Orice as face eu nu pot scăpa de TROJAN.VUNDO.H

**redsowwer** · #1 16 octombrie 2008, 09:51

Am incercat de mai multe ori cu Malwarebytes pentru a şterge VUNDO.H virus. Se solicită să reporniţi şi am Malwarebytes rula din nou, doar pentru a găsi este încă în sistem. Am avea, de asemenea, sisteme de restaurare oprit înainte de a începe aceste.

Vă mulţumim pentru ajutor!

**evilfantasy** · #2 16 octombrie 2008, 11:27

Deschide HijackThis şi selectaţi Fă-un sistem de scanare numai.

Se pune un semn de selectare lângă următoarele menţiuni: (dacă există)

O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \ windows \ system32 \ digestp.dll
O20 - Winlogon Notify: paubftzz - C: \ Windows \ system32 \ digestp.dll

Important: Închideţi toate ferestrele cu excepţia HijackThis apoi faceţi clic pe Fix verificate.

Exit HijackThis.

----------

Descărca OTMoveIt2 de Oldtimer şi salvaţi-o să-ţi Spaţiul de lucru.

Notă: Dacă rulaţi pe Vista, faceţi clic dreapta pe OTMoveIt2.exe şi alegeţi Executare ca administrator.

1. Faceţi dublu-clic pe OTMoveIt2.exe să îl rulaţi.
2. Copiere de linii în codebox de mai jos.

Cod:

[ucide Explorer] C: \ Windows \ system32 \ digestp.dll EmptyTemp [începe Explorer]

3. Întoarceţi-vă la OTMoveIt2, click dreapta în Lipire Lista de fişiere / foldere pentru a Mutare fereastră (în galben bar) şi alegeţi Lipire
4. Faceţi clic pe roşu Moveit! buton.
5. Copiaţi totul în Rezultatele fereastra (sub bara verde) şi inseraţi-l în următoarea replică.
6. Închide OTMoveIt2

Notă: Dacă un fişier sau un dosar nu poate fi mutat imediat ce i se poate cere să reporniţi computerul pentru a termina procesul de mutare. Dacă a cerut pentru a reporni, alegeţi Da. Dacă nu, oricum reboot.

**redsowwer** · #3 16 octombrie 2008, 12:39

Ei bine am alergat tot ce ai postat. Hijack de mers bine şi 2 imagini se elimină.

De OTMOVEIT2 program - am copiat 4 linii
[ucide Explorer]
C: \ Windows \ system32 \ digestp.dll
EmptyTemp
[începe Explorer

în galben-bar si selectate MOVEIT.

Sub caseta verde de programe spus explora ucis cu succes cu toate acestea am primit o eroare în caseta de dialog.

Said OTMOVEIT2 OTMOVEIT2.EXE - Bad image

Cererea sau DLL c: \ windows \ rakxhfy.dll nu este o imagine validă ferestre. Vă rugăm să verificaţi acest lucru împotriva ta installtion disk.

Am avut de a reporni şi OTMOVEIT venit din nou si am venit cu aceeaşi eroare de dialog ca mai sus. Cum pot scăpa de această OTMOVEIT2 când reboots. Mai e ceva ce trebuie făcut?

**evilfantasy** · #4 16 octombrie 2008, 12:45

Da există mai multe de făcut. Nu vă faceţi griji despre mesajul de eroare ...

Descărca aleator al sistemului de informaţii instrument (RSIT) prin sondaj / aleatoare de la şi salvaţi-l pe Desktop.

Faceţi dublu clic pe RSIT.exe pentru a rula.
Faceţi clic pe Continuare Avertisment de la ecran.
După ce a terminat, două jurnale va deschide.
log.txt <va fi maxim şi info.txt <va fi minimizate
Vă rugăm să posta conţinutul amândoi jurnalele în următorul răspuns.

**redsowwer** · #5 16 octombrie 2008, 13:26

log.txt:
Fişierul dvs. de 28.7 KB octeţi depăşeşte limita a forumului 19.5 KB pentru acest tip de fişier. Am avut de a WinZip de fişier jurnal pentru a face să faci pentru a cdonstraints COMPUTER Suc de ataşare de fişiere.

