ Windows \ system32 \ hgillUtv.ini
C: \ Windows \ system32 \ hwpdknag.ini
C: \ Windows \ system32 \ hytrocfv.ini
C: \ Windows \ system32 \ jrawajwy.ini
C: \ Windows \ system32 \ kruvwslm.ini
C: \ Windows \ system32 \ ljbuenel.ini
C: \ Windows \ system32 \ mbpyegow.ini
C: \ Windows \ system32 \ MSINET.oca
C: \ Windows \ system32 \ oopfgjdw.ini
C: \ Windows \ system32 \ oujogpou.ini
C: \ Windows \ system32 \ ovbmvuhg.ini
C: \ Windows \ system32 \ rmkrhevi.ini
C: \ Windows \ system32 \ uhikvuhh.ini
C: \ Windows \ system32 \ vpgysgqj.ini
.
((((((((((((((((((((((((( Fişierele create de 2008-08-23 la 2008-09-23 ))))))))))) ))))))))))))))))))))
.
2008-09-23 01:06. 2008-09-23 01:06 <DIR> d -------- C: \ Program Files \ DivX
2008-09-22 22:11. 2008-09-22 22:20 1.374 - o ------ C: \ WINDOWS \ imsins.BAK
2008-09-22 21:30. 2008-05-01 16:33 331.776 ----- c --- C: \ Windows \ system32 \ dllcache \ msadce.dll
2008-09-22 21:25. 2008-04-11 21:04 691.712 ----- c --- C: \ Windows \ system32 \ dllcache \ inetcomm.dll
2008-09-22 20:47. 2008-09-22 20:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-22 20:47. 2008-09-22 20:47 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-09-22 20:47. 2008-09-10 00:04 38,528 - a ------ C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2008-09-22 20:47. 2008-09-10 00:03 17,200 - a ------ C: \ Windows \ system32 \ drivers \ mbam.sys
2008-09-22 04:54. 2008-09-22 20:47 <DIR> d -------- C: \ Desktop
2008-09-22 04:47. 2008-09-22 04:48 <DIR> d -------- C: \ Program Files \ Windows Defender
2008-09-22 04:36. 2008-09-22 04:36 <DIR> d - h ----- C: \ Windows \ system32 \ GroupPolicy
2008-09-22 02:58. 2008-09-22 02:58 268 - ah ----- C: \ sqmdata00.sqm
2008-09-22 00:30. 2008-09-22 00:30 <DIR> d -------- C: \ backup VundoFix
.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-22 23:08 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ LimeWire
2008-09-22 20:34 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype
2008-09-22 20:25 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM
2008-09-22 03:36 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-22 00:07 --------- d ----- w C: \ Program Files \ McAfee
2008-08-14 04:47 --------- d ----- w C: \ Documents and Settings \ Guest \ Application Data \ SiteAdvisor
2008-08-02 01:04 --------- d ----- w C: \ Program Files \ Enigma Software Group
2008-07-30 03:57 876.883 - SHA-w C: \ Windows \ system32 \ EMVwxyay.ini2
2008-07-30 03:49 --------- d ----- w C: \ Program Files \ CCleaner
2008-07-30 03:05 --------- d ----- w C: \ Documents and Settings \ Guest \ Application Data \ ATI
2008-07-29 03:35 --------- d ----- w C: \ Program Files \ Common Files \ LogiShrd
2008-07-27 03:46 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Roxio
2008-07-26 06:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ McAfee
2008-07-26 03:45 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-07-25 08:36 524.288 ---- Aw C: \ Windows \ system32 \ DivXsm.exe
2008-07-24 18:28 --------- d ----- w C: \ Program Files \ SiteAdvisor
2008-07-24 16:32 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ SiteAdvisor
2008-07-23 16:50 9.464 ------ w C: \ Windows \ system32 \ drivers \ cdralw2k.sys
2008-07-23 16:50 9.336 ------ w C: \ Windows \ system32 \ drivers \ cdr4_xp.sys
2008-07-23 16:50 43.528 ------ w C: \ Windows \ system32 \ drivers \ PxHelp20.sys
2008-07-23 16:50 3.596.288 ---- Aw C: \ Windows \ system32 \ qt-dx331.dll
2008-07-23 16:50 129.784 ------ w C: \ Windows \ system32 \ pxafs.dll
