Wimad E-virus????

jonofisher · #1 21 Sep 2008, 16:43

HI Evil Fantasy - Sunt cu o problemă similară la alt utilizator de aici. Am descarcat si rulat combofix, producţia de care este de mai jos. Am aprecia foarte mult sprijinul de care ai putea fi în măsură să ofere. Ştiu că fişierul de troieni a venit în - Am încercat să-l ştergeţi, dar Windows nu va lasa-ma sa - spune că este în uz. Orice gândurile ar fi cel mai bine ai venit.

Mulţumesc

ComboFix 08-09-20.05 - Administrator 2008-09-22 0:29:51.1 -- FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.254 [GMT 1:00]
Rularea de la: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Creat un nou punct de restabilire
AVERTISMENT-această maşină nu are instalat Consola de recuperare!!
.
Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ 2o7 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ad.yi eldmanager [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ adver tising [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-baa.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-discoverynetwork.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-mastercard.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ehg-tfl.hitbox [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ foxto ns.co [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ hit-uri. gureport.co [1]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ ştiri. uk.msn [2]. txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ revsc i [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ rtm [6]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ ng servi-sys [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ specificaţiile ficclick [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ statc ounter [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ths.n ews.com [2]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ comerţului Dublor [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator @ tsw0 [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@ww0.t imeout [1]. Txt
C: \ Documents and Settings \ Administrator \ Cookies \ administrator@www.r eed.co [2]. Txt
C: \ Windows \ system32 \ lsprst7.dll
.
((((((((((((((((((((((((( Fişierele create de 2008-08-21 la 2008-09-21 ))))))))))) ))))))))))))))))))))
.
2008-09-22 00:28. 2008-09-16 01:03 <DIR> d -------- C: \ 32788R22FWJFW
2008-09-22 00:00. 2008-09-22 00:00 <DIR> d -------- C: \ Program Files \ exterminăm It!
2008-09-14 21:22. 2008-04-14 01:12 221,184 - a ------ C: \ Windows \ system32 \ wmpns.dll
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ Windows \ system32 \ scripting
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ Windows \ system32 \ en
2008-09-14 20:54. 2008-09-14 20:54 <DIR> d -------- C: \ WINDOWS \ l2schemas
2008-09-14 20:27. 2008-04-13 18:28 2.940.928 --------- C: \ Windows \ system32 \ dllcache \ wmploc.dll
2008-09-14 20:26. 2008-04-14 01:10 844,314 --------- C: \ Windows \ system32 \ dllcache \ msdxm.ocx
2008-09-13 18:04. 2008-09-13 18:04 <DIR> d -------- C: \ Program Files \ Java
2008-09-13 18:04. 2008-09-13 18:05 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ LimeWire
2008-09-13 18:04. 2008-06-10 02:32 73,728 - a ------ C: \ Windows \ system32 \ javacpl.cpl
2008-09-13 18:03. 2008-09-13 18:03 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2008-09-13 18:00. 2008-09-13 18:00 <DIR> d -------- C: \ Program Files \ LimeWire
2008-09-13 12:43. 2008-09-13 12:43 <DIR> d -------- C: \ Program Files \ iDump
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 12:08. 2008-09-13 12:08 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Apple Computer
2008-09-13 12:08. 2008-04-17 13:12 107,368 - a ------ C: \ Windows \ system32 \ GEARAspi.dll
2008-09-13 12:08. 2008-04-17 13:12 15,464 - a ------ C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ QuickTime
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Program Files \ Bonjour
2008-09-13 12:07. 2008-09-13 12:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Windows \ system32 \ DRVSTORE
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Program Files \ Apple Software Update
2008-09-13 12:06. 2008-09-13 12:06 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Apple
2008-09-06 15:09. 2008-09-06 15:09 90,112 - a ------ C: \ Windows \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57,344 - a ------ C: \ Windows \ system32 \ QuickTime.qts
2008-08-29 10:18. 2008-08-29 10:18 87,336 - a ------ C: \ Windows \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61,440 - a ------ C: \ Windows \ system32 \ dnssd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 07:37 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ skypePM
2008-08-03 07:35 --------- d ----- w C: \ Documents and Settings \ Administrator \ Application Data \ Skype
2008-08-03 07:32 --------- d ----- w C: \ Program Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Program Files \ Common Files \ Skype
