|
| |||||||
| Inregistrare | Site-ul Spy | Lista de stat | Doneaza | Căuta | Posturi de azi | Marchează forumurile citite | Forum Regulamentul |
 |
 |
| | Thread Tools |
|
#1
28 Sep 2007, 17:13
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet Numele meu este Tatjana şi im disperată de ajutor, a incercat aproape orice virus de scanare acolo, dar nu de noroc. Am încercat să descărcaţi smitfraud repara, dar acesta nu a putut fi safed deoarece sursa nu a putut fi găsit "sau" eroare necunoscută ".. exact aceeaşi problemă ca tipul asta" bine i păstra achiziţie stupid pop ups spune-mi PC se află sub prin ameninţare de activităţi / bara de instrumente, precum şi o mare cruce roşie flash-uri în bara de activităţi şi mi tapet pe spaţiul de lucru modificări la un fond roşu un mare simbol imagine, şi Norton jargon vedea acest lucru, unul dintre cele apar bule de la bara de activităţi / bara de instrumente spune că sa trojan32.looksky şi, de asemenea, casa mea de pe pagina de IE sa schimbat în ucleaner.com, final curate 2007, whicjh este un fals spyware lucru scanare / remover " te rog ajută-mă!! jurnalul meu Logfile de HijackThis v1.99.1 Scan salvat de la 7:26:18, pe 9.28.2007 Platforma: Windows XP SP2 (WINNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Rularea procese: C: \ Windows \ system32 \ smss.exe C: \ Windows \ system32 \ winlogon.exe C: \ Windows \ system32 \ services.exe C: \ Windows \ system32 \ lsass.exe C: \ Windows \ system32 \ Ati2evxx.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ brsvc01a.exe C: \ Windows \ system32 \ brss01a.exe C: \ Windows \ system32 \ Spoolsv.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe C: \ Program Files \ Intel \ Modem Eveniment Monitor \ IntelMEM.exe C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe C: \ Windows \ system32 \ Rundll32.exe C: \ Program Files \ Dell \ Media Experienţa \ PCMService.exe C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe C: \ Windows \ system32 \ dla \ tfswctrl.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe C: \ Program Files \ BroadJump \ Client Fundatia \ CFD.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe C: \ Program Files \ Yahoo! \ Yahoo! Muzica Motor \ ymetray.exe C: \ Program Files \ Yahoo! \ Antivirus \ CAVTray.exe C: \ Program Files \ Yahoo! \ Antivirus \ CAVRID.exe C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE C: \ Program Files \ QuickTime \ QTTask.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Webroot \ Spy dragor \ SpySweeperUI.exe C: \ Windows \ system32 \ WTablet \ TabUserW.exe C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ acsd.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Yahoo! \ Antivirus \ ISafe.exe C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe C: \ Windows \ system32 \ CTsvcCDA.EXE C: \ Program Files \ CIFPFiltering \ FilterService.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe C: \ Program Files \ Eset \ nod32krn.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ Tablet.exe C: \ Program Files \ Yahoo! \ Antivirus \ VetMsg.exe C: \ WINDOWS \ wanmpsvc.exe C: \ Program Files \ Webroot \ Spy dragor \ SpySweeper.exe C: \ Windows \ system32 \ MsPMSPSv.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Windows \ system32 \ wscntfy.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Windows \ system32 \ wuauclt.exe C: \ Program Files \ Webroot \ Spy dragor \ SSU.EXE C: \ WINDOWS \ explorer.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrowser.exe C: \ Program Files \ Hijackthis \ HijackThis.