**redsowwer** · #6 16 octombrie 2008, 13:34

LOG FILE

Logfile de aleator al sistemului de informaţii instrument 1,04 (scris de aleatoare / random)
Fugi de Proprietar la 2008-10-16 15:56:08
Microsoft Windows XP Home Edition Service Pack 3
Sistemul de drive-ul C: are 136 GB (92%) gratuit de 149 GB
Total RAM: 382 MB (30% gratuit)
Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 3:56:33, pe 10.16.2008
Platforma: Windows XP SP3 (WINNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ WINDOWS \ Explorer.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ Ahead \ INCD \ InCDsrv.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Common Files \ New limită \ PrismXL \ PRISMXL.SYS
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Owner \ Local Settings \ Temporary Internet Files \ Content.IE5 \ 6QBVSP54 \ RSIT [1]. Exe
C: \ Program Files \ Common Files \ Symantec Shared \ COH \ coh32.exe
C: \ Program Files \ Trend Micro \ HijackThis \ Owner.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.emachines.com/
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Descărcaţi Plug-in-ului şi a înregistra pentru Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2-6 \ coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevenirea - (6D53EC84-6AAE-4787-AEEE-F4628F01010C) - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ symant ~ 1 \ IDS \ IPSBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: (no name) - (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE) - c: \ windows \ system32 \ digestp.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: Arata Norton Toolbar - (7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2-6 \ CoIEPlg.dll
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [osCheck] "C: \ Program Files \ Norton 360 \ osCheck.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - Global Startup: Device Detector 3.lnk = C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
O4 - Global Startup: Google Updater.lnk = C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - C: \ Windows \ system32 \ Shdocvw.dll
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network de diagnostic \ xpnetdiag.exe
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (215B8138-A3CF-44C5-803F-8226143CFC0A) (Trend Micro ActiveX Scan Agent 6.6) -- http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: (2D8ED06D-3C30-438B-96AE-4D110FDC1FB8) (ActiveScan 2.0 Installer Class) -- http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://www.update.microsoft.com/wind...?1211623928390
O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1211630845500
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O20 - Winlogon Notify: paubftzz - C: \ Windows \ system32 \ digestp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: Symantec LIC NetConnect serviciu (CLTNetCnService) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: COM-gazdă (comHost) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: INCD File System Service (InCDsrv) - URMAT Software - C: \ Program Files \ Ahead \ INCD \ InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc - C: \ Program Files \ Common Files \ New limită \ PrismXL \ PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ symant ~ 1 \ CCPD-LC \ symlcsvc.exe
--
Sfârşit de fişier - 7993 bytes
====== Activităţi programate dosar ======
C: \ WINDOWS \ sarcini \ automată Full Backup.job
C: \ WINDOWS \ sarcini \ Daily Changed Files.job
C: \ WINDOWS \ sarcini \ PEACTREE Săptămânal INAPOI UP.job
====== Registri dump ======
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3)]
Adobe PDF Reader Link Helper - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (3049C3E9-B461-4BC5-8870-4C09146192CA)]
RealPlayer Descărcaţi Plug-in-ului şi a înregistra pentru Internet Explorer - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll [2008-04-19 308856]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408)]
C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2-6 \ coIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (6D53EC84-6AAE-4787-AEEE-F4628F01010C)]
Symantec Intrusion Prevenirea - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ symant ~ 1 \ IDS \ IPSBHO.dll [2008-10-16 116088]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AA58ED58-01DD-4d91-8333-CF10577473F7)]
Google Toolbar Helper - C: \ Program Files \ Google \ googletoolbar1.dll [2007-06-04 2554944]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (AF69DE43-7D58-4638-B6FA-CE66B5AD205D)]
Google Toolbar Notifier BHO - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll [2008-09-26 737776]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
c: \ windows \ system32 \ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Toolbar]
(EF99BD32-C1FB-11D2-892F-0090271D4F88) - Yahoo! Bara de instrumente - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll [2005-08-04 343112]
(2318C2B1-4965-11d4-9B18-009027A5CD4F) - & Google - C: \ Program Files \ Google \ googletoolbar1.dll [2007-06-04 2554944]
ID
(7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA) - Afişare Norton Toolbar - C: \ Program Files \ Common Files \ Symantec Shared \ coShared \ Browser \ 2-6 \ CoIEPlg.dll [2008-06-30 349552]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = C: \ Program Files \ QuickTime \ qttask.exe [2005-01-28 98304]
"Adobe Photo Downloader" = C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe [2005-06-06 57344]
"Adobe Reader Speed Launcher" = C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe [2008-01-11 39792]
"TkBellExe" = C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe [2008-04-19 185896]
"ccApp" = C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048]
"osCheck" = C: \ Program Files \ Norton 360 \ osCheck.exe [2008-02-26 988512]
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"MSMSGS" = C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232]
"Ctfmon.exe" = C: \ Windows \ system32 \ Ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware" = C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ATIPTA]
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe [2004-11-12 344064]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ccApp]
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe [2008-02-18 51048]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CHotkey]
C: \ WINDOWS \ zHotkey.exe [2004-05-17 543232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ctfmon.exe]
C: \ Windows \ system32 \ Ctfmon.exe [2008-04-13 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ INCD]
C: \ Program Files \ Ahead \ INCD \ InCD.exe [2003-09-01 1200178]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS]
C: \ Program Files \ Messenger \ msmsgs.exe [2008-04-13 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroCheck]
C: \ Windows \ system32 \ \ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroFilterCheck]
C: \ Windows \ system32 \ NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Recguard]
C: \ WINDOWS \ SMINST \ RECGUARD.EXE [2002-09-13 212992]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl]
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ShowWnd]
C: \ WINDOWS \ ShowWnd.exe [2003-09-19 36864]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SoundMan]
C: \ WINDOWS \ SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SunKistEM]
C: \ Program Files \ Digital Media Reader \ shwiconem.exe [2004-11-15 135168]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ UpdateManager]
C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe [2003-08-19 110592]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ BigFix.lnk]
C: \ PROGRA ~ 1 \ BigFix \ BigFix.exe [2002-07-31 1742384]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk]
C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office \ OSA9.EXE [2000-01-21 65588]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup
Aparat Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe
Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [2007-04-19 294912]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ AtiExtEvent]
C: \ Windows \ system32 \ Ati2evxx.dll [2006-02-21 61440]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]
C: \ Windows \ system32 \ digestp.dll [2004-08-04 105984]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ ShellServiceObjectDelayLoad]
UPnPMonitor - (e57ce738-33e8-4c51-8354-bb4de9d215d1) - C: \ Windows \ system32 \ upnpui.dll [2008-04-13 239616]
WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - C: \ Windows \ system32 \ WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entVersion \ Policies \ System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Policies \ Explorer]
"NoDriveTypeAutoRun" = 145
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ standard de profil \ authorizedapplications \ lista]
"% WINDIR% \ system32 \ sessmgr.exe" = "% WINDIR% \ system32 \ sessmgr.exe: *: activată: @ xpsp2res.dll, -22019"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0"
"% WINDIR% \ Reţeaua de diagnostic \ xpnetdiag.exe" = "% WINDIR% \ Reţeaua de diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
"C: \ Program Files \ Internet Explorer \ iexplore.exe" = "C: \ Program Files \ Internet Explorer \ iexplore.exe: *: Disabled: Internet Explorer"
"C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe" = "C: \ WINDOWS \ LMI42.tmp \ lmi_rescue.exe: *: Enabled: LogMeIn Rescue"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic es \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ lista]
"% WINDIR% \ system32 \ sessmgr.exe" = "% WINDIR% \ system32 \ sessmgr.exe: *: activată: @ xpsp2res.dll, -22019"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLDial.exe: *: Enabled: AOL"
"C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe" = "C: \ Program Files \ Common Files \ AOL \ ACS \ AOLacsd.exe: *: Enabled: AOL"
"C: \ Program Files \ America Online 9.0 \ waol.exe" = "C: \ Program Files \ America Online 9.0 \ waol.exe: *: Enabled: America Online 9.0"
"% WINDIR% \ Reţeaua de diagnostic \ xpnetdiag.exe" = "% WINDIR% \ Reţeaua de diagnostic \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)]
shell \ AutoRun \ command - C: \ Windows \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-b301-806d6172696f)]
shell \ AutoRun \ command - C: \ Windows \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Info.exe folder.htt 480 480

