HijackThis log – instructiuni

By Radu FaraVirusi(com) on October 16, 2008

Spuneam intr-un articol precedent despre o dezinfectie eficienta a sistemului ca o varianta ar fi si postarea unui log HijackThis pe un forum specializat in analiza lui.

Pentru ca atunci nu dadusem niste instructiuni prea detaliate despre el, iata mai jos cum poti crea un log corect.

Descarci HijackThis de aici.
Il instalezi dar nu-l rulezi inca.

Te duci in My Computer-> Tools-> Folder options-> View si bifezi: “Show hidden files and folders”, apoi debifezi: “Hide protected operating file systems”. Dati OK.

Apoi rulezi HijackThis.exe
In fereastra care apare bifeaza Don’t show this frame again when I startup HijackThis.
Apasa primul buton de sus Do a system scan and save a logfile.
Copiaza logul din Notepad si posteaza-l intr-un nou topic pe un forum: recomand SoftPedia.

Nu fixa nimic cu HJT, cele mai multe intrari de acolo sunt legitime !

In unele cazuri este necesara de asemenea redenumirea hijackthis.exe in test.exe sau orice altceva, si rularea programului dupa aceea.

Succes!

Posted in Alte Solutii de Securitate, Devirusare | 104 Responses

Radu FaraVirusi(com)

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

104 responses to “HijackThis log – instructiuni”

ady
March 7, 2010 at 4:43 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:12 AM, on 3/7/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\ady\Downloads\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 – Hosts: ::1 localhost
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 – Toolbar: BitDefender Toolbar – {381FFDE8-2394-4f90-B10D-FC6124A40F8C} – C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 – HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [BDAgent] “C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe”
O4 – HKLM\..\Run: [BitDefender Antiphishing Helper] “C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe”
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 – HKCU\..\Run: [PimpToolV3] C:\Program Files\StatusPimp\PimpTool\PimpTool.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 – Gopher Prefix:
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: BitDefender Arrakis Server (Arrakis3) – BitDefender S.R.L. http://www.bitdefender.com – C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 – Service: BitDefender Desktop Update Service (LIVESRV) – BitDefender SRL – C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 – Service: TeamViewer 5 (TeamViewer5) – TeamViewer GmbH – C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 – Service: BitDefender Virus Shield (VSSERV) – BitDefender S. R. L. – C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1. Radu
  March 7, 2010 at 10:11 AM | Permalink | Reply
  
  @ady: Bifeaza si fixeaza intrarea urmatoare: O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
  Ai si alte probleme cu PC-ul sau era doar pentru verificare?
setmefree
March 7, 2010 at 10:46 AM | Permalink | Reply

“radu”zi si mie daca am pc “bolnav” pls….Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:37 AM, on 3/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VM331_STI.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alice Messenger\alicemessenger.exe
C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
C:\Program Files\Alice ti aiuta\bin\mpbtn.exe
C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\DOCUME~1\valy\LOCALS~1\Temp\DragonSetup_1.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Documents and Settings\valy\My Documents\Downloads\chituri\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2452477
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 – URLSearchHook: Games Bar 2 Toolbar – {90980889-669e-4bb9-9e4b-69563bf04375} – C:\Program Files\Games_Bar_2\tbGame.dll
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Symantec NCO BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\Program Files\Norton 360\Engine\4.0.0.127\IPSBHO.DLL
O2 – BHO: Games Bar 2 Toolbar – {90980889-669e-4bb9-9e4b-69563bf04375} – C:\Program Files\Games_Bar_2\tbGame.dll
O3 – Toolbar: Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll
O3 – Toolbar: Games Bar 2 Toolbar – {90980889-669e-4bb9-9e4b-69563bf04375} – C:\Program Files\Games_Bar_2\tbGame.dll
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 – HKLM\..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 – HKLM\..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [HitmanPro35] “C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe” /scan:boot
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [331BigDog] C:\WINDOWS\VM331_STI.EXE
O4 – HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 – HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKCU\..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [AliceMessenger] “C:\Program Files\Alice Messenger\alicemessenger.exe”
O4 – Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 – Service: Norton 360 (N360) – Symantec Corporation – C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
O23 – Service: Network WanMiniport First Position – Unknown owner – C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 7403 bytes
1. Radu
  March 7, 2010 at 11:12 AM | Permalink | Reply
  
  @setmefree: Nu ai nimic in neregula, cu exceptia a cateva toolbar-uri, pe care banuiesc ca le-a instalat singur. Ai ceva probleme cu Pc-ul?
Nick
March 7, 2010 at 11:16 AM | Permalink | Reply

Radu,poti,te rog, sa-mi confirmi,ca nu am probleme?

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:12:41, on 07.03.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\PROGRA~1\HDTUNE~1\HDTune.exe
C:\Program Files\Weather Clock\WeatherClock.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Weather Clock\WClock.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com/?o=15709&l=dis
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 – BHO: IDM Helper – {0055C089-8582-441B-A0BF-17B458C2A3A8} – C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 – BHO: Symantec NCO BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
O4 – HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 – HKCU\..\Run: [SystemExplorerAutoStart] “C:\Program Files\System Explorer\SystemExplorer.exe” /TRAY
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
O4 – Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 – Extra context menu item: Descarcã conþinutul fiºierului FLV cu IDM – C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 – Extra context menu item: Descarcã cu IDM – C:\Program Files\Internet Download Manager\IEExt.htm
O8 – Extra context menu item: Descarcã toate link-urile cu IDM – C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 – DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) – http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1252915572545
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Norton Internet Security (NIS) – Symantec Corporation – C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 – Service: PDAgent – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 – Service: PDEngine – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 – Service: StarWind AE Service (StarWindServiceAE) – StarWind Software – C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

–
End of file – 6649 bytes
1. Radu
  March 7, 2010 at 11:19 AM | Permalink | Reply
  
  @Nick: Ai nevoie de un format urgent.
  1. Radu
    March 7, 2010 at 11:31 AM | Permalink | Reply
    