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyServer = 127.0.0.1:8080 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = locale N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blažević \ Application Data \ Mozilla \ Profiles \ implicit \ mhiwv3o3.slt \ prefs.js) N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana Blažević \ Application Data \ Mozilla \ Profiles \ implicit \ mhiwv3o3.slt \ prefs.js) O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ Windows \ system32 \ dla \ tfswshx.dll O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Instalează \ cpn \ yt.dll O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe" O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Eveniment Monitor \ IntelMEM.exe" O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experienţa \ PCMService.exe" O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r O4 - HKLM \ .. \ Run: [dla] C: \ Windows \ system32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Fundatia \ CFD.exe" O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask O4 - HKLM \ .. \ Run: [VirusScan Online] C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsshld.exe O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe" O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Muzica Motor \ ymetray.exe" O4 - HKLM \ .. \ Run: [CaAvTray] "C: \ Program Files \ Yahoo! \ Antivirus \ CAVTray.exe" O4 - HKLM \ .. \ Run: [CAVRID] "C: \ Program Files \ Yahoo! \ Antivirus \ CAVRID.exe" O4 - HKLM \ .. \ Run: [YOP] "C: \ PROGRA ~ 1 \ Yahoo! \ YOP \ yop.exe" / autostart O4 - HKLM \ .. \ Run: [EPSON stylus Photo R340 Seria] "C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON stylus Photo R340 Seria" / O6 "USB002 "/ M" stylus Photo R340 " O4 - HKLM \ .. \ Run: [nod32kui] "C: \ Program Files \ Eset \ nod32kui.exe" / WAITSERVICE O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [SpySweeper] "C: \ Program Files \ Webroot \ Spy dragor \ SpySweeperUI.exe" / startintray O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Etalonare \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Etalonare \ Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe O4 - Global Startup: APC UPS Status.lnk =? O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe O4 - Global Startup: TabUserW.exe.lnk = C: \ Windows \ system32 \ WTablet \ TabUserW.exe O9 - Extra buton: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file) O9 - Extra button: MUSICMATCH MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fişierul lipseşte) O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C: \ Windows \ system32 \ WRLogonNTF.dll O21 - SSODL: MSSQL - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll O21 - SSODL: syscore - (D5B03680-4BC8-8880-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll O21 - SSODL: msmhost - (69F3A520-2471-4FF3-8139-ECFD56DED8DB) - C: \ WINDOWS \ msmhost.dll O21 - SSODL: msmdev - (E8E8584D-8FA5-4641-A934-8A93158794E9) - C: \ WINDOWS \ msmdev.dll O23 - Service: Adobe active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe O23 - Service: Adobe active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ acsd.exe O23 - Service: APC UPS Service - American Power Conversiilor Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C: \ Windows \ system32 \ Ati2evxx.exe O23 - Service: BrSplService (Brother Spl XP Service) - fratele Industries Ltd - C: \ Windows \ system32 \ brsvc01a.exe O23 - Service: CAISafe - Computer Associates International, Inc - C: \ Program Files \ Yahoo! \ Antivirus \ ISafe.exe O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe O23 - Service: Creative Service pentru CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.EXE O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Program Files \ CIFPFiltering \ FilterService.exe O23 - Service: IAA Eveniment Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Etichetarea Service (LightScribeService) - Unknown owner - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe O23 - Service: McAfee.com VirusScan Online real Engine (MCVSRte) - Networks Associates Technology, Inc - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C: \ Program Files \ Eset \ nod32krn.exe O23 - Service: TabletService - Wacom Technology, Corp - C: \ Windows \ system32 \ Tablet.exe O23 - Service: VET serviciul de mesaje (VETMSGNT) - Computer Associates International, Inc - C: \ Program Files \ Yahoo! \ Antivirus \ VetMsg.exe O23 - Service: WAN miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe O23 - Service: Webroot Spy dragor Engine (WebrootSpySweeperService) - Webroot Software, Inc - C: \ Program Files \ Webroot \ Spy dragor \ SpySweeper.exe O23 - Service: YPCService - Yahoo! Inc - C: \ Windows \ system32 \ YPCSER ~ 1.EXE |
|
#2
28 Sep 2007, 17:55
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet Max Tatjana, Bine ati venit la TCF. * * Important Redenumiţi fişierul Hijackthis.exe la Analyze.exe. Acest lucru este important deoarece unele forme noi de malware poate ascunde de la HijackThis.exe. Click dreapta pe fişier în HijackThis.exe C: \ Program Files \ HijackThis şi alegeţi o redenumiţi. Tip în Analyze.exe şi apăsaţi tasta Enter. Click dreapta pe fişier şi Analyze.exe trimite la spaţiul de lucru pentru a crea o comandă rapidă. ============================ Se pare că aveţi mai mult de un antivirus instalat. Dacă da, vă rugăm să mergeţi la Add / Remove Programs şi dezinstalează toate, dar o. După mai mult de un antivirus nu este necesar şi poate provoca conflicte. ============================ Dezactivaţi Spybot lui TeaTimer. În timp ce TeaTimer este un excelent instrument de prevenire a spyware, poate împiedica uneori instrumentele noastre de stabilire a anumitor lucruri. Vă rugăm să dezactivaţi TeaTimer de acum până când nu sunt curate. TeaTimer poate fi re-activat o dată vă jurnalele sunt curate. * Open Spybot Search & Destroy. * În modul meniu, faceţi clic pe "Modul avansat"Dacă nu este deja selectată. * Alege "Da"Atenţie la prompt. * Extindeţi "Instrumente"Meniu. * Click "Rezident". * Debifaţi "Rezident "TeaTimer" (Protecţia sistem global de configurare) activă."Cutie. * În meniul Fişier, faceţi clic pe "Exit"Pentru a ieşi Spybot Search & Destroy. + Puteţi reactiva TeaTimer când suntem gata. ============================= Vă rugăm să descărcaţi ATF Cleaner de Atribune. Aceasta va ajuta la orice scanează rula mai repede. ATF Cleaner.exe Acest program nu are nevoie de o instalaţie. De fapt, executabil execută programul. NOTĂ: ATF Cleaner va şterge toate fişierele de la elementele care sunt verificate, deci, dacă aveţi unele cookie-urile pe care doriţi să-l salveze. Vă rugăm să mutaţi-le într-un alt director primele. * Faceţi dublu-clic pe ATF-Cleaner.exe pentru a rula acest program. * Sub Main alege: Selectaţi Toate * Faceţi clic pe Empty Selected buton. Dacă utilizaţi Firefox browser * Click Firefox în partea de sus şi să alegeţi: Selectaţi Toate * Faceţi clic pe Gol Selectate buton. NOTĂ: Dacă doriţi să vă păstraţi salvează parole, vă rugăm să faceţi clic pe Nu la prompt. Dacă utilizaţi Opera browser * Faceţi clic Opera în partea de sus şi să alegeţi: Selectaţi Toate * Faceţi clic pe Empty Selected buton. NOTĂ: Dacă doriţi să vă păstraţi salvează parole, vă rugăm să faceţi clic pe Nu la prompt. Faceţi clic pe Exit cu privire la principalele ATF Cleaner de meniu pentru a închide programul. =============================== 1. Descărcaţi acest fişier combofix.exe 2. Faceţi dublu clic combofix.exe & urmăriţi solicitările. 3. Când aţi terminat, se produce un jurnal pentru tine. Post că intraţi în următoarea replică. Notă: Nu mouseclick combofix fereastra în timp ce se execută. Care pot determina să-l băga în grajd. ===================================== În următorul post, vă rugăm să adăugaţi: Combofix jurnal Un proaspăt şi redenumite HijackThis log 
__________________  |
|
#3
28 Sep 2007, 18:31
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet De asemenea: Lasă-mă să ştiu cum lucrurile sunt acum.