====== Lista de fişiere / foldere create din ultimele 1 luna ======
2008-10-16 15:56:08 ---- D ---- C: \ rsit
2008-10-16 15:19:05 ---- D ---- C: \ _OTMoveIt
2008-10-16 14:07:16 ---- D ---- C: \ Program Files \ Panda Security
2008-10-16 13:48:04 ---- O ---- C: \ Windows \ system32 \ CF23987.exe
2008-10-16 13:47:57 ---- O ---- C: \ Bug.txt
2008-10-16 13:20:06 ---- D ---- C: \ backup VundoFix
2008-10-16 13:20:06 ---- O ---- C: \ VundoFix.txt
2008-10-16 12:26:25 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25:40 ---- D ---- C: \ Program Files \ SUPERAntiSpyware
2008-10-16 12:25:39 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-10-16 11:20:45 ---- hdc ---- C: \ WINDOWS \ $ $ NtUninstallKB956803
2008-10-16 11:20:36 ---- hdc ---- C: \ WINDOWS \ $ $ NtUninstallKB956391
2008-10-16 11:20:27 ---- hdc ---- C: \ WINDOWS \ $ $ NtUninstallKB957095
2008-10-16 11:17:11 ---- hdc ---- C: \ WINDOWS \ $ $ NtUninstallKB954211
2008-10-16 11:16:54 ---- hdc ---- C: \ WINDOWS \ $ $ NtUninstallKB956841
2008-10-16 11:08:22 ---- D ---- C: \ Windows \ system32 \ N360_BACKUP
2008-10-16 10:48:03 DC ---- ---- C: \ Windows \ system32 \ DRVSTORE
2008-10-16 10:47:42 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24:37 ---- D ---- C: \ Program Files \ Windows Sidebar
2008-10-16 10:24:06 ---- D ---- C: \ Program Files \ Norton 360
2008-10-16 10:22:49 ---- O ---- C: \ Windows \ system32 \ S32EVNT1.DLL
2008-10-15 17:26:20 ---- D ---- C: \ Program Files \ NoNAV
2008-10-15 16:41:28 ---- D ---- C: \ SymNoNav
2008-10-15 16:22:38 ---- D ---- C: \ WINDOWS \ LMI42.tmp
2008-10-15 15:10:33 ---- D ---- C: \ Program Files \ Trend Micro
2008-10-11 12:25:41 ---- D ---- C: \ WINDOWS \ duminică
2008-10-11 12:25:41 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ duminică
2008-10-11 12:00:57 ---- D ---- C: \ Program Files \ CCleaner
2008-10-11 11:38:42 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes
2008-10-11 11:38:37 ---- D ---- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-10-11 11:38:37 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
====== Lista de fişiere / foldere modificate din ultimele 1 luna ======
2008-10-16 15:44:12 ---- D ---- C: \ Program Files \ Common Files \ Symantec Shared
2008-10-16 15:43:38 ---- D ---- C: \ WINDOWS \ Temp
2008-10-16 15:27:24 ---- D ---- C: \ Windows \ system32 \ Catroot2
2008-10-16 15:25:42 ---- O ---- C: \ WINDOWS \ SchedLgU.Txt
2008-10-16 15:12:27 ---- O ---- C: \ WINDOWS \ hpbafd.ini
2008-10-16 15:12:19 ---- O ---- C: \ Windows \ system32 \ NTS5CSET.INI
2008-10-16 15:05:13 ---- D ---- C: \ WINDOWS
2008-10-16 14:13:35 ---- D ---- C: \ Windows \ system32 \ drivers
2008-10-16 14:07:16 RD ---- ---- C: \ Program Files
2008-10-16 14:07:16 ---- HD ---- C: \ Windows \ Inf
2008-10-16 14:06:35 ---- SD ---- C: \ WINDOWS \ Downloaded Program Files
2008-10-16 13:49:56 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-10-16 13:48:11 ---- D ---- C: \ Windows \ system32
2008-10-16 12:26:10 ---- SHD ---- C: \ Windows \ Installer
2008-10-16 12:25:12 ---- D ---- C: \ Program Files \ Common Files
2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Minidump
2008-10-16 11:50:16 ---- D ---- C: \ WINDOWS \ Debug
2008-10-16 11:20:47 ---- RSHDC ---- C: \ Windows \ system32 \ dllcache
2008-10-16 11:20:43 ---- HD ---- C: \ WINDOWS \ $ $ hf_mig
2008-10-16 11:20:07 ---- D ---- C: \ Program Files \ Internet Explorer
2008-10-16 11:19:54 ---- D ---- C: \ WINDOWS \ ie7updates
2008-10-16 11:19:07 ---- O ---- C: \ WINDOWS \ win.ini
2008-10-16 11:08:11 ---- D ---- C: \ Documents and Settings \ Owner \ Application Data \ Symantec
2008-10-16 11:04:17 ---- D ---- C: \ Program Files \ Symantec
2008-10-16 11:01:12 ---- D ---- C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-10-16 10:46:55 ---- D ---- C: \ WINDOWS \ prefetch
2008-10-15 17:42:01 ---- D ---- C: \ Documents and Settings
2008-10-15 15:38:45 ---- D ---- C: \ WINDOWS \ WinSxS
2008-10-15 15:38:45 ---- D ---- C: \ Program Files \ Common Files \ Microsoft Shared
2008-10-15 14:55:27 ---- D ---- C: \ Windows \ system32 \ Restore
2008-10-15 13:23:32 ---- O ---- C: \ WINDOWS \ PCW120.ini
2008-10-15 13:23:22 ---- D ---- C: \ SHAREDAT
2008-10-14 14:58:10 ---- D ---- C: \ Shardata
2008-10-11 11:30:23 ---- SHD ---- C: \ System Volume Information
2008-10-07 15:19:40 ---- O ---- C: \ Windows \ system32 \ MRT.exe
2008-10-03 13:41:15 ---- O ---- C: \ Windows \ system32 \ ieframe.dll
2008-09-24 08:36:56 ---- D ---- C: \ Program Files \ Common Files \ piersicii
====== Lista de drivere (R = Rularea, S = oprit, 0 = Boot, 1 = System, 2 = Auto, 3 = cerere, 4 = Disabled )======
R1 AmdPPM; Procesor AMD HwPState Driver; C: \ WINDOWS \ system32 \ drivers \ AmdPPM.sys [2007-04-16 33792]
R1 eeCtrl; Symantec Eraser Control driver; \?? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ eeCtrl.sys []
R1 InCDPass; InCDPass; C: \ WINDOWS \ system32 \ drivers \ InCDPass.sys [2003-09-01 28528]
R1 incdrm; INCD EasyWrite Reader; C: \ Windows \ system32 \ drivers \ incdrm.sys [2003-08-21 25520]
R1 SASDIFSV; SASDIFSV; \?? \ C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS []
R1 SASKUTIL; SASKUTIL; \?? \ C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.sys []
R1 SPBBCDrv; SPBBCDrv; \?? \ C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCDrv.sys []
R1 SRTSPX; SRTSPX; C: \ Windows \ system32 \ Drivers \ SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI; SYMTDI; C: \ Windows \ system32 \ Drivers \ SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon; CO_Mon; \?? \ C: \ Windows \ system32 \ drivers \ CO_Mon.sys []
R2 mdmxsdk; mdmxsdk; C: \ WINDOWS \ system32 \ drivers \ mdmxsdk.sys [2004-03-17 13059]
R2 tmcomm; tmcomm; \?? \ C: \ Windows \ system32 \ drivers \ tmcomm.sys []
R3 ALCXWDM; Serviciul pentru Realtek AC97 Audio (WDM); C: \ Windows \ system32 \ drivers \ ALCXWDM.SYS [2004-11-18 2297664]
R3 Arp1394; 1394 ARP Client protocol; C: \ WINDOWS \ system32 \ drivers \ arp1394.sys [2008-04-13 60800]
R3 ati2mtag; ati2mtag; C: \ WINDOWS \ system32 \ drivers \ ati2mtag.sys [2006-02-21 1505792]
R3 COH_Mon; COH_Mon; \?? \ C: \ WINDOWS \ system32 \ drivers \ COH_Mon.sys []
R3 EraserUtilRebootDrv; EraserUtilRebootDrv; \?? \ C: \ Program Files \ Common Files \ Symantec Shared \ EENGINE \ EraserUtilRebootDrv.sys []