    @Nick: Cred ca X6 te-ar prinde mai bine.
Nick
March 7, 2010 at 11:22 AM | Permalink | Reply

A4?
setmefree
March 7, 2010 at 3:21 PM | Permalink | Reply

“radu” mersi mult ..si nu am probleme cu pc. da am vrut sa stiu sigur daca am ce neinregula cu el
Nick
March 7, 2010 at 4:12 PM | Permalink | Reply

@Radu
Vezi tu,psihologic analizând,marea majoritate a postărilor mele,trezesc (voluntar sau involuntar) micul drăcuşor ironic,care zace apatic, pe undeva în creieraşul tău!Lucru care nu poate ,decât sa ma bucure!
emilia
April 18, 2010 at 9:05 PM | Permalink | Reply

Acum am dat din my computer sistem restore – off fara sa instalez un nou antivirus si am deschis apoi yahoo.mail; la alt site nu am observat aceasta problema; doar ca lucra calc mai greu si nu se deschidea emailul; acum incerc sa descarc avira editia free si sa vad daca gaseste ceva.

Cu multumiri
1. Radu FaraVirusi(com)
  April 18, 2010 at 9:40 PM | Permalink | Reply
  
  @emilia: Daca instalezi Avira, sa dezinstalezi AVG. Este interzisa rularea a doua programe antivirus in acelasi timp.
Mihai
July 6, 2010 at 12:09 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:55 PM, on 7/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\BitComet\BitComet.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Miky\Desktop\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 124.247.211.238:3128
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 – URLSearchHook: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
R3 – URLSearchHook: (no name) – {00A6FAF6-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 – BHO: Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: mwsBar BHO – {07B18EA1-A523-4961-B6BB-170DE4475CCA} – C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 – BHO: Lexmark Toolbar – {1017A80C-6F09-4548-A84D-EDD6AC9525F0} – C:\Program Files\Lexmark Toolbar\toolband.dll
O2 – BHO: Adobe PDF Link Helper – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: AVG Safe Search – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG9\avgssie.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl Class – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SMTTB2009 Class – {FCBCCB87-9224-4B8D-B117-F56D924BEB18} – C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 – BHO: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
O3 – Toolbar: Lexmark Toolbar – {1017A80C-6F09-4548-A84D-EDD6AC9525F0} – C:\Program Files\Lexmark Toolbar\toolband.dll
O3 – Toolbar: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
O3 – Toolbar: HyperCam Toolbar – {338B4DFE-2E2C-4338-9E41-E176D497299E} – C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: BS.Player ControlBar – {2C688203-7EB3-4327-9995-1CB417BA23F9} – C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 – Toolbar: My Web Search – {07B18EA9-A523-4961-B6BB-170DE4475CCA} – C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 – HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 – HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [lxddmon.exe] “C:\Program Files\Lexmark 2500 Series\lxddmon.exe”
O4 – HKLM\..\Run: [lxddamon] “C:\Program Files\Lexmark 2500 Series\lxddamon.exe”
O4 – HKLM\..\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s
O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [LogMeIn Hamachi Ui] “C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe” –auto-start
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=2 /w /h
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [bcservice] D:\BitComet\bcservice.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\Miky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 – HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 – HKCU\..\Run: [BitComet] “D:\BitComet\BitComet.exe”
O4 – HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O8 – Extra context menu item: &Search – http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000341&p=GRfox000&si=&a=eXoqwANDqnzXZHC06bbDFw&n=2010061708
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} (PLUGIN Control) – http://89.122.209.17:8088/CMSPlugin.cab
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272220127015
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272220087484
O16 – DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} (HEM Video Decoder) – http://89.122.209.17:8088/vcredist_x86.exe
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{C97641AE-7319-486B-A91B-C95E959FB276}: NameServer = 81.180.123.74 80.96.202.14
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG9\avgpp.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – Winlogon Notify: avgrsstarter – C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 – Service: AVG Free E-mail Scanner (avg9emc) – AVG Technologies CZ, s.r.o. – C:\Program Files\AVG\AVG9\avgemc.exe
O23 – Service: AVG Free WatchDog (avg9wd) – AVG Technologies CZ, s.r.o. – C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) – Apple Computer, Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) – LogMeIn Inc. – C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: lxddCATSCustConnectService – Lexmark International, Inc. – C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
O23 – Service: lxdd_device – – C:\WINDOWS\system32\lxddcoms.exe
O23 – Service: My Web Search Service (MyWebSearchService) – MyWebSearch.com – C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 – Service: nProtect GameGuard Service (npggsvc) – Unknown owner – C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: PnkBstrA – Unknown owner – C:\WINDOWS\system32\PnkBstrA.exe
O23 – Service: PnkBstrB – Unknown owner – C:\WINDOWS\system32\PnkBstrB.exe
O24 – Desktop Component 0: (no name) – http://i37.tinypic.com/2njvlz7.jpg
O24 – Desktop Component 1: (no name) – http://www.gangsters.ro/images/themes/nt/fals.gif
O24 – Desktop Component 2: (no name) – http://www.gangsters.ro/images/qicons/trade-off.gif
O24 – Desktop Component 3: (no name) – http://www.the-west.ro/images/index/preview_pictures/tmb/thumb06.jpg

–
End of file – 11741 bytes

Mi se reseteaza pc fara sa fac nimic si mi se minimizeaza jocurile.Sper sa ma ajutati!
1. Radu FaraVirusi(com)
  July 6, 2010 at 1:59 PM | Permalink | Reply
  
  @Mihai: Bifeaza si apasa “Fix checked” pentru intrarile:
  
  R3 – URLSearchHook: (no name) – {00A6FAF6-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
  O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
  O2 – BHO: mwsBar BHO – {07B18EA1-A523-4961-B6BB-170DE4475CCA} – C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O3 – Toolbar: My Web Search – {07B18EA9-A523-4961-B6BB-170DE4475CCA} – C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
  O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
  