2008-08-03 07:31 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Skype
2008-07-18 21:10 94.920 ---- Aw C: \ Windows \ system32 \ dllcache \ cdm.dll
2008-07-18 21:10 94.920 ---- Aw C: \ Windows \ system32 \ cdm.dll
2008-07-18 21:10 53.448 ---- Aw C: \ Windows \ system32 \ wuauclt.exe
2008-07-18 21:10 53.448 ---- Aw C: \ Windows \ system32 \ dllcache \ wuauclt.exe
2008-07-18 21:10 45.768 ---- Aw C: \ Windows \ system32 \ wups2.dll
2008-07-18 21:10 36.552 ---- Aw C: \ Windows \ system32 \ wups.dll
2008-07-18 21:10 36.552 ---- Aw C: \ Windows \ system32 \ dllcache \ wups.dll
2008-07-18 21:09 563.912 ---- Aw C: \ Windows \ system32 \ wuapi.dll
2008-07-18 21:09 563.912 ---- Aw C: \ Windows \ system32 \ dllcache \ wuapi.dll
2008-07-18 21:09 325.832 ---- Aw C: \ Windows \ system32 \ wucltui.dll
2008-07-18 21:09 325.832 ---- Aw C: \ Windows \ system32 \ dllcache \ wucltui.dll
2008-07-18 21:09 205.000 ---- Aw C: \ Windows \ system32 \ wuweb.dll
2008-07-18 21:09 205.000 ---- Aw C: \ Windows \ system32 \ dllcache \ wuweb.dll
2008-07-18 21:09 1.811.656 ---- Aw C: \ Windows \ system32 \ Wuaueng.dll
2008-07-18 21:09 1.811.656 ---- Aw C: \ Windows \ system32 \ dllcache \ Wuaueng.dll
2008-07-07 20:26 253.952 ---- Aw C: \ Windows \ system32 \ es.dll
2008-07-07 20:26 253.952 ------ w C: \ Windows \ system32 \ dllcache \ es.dll
2008-06-26 08:15 619.520 ------ w C: \ Windows \ system32 \ dllcache \ urlmon.dll
2008-06-26 08:15 1.499.136 ------ w C: \ Windows \ system32 \ dllcache \ Shdocvw.dll
2008-06-24 16:43 74.240 ---- Aw C: \ Windows \ system32 \ mscms.dll
2008-06-24 16:43 74.240 ------ w C: \ Windows \ system32 \ dllcache \ mscms.dll
2008-06-23 15:09 666.112 ---- Aw C: \ Windows \ system32 \ Wininet.dll
2008-06-23 15:09 666.112 ------ w C: \ Windows \ system32 \ dllcache \ Wininet.dll
2008-06-23 15:09 3.067.392 ------ w C: \ Windows \ system32 \ dllcache \ Mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Windows \ system32 \ Ctfmon.exe" [2008-04-14 15360]
"swg" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2008-04-21 68856]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-06-27 580096]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"bgsmsnd.exe" = "C: \ Windows \ system32 \ bgsmsnd.exe" [2007-11-19 160136]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"S3TRAY2" = "S3Tray2.exe" [2001-10-11 C: \ Windows \ system32 \ S3Tray2.exe]
"AGRSMMSG" = "AGRSMMSG.exe" [2003-06-27 C: \ WINDOWS \ AGRSMMSG.exe]
"ATIModeChange" = "Ati2mdxx.exe" [2001-09-04 C: \ Windows \ system32 \ Ati2mdxx.exe]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-04-19 219136]
[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista]
"% WINDIR% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =
"C: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" =
"C: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
R3 Tp4Track; IBM PS / 2 TrackPoint Driver; C: \ WINDOWS \ system32 \ drivers \ tp4track.sys [2003-05-15 13904]
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ (f1882860-129d-11dd-89b6-000d60cb61ce)]
\ Shell \ AutoRun \ command - E: \ LaunchU3.exe
* Newly Created Service * - PROCEXP90
.
Cuprins de la "Activităţi programate" dosar
.
.
------- Suplimentare Scan -------
.
R0 -: HKCU-Main, Start Page = hxxp: / / www.google.co.uk/
R0 -: HKCU-Main, Search Page = hxxp: / / www.google.com
R0 -: HKCU-Main, Search Bar = hxxp: / / www.google.com / adică
R1 -: HKCU-Internet Settings, ProxyOverride = *. local
R1 -: HKCU-SearchURL, (Default) = hxxp: / / www.google.com/search?q =% s
O8 -: E & xportaţi la Microsoft Excel - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O16 -: (2DAD3559-2923-4935-AD49-B673D2539944) - hxxp: / / www-307.ibm.com/pc/support/acpir.cab
C: \ WINDOWS \ Downloaded Program Files \ acpir.inf
C: \ Windows \ system32 \ capicom.dll
C: \ WINDOWS \ Downloaded Program Files \ acpir2.dll
O16 -: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) - hxxps: / / www.select2perform.eu/cabs/QOLCheck.ocx
C: \ WINDOWS \ Downloaded Program Files \ QOLCheck.ocx
.
************************************************** ************************
catchme 0.3.1361 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 00:32:33
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanare ascuns procese ...
scanare ascuns autostart intrări ...
scanare fişiere ascunse ...
scanare sa finalizat cu succes
fişiere ascunse: 0
************************************************** ************************
.
--------------------- DLLs Loaded Sub Running Processes ---------------------
Proces: C: \ Windows \ system32 \ winlogon.exe
-> C: \ Windows \ system32 \ Ati2evxx.dll
.
Completion time: 2008-09-22 0:33:07
ComboFix-carantină-files.txt 2008-09-21 23:33:06
Pre-Run: 9484075008 octeţi liber
Post-Run: 9686056960 octeţi liber
167 --- EOF --- 2008-09-16 07:01:45

**evilfantasy** · #2 21 Sep 2008, 17:37

Descărca TrendMicro HijackThis.exe (HJT) pe desktop.