R3 GEARAspiWDM; ECHIPAMENTELOR ASPI driverul de filtrare; C: \ Windows \ system32 \ Drivers \ GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP; HSF_DP; C: \ WINDOWS \ system32 \ drivers \ HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2; HSFHWBS2; C: \ WINDOWS \ system32 \ drivers \ HSFHWBS2.sys [2004-06-17 220032]
R3 NAVENG; NAVENG; \?? \ C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ symant ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVENG.SYS []
R3 NAVEX15; NAVEX15; \?? \ C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ symant ~ 1 \ VIRUSD ~ 1 \ 2008101 6,004 \ NAVEX15.SYS []
R3 NIC1394; 1394 Net Driver; C: \ WINDOWS \ system32 \ drivers \ nic1394.sys [2008-04-13 61824]
R3 rtl8139; Realtek RTL8139 (A / B / C), bazate pe PCI Fast Ethernet Adapter NT Driver; C: \ WINDOWS \ system32 \ drivers \ RTL8139.SYS [2004-08-04 20992]
R3 SASENUM; SASENUM; \?? \ C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS []
R3 SRTSP; SRTSP; C: \ Windows \ system32 \ Drivers \ SRTSP.SYS [2008-01-31 279088]
R3 SunkFilt; Alcor Micro Corp Reader; \?? \ C: \ Windows \ system32 \ Drivers \ sunkfilt.sys []
R3 SYMDNS; SYMDNS; C: \ Windows \ system32 \ Drivers \ SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent; SymEvent; \?? \ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS []
R3 SYMFW; SYMFW; C: \ Windows \ system32 \ Drivers \ SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS; SYMIDS; C: \ Windows \ system32 \ Drivers \ SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO; SYMIDSCO; \?? \ C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ symant ~ 1 \ SymcData \ ipsdefs \ 20081014.001 \ SymIDSCo.sys []
R3 SymIMMP; SymIMMP; C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008-06-13 31280]
R3 SYMNDIS; SYMNDIS; C: \ Windows \ system32 \ Drivers \ SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV; SYMREDRV; C: \ Windows \ system32 \ Drivers \ SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci; Microsoft USB 2.0 Enhanced Host Controller Driver miniport; C: \ WINDOWS \ system32 \ drivers \ Usbehci.sys [2008-04-13 30208]
R3 usbhub; USB2 Enabled Hub; C: \ WINDOWS \ system32 \ drivers \ Usbhub.sys [2008-04-13 59520]
R3 usbohci; Microsoft USB Open Host Controller Driver miniport; C: \ WINDOWS \ system32 \ drivers \ Usbohci.sys [2008-04-13 17152]
R3 USBSTOR; USB Mass Storage Driver; C: \ WINDOWS \ system32 \ drivers \ USBSTOR.SYS [2008-04-13 26368]
R3 winachsf; winachsf; C: \ WINDOWS \ system32 \ drivers \ HSF_CNXT.sys [2004-06-17 685056]
R4 InCDfs; INCD File System; C: \ Windows \ system32 \ drivers \ InCDfs.sys [2003-09-01 88800]
S1 P3; PentiumIII Procesor Intel Driver; C: \ WINDOWS \ system32 \ drivers \ p3.sys [2008-04-13 42752]
S3 Bridge; MAC Bridge; C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008-04-13 71552]
S3 BridgeMP; MAC Bridge miniport; C: \ WINDOWS \ system32 \ drivers \ bridge.sys [2008-04-13 71552]
S3 mxnic; Macronix MX987xx Family Fast Ethernet NT Driver; C: \ WINDOWS \ system32 \ drivers \ mxnic.sys [2001-08-17 19968]
S3 NV; NV; C: \ WINDOWS \ system32 \ drivers \ nv4_mini.sys [2004-08-04 1897408]
S3 SRTSPL; SRTSPL; C: \ Windows \ system32 \ Drivers \ SRTSPL.SYS [2008-01-31 317616]
S3 SymIM; Symantec Network Security intermediar Filtrul de servicii; C: \ WINDOWS \ system32 \ drivers \ SymIM.sys [2008-06-13 31280]
S3 usbuhci; Microsoft USB Universal Host Controller Driver miniport; C: \ WINDOWS \ system32 \ drivers \ Usbuhci.sys [2008-04-13 20608]
S3 VNUSB; VN Seria Device; C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003-12-15 38448]
S3 wanatw; WAN miniport (ATW); C: \ WINDOWS \ system32 \ drivers \ wanatw4.sys []
S3 WudfPf; Windows Driver Foundation - User-mode Driver-cadru Platforma Driver; C: \ WINDOWS \ system32 \ drivers \ WudfPf.sys [2006-09-28 77568]
S3 WudfRd; Windows Driver Foundation - User-mode Driver-cadru Reflector; C: \ WINDOWS \ system32 \ drivers \ wudfrd.sys [2006-09-28 82944]
S4 sr; System Restore driverul de filtrare; C: \ WINDOWS \ system32 \ drivers \ sr.sys [2008-04-13 73472]
====== Lista de servicii (R = Running, S = oprit, 0 = Boot, 1 = System, 2 = Auto, 3 = cerere, 4 = Disabled )======
R2 Ati HotKey Poller; Ati HotKey Poller; C: \ Windows \ system32 \ Ati2evxx.exe [2006-02-21 405504]
R2 Automatic LiveUpdate Scheduler; Automatic LiveUpdate Scheduler; C: \ Program Files \ Symantec \ LiveUpdate \ AluSchedulerSvc.exe [2008-02-21 238968]
R2 ccEvtMgr; Symantec Event Manager; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 ccSetMgr; Symantec Settings Manager; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 CLTNetCnService; Symantec LIC NetConnect serviciu; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 gusvc; Google Updater Service; C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe [2007-06-04 138680]
R2 InCDsrv; INCD File System Service; C: \ Program Files \ Ahead \ INCD \ InCDsrv.exe [2003-09-01 798772]
R2 LiveUpdate Notice; LiveUpdate Notice; C: \ Program Files \ Common Files \ Symantec Shared \ ccSvcHst.exe [2008-02-18 149352]
R2 MDM; Machine Debug Manager; C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE [2003-06-19 322120]
R2 PrismXL; PrismXL; C: \ Program Files \ Common Files \ New limită \ PrismXL \ PRISMXL.SYS [2005-01-28 172032]
S3 aspnet_state; ASP.NET membru Service; C: \ WINDOWS \ Microsoft.NET \ Framework \ v1.1.4322 \ aspne t_state.exe [2004-07-15 32768]
S3 comHost; COM-gazdă; C: \ Program Files \ Common Files \ Symantec Shared \ VAScanner \ comHost.exe [2007-08-22 55640]
S3 LiveUpdate; LiveUpdate; C: \ Program Files \ Symantec \ LiveUpdate \ LuComServer_3_4.EXE [2008-09-05 3220856]
S3 OSE; Office Sursa Motor; C: \ Program Files \ Common Files \ Microsoft Shared \ Sursa Motor \ OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC; Symantec Core LC; C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ symant ~ 1 \ CCPD-LC \ symlcsvc.exe [2008-10-16 1245064]
S3 WMPNetworkSvc; Windows Media Player Network Sharing Serviciu; C: \ Program Files \ Windows Media Player \ WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc; Windows Driver Foundation - User-mode Driver-cadru; C: \ Windows \ system32 \ svchost.exe [2008-04-13 14336]
----------------- EOF -----------------