__________________ |
|
#4
29 Sep 2007, 22:23
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet Max evilfantasy-thx pentru a răspunde rapid .. calculatorul meu este să ruleze foarte încet şi a luat-o oră postaţi acest .. Am făcut ceea ce mi-a spus să-dezinstalată antivirus NOD32, spysweeper, Yahoo şi de protecţie online .. Am ataşat combofix de jurnal şi aici este hijackthis log. Logfile de HijackThis v1.99.1 Scan salvat de la 1:11:41, pe 9.30.2007 Platforma: Windows XP SP2 (WINNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Rularea procese: C: \ Windows \ system32 \ smss.exe C: \ Windows \ system32 \ winlogon.exe C: \ Windows \ system32 \ services.exe C: \ Windows \ system32 \ lsass.exe C: \ Windows \ system32 \ Ati2evxx.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ brss01a.exe C: \ Windows \ system32 \ Spoolsv.exe C: \ WINDOWS \ Explorer.exe C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ acsd.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe C: \ Windows \ system32 \ CTsvcCDA.EXE C: \ Program Files \ CIFPFiltering \ FilterService.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ Tablet.exe C: \ WINDOWS \ wanmpsvc.exe C: \ Windows \ system32 \ MsPMSPSv.exe C: \ Windows \ system32 \ wscntfy.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe C: \ Program Files \ Intel \ Modem Eveniment Monitor \ IntelMEM.exe C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe C: \ Windows \ system32 \ Rundll32.exe C: \ Program Files \ Dell \ Media Experienţa \ PCMService.exe C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe C: \ Windows \ system32 \ dla \ tfswctrl.exe C: \ Windows \ system32 \ wuauclt.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe C: \ Program Files \ BroadJump \ Client Fundatia \ CFD.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe C: \ Program Files \ Yahoo! \ Yahoo! Muzica Motor \ ymetray.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE C: \ Program Files \ QuickTime \ QTTask.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Windows \ system32 \ WTablet \ TabUserW.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ HijackThis \ Analyze.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyServer = 127.0.0.1:8080 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = locale N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blažević \ Application Data \ Mozilla \ Profiles \ implicit \ mhiwv3o3.slt \ prefs.js) N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana Blažević \ Application Data \ Mozilla \ Profiles \ implicit \ mhiwv3o3.slt \ prefs.js) O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ Windows \ system32 \ dla \ tfswshx.dll O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe" O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Eveniment Monitor \ IntelMEM.exe" O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experienţa \ PCMService.exe" O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r O4 - HKLM \ .. \ Run: [dla] C: \ Windows \ system32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Fundatia \ CFD.exe" O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe" O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Muzica Motor \ ymetray.exe" O4 - HKLM \ .. \ Run: [EPSON stylus Photo R340 Seria] "C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON stylus Photo R340 Seria" / O6 "USB002 "/ M" stylus Photo R340 " O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Etalonare \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Etalonare \ Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe O4 - Global Startup: APC UPS Status.lnk =? O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe O4 - Global Startup: TabUserW.exe.lnk = C: \ Windows \ system32 \ WTablet \ TabUserW.exe O9 - Extra buton: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file) O9 - Extra button: MUSICMATCH MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fişierul lipseşte) O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O21 - SSODL: MSSQL - (9516DDA8-E023-4472-A7C0-12A7A4834359) - C: \ WINDOWS \ mssql.dll O21 - SSODL: syscore - (D5B03680-4BC8-8880-80A4-C9BAC2A7A341) - C: \ WINDOWS \ syscore.dll O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (fişierul lipseşte) O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (fişierul lipseşte) O23 - Service: Adobe active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe O23 - Service: Adobe active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ acsd.exe O23 - Service: APC UPS Service - American Power Conversiilor Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C: \ Windows \ system32 \ Ati2evxx.exe O23 - Service: BrSplService (Brother Spl XP Service) - fratele Industries Ltd - C: \ Windows \ system32 \ brsvc01a.exe O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe O23 - Service: Creative Service pentru CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.EXE O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Program Files \ CIFPFiltering \ FilterService.exe O23 - Service: IAA Eveniment Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Etichetarea Service (LightScribeService) - Unknown owner - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe O23 - Service: McAfee.com VirusScan Online real Engine (MCVSRte) - Networks Associates Technology, Inc - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe O23 - Service: TabletService - Wacom Technology, Corp - C: \ Windows \ system32 \ Tablet.exe O23 - Service: WAN miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe |
|
#5
30 Sep 2007, 00:49
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet Deschide HijackThis şi selectaţi "Fă-un sistem de scanare numai"Şi un semn de selectare lângă aceste intrări. R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2 O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O9 - Extra button: (no name) - (CD67F990-D8E9-11D2-98FE-00C0F0318AFE) - (no file) O9 - Extra button: MUSICMATCH MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fişierul lipseşte) O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- Închideţi toate ferestrele de browser inclusiv aceasta şi apoi faceţi clic pe "Fix verificate" Reporniţi computerul şi posta un nou log HijackThis. Spune-mi cum lucrurile sunt acum.