2008-07-23 16:50 120.056 ------ w C: \ Windows \ system32 \ pxcpyi64.exe
2008-07-23 16:50 118.520 ------ w C: \ Windows \ system32 \ pxinsi64.exe
2008-07-23 16:48 200.704 ---- Aw C: \ Windows \ system32 \ ssldivx.dll
2008-07-23 16:48 1.044.480 ---- Aw C: \ Windows \ system32 \ libdivx.dll
2008-07-23 16:46 12.288 ---- Aw C: \ Windows \ system32 \ DivXWMPExtType.dll
2008-07-21 13:33 890.828 - SHA-w C: \ Windows \ system32 \ hgillUtv.ini2
2008-07-21 10:06 10.520 ---- Aw C: \ Windows \ system32 \ avgrsstx.dll
2008-07-18 20:10 94.920 ---- Aw C: \ Windows \ system32 \ cdm.dll
2008-07-18 20:10 53.448 ---- Aw C: \ Windows \ system32 \ wuauclt.exe
2008-07-18 20:10 45.768 ---- Aw C: \ Windows \ system32 \ wups2.dll
2008-07-18 20:10 36.552 ---- Aw C: \ Windows \ system32 \ wups.dll
2008-07-18 20:09 563.912 ---- Aw C: \ Windows \ system32 \ wuapi.dll
2008-07-18 20:09 325.832 ---- Aw C: \ Windows \ system32 \ wucltui.dll
2008-07-18 20:09 205.000 ---- Aw C: \ Windows \ system32 \ wuweb.dll
2008-07-18 20:09 1.811.656 ---- Aw C: \ Windows \ system32 \ Wuaueng.dll
2008-07-18 20:07 210.976 ---- Aw C: \ Windows \ system32 \ muweb.dll
2008-07-18 14:29 77 ---- Aw C: \ Documents and Settings \ Administrator \ 2064.bat
2008-07-07 20:26 253.952 ---- Aw C: \ Windows \ system32 \ es.dll
2008-06-24 16:43 74.240 ---- Aw C: \ Windows \ system32 \ mscms.dll
2008-06-23 16:57 826.368 ---- Aw C: \ Windows \ system32 \ Wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI" = "C: \ Windows \ system32 \ WLTRAY.exe" [2007-03-16 1392640]
"StartCCC" = "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe" [2006-11-10 90112]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe" [2008-03-25 144784]
"RoxioDragToDisc" = "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Glisaţi pentru disc \ DrgToDsc.exe" [2004-01-27 1179648]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-05-27 413696]
"SiteAdvisor" = "C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe" [2007-06-21 36640]
"McENUI" = "C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe" [2007-11-30 1164576]
"mcagent_exe" = "C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe" [2007-11-01 582992]
"SigmatelSysTrayApp" = "stsystra.exe" [2006-02-10 C: \ WINDOWS \ stsystra.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ RunOnce]
"WUAppSetup" = "C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe" [2007-02-04 435736]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center]
"AntiVirusDisableNotify" = dword: 00000001
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ McAfeeAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ McAfeeFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista]
"% WINDIR% \ \ system32 \ \ sessmgr.exe" =
"% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ msnmsgr.exe" =
"C: \ \ Program Files \ \ Windows Live \ \ Messenger \ \ livecall.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"C: \ \ Program Files \ \ Common Files \ \ McAfee \ \ MNA \ \ McNASvc.exe" =
"C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
S1 AvgLdx86; AVG Free AVI Loader Driver x86; C: \ WINDOWS \ system32 \ drivers \ avgldx86.sys [2008-07-21 96520]
S4 avg8wd; AVG Free8 Watchdog; C: \ PROGRA ~ 1 \ AVG \ AVG8 \ avgwdsvc.exe []
* Newly Created Service * - CATCHME
* Newly Created Service * - PROCEXP90
.
Cuprins de la "Activităţi programate" dosar
.
- - - - ORFANI ELIMINAT - - - --
HKCU-Run-LogitechSetup - D: \ Setup \ Setup.exe