**evilfantasy** · #7 16 octombrie 2008, 13:50

De digestp.dll este încă nu a plecat.

În primul rând:

Descărca Inchide / Remove Windows Messenger la Spaţiul de lucru pentru a îndepărta Windows Messenger.

A nu se confunda Windows Messenger cu MSN Messenger pentru că nu sunt la fel. Windows Messenger este o cauza frecventa de pop-up.

Dezarhivaţi fişierul pe Desktop. Deschide MessengerDisable.exe în partea de jos şi alegeţi caseta -- Dezinstalare Windows Messenger şi faceţi clic pe Aplica.

Ieşiţi din MessengerDisable şterge apoi cele două fişiere care au fost puse pe desktop.

----------

Notă: instrucţiunile de mai jos au fost create special pentru acest utilizator. Dacă nu sunteţi acest utilizator, NU urmaţi aceste direcţii în care acestea ar putea deteriora funcţionarea sistemului dvs.

Du-te la Start> Run şi de tip notepad.exe apoi faceţi clic pe OK

Copiaţi şi inseraţi mai jos în Notepad şi salvaţi ca fixme.reg pentru dvs. Spaţiul de lucru

Cod:

REGEDIT4 [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)] [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ MSMSGS] [-- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ paubftzz]

Localizaţi fixme.reg de pe desktop şi faceţi dublu-clic pe ea. Răspuns Da atunci când vi se cere să fuzioneze cu registri.

Asiguraţi-vă că spuneţi-mi dacă primiţi un mesaj de succes despre adăugarea de mai sus pentru a registry. Dacă nu primesc un mesaj de succes, aceasta nu funcţionează.

Ştergeţi fixme.reg de la Desktop.

----------

Java este de actualitate.

Versiunile mai vechi au vulnerabilities rău că site-uri pot utiliza pentru a infecta sistemul dumneavoastră.

Mai întâi instalaţi noul Sun Java Runtime Environment

Aveţi grijă să închideţi toate ferestrele browser-ului înainte de a începe instalarea.

Eliminaţi versiunea veche (e)

Descărca JavaRa

Dezarhiva fişier şi deschideţi JavaRa.exe
Faceţi clic pe Eliminaţi versiunile mai vechi
JavaRa va căuta şi de a elimina orice versiune de Java învechite şi eliminaţi-le pe cele care se găsesc.
Faceţi clic pe Activităţi suplimentare
Se pune un control de lângă Eliminaţi inutil JRE Fişiere şi faceţi clic pe Merge
Exit JavaRa
Ştergeţi JavaRa fişierele de pe spaţiul de lucru

----------

Pentru a scana fişierele suspecte

Vă rugăm să mergeţi la VirSCAN.org GRATUIT on-line, servicii de scanare
(Dacă mai mult de un fişier scanat are nevoie de ele trebuie să fie realizat separat şi jurnalele de post pentru fiecare dintre ele)

1. Copiaţi şi inseraţi următorul fişier de drum în Pentru a scana fişierele suspecte caseta din partea de sus a paginii.

Cod:

C: \ Windows \ system32 \ CF23987.exe

2. La încărcare site, faceţi clic o dată în interiorul ferestrei de lângă Răsfoire.
3. Apăsaţi Ctrl + V de pe tastatură (ambele în acelaşi timp) pentru a lipi fişierul calea în fereastra.
4. Click pe Încărcare buton.
Aceasta va efectua o scanare diferite pe mai multe motoare de scanare împotriva viruşilor.
Fişierul dvs. va fi, eventual, a intrat într-o coadă, care în mod normal durează mai puţin de un minut pentru a şterge.
Important: Aşteptaţi pentru toate motoarele de scanare pentru a finaliza.
5. Odată ce este completat de scanare defilaţi în jos şi faceţi clic pe Copiaţi în clipboard buton. Aceasta va copia link-ul de la raport în Clipboard.
6. Lipiţi conţinutul clipboard în următoarea replică.

----------

După postarea de VirSCAN.org rezultatele.

Descărca ATF Cleaner Atribune de pe Desktop.

Alternative download link

Notă: Vista utilizatorii trebuie să utilizeze Executare ca administrator

Sub Principal: Selectaţi Ştergere pentru a Fişiere alege: Selectaţi Toate.
Faceţi clic pe Empty Selected buton.
Dacă folosiţi browserul Firefox faceţi clic pe Firefox în partea de sus şi să alegeţi: Selectaţi Toate
Faceţi clic pe Empty Selected buton.
Dacă doriţi să vă păstraţi parolele salvate clicaţi Nu la prompt.
Dacă folosiţi browserul Opera faceţi clic pe Opera în partea de sus şi să alegeţi: Selectaţi Toate
Faceţi clic pe Empty Selected buton.
Dacă doriţi să vă păstraţi parolele salvate clicaţi Nu la prompt.
Faceţi clic pe Exit pe Meniul principal pentru a închide programul.