__________________ |
|
#6
30 Sep 2007, 08:16
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet helllo, ahh computerul meu final, nu are annoying ferestre pop up avertismente, şi de cele trei icoane de scanare de viruşi care au fost instalate pe computer sunt, de asemenea, a dus, yeeeah ..  Se pare ca totul este reveni la normal, pe fond roşu este, de asemenea, a plecat. Aici este jurnalul.Logfile de HijackThis v1.99.1 Scan salvate la 11:03:37, pe 9.30.2007 Platforma: Windows XP SP2 (WINNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Rularea procese: C: \ Windows \ system32 \ smss.exe C: \ Windows \ system32 \ winlogon.exe C: \ Windows \ system32 \ services.exe C: \ Windows \ system32 \ lsass.exe C: \ Windows \ system32 \ Ati2evxx.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ Spoolsv.exe C: \ Windows \ system32 \ brss01a.exe C: \ WINDOWS \ Explorer.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe C: \ Program Files \ Intel \ Modem Eveniment Monitor \ IntelMEM.exe C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe C: \ Windows \ system32 \ Rundll32.exe C: \ Program Files \ Dell \ Media Experienţa \ PCMService.exe C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe C: \ Windows \ system32 \ dla \ tfswctrl.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe C: \ Program Files \ BroadJump \ Client Fundatia \ CFD.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe C: \ Program Files \ Yahoo! \ Yahoo! Muzica Motor \ ymetray.exe C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ acsd.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe C: \ Windows \ system32 \ CTsvcCDA.EXE C: \ Program Files \ CIFPFiltering \ FilterService.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe C: \ Program Files \ QuickTime \ QTTask.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Windows \ system32 \ WTablet \ TabUserW.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ Tablet.exe C: \ WINDOWS \ wanmpsvc.exe C: \ Windows \ system32 \ MsPMSPSv.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe C: \ Windows \ system32 \ wscntfy.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Windows \ system32 \ wuauclt.exe C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ HijackThis \ Analyze.exe R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyServer = 127.0.0.1:8080 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = locale N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blažević \ Application Data \ Mozilla \ Profiles \ implicit \ mhiwv3o3.slt \ prefs.js) N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana Blažević \ Application Data \ Mozilla \ Profiles \ implicit \ mhiwv3o3.slt \ prefs.js) O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ Windows \ system32 \ dla \ tfswshx.dll O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll O2 - BHO: MSVPS System - (88418AA3-16F5-4FC2-A9D8-90B1266DF841) - C: \ WINDOWS \ nsduo.dll O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe" O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Eveniment Monitor \ IntelMEM.exe" O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experienţa \ PCMService.exe" O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r O4 - HKLM \ .. \ Run: [dla] C: \ Windows \ system32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Fundatia \ CFD.exe" O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe" O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Muzica Motor \ ymetray.exe" O4 - HKLM \ .. \ Run: [EPSON stylus Photo R340 Seria] "C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON stylus Photo R340 Seria" / O6 "USB002 "/ M" stylus Photo R340 " O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Etalonare \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Etalonare \ Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe O4 - Global Startup: APC UPS Status.lnk =? O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe O4 - Global Startup: TabUserW.exe.lnk = C: \ Windows \ system32 \ WTablet \ TabUserW.exe O9 - Extra buton: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll O21 - SSODL: MSSQL - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll O23 - Service: Adobe active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe O23 - Service: Adobe active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ acsd.exe O23 - Service: APC UPS Service - American Power Conversiilor Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C: \ Windows \ system32 \ Ati2evxx.exe O23 - Service: BrSplService (Brother Spl XP Service) - fratele Industries Ltd - C: \ Windows \ system32 \ brsvc01a.exe O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe O23 - Service: Creative Service pentru CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.EXE O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Program Files \ CIFPFiltering \ FilterService.exe O23 - Service: IAA Eveniment Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Etichetarea Service (LightScribeService) - Unknown owner - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe O23 - Service: McAfee.com VirusScan Online real Engine (MCVSRte) - Networks Associates Technology, Inc - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe O23 - Service: TabletService - Wacom Technology, Corp - C: \ Windows \ system32 \ Tablet.exe O23 - Service: WAN miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe |
|
#7
30 Sep 2007, 08:35
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet Ma bucur ca lucrurile sunt mai bine. Dar mai există unele nasties la adresa. Ştergeţi copie a Combofix aveţi şi de a descărca un proaspăt copie. Combofix actualizări constant, de aceea este întotdeauna bun pentru a obţine o nouă copie. 1. Descărcaţi acest fişier combofix.exe 2. Faceţi dublu clic combofix.exe & urmăriţi solicitările. 3. Când aţi terminat, se produce un jurnal pentru tine. Post-vă că intraţi în următorul răspuns. Notă: Nu mouseclick combofix fereastra în timp ce se execută. Care pot determina să-l băga în grajd. În următorul post, vă rugăm să adăugaţi ca ataşări. Puteţi adăuga mai mult de un fişier ataşat, trebuie doar să repetaţi paşii: Combofix jurnal Proaspete HJT log
__________________ |
|
#8
30 Sep 2007, 09:03
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet Bună ziua, am incercat un click pe link-ul combofix.exe, dar asta este ceea ce s-au 404 Not Found URL-ul cerut '/ sUBs / combofix.exe "nu a fost găsit pe acest server. |
|
#9
30 Sep 2007, 09:12
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet
__________________ |
|
#10
30 Sep 2007, 12:50
| |||
| |||
| Zlob, smitfraud, pop up, modificări de culoare roşie tapet Alo, da, care se leagă de lucrări, vă mulţumesc ... tapet de culoare roşie a revenit: (şi, de asemenea, a făcut de icoane şi de pop ups .. oricum aici este este combofix şi HJT log. Logfile de HijackThis v1.99.1 Scan salvat de la 3:37:03, pe 9.30.2007 Platforma: Windows XP SP2 (WINNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Rularea procese: C: \ Windows \ system32 \ smss.exe C: \ Windows \ system32 \ winlogon.exe C: \ Windows \ system32 \ services.exe C: \ Windows \ system32 \ lsass.exe C: \ Windows \ system32 \ Ati2evxx.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ Spoolsv.exe C: \ Windows \ system32 \ brss01a.exe C: \ WINDOWS \ Explorer.exe C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ acsd.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe C: \ Windows \ system32 \ CTsvcCDA.EXE C: \ Program Files \ CIFPFiltering \ FilterService.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe C: \ Windows \ system32 \ svchost.exe C: \ Windows \ system32 \ Tablet.exe C: \ WINDOWS \ wanmpsvc.exe C: \ Windows \ system32 \ MsPMSPSv.exe C: \ Windows \ system32 \ wscntfy.exe C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe C: \ Program Files \ Intel \ Modem Eveniment Monitor \ IntelMEM.exe C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe C: \ Windows \ system32 \ Rundll32.exe C: \ Program Files \ Dell \ Media Experienţa \ PCMService.exe C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe C: \ Windows \ system32 \ dla \ tfswctrl.