.
------- Suplimentare Scan -------
.
Firefox -: Profil - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \ aqi5r52b.default \
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 04:09:28
Windows 5.1.2600 Service Pack 3 NTFS
scanare ascuns procese ...
scanare ascuns autostart intrări ...
scanare fişiere ascunse ...
scanare sa finalizat cu succes
fişiere ascunse: 0
************************************************** ************************
.
Completion time: 2008-09-23 4:10:26
ComboFix-carantină-files.txt 2008-09-23 02:10:23
Pre-Run: 62363549696 bytes liber
Post-Run: 62437605376 bytes liber
153 --- EOF --- 2008-09-22 20:32:15
*
*
*
*
Apoi am fugit hijack prezenta din nou

*
*
Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 4:11:27, pe 9.23.2008
Platforma: Windows XP SP3 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ WLTRYSVC.EXE
C: \ Windows \ system32 \ bcmwltry.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
C: \ Program Files \ Common Files \ mcafee \ mna \ mcnasvc.exe
C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ mcafee \ mcproxy \ mcproxy.exe
C: \ Program Files \ McAfee \ VirusScan \ McShield.exe
C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe
C: \ Windows \ system32 \ svchost.exe
C: \ PROGRA ~ 1 \ mcafee.com \ agent \ mcagent.exe
C: \ WINDOWS \ stsystra.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Windows \ system32 \ WLTRAY.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Glisaţi pentru disc \ DrgToDsc.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.EXE
C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ ccc.exe
C: \ PROGRA ~ 1 \ mcafee \ MSC \ mcuimgr.exe
C: \ Windows \ system32 \ imapi.exe
C: \ Windows \ system32 \ notepad.exe
C: \ WINDOWS \ explorer.exe
C: \ Desktop \ Trend Micro \ HijackThis \ HijackThis.exe
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - (089FD14D-132B-48FC-8861-0048AE113215) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Windows Live Sign-in-Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Program Files \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - (0BF43445-2F28-4351-9252-17FE6E806AA0) - C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.dll
O4 - HKLM \ .. \ Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Broadcom Wireless Manager UI] C: \ Windows \ system32 \ WLTRAY.exe
O4 - HKLM \ .. \ Run: [StartCCC] "C: \ Program Files \ ATI Technologies \ ATI.ACE \ Core-Static \ CLIStart.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [RoxioDragToDisc] "C: \ Program Files \ Roxio \ Easy Media Creator 7 \ Glisaţi pentru disc \ DrgToDsc.exe"
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [SiteAdvisor] "C: \ Program Files \ SiteAdvisor \ 6261 \ SiteAdv.exe"
O4 - HKLM \ .. \ Run: [McENUI] C: \ PROGRA ~ 1 \ McAfee \ MHN \ McENUI.exe / Ascundere
O4 - HKLM \ .. \ Run: [mcagent_exe] C: \ Program Files \ McAfee.com \ Agent \ mcagent.exe / runkey
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'SYSTEM')
O4 - HKUS \ S-1-5-18 \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p-f 0x08d9 video-m-d Logitech 10.5. 1,2023 (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe (User 'Default user')
O4 - HKUS \. DEFAULT \ .. \ RunOnce: [WUAppSetup] C: \ Program Files \ Common Files \ logishrd \ WUApp32.exe-v 0x046d-p 0x08d9-f-video Logitech m-d 10.5.1.2023 (User 'Default utilizator ')
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 3 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 3 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://update.microsoft.com/microsof...?1222115615015
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C: \ Windows \ system32 \ ati2sgag.exe
O23 - Service: LVSrvLauncher - Logitech Inc - C: \ Program Files \ Common Files \ LogiShrd \ SrvLnch \ SrvLnch.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ MSC \ mcmscsvc.exe
O23 - Service: McAfee reţelei de agent (McNASvc) - McAfee, Inc - C: \ Program Files \ Common Files \ mcafee \ mna \ mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc - C: \ PROGRA ~ 1 \ McAfee \ VIRUSS ~ 1 \ mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ mcafee \ mcproxy \ mcproxy.exe
O23 - Service: McAfee de scanare în timp real (McShield) - McAfee, Inc - C: \ Program Files \ McAfee \ VirusScan \ McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc - C: \ Program Files \ McAfee \ MPF \ MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C: \ Program Files \ SiteAdvisor \ 6261 \ SAService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C: \ Windows \ system32 \ WLTRYSVC.EXE
--
Sfârşit de fişier - 6865 bytes

.... orice idei încă?