Reţineţi că sistemul dvs. va rula mai lent pentru un reboot sau două după ce au folosit acest instrument asa ca nu intra în panică.

Important: Reporniţi computerul înainte de a continua.

**redsowwer** · #8 16 octombrie 2008, 14:39

1. Succesul în Fixme.reg

2. Apoi, sunt aici de 2 fişierele jurnal ai vrut să-mi trimiteţi

A. JavaRa 1.11 Eliminarea Jurnal.
Raport urmează după linie.
------------------------------------
JavaRa procesul de îndepărtare a fost demarat la Thu 16 octombrie 17:23:09 2008
Găsite şi eliminate: C: \ Windows \ System32 \ jpicpl32.cpl
Găsite şi eliminate: C: \ Windows \ Installer \ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4
Găsite şi eliminate: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstal l \ (7148F0A8-6813-11D6-A77B-00B0D0142000)
Găsite şi eliminate: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA)
Găsite şi eliminate: SOFTWARE \ Classes \ CLSID \ (CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB)
Găsite şi eliminate: SOFTWARE \ Classes \ Installer \ Products \ 8A0F841731866D 117AB7000B0D410200
Găsite şi eliminate: SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installe r \ userdata \ S-1-5-18 \ Products \ 8A0F841731866D117AB7000B0D410200
Găsite şi eliminate: SOFTWARE \ Classes \ JavaPlugin.142
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Plug-in \ 1.4.2
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4.2
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Web Start \ 1.4.2
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_02
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_03
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Web Start \ 1.0.1_04
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Web Start \ 1.2
Găsite şi eliminate: SOFTWARE \ JavaSoft \ Java Web Start \ 1.2.0_01
------------------------------------
Terminate de raportare.

JavaRa 1.11 Eliminarea Jurnal.
Raport urmează după linie.
------------------------------------
JavaRa procesul de îndepărtare a fost demarat la Thu 16 octombrie 17:23:18 2008
------------------------------------
Terminate de raportare.

B. VirSCAN. Org scanate Raport:
Scanat timp: 2008/10/16 17:27:59 (EDT)
Scanner rezultate: Toate Scannere raportate nu găsi malware-ului!
Nume fişier: CF23987.exe
Dimensiune fişier: 389,120 octeţi
File Type: PE32 executabil pentru MS Windows (console) Intel 80386 pe 32 de biţi
MD5: b65faf059812f22a1058ecfcb520e47b
SHA1: 8148c039b0f0a166bc1a1801fe6d14716bdcec1f
Online raport: http://virscan.org/report/36cd3be0f2...66947033e.html
Scanner Motor Ver Sig Sig Ver Data Ora Scan rezultat
un-pătrat 4.0.0.16 2008.10.15 2008-10-15 1,54 --
AhnLab V3 ... .. - 0.18 --
AntiVir 7.9.0.5 7.0.7.51 2008-10-16 0,08 --
Antiy 2.0.18 20081016,1488960 2008-10-16 0,12 --
Arcavir 1.0.5 200810161244 2008-10-16 1,23 --
Authentium 5.1.1 200810150216 2008-10-15 1,17 --
Stai! 3.0.1 081015-0 2008-10-15 0,72 --
AVG 7.5.52.442 270.8.1/1728 2008-10-16 1,68 --
BitDefender 7.60825.1875439 7,21294 2008-10-17 3,13 --
CA (VET) 9.0.0.143 31.6.6151 2008-10-16 5,37 --
ClamAV 0,94 8435 2008 -10-17 0,13 --
Comodo 2,11 2.0.0.678 2008-10-16 0,44 --
CP Secure 1.1.0.715 2008.10.17 2008-10-17 6,26 --
Dr.Web 4.44.0.9170 2008.10.16 2008-10-16 3,41 --
ewido 4.0.0.2 2008.10.16 2008-10-16 2,90 --
F-Prot 4.4.4.56 20081016 2008-10-16 1,19 --
F-Secure 5.51.6100 2008 .10.16.09 2008-10-16 3,55 --
Fortinet 2.81-3.113 9,647 2008-10-15 0,23 --
GData 19.1058/19.65 20081016 2008-10-16 2,65 --
ViRobot 20081016 2008.10.16 2008-10-16 0,40 --
Ikarus T3.1.01.34 2008.10.16.71662 2008-10-16 3,99 --
JiangMin 11.0.706 2008.10.16 2008-10-16 1,26 --
Kaspersky 5.5.10 2008.10.16 2008-10-16 0,04 --
KingSoft 2008.9.8.18 2008.10.16.17 2008-10-16 0,66 --
McAfee 5.3.00 5406 2008-10-15 2,13 --
Microsoft 1,4005 2008.10.16 2008-10-16 3,93 --
mks_vir 2,01 2008.10.16 2008-10-16 2,75 --
Norman 5.93.01 5.93.00 2008-10-16 5,21 --
Panda 9.05.01 2008.10.16 2008-10-16 2,28 --
Trend Micro 8.700-1004 5.604.11 2008-10-16 0,03 --
Quick Heal 9,50 2008.10.16 2008-10-16 1,99 --
Rising 20,0 20.66.32.00 2008-10-16 0,77 --
Sophos 2.79.0 4,34 2008-10-17 1,86 --
Sunbelt 3.1.1728.1 2317 2008-10-16 0,48 --
Symantec 1.3.0.24 20081016,004 2008-10-16 0,05 --
nProtect 2008-10-16.00 2247055 2008-10-16 4,22 --
The Hacker 6.3.1.0 v00116 2008-10-16 0,45 --
VBA32 3.12.8.7 20081016,1009 2008-10-16 1,43 --
VirusBuster 4.5.11.10 10.90.4/651643 2008-10-16 0,99 --

**evilfantasy** · #9 16 octombrie 2008, 14:41

Descarca ComboFix de sUBs de la unul din link-urile de mai jos. Asiguraţi-vă că aţi început să-l salvaţi în Spaţiul de lucru.

Link # 1
Link # 2

** Notă: Este important că este salvat direct pe Desktop

Închideţi orice deschide browsere. (Firefox, Internet Explorer, etc), înainte de a începe ComboFix.

Temporar dezactiva al tău antivirus, Precum şi orice antispyware de protecţie în timp real înainte care efectuează o scanare. Faceţi clic pe acest link pentru a vedea o listă de programe de securitate care ar trebui să fie cu handicap şi modul de dezactivare a lor.

Faceţi dublu clic combofix.exe & urmăriţi solicitările.
Când aţi terminat ComboFix va produce un jurnal pentru tine.
Post de ComboFix jurnal în următoarea replică.