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe C: \ Program Files \ BroadJump \ Client Fundatia \ CFD.exe C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe C: \ Program Files \ Yahoo! \ Yahoo! Muzica Motor \ ymetray.exe C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ E_FATIA JA.EXE C: \ Program Files \ QuickTime \ QTTask.exe C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ycommon.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Windows \ system32 \ WTablet \ TabUserW.exe C: \ Program Files \ APC \ APC PowerChute Personal Edition \ apcsystray.exe C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ymsgr_tray.exe C: \ Windows \ system32 \ wuauclt.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Program Files \ HijackThis \ Analyze.exe R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://yahoo.sbc.com/dsl R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL, (Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyServer = 127.0.0.1:8080 R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyOverride = locale N3 - Netscape 7: user_pref ( "browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C: \ Documents and Settings \ Tatjana Blažević \ Application Data \ Mozilla \ Profiles \ implicit \ mhiwv3o3.slt \ prefs.js) N3 - Netscape 7: user_pref ( "browser.search.defaultengine", "motor: / / C% 3A% 5CPROGRA% 7E1% 5CNETSCAPE% 5CNETSCAPE% 5Csearchpl ugins% 5CSBWeb_01.src"); (C: \ Documents and Settings \ Tatjana Blažević \ Application Data \ Mozilla \ Profiles \ implicit \ mhiwv3o3.slt \ prefs.js) O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: MSVPS System - (0D5227BF-0C5B-4EA8-833C-FE09F1496F39) - C: \ WINDOWS \ div32.dll O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (549B5CA7-4A86-11D7-A4DF-000874180BB3) - (no file) O2 - BHO: UberButton Class - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O2 - BHO: DriveLetterAccess - (5CA3D70E-1895-11CF-8E15-001234567890) - C: \ Windows \ system32 \ dla \ tfswshx.dll O2 - BHO: YahooTaggedBM Class - (65D886A2-7CA7-479B-BB95-14D1EFB7946A) - C: \ Program Files \ Yahoo! \ Common \ YIeTagBm.dll O2 - BHO: SidebarAutoLaunch Class - (F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D) - C: \ Program Files \ Yahoo! \ Browser \ YSidebarIEBHO.dll O2 - BHO: (no name) - (FDD3B846-8D59-4ffb-8758-209B6AD74ACC) - (no file) O3 - Toolbar: McAfee VirusScan - (BA52B914-B692-46c4-B683-905236F6F655) - c: \ progra ~ 1 \ mcafee.com \ VSO \ mcvsshl.dll O4 - HKLM \ .. \ Run: [IAAnotif] "C: \ Program Files \ Intel \ Intel Application Accelerator \ iaanotif.exe" O4 - HKLM \ .. \ Run: [ATIPTA] "C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe" O4 - HKLM \ .. \ Run: [IntelMeM] "C: \ Program Files \ Intel \ Modem Eveniment Monitor \ IntelMEM.exe" O4 - HKLM \ .. \ Run: [CTSysVol] "C: \ Program Files \ Creative \ Sound Blaster Live! 24-bit \ Surround Mixer \ CTSysVol.exe" / r O4 - HKLM \ .. \ Run: [P17Helper] rundll32 P17.dll, P17Helper O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experienţa \ PCMService.exe" O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r O4 - HKLM \ .. \ Run: [dla] C: \ Windows \ system32 \ dla \ tfswctrl.exe O4 - HKLM \ .. \ Run: [YBrowser] C: \ PROGRA ~ 1 \ Yahoo! \ Browser \ ybrwicon.exe O4 - HKLM \ .. \ Run: [BJCFD] "C: \ Program Files \ BroadJump \ Client Fundatia \ CFD.exe" O4 - HKLM \ .. \ Run: [VSOCheckTask] "C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcmnhdlr.exe" / checktask O4 - HKLM \ .. \ Run: [Adobe Photo Downloader] "C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ apdproxy.exe" O4 - HKLM \ .. \ Run: [ymetray] "C: \ Program Files \ Yahoo! \ Yahoo! Muzica Motor \ ymetray.exe" O4 - HKLM \ .. \ Run: [EPSON stylus Photo R340 Seria] "C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ E_FATI AJA.EXE" / P30 "EPSON stylus Photo R340 Seria" / O6 "USB002 "/ M" stylus Photo R340 " O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKCU \ .. \ Run: [Yahoo! Pager] "C: \ PROGRA ~ 1 \ Yahoo! \ Messen ~ 1 \ ypager.exe"-quiet O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C: \ Program Files \ Common Files \ Adobe \ Etalonare \ Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Etalonare \ Adobe Gamma Loader.