**evilfantasy** · #6 22 Sep 2008, 19:46

Totul arată bine acum. Ce probleme ai mai avea?

----------

Descărca CCleaner Slim şi salvaţi-l pe Desktop.
Când dosarul a fost salvat, du-te la desktop şi faceţi dublu-clic pe ccsetupxxx_slim.exe
Urmaţi solicitările pentru a instala programul.
Finalizarea procesului de instalare, atunci:

Faceţi dublu-clic pe CCleaner comandă rapidă pe desktop pentru a începe programul.
Click pe Opţiuni bloc de pe partea stângă, apoi alegeţi Cookies.
- Sub Cookie-uri pentru a Ştergere, Evidenţiaţi orice cookie-urile pe care doriţi să-şi menţină permanent
- Faceţi clic pe săgeată dreapta > pentru a le muta la Cookie-uri pentru a se ţine fereastra.
Du-te în Opţiuni > Advanced unverifica Numai ştergeţi fişiere în Windows Temp dosare mai vechi de 48 de ore
Faceţi clic pe Cleaner pe partea stângă, apoi Run Cleaner cu privire la dreptul de a rula programul.
Important: Asiguraţi-vă că TOATE browser-ul Windows sunt închise înainte de selectarea Run Cleaner
Atentie: Nu este recomandat să utilizaţi în continuare "Registrul" facilitate, cu excepţia cazului în care nu sunteţi foarte familiarizat cu registry.
Exit CCleaner după ce a finalizat procesul.

----------

Java este de actualitate.

Versiunile mai vechi au vulnerabilities rău că site-uri pot utiliza pentru a infecta sistemul dumneavoastră.

Mai întâi instalaţi noul Sun Java Runtime Environment

Aveţi grijă să închideţi toate ferestrele browser-ului înainte de a începe instalarea.

Eliminaţi versiunea veche (e)

Descarca JavaRa şi dezarhivează fişierul pe spaţiul de lucru.
Deschideţi JavaRA.exe şi alegeţi Eliminaţi versiunile mai vechi
Odată ce ieşi din JavaRA complet şi şterge programul.
Run CCleaner.

----------

Descărca Inchide / Remove Windows Messenger la Spaţiul de lucru pentru a îndepărta Windows Messenger.

A nu se confunda Windows Messenger cu MSN Messenger pentru că nu sunt la fel. Windows Messenger este o cauza frecventa de pop-up.

Dezarhivaţi fişierul pe Desktop. Deschide MessengerDisable.exe în partea de jos şi alegeţi caseta -- Dezinstalare Windows Messenger şi faceţi clic pe Aplica.

Ieşiţi din MessengerDisable şterge apoi cele două fişiere care au fost puse pe desktop.

Similar Threads
Fir	Thread Starter	Forum	Răspunsurile	Ultimul mesaj
Prieteni Pc Infected - Vundo / Varianta-RONads - Vundo/Variant-0216 şi-309k	redden137	Nume, Spyware & Securitate	3	28 aprilie 2009 15:18
Nafamamo.dll Eroare Windows/system32 şi Virtumonde	Jacko2983	Nume, Spyware & Securitate	30	19 aprilie 2009 17:24
Nu pot să scap de TROJAN.VUNDO.H de la PC-ul meu	theprodigycmb	Nume, Spyware & Securitate	13	16 martie 2009 16:40
Ajutor necesare cu Trojan.vundo.h (virtumonde) + fişierele jurnal şi ss	Jasperbak nl	Nume, Spyware & Securitate	32	22 ianuarie 2009 05:48
Win32/adware.virtumonde - bigmaq Toolbar	delboy2028	Nume, Spyware & Securitate	1	1 mai 2008 09:50