  Apoi descarca Dr.Web CureIT si fa o scanare cu el stergand infectiile gasite: http://www.freedrweb.com/cureit/
mIHAI
July 6, 2010 at 7:28 PM | Permalink | Reply

ms si scuze de email da mie nu imi aparea ca sa postat mesaju…
ViorelFlorin
July 21, 2010 at 10:33 PM | Permalink | Reply

Radu,poti sa-mi confirmi si mie ca nu am probleme?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:52, on 21.07.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Wuala Dokan\mounter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\PortableApps.com\PortableAppsPlatform.exe
D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\AIMP2\AIMP2.exe
D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\FirefoxPortable\FirefoxPortable.exe
D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\FirefoxPortable\App\firefox\firefox.exe
D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\FirefoxPortable\App\firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Downloads\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 – BHO: BitComet ClickCapture – {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} – D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\tools\bitcometbho.dll
O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 – HKLM\..\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 – HKLM\..\Run: [avast5] “C:\Program Files\Alwil Software\Avast5\avastUI.exe” /nogui
O4 – HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 – HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 – Extra context menu item: &D&ownload &with BitComet – res://D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\BitComet.exe/AddLink.htm
O8 – Extra context menu item: &D&ownload all video with BitComet – res://D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\BitComet.exe/AddVideo.htm
O8 – Extra context menu item: &D&ownload all with BitComet – res://D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\BitComet.exe/AddAllLink.htm
O9 – Extra button: BitComet – {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} – res://D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\tools\bitcometbho.dll/206 (file missing)
O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 – Gopher Prefix:
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 – Service: AMD External Events Utility – AMD – C:\Windows\system32\atiesrxx.exe
O23 – Service: avast! Antivirus – AVAST Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 – Service: avast! Mail Scanner – AVAST Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 – Service: avast! Web Scanner – AVAST Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 – Service: NMSAccess – Unknown owner – C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 – Service: nProtect GameGuard Service (npggsvc) – Unknown owner – C:\Windows\system32\GameMon.des.exe (file missing)
O23 – Service: Steam Client Service – Valve Corporation – C:\Program Files\Common Files\Steam\SteamService.exe
O23 – Service: ThreatFire – PC Tools – C:\Program Files\ThreatFire\TFService.exe
O23 – Service: wDokanMounter – Unknown owner – C:\Program Files\Wuala Dokan\mounter.exe

–
End of file – 6870 bytes
1. Radu FaraVirusi(com)
  July 21, 2010 at 11:40 PM | Permalink | Reply
  
  @ViorelFlorin: E in regula log-ul. Ai vreo problema cu PC-ul ?
ViorelFlorin
July 22, 2010 at 11:43 AM | Permalink | Reply

Probleme cu Pc-ul? Nu prea,dar cateodata aud niste voci distorsionate si mam panicat,am crezut ca cineva ma spioneaza.Imediat am dat erase la toate hardurile(a durat vreo 8 ore) dupa care am facut reinstall de windows si de atunci nu am mai auzit asa ceva.Oricine care se afla in locul meu cred ca proceda la fel mai ales ca eu fac tranzactii online era normal.Ciudat era ca auzeam vocile alea(parca zici ca era chineza ) cand cumparam ceva de la magazine online si bagam numarul cardului.

Multumesc mult pentru raspunsul acordat.

Cheers
any
September 29, 2010 at 6:33 PM | Permalink | Reply

am virusi in comp si nu stiu cum sa ii scot stie cineva cum se poate scoate va rog din suflet sa imi spuneti
1. Radu FaraVirusi(com)
  October 3, 2010 at 7:07 PM | Permalink | Reply
  
  @any: Cum se manifesta virusii? Posteaza un log HijackThis pentru inceput aici.
odo
November 5, 2010 at 7:00 AM | Permalink | Reply

Salut!!! Am intalnit saptamana trecuta la cineva o ciudatenie de virus, care de fapt infecta toate procesele pc-ului: soundmax, svghost, explorer, iexplorer, notepad etc… Daca le eliminam cu antivirusul (avira) dupa un restart tot imi apareau, daca le bagam la carantina, la fel…doar ca singurul proces care putea fi eliminat este explorer.exe Daca il stergeam pe acesta ciuciu icoane, bara de start etc. Am incercat sa intru sa verific starea pc-ului in safe mod dar nu mergea nici ala… de dezintalat programe nu mergea, sa aleg optinui nu mergea…era cam paralizat calculatorul…. Asa ca a trebuit sa formatez si sa bag windowsul la loc… Dupa aceasta am instalat antivirusul si tot ce aveam nevoie (scanate si fara virusi) si povestea se repeta… Windowsul si programele sunt curate (sunt scanate si le am si io in pc si fara nici un incident)…
Calculatorul are 2 harduri: unul formatat complet iar in celalalt sunt jocuri mici cracuite…Am scanat si acel hard si tot ce am reusit sa gasesc sunt decat cracurile jocurilor biggrin.gif Cand nu instalez nici un antivirus merge uns smile.gif)
Am facut un hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:50 PM, on 11/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\deea&ana\Desktop\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 1896 bytes
smockerikkk
November 12, 2010 at 11:54 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:01 PM, on 11/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system\dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\steam\steamapps\smockerikkksan\counter-strike\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
c:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\mshta.exe
C:\Documents and Settings\TEMP.EVEREST\My Documents\Downloads\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dvdvideosoft.com/r/AfterInstallWC_YouTubeDownload.htm
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: YSPManager – {25BC7718-0BFA-40EA-B381-4B2D9732D686} – C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 – BHO: Winamp Toolbar Loader – {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} – C:\Program Files\Winamp Toolbar\winamptb.dll
O2 – BHO: Conduit Engine – {30F9B915-B755-4826-820B-08FBA6BD249D} – C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 – BHO: Softonic-Eng7 Toolbar – {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files\Softonic-Eng7\tbSof0.dll
O2 – BHO: DVDVideoSoftTB Toolbar – {872b5b88-9db5-4310-bdd0-ac189557e5f5} – C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O2 – BHO: SkypeIEPluginBHO – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 – BHO: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_2.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 – Toolbar: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_2.dll
O3 – Toolbar: Winamp Toolbar – {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} – C:\Program Files\Winamp Toolbar\winamptb.dll
O3 – Toolbar: DVDVideoSoftTB Toolbar – {872b5b88-9db5-4310-bdd0-ac189557e5f5} – C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
O3 – Toolbar: Softonic-Eng7 Toolbar – {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files\Softonic-Eng7\tbSof0.dll
O3 – Toolbar: Conduit Engine – {30F9B915-B755-4826-820B-08FBA6BD249D} – C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 – HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 – HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 – HKCU\..\Run: [wuaucldt] c:\documents and settings\temp.everest\wuaucldt.exe
O4 – HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O8 – Extra context menu item: Free YouTube Download – C:\Documents and Settings\TEMP.EVEREST\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O9 – Extra button: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 – Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 – Extra button: (no name) – {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} – C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 – Extra ‘Tools’ menuitem: Yahoo! Search Protection – {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} – C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O18 – Protocol: skype-ie-addon-data – {91774881-D725-4E58-B298-07617B9B86A8} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 – Service: ATK Keyboard Service (ATKKeyboardService) – ASUSTeK COMPUTER INC. – C:\WINDOWS\ATKKBService.exe
O23 – Service: IpSectPro service (darkness) – SecureNet – C:\WINDOWS\system\dwm.exe
O23 – Service: ESET HTTP Server (EhttpSrv) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 – Service: ESET Service (ekrn) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 7641 bytes
emilia
January 2, 2011 at 3:29 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:17, on 02.01.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program

Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\LePetitRobert\prhyper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Wrofaav.exe
C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzr.exe
C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\SDM143\Free

Ride Games.exe
D:\Anti-Spyware Blocker\Anti-Virus.exe
C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzm.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Emilia.ACASA-B240FBC99\My

Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R1 – HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title

= Microsoft Internet Explorer
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,AutoConfigURL = 1000043050@romtelecom1.net
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=127.0.0.1:25458
R3 – URLSearchHook: (no name) –

{00A6FAF6-072E-44cf-8957-5838F569A31D} – C:\Program

Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
R3 – URLSearchHook: BrotherSoft Extreme Toolbar –

{51a86bb3-6602-4c85-92a5-130ee4864f13} – C:\Program

Files\BrotherSoft_Extreme\tbBrot.dll
R3 – URLSearchHook: Brothersoft Toolbar –

{e8de9422-3b2c-4243-bf6f-235da84d8ef8} – C:\Program

Files\Brothersoft\tbBrot.dll
R3 – URLSearchHook: SweetIM ToolbarURLSearchHook Class –

{EEE6C35D-6118-11DC-9C72-001320C79847} – C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 – Hosts: 74.125.45.100 4-open-davinci.com
O1 – Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 – Hosts: 74.125.45.100 privatesecuredpayments.com
O1 – Hosts: 69.65.50.147 http://www.google.com
O1 – Hosts: 69.65.50.147 google.com
O1 – Hosts: 69.65.50.147 google.com.au
O1 – Hosts: 69.65.50.147 http://www.google.com.au
O1 – Hosts: 69.65.50.147 google.be
O1 – Hosts: 69.65.50.147 http://www.google.be
O1 – Hosts: 69.65.50.147 google.com.br
O1 – Hosts: 69.65.50.147 http://www.google.com.br
O1 – Hosts: 69.65.50.147 google.ca
O1 – Hosts: 69.65.50.147 http://www.google.ca
O1 – Hosts: 69.65.50.147 google.ch
O1 – Hosts: 69.65.50.147 http://www.google.ch
O1 – Hosts: 69.65.50.147 google.de
O1 – Hosts: 69.65.50.147 http://www.google.de
O1 – Hosts: 69.65.50.147 google.dk
O1 – Hosts: 69.65.50.147 http://www.google.dk
O1 – Hosts: 69.65.50.147 google.fr
O1 – Hosts: 69.65.50.147 http://www.google.fr
O1 – Hosts: 69.65.50.147 google.ie
O1 – Hosts: 69.65.50.147 http://www.google.ie
O1 – Hosts: 69.65.50.147 google.it
O1 – Hosts: 69.65.50.147 http://www.google.it
O1 – Hosts: 69.65.50.147 google.co.jp
O1 – Hosts: 69.65.50.147 http://www.google.co.jp
O1 – Hosts: 69.65.50.147 google.nl
O1 – Hosts: 69.65.50.147 http://www.google.nl
O1 – Hosts: 69.65.50.147 google.no
O1 – Hosts: 69.65.50.147 http://www.google.no
O1 – Hosts: 69.65.50.147 google.co.nz
O1 – Hosts: 69.65.50.147 http://www.google.co.nz
O1 – Hosts: 69.65.50.147 google.pl
O1 – Hosts: 69.65.50.147 http://www.google.pl
O1 – Hosts: 69.65.50.147 google.se
O1 – Hosts: 69.65.50.147 http://www.google.se
O1 – Hosts: 69.65.50.147 google.co.uk
O1 – Hosts: 69.65.50.147 http://www.google.co.uk
O1 – Hosts: 69.65.50.147 google.co.za
O1 – Hosts: 69.65.50.147 http://www.google.co.za
O1 – Hosts: 69.65.50.147 http://www.google-analytics.com
O1 – Hosts: 69.65.50.147 http://www.bing.com
O1 – Hosts: 69.65.50.147 search.yahoo.com
O1 – Hosts: 69.65.50.147 http://www.search.yahoo.com
O1 – Hosts: 69.65.50.147 uk.search.yahoo.com
O1 – Hosts: 69.65.50.147 ca.search.yahoo.com
O1 – Hosts: 69.65.50.147 de.search.yahoo.com
O1 – Hosts: 69.65.50.147 fr.search.yahoo.com
O1 – Hosts: 69.65.50.147 au.search.yahoo.com
O1 – Hosts: 69.65.50.147 http://www.youtube.com
O1 – Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 – Hosts: 74.125.45.100 getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 secure-plus-payments.com
O1 – Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
O1 – Hosts: 74.125.45.100 http://www.secure-plus-payments.com
O1 – Hosts: 74.125.45.100 http://www.getavplusnow.com
O1 – Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 – Hosts: 74.125.45.100 urs.microsoft.com
O1 – Hosts: 74.125.45.100 http://www.securesoftwarebill.com
O1 – Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 – Hosts: 74.125.45.100 paysoftbillsolution.com
O1 – Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O3 – Toolbar: McAfee VirusScan –