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C: \ Program Files \ America Online 9.0 \ aoltray.exe O4 - Global Startup: APC UPS Status.lnk =? O4 - Global Startup: ColorVisionStartup.lnk = C: \ Program Files \ PANTONE COLORVISION \ Startup \ ColorVisionStartup.exe O4 - Global Startup: TabUserW.exe.lnk = C: \ Windows \ system32 \ WTablet \ TabUserW.exe O9 - Extra buton: SBC Yahoo! Services - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O16 - DPF: (9A9307A0-7DA4-4DAF-B042-5009F29E09E1) (ActiveScan Installer Class) -- http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: (DBA230D1-8467-4e69-987E-5FAE815A3B45) -- O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O21 - SSODL: MSSQL - (A6B63875-F4DA-4705-B945-16F8C1FA3FBF) - C: \ WINDOWS \ mssql.dll O21 - SSODL: syscore - (AF05D607-D0B5-4A61-8B71-A13F8997495B) - C: \ WINDOWS \ syscore.dll O21 - SSODL: msmhost - (70D6A632-39E2-4089-9E67-552ADB6B182D) - C: \ WINDOWS \ msmhost.dll (fişierul lipseşte) O21 - SSODL: msmdev - (074897B2-6CAF-45A4-905A-C5A5FC626767) - C: \ WINDOWS \ msmdev.dll (fişierul lipseşte) O23 - Service: Adobe active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 3.0 \ PhotoshopElementsFileAgent.exe O23 - Service: Adobe active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C: \ Program Files \ Adobe \ Photoshop Elements 4.0 \ PhotoshopElementsFileAgent.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ COMUNĂ ~ 1 \ AOL \ ACS \ acsd.exe O23 - Service: APC UPS Service - American Power Conversiilor Corporation - C: \ Program Files \ APC \ APC PowerChute Personal Edition \ mainserv.exe O23 - Service: Apple Mobile Device - Apple, Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C: \ Windows \ system32 \ Ati2evxx.exe O23 - Service: BrSplService (Brother Spl XP Service) - fratele Industries Ltd - C: \ Windows \ system32 \ brsvc01a.exe O23 - Service: CIFPLogAggregator - Unknown owner - C: \ Program Files \ CIFPFiltering \ CIFPLogAggregator.exe O23 - Service: Creative Service pentru CDROM Access - Creative Technology Ltd - C: \ Windows \ system32 \ CTsvcCDA.EXE O23 - Service: CyclopeInternetFilter - Unknown owner - C: \ Program Files \ CIFPFiltering \ FilterService.exe O23 - Service: IAA Eveniment Monitor (IAANTMon) - Intel Corporation - C: \ Program Files \ Intel \ Intel Application Accelerator \ iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: LightScribeService Direct Disc Etichetarea Service (LightScribeService) - Unknown owner - C: \ Program Files \ Common Files \ LightScribe \ LSSrvc.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcshield.exe O23 - Service: McAfee.com VirusScan Online real Engine (MCVSRte) - Networks Associates Technology, Inc - C: \ PROGRA ~ 1 \ mcafee.com \ VSO \ mcvsrte.exe O23 - Service: TabletService - Wacom Technology, Corp - C: \ Windows \ system32 \ Tablet.exe O23 - Service: WAN miniport (ATW) Service (WANMiniportService) - America Online, Inc - C: \ WINDOWS \ wanmpsvc.exe PS Am incercat aferente HJT jurnal, dar nu ar ataşaţi, îmi pare rău!! |
|
| |
| Marcaje |
Similar Threads | ||||
| Fir | Thread Starter | Forum | Răspunsurile | Ultimul mesaj |
| Detectarea Trojan.Zlob.G - Urgent - Te rog, ajută! | teenee23 | Nume, Spyware & Securitate | 14 | 19 martie 2009 07:45 |
| Ce probleme ai cu Trojan.Zlob | hopthwoks | Nume, Spyware & Securitate | 1 | 10 martie 2009 11:45 |
| Smitfraud-C El nu vreau să mor! | PlatSpin | Nume, Spyware & Securitate | 13 | 19 august 2008 10:24 |
| Smitfraud Nume | PK28 | Nume, Spyware & Securitate | 12 | 5 februarie 2008 16:17 |
| Smitfraud-c.msvps | guccijana | Nume, Spyware & Securitate | 158 | 30 ianuarie 2008 20:07 |
| Thread Tools | |
| |