Important: Nu mouseclick ComboFix de fereastră în timp ce se execută. Care pot determina să-l băga în grajd.

Amintiţi-vă să vă reactiva de protecţie antivirus şi antispyware, atunci când ComboFix este completă.

**redsowwer** · #10 16 octombrie 2008, 15:11

ComboFix 08-10-16.01 - Proprietar 2008-10-16 17:52:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.95 [GMT -4:00]
Rularea de la: C: \ Documents and Settings \ Owner \ Desktop \ ComboFix.exe
* Creat un nou punct de restabilire
.
Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ jestertb.dll
D: \ autorun.inf
.
((((((((((((((((((((((((( Fişierele create de 2008-09-16 la 2008-10-16 ))))))))))) ))))))))))))))))))))
.
2008-10-16 16:16. 2008-10-16 16:17 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ WinZip
2008-10-16 15:56. 2008-10-16 16:23 <DIR> d -------- C: \ rsit
2008-10-16 15:19. 2008-10-16 15:19 <DIR> d -------- C: \ _OTMoveIt
2008-10-16 14:07. 2008-10-16 14:07 <DIR> d -------- C: \ Program Files \ Panda Security
2008-10-16 14:07. 2008-06-19 17:24 28.544 - a ------ C: \ Windows \ system32 \ drivers \ pavboot.sys
2008-10-16 13:20. 2008-10-16 13:20 <DIR> d -------- C: \ backup VundoFix
2008-10-16 12:26. 2008-10-16 12:26 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com
2008-10-16 12:25. 2008-10-16 13:40 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-10-16 12:25. 2008-10-16 12:25 <DIR> d -------- C: \ Documents and Settings \ Owner \ Application Data \ SUPERAntiSpyware.com
2008-10-16 11:08. 2008-10-16 11:08 <DIR> d -------- C: \ Windows \ system32 \ N360_BACKUP
2008-10-16 10:48. 2008-10-16 10:48 <DIR> d ---- c --- C: \ Windows \ system32 \ DRVSTORE
2008-10-16 10:47. 2008-10-16 10:47 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-10-16 10:24. 2008-10-16 10:24 <DIR> d -------- C: \ Program Files \ Windows Sidebar
2008-10-16 10:24. 2008-10-16 11:44 <DIR> d -------- C: \ Program Files \ Norton 360
2008-10-16 10:22. 2008-10-16 11:04 123,952 - a ------ C: \ Windows \ system32 \ drivers \ SYMEVENT.SYS
2008-10-16 10:22. 2008-10-16 11:04 60,800 - a ------ C: \ Windows \ system32 \ S32EVNT1.DLL
2008-10-16 10:22. 2008-10-16 11:04 10,671 - a ------ C: \ Windows \ system32 \ drivers \ SYMEVENT.CAT
2008-10-16 10:22. 2008-10-16 11:04 805 - a ------ C: \ Windows \ system32 \ drivers \ SYMEVENT.INF
2008-10-16 10:16. 2008-09-08 06:41 333.824 ----- c --- C: \ Windows \ system32 \ dllcache \ srv.sys
2008-10-16 10:15. 2008-08-14 06:11 2.189.184 ----- c --- C: \ Windows \ system32 \ dllcache \ ntoskrnl.exe
2008-10-16 10:15. 2008-08-14 06:09 2.145.280 ----- c --- C: \ Windows \ system32 \ dllcache \ Ntkrnlmp.exe
2008-10-16 10:15. 2008-08-14 05:33 2.066.048 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrnlpa.exe
2008-10-16 10:15. 2008-08-14 05:33 2.023.936 ----- c --- C: \ Windows \ system32 \ dllcache \ ntkrpamp.exe
2008-10-16 10:15. 2008-09-15 08:12 1.846.400 ----- c --- C: \ Windows \ system32 \ dllcache \ Win32k.sys
2008-10-16 10:09. 2008-10-16 10:10 <DIR> d -------- C: \ Documents and Settings \ Administrator \. Housecall6.6
2008-10-15 17:42. 2004-08-27 05:54 <DIR> d -------- C: \ Documents and Settings \ Administrator \ WINDOWS
2008-10-15 17:42. 2005-01-28 05:22 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ SampleView
2008-10-15 17:42. 2005-01-28 05:26 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ McAfee
2008-10-15 17:42. 2008-10-15 17:42 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Malwarebytes
2008-10-15 17:42. 2008-10-16 10:09 <DIR> d -------- C: \ Documents and Settings \ Administrator
2008-10-15 17:26. 2008-10-15 17:26 <DIR> d -------- C: \ Program Files \ NoNAV
2008-10-15 16:41. 2008-10-15 17:26 <DIR> d -------- C: \ SymNoNav
2008-10-15 16:22. 2008-10-15 17:27 <DIR> d -------- C: \ WINDOWS \ LMI42.tmp
2008-10-15 15:10. 2008-10-15 15:10 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-10-11 13:05. 2008-10-11 12:33 102,664 - a ------ C: \ Windows \ system32 \ drivers \ tmcomm.sys
2008-10-11 12:33. 2008-10-15 15:21 <DIR> d -------- C: \ Documents and Settings \ Owner \. Housecall6.6
2008-10-11 12:25. 2008-10-11 12:25 <DIR> d -------- C: \ WINDOWS \ duminică
2008-10-11 12:00. 2008-10-11 12:01 <DIR> d -------- C: \ Program Files \ CCleaner
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ Owner \ Application Data \ Malwarebytes
2008-10-11 11:38. 2008-10-11 11:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-10-11 11:38. 2008-09-10 00:04 38,528 - a ------ C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2008-10-11 11:38. 2008-09-10 00:03 17,200 - a ------ C: \ Windows \ system32 \ drivers \ mbam.sys
2008-09-23 13:17. 2008-09-23 13:17 133 - a ------ C: \ Documents and Settings \ All Users \ Application Data \ ustore.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 21:53 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-10-16 17:49 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-10-16 15:08 --------- d ----- w C: \ Documents and Settings \ Owner \ Application Data \ Symantec
2008-10-16 15:04 --------- d ----- w C: \ Program Files \ Symantec
2008-10-16 15:01 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-09-24 12:36 --------- d ----- w C: \ Program Files \ Common Files \ piersicii
2008-09-08 10:41 333.824 ---- Aw C: \ Windows \ system32 \ drivers \ srv.sys
2008-08-19 10:32 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2005-10-20 18:06 76-c ---- w C: \ Documents and Settings \ Owner \ Application Data \ wklnhst.dat
2005-05-27 00:43 0-csha-w C: \ WINDOWS \ SMINST \ HPCD.sys
2008-05-24 13:39 32.768-csha-w C: \ WINDOWS \ system32 \ config \ systemprofile \ Local Settings \ istoric \ History.IE5 \ MSHist012008052420080 525 \ index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4
[HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (D6EEB0C3-825E-4FBC-BE0F-38CD08E932FE)]
2004-08-04 15:00 105984 - a ------ C: \ windows \ system32 \ digestp.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayExcluded]
@ = "(4433A54A-1AC8-432F-90FC-85F045CF383C)"
[HKEY_CLASSES_ROOT \ CLSID \ (4433A54A-1AC8-432F-90FC-85F045CF383C)]
2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayPending]