{BA52B914-B692-46c4-B683-905236F6F655} –

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 – Toolbar: EPSON Web-To-Page –

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} – C:\Program

Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 – Toolbar: SweetIM Toolbar for Internet Explorer –

{EEE6C35B-6118-11DC-9C72-001320C79847} – C:\Program

Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 – Toolbar: BrotherSoft Extreme Toolbar –

{51a86bb3-6602-4c85-92a5-130ee4864f13} – C:\Program

Files\BrotherSoft_Extreme\tbBrot.dll
O3 – Toolbar: Conduit Engine –

{30F9B915-B755-4826-820B-08FBA6BD249D} – C:\Program

Files\ConduitEngine\ConduitEngine.dll
O3 – Toolbar: Brothersoft Toolbar –

{e8de9422-3b2c-4243-bf6f-235da84d8ef8} – C:\Program

Files\Brothersoft\tbBrot.dll
O3 – Toolbar: Google Toolbar –

{2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 – HKLM\..\Run: [avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence]

C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [SweetIM] C:\Program

Files\SweetIM\Messenger\SweetIM.exe
O4 – HKLM\..\Run: [Anti Trojan Elite] D:\Program Files\Anti Trojan

Elite\TJEnder.exe :NO
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common

Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [SAOB Monitor] C:\Program

Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 – HKLM\..\Run: [TrueImageMonitor.exe] “C:\Program

Files\Acronis\TrueImageHome\TrueImageMonitor.exe”
O4 – HKLM\..\Run: [Acronis Scheduler2 Service] “C:\Program

Files\Common Files\Acronis\Schedule2\schedhlp.exe”
O4 – HKCU\..\Run: [nwiz] nwiz.exe /install
O4 – HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program

Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 – HKCU\..\Run: [QuickTime Task] “C:\Program

Files\QuickTime\qttask.exe” -atboottime
O4 – HKCU\..\Run: [MSMSGS] “C:\Program

Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [DAEMON Tools-1033] “C:\Program

Files\D-Tools\daemon.exe” -lang 1033
O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 – HKCU\..\Run: [HP Software Update] C:\Program Files\HP\HP

Software Update\HPWuSchd2.exe
O4 – HKCU\..\Run: [Le Petit Robert Hyperappel]

D:\LePetitRobert\prhyper.exe
O4 – HKCU\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)]

~”C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [MyWebSearch Email Plugin]

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKCU\..\Run: [KOO9RV9K4Z]

C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzm.exe
O4 – HKCU\..\Run: [SMH2B46TDP] C:\WINDOWS\Wrofaav.exe
O4 – HKCU\..\Run: [NtWqIVLZEWZU]

C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzr.exe
O4 – HKCU\..\Run: [Smart Engine] “C:\Documents and Settings\All

Users\Application Data\5655e9\SM565_231.exe” /s /d
O4 – HKCU\..\Run: [swg] “C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 – HKCU\..\Run: [Exent_SDM]

C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\SDM143\Free

Ride Games.exe “l ‘Startup’ u

‘http://www.freeridegames.com/do/SDM?action=config&contentId=

%d’ p ’143′ c ’528950′”
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK

SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User

‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User

‘Default user’)
O4 – Global Startup: Anti-Spyware Blocker.lnk = D:\Anti-Spyware

Blocker\Anti-Virus.exe
O8 – Extra context menu item: &Search –

http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100

000334&p=ZCman000&si=&a=BFW.ghZImK7NnEmaCFI53Q&n=20101

00915
O8 – Extra context menu item: Add to Google Photos Screensa&ver –

res://C:\WINDOWS\system32\GPhotos.scr/200
O8 – Extra context menu item: E&xport în Microsoft Excel –

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Google Sidewiki… – res://C:\Program

Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB50

1E03.dll/cmsidewiki.html
O9 – Extra button: Cercetare –

{92780B25-18CC-41C8-B9BE-3C9C571A8263} –

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: HP Smart Select –

{DDE87865-83C5-48c4-8357-2F5B1AA84522} – C:\Program

Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 –

{e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O10 – Unknown file in Winsock LSP:

c:\windows\system32\nwprovau.dll
O20 – AppInit_DLLs:
O23 – Service: Acronis Scheduler2 Service (AcrSch2Svc) – Acronis –

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 – Service: Acronis Nonstop Backup service (afcdpsrv) – Acronis –

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL

Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – ALWIL Software – C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program

Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program

Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: Bandoo Coordinator – Discordia Limited –

D:\PROGRA~1\Bandoo\Bandoo.exe
O23 – Service: Boonty Games – Unknown owner – C:\Program

Files\Common Files\BOONTY Shared\Service\Boonty.exe (file

missing)
O23 – Service: C-DillaCdaC11BA – Macrovision –

C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: Serviciul Google Update (gupdate) (gupdate) – Google

Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision

Corporation – C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: McAfee WSC Integration (McDetect.exe) – Unknown

owner – c:\program files\mcafee.com\agent\mcdetect.exe (file

missing)
O23 – Service: McAfee.com McShield (McShield) – McAfee Inc. –

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 – Service: McAfee Task Scheduler (McTskshd.exe) – Unknown

owner – c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file

missing)
O23 – Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe)

- Unknown owner –

C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA

Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: PDEngine – Raxco Software, Inc. – C:\Program

Files\Raxco\PerfectDisk\PDEngine.exe
O23 – Service: PDScheduler (PDSched) – Raxco Software, Inc. –