Faceţi dublu-clic pe HJTInstall.
Click pe Instalaţi buton.
Se va transforma automat în loc HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
După instalare, HijackThis ar trebui să se deschidă pentru tine.
Click pe Fă-un sistem de scanare şi salva un fişier de log buton
HijackThis va scana şi apoi un jurnal se va deschide în Notepad.
Copiaţi şi apoi inseraţi întregul conţinut al jurnalului în post.
Nu au HijackThis repara nimic încă. Cea mai mare parte a ceea ce se constată va fi inofensiv sau chiar sunt necesare.

jonofisher · #3 21 Sep 2008, 23:43

Multumesc pentru ajutor. ieşire de fişier de mai jos:

Logfile de Trend Micro HijackThis v2.0.2
Scan salvate la 07:40:46, pe 22/09/2008
Platforma: Windows XP SP3 (WINNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Rularea procese:
C: \ Windows \ system32 \ smss.exe
C: \ Windows \ system32 \ winlogon.exe
C: \ Windows \ system32 \ services.exe
C: \ Windows \ system32 \ lsass.exe
C: \ Windows \ system32 \ ibmpmsvc.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ svchost.exe
C: \ Windows \ system32 \ Ati2evxx.exe
C: \ Windows \ system32 \ Spoolsv.exe
C: \ WINDOWS \ AGRSMMSG.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Windows \ system32 \ bgsmsnd.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Windows \ system32 \ Ctfmon.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ LimeWire \ LimeWire.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ explorer.exe
C: \ Windows \ system32 \ wuauclt.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = *. local
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Skype add-on (cap) - (22BF413B-C6D2-4d91-82A9-A0F997BA588C) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O2 - BHO: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ Windows \ system32 \ bgstb.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ googletoolbar1.dll
O3 - Toolbar: pdfMachine - (56CF4856-ECB4-4e46-A897-A378821F97B9) - C: \ Windows \ system32 \ bgstb.dll
O4 - HKLM \ .. \ Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / startup
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [bgsmsnd.exe] C: \ Windows \ system32 \ bgsmsnd.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ Windows \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Skype - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ Toolbars \ Internet Explorer \ SkypeIEPlugin.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (2DAD3559-2923-4935-AD49-B673D2539944) (IASRunner Class) -- http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: (483EB14D-AF1C-4951-81B0-4E2B41829FF6) (QOLCheck Control) -- https: / / www.select2perform.eu/cabs/QOLCheck.ocx
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ Windows \ system32 \ Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C: \ Windows \ system32 \ ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 1150 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
--
Sfârşit de fişier - 6502 bytes

**evilfantasy** · #4 22 Sep 2008, 07:42

Nu pot vedea nici un malware-ului, ce probleme ai?

Puteţi rula scanează aici http://www.computer-juice.com/forums...-posting-7476/ şi post de când jurnalele complet. Uită-te la AVG informaţii. Ai nevoie de actualizare a ta.

jonofisher · #5 22 Sep 2008, 10:38

Max Evilfantasy - multumesc. Problema este aceasta: un suspect a fost descărcat de mp3 LimeWire. Cred că a fost dublu clic pe, şi, desigur, a fost o încercare de a încărca în iTunes. (Cu toate acestea, nu va fi fost difuzate cu media player - nu folosiţi că - nu contează că după cum am citit undeva ca wimad utilizează Windows MediaPlayer vulnerabilitate). Apoi am scanat cu AVG fişier care a crescut Wimad E. Dar obiceiul pare că lasă-mă să-l sau şterge-o de carantină Mai mult, dacă am încerca să ştergeţi fişierul, ferestre spune că fişierul este în uz şi, prin urmare, nu pot fi şterse .

Eu voi trece prin paşii pe care sugerează că de pe alte pagini.

Mulţumesc

**evilfantasy** · #6 22 Sep 2008, 10:41

Post jurnalul de la MalwareBytes. În cazul în care nu-l găsiţi, vom folosi un alt scanerului pentru al găsi.

Similar Threads
Fir	Thread Starter	Forum	Răspunsurile	Ultimul mesaj
Nume Întrebare - Poate cineva sa-mi spui dacă am putea avea un virus	billozz	Nume, Spyware & Securitate	1	2 aprilie 2009 13:58
Prietenii mei MAC are un virus ... Umm ... da ... un virus ...	cheesepuff	Nume, Spyware & Securitate	3	29 octombrie 2008 12:58
Am mai avea doar un virus.	xXeneXx	Nume, Spyware & Securitate	2	28 octombrie 2008 17:26
Vă rugăm să Vă rugăm să Pleeease Ajutor, Wimad E-virus????	LiamRepiso	Nume, Spyware & Securitate	16	10 Sep 2008 04:39
Nume	lolli_pop	Nume, Spyware & Securitate	13	17 noiembrie 2007 09:42