@ = "(F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)"
[HKEY_CLASSES_ROOT \ CLSID \ (F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225)]
2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ shelliconoverlayidentifiers \ Ov erlayProtected]
@ = "(476D0EA3-80F9-48B5-B70B-05E677C9C148)"
[HKEY_CLASSES_ROOT \ CLSID \ (476D0EA3-80F9-48B5-B70B-05E677C9C148)]
2008-02-26 04:34 576352 - a ------ C: \ Program Files \ Common Files \ Symantec Shared \ Backup \ buShell.dll
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2005-01-28 98304]
"Adobe Photo Downloader" = "C: \ Program Files \ Adobe \ Photoshop Album Starter Edition \ 3.0 \ Apps \ apdproxy.exe" [2005-06-06 57344]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2008-04-19 185896]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2008-02-18 51048]
"osCheck" = "C: \ Program Files \ Norton 360 \ osCheck.exe" [2008-02-26 988512]
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Aparat Detector 3.lnk - C: \ Program Files \ Olympus \ DeviceDetector \ DevDtct2.exe [2007-06-27 114688]
Google Updater.lnk - C: \ Program Files \ Google \ Google Updater \ GoogleUpdater.exe [2007-06-04 125624]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE [2000-01-21 65588]
WinZip Quick Pick.lnk - C: \ Program Files \ WinZip \ WZQKPICK.EXE [2008-09-11 525664]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \ paubftzz]
2004-08-04 15:00 105984 C: \ Windows \ system32 \ digestp.dll
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ BigFix.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ BigFix.lnk
backup = C: \ WINDOWS \ pss \ BigFix.lnkCommon Startup
[HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk]
path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk
backup = C: \ WINDOWS \ pss \ Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ATIPTA]
- a - c --- 2004-11-12 01:10 344064 C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ccApp]
- a ------ 2008-02-18 15:37 51048 C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Ctfmon.exe]
- a ------ 2008-04-13 20:12 15360 C: \ Windows \ system32 \ Ctfmon.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ INCD]
- a ------ 2003-09-01 09:32 1200178 C: \ Program Files \ Ahead \ INCD \ InCD.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroCheck]
- a ------ 2001-07-09 15:50 155648 C: \ Windows \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ NeroFilterCheck]
- a ------ 2001-07-09 15:50 155648 C: \ Windows \ system32 \ NeroCheck.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Recguard]
- a - c --- 2002-09-13 16:42 212992 C: \ WINDOWS \ SMINST \ Recguard.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ RemoteControl]
- a - c --- 2003-10-31 23:42 32768 C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SunKistEM]
- a - c --- 2004-11-15 19:04 135168 C: \ Program Files \ Digital Media Reader \ shwiconEM.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ UpdateManager]
- a - c --- 2003-08-19 01:01 110592 C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ CHotkey]
- a - c --- 2004-05-17 22:30 543232 C: \ WINDOWS \ zHotkey.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ ShowWnd]
- a - c --- 2003-09-19 13:09 36864 C: \ WINDOWS \ ShowWnd.exe
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ SoundMan]
- a - c --- 2004-11-15 23:20 77824 C: \ WINDOWS \ SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile]
"EnableFirewall" = 0 (0x0)
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista]
"% WINDIR% \ \ system32 \ \ sessmgr.exe" =
"% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" =
R0 pavboot; pavboot; C: \ Windows \ system32 \ drivers \ pavboo t.sys [2008-06-19 28544]
R0 shsizubv; shsizubv; C: \ Windows \ system32 \ drivers \ shsi zubv.sys [2004-08-04 23424]
S3 COH_Mon; COH_Mon; C: \ WINDOWS \ system32 \ drivers \ COH_Mo n.sys [2008-07-30 23888]
S3 VNUSB; VN Seria Device; C: \ WINDOWS \ system32 \ drivers \ VNUSB.sys [2003-12-15 38448]
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs
qfbydciq
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (4f63278d-8557-11d9-be24-806d6172696f)]
\ Shell \ AutoRun \ command - C: \ Windows \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (e1ec6b61-710a-11d9-b301-806d6172696f)]
\ Shell \ AutoRun \ command - C: \ Windows \ system32 \ RunDLL32.EXE Shell32.DLL, ShellExec_RunDLL Info.exe folder.htt 480 480
* Newly Created Service * - COMHOST
* Newly Created Service * - PROCEXP90
.
Cuprins de la "Activităţi programate" dosar
2008-10-12 C: \ WINDOWS \ Tasks \ automată Full Backup.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
2008-10-15 C: \ WINDOWS \ Tasks \ Daily Changed Files.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
2008-10-11 C: \ WINDOWS \ Tasks \ PEACTREE Săptămânal INAPOI UP.job
- C: \ Program Files \ Stomp \ Backup MyPC \ System \ bestart.exe [2003-10-30 04:10]
.
- - - - ORFANI ELIMINAT - - - --
Bara de instrumente-ID - (no file)

.
------- Suplimentare Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.emachines.com/
R0 -: HKCU-Main, SearchMigratedDefaultURL = hxxp: / / www.google.com/search?q = (searchTerms) & sourceid = ie7 & SLR = com.micros oft: en-US & ie = utf8 & OE = utf8
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & xportaţi la Microsoft Excel - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:54:24
Windows 5.1.2600 Service Pack 3 NTFS
scanare ascuns procese ...
scanare ascuns autostart intrări ...
scanare fişiere ascunse ...
scanare sa finalizat cu succes
fişiere ascunse: 0
************************************************** ************************
.
Completion time: 2008-10-16 17:56:31
ComboFix-carantină-files.txt 2008-10-16 21:56:27
Pre-Run: 142914838528 bytes liber
Post-Run: 142911078400 bytes liber
WindowsXP-KB310994-SP2-Home-boot-ENU.exe
[boot loader]
timeout = 2
default = multi (0) disk (0) rdisk (0) partition (1) \ WINDOW S
[sisteme de operare]
C: \ Cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons
multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Home Edition" / noexecute = OptIn / fastdetect
208 --- EOF --- 2008-10-16 15:20:49