C:\Program Files\Raxco\PerfectDisk\PDSched.exe

–
End of file – 13465 bytes
Gigi
January 2, 2011 at 4:05 PM | Permalink | Reply

@Emilia:

In Hijack-This bifeaza si apasa Fix Checked pentru liniile:

O4 – HKCU..Run: [KOO9RV9K4Z] C:DOCUME~1EMILIA~1.ACALOCALS~1TempWzm.exe
O4 – HKCU..Run: [SMH2B46TDP] C:WINDOWSWrofaav.exe
O4 – HKCU..Run: [NtWqIVLZEWZU] C:DOCUME~1EMILIA~1.ACALOCALS~1TempWzr.exe
O4 – HKCU..Run: [Smart Engine] “C:Documents and SettingsAll UsersApplication Data5655e9SM565_231.exe” /s /d
O4 – HKCU..Run: [Exent_SDM] C:DOCUME~1EMILIA~1.ACALOCALS~1TempSDM143Free Ride Games.exe “l ‘Startup’ u
O4 – Global Startup: Anti-Spyware Blocker.lnk = D:Anti-Spyware BlockerAnti-Virus.exe

Apoi:

Descarca Combofix.
Descarca fisierul CFScript.txt si trage-l cu masul peste Combofix (vezi poza).
Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI.
emilia
January 2, 2011 at 10:38 PM | Permalink | Reply

ComboFix 11-01-02.02 – Emilia 02.01.2011 22:18:30.1.1 – x86
Microsoft Windows XP Professional 5.1.2600.2.1250.40.1033.18.503.227 [GMT 2:00]
Running from: c:\documents and settings\Emilia.ACASA-B240FBC99\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Emilia.ACASA-B240FBC99\Desktop\CFScript.txt

FILE ::
“c:\docume~1\EMILIA.ACA\LOCAL Settings\Temp\SDM143\Free Ride Games.exe”
“c:\docume~1\EMILIA.ACA\LOCAL Settings\Temp\Wzm.exe”
“c:\documents and settings\All Users\Application Data\5655e9\SM565_231.exe”
“c:\documents and settings\EMILIA.ACA\LOCAL Settings\Temp\Wzr.exe”
“c:\windows\Wrofaav.exe”
“d:\anti-spyware blocker\Anti-Virus.exe”
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Smart Engine
c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Smart Engine\cookies.sqlite
c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Smart Engine\Instructions.ini
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\ANTIGEN.sys
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\ANTIGEN.tmp
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\cb.drv
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\ddv.tmp
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\eb.drv
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\energy.drv
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\exec.sys
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\fix.sys
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\kernel32.dll
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\PE.dll
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\PE.tmp
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\ppal.dll
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\runddlkey.exe
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\runddlkey.tmp
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\snl2w.sys
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\tempdoc.exe
c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\tjd.dll
c:\documents and settings\Emilia.ACASA-B240FBC99\Uninstall.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared020D4B9.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache013C864
c:\program files\MyWebSearch\bar\Cache020649A
c:\program files\MyWebSearch\bar\Cache0206DE1
c:\program files\MyWebSearch\bar\Cache020736F.bin
c:\program files\MyWebSearch\bar\Cache0207534.bin
c:\program files\MyWebSearch\bar\Cache02075D0.bin
c:\program files\MyWebSearch\bar\Cache020767C.bin
c:\program files\MyWebSearch\bar\Cache02B3DF2.bin
c:\program files\MyWebSearch\bar\Cache02B3F78.bmp
c:\program files\MyWebSearch\bar\Cache02B411E.bin
c:\program files\MyWebSearch\bar\Cache02B42F3.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
C:\readme.txt
c:\windows\daemon.dll
c:\windows\system32\_004731_.tmp.dll
c:\windows\system32\_004732_.tmp.dll
c:\windows\system32\_004733_.tmp.dll
c:\windows\system32\_004734_.tmp.dll
c:\windows\system32\_004741_.tmp.dll
c:\windows\system32\_004742_.tmp.dll
c:\windows\system32\_004743_.tmp.dll
c:\windows\system32\_004745_.tmp.dll
c:\windows\system32\_004746_.tmp.dll
c:\windows\system32\_004749_.tmp.dll
c:\windows\system32\_004750_.tmp.dll
c:\windows\system32\_004752_.tmp.dll
c:\windows\system32\_004753_.tmp.dll
c:\windows\system32\_004754_.tmp.dll
c:\windows\system32\_004756_.tmp.dll
c:\windows\system32\_004759_.tmp.dll
c:\windows\system32\_004760_.tmp.dll
c:\windows\system32\_004761_.tmp.dll
c:\windows\system32\_004764_.tmp.dll
c:\windows\system32\_004765_.tmp.dll
c:\windows\system32\_004767_.tmp.dll
c:\windows\system32\_004770_.tmp.dll
c:\windows\system32\_004772_.tmp.dll
c:\windows\system32\_004773_.tmp.dll
c:\windows\system32\_004774_.tmp.dll
c:\windows\system32\_004775_.tmp.dll
c:\windows\system32\_004778_.tmp.dll
c:\windows\system32\_004779_.tmp.dll
c:\windows\system32\_004780_.tmp.dll
c:\windows\system32\_004781_.tmp.dll
c:\windows\system32\_004782_.tmp.dll
c:\windows\system32\_004787_.tmp.dll
c:\windows\system32\_004789_.tmp.dll
c:\windows\system32\_004790_.tmp.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ReadMe.txt
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp
c:\windows\Wrofa0.exe
c:\windows\Wrofa1.exe
c:\windows\Wrofa2.exe
c:\windows\Wrofa3.exe
c:\windows\Wrofa4.exe
c:\windows\Wrofa5.exe
c:\windows\Wrofa6.exe
c:\windows\Wrofa7.exe
c:\windows\Wrofa8.exe
c:\windows\Wrofa9.exe
c:\windows\Wrofaa.exe
c:\windows\Wrofaaa.exe
c:\windows\Wrofaab.exe
c:\windows\Wrofaac.exe
c:\windows\Wrofaad.exe
c:\windows\Wrofaae.exe
c:\windows\Wrofaaf.exe
c:\windows\Wrofaag.exe
c:\windows\Wrofaah.exe
c:\windows\Wrofaai.exe
c:\windows\Wrofaaj.exe
c:\windows\Wrofaak.exe
c:\windows\Wrofaal.exe
c:\windows\Wrofaam.exe
c:\windows\Wrofaan.exe
c:\windows\Wrofaao.exe
c:\windows\Wrofaap.exe
c:\windows\Wrofaaq.exe
c:\windows\Wrofaar.exe
c:\windows\Wrofaas.exe
c:\windows\Wrofaat.exe
c:\windows\Wrofaau.exe
c:\windows\Wrofaav.exe
c:\windows\Wrofaaw.exe
c:\windows\Wrofab.exe
c:\windows\Wrofac.exe
c:\windows\Wrofad.exe
c:\windows\Wrofae.exe
c:\windows\Wrofaf.exe
c:\windows\Wrofag.exe
c:\windows\Wrofah.exe
c:\windows\Wrofai.exe
c:\windows\Wrofaj.exe
c:\windows\Wrofak.exe
c:\windows\Wrofal.exe
c:\windows\Wrofam.exe
c:\windows\Wrofan.exe
c:\windows\Wrofao.exe
c:\windows\Wrofap.exe
c:\windows\Wrofaq.exe
c:\windows\Wrofar.exe
c:\windows\Wrofas.exe
c:\windows\Wrofat.exe
c:\windows\Wrofau.exe
c:\windows\Wrofav.exe
c:\windows\Wrofaw.exe
c:\windows\Wrofax.exe
c:\windows\Wrofay.exe
c:\windows\Wrofaz.exe
d:\anti-spyware blocker\Anti-Virus.exe
d:\pcforu~1\Ebook\AFFIrm~1.exe

—– File Replicators —–

c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395393.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395394.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395396.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395397.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395398.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395400.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395401.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395402.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395404.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395405.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395406.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395408.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395409.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395410.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395412.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395413.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395414.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395416.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395417.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395418.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395420.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395421.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395422.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395424.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395425.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395426.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395428.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395429.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395430.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395432.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395433.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395434.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395436.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395437.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395438.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395440.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395441.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395442.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395444.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395445.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395446.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395448.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395449.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395450.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395452.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395453.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395454.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395456.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395457.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395458.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395460.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395461.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395462.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395464.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395465.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395466.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395468.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395469.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395470.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395472.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395473.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395474.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395476.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395477.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395478.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395480.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395481.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395482.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395484.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395485.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395486.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395488.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395489.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395490.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395492.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395493.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395494.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395496.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395497.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395498.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395500.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395501.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395502.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395504.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395505.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395506.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395508.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395509.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395510.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395512.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395513.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395514.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395516.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395517.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395518.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395520.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395521.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395522.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395524.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395525.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395526.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395528.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395529.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395530.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395532.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395533.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395534.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395536.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395537.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395538.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395540.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395541.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395542.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395544.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395545.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395546.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395548.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395549.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395550.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395552.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395553.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395554.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395556.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395557.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395558.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395560.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395561.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395562.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395564.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395565.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395566.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395568.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395569.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395570.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395572.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395573.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395574.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395576.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395577.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395578.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395580.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395581.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395582.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395584.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395585.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395586.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395588.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395589.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395590.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395592.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395593.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395594.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395596.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395597.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395598.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395600.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395601.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395602.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395604.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395605.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395606.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395608.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395609.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395610.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395612.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395613.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395614.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395616.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395617.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395618.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395620.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395621.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395622.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395624.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395625.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395626.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395628.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395629.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395630.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395632.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395633.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395634.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395636.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0399662.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0399663.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0399665.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400776.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400777.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400779.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400780.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400781.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400783.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400784.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400785.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400787.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400788.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400789.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400791.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400792.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400793.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400795.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400796.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400797.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400799.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0402809.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0402810.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0402812.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404828.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404829.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404831.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404832.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404833.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404835.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408309.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408310.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408312.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408313.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408314.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408316.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408317.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408318.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408320.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408321.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408322.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408324.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408325.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408326.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408328.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408329.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408330.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408332.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408333.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408334.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408336.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408337.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408338.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408340.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408341.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408342.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408344.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408345.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408346.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408348.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408349.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408350.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408352.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408353.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408354.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408356.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408357.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408358.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408360.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408361.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408362.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408364.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408365.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408366.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408368.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408369.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408370.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408372.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408373.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408374.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408376.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408377.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408378.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408380.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408381.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408382.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408384.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408385.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408386.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408388.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408389.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408390.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408392.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408393.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408394.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408396.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408397.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408398.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408400.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408401.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408402.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408404.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408439.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408440.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408442.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409180.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409181.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409183.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409184.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409185.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409187.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409188.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409189.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409191.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409192.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409193.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409195.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409196.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409197.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409199.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409200.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409201.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409203.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409204.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409205.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409207.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409208.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409209.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409211.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409212.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409213.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409215.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409216.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409217.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409219.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409220.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409221.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409223.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409224.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409225.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409227.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409228.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409229.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409231.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409232.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409233.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409235.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP228\A0410410.exe
c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP228\A0410411.exe
c:\windows\Wrofa0.exe
c:\windows\Wrofa1.exe
c:\windows\Wrofa2.exe
c:\windows\Wrofa3.exe
c:\windows\Wrofa4.exe
c:\windows\Wrofa5.exe
c:\windows\Wrofa6.exe
c:\windows\Wrofa7.exe
c:\windows\Wrofa8.exe
c:\windows\Wrofa9.exe
c:\windows\Wrofaa.exe
c:\windows\Wrofaaa.exe
c:\windows\Wrofaab.exe
c:\windows\Wrofaac.exe
c:\windows\Wrofaad.exe
c:\windows\Wrofaae.exe
c:\windows\Wrofaaf.exe
c:\windows\Wrofaag.exe
c:\windows\Wrofaah.exe
c:\windows\Wrofaai.exe
c:\windows\Wrofaaj.exe
c:\windows\Wrofaak.exe
c:\windows\Wrofaal.exe
c:\windows\Wrofaam.exe
c:\windows\Wrofaan.exe
c:\windows\Wrofaao.exe
c:\windows\Wrofaap.exe
c:\windows\Wrofaaq.exe
c:\windows\Wrofaar.exe
c:\windows\Wrofaas.exe
c:\windows\Wrofaat.exe
c:\windows\Wrofaau.exe
c:\windows\Wrofaav.exe
c:\windows\Wrofaaw.exe
c:\windows\Wrofab.exe
c:\windows\Wrofac.exe
c:\windows\Wrofad.exe
c:\windows\Wrofae.exe
c:\windows\Wrofaf.exe
c:\windows\Wrofag.exe
c:\windows\Wrofah.exe
c:\windows\Wrofai.exe
c:\windows\Wrofaj.exe
c:\windows\Wrofak.exe
c:\windows\Wrofal.exe
c:\windows\Wrofam.exe
c:\windows\Wrofan.exe
c:\windows\Wrofao.exe
c:\windows\Wrofap.exe
c:\windows\Wrofaq.exe
c:\windows\Wrofar.exe
c:\windows\Wrofas.exe
c:\windows\Wrofat.exe
c:\windows\Wrofau.exe
c:\windows\Wrofav.exe
c:\windows\Wrofaw.exe
c:\windows\Wrofax.exe
c:\windows\Wrofay.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

——-\Legacy_BOONTY_GAMES
——-\Legacy_SSHNAS
——-\Service_Boonty Games

((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
.

2011-01-02 19:54 . 2011-01-02 19:54 ——– d—–w- c:\documents and settings\All Users\Application Data\Bandoo
2011-01-01 16:05 . 2004-08-04 12:00 4224 -c–a-w- c:\windows\system32\dllcache\beep.sys
2011-01-01 16:05 . 2004-08-04 12:00 4224 —-a-w- c:\windows\system32\drivers\beep.sys
2010-12-29 13:22 . 2010-12-29 13:23 ——– d—–w- c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\InfraRecorder
2010-12-28 23:41 . 2010-12-28 23:41 15592 —-a-w- c:\windows\system32\drivers\cmderd.sys
2010-12-26 14:26 . 2009-11-03 12:07 679936 —-a-w- c:\windows\system32\D3DX81ab.dll
2010-12-26 14:26 . 2009-11-03 12:07 1970176 —-a-w- c:\windows\system32\d3dx9.dll
2010-12-19 16:40 . 2010-12-19 16:40 ——– d—–w- c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\ScummVM
2010-12-19 13:49 . 2010-12-19 13:49 ——– d–h–w- c:\windows\PIF
2010-12-19 13:48 . 2010-12-19 13:48 ——– d—–w- c:\documents and settings\Emilia.ACASA-B240FBC99\Local Settings\Application Data\DOSBox
2010-12-17 16:07 . 2010-12-17 16:07 ——– d—–w- c:\program files\Chat Republic Games
2010-12-17 16:07 . 2010-12-17 16:07 ——– d—–w- c:\documents and settings\All Users\Application Data\Chat Republic Games
2010-12-12 14:36 . 2010-12-17 16:07 ——– d—–w- c:\documents and settings\Emilia.ACASA-B240FBC99\Local Settings\Application Data\Chat Republic Games
2010-12-09 14:42 . 2010-12-09 14:42 163232 —-a-w- c:\windows\system32\drivers\afcdp.sys
2010-12-09 14:42 . 2010-12-09 14:42 752128 —-a-w- c:\windows\system32\drivers\tdrpm273.sys
2010-12-09 14:42 . 2010-12-09 14:42 600928 —-a-w- c:\windows\system32\drivers\timntr.sys
2010-12-09 14:41 . 2010-12-09 14:41 170464 —-a-w- c:\windows\system32\drivers\snapman.sys
2010-12-09 14:39 . 2010-12-09 14:40 ——– d—–w- c:\program files\Acronis
2010-12-09 14:38 . 2010-12-09 14:42 ——– d—–w- c:\program files\Common Files\Acronis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 16:17 . 2010-11-30 16:17 45056 —-a-r- c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2010-11-10 13:55 . 2010-11-10 14:01 737280 —-a-w- c:\windows\iun6002.exe
2010-10-07 23:56 . 2003-11-07 13:28 444952 —-a-w- c:\windows\system32\wrap_oal.dll
2010-10-07 23:56 . 2003-11-07 13:28 109080 —-a-w- c:\windows\system32\OpenAL32.dll
.

——- Sigcheck ——-

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . E32B18F70C14AD5479696EC7850C15FA . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{51a86bb3-6602-4c85-92a5-130ee4864f13}”= “c:\program files\BrotherSoft_Extreme\tbBrot.dll” [2010-09-12 3863136]
“{e8de9422-3b2c-4243-bf6f-235da84d8ef8}”= “c:\program files\Brothersoft\tbBrot.dll” [2010-10-10 3906656]
“{EEE6C35D-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll” [2010-06-13 138552]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{EEE6C35B-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll” [2010-06-13 1438520]
“{51a86bb3-6602-4c85-92a5-130ee4864f13}”= “c:\program files\BrotherSoft_Extreme\tbBrot.dll” [2010-09-12 3863136]
“{30F9B915-B755-4826-820B-08FBA6BD249D}”= “c:\program files\ConduitEngine\ConduitEngine.dll” [2010-09-12 3863136]
“{e8de9422-3b2c-4243-bf6f-235da84d8ef8}”= “c:\program files\Brothersoft\tbBrot.dll” [2010-10-10 3906656]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{EEE6C35B-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll” [2010-06-13 1438520]
“{51A86BB3-6602-4C85-92A5-130EE4864F13}”= “c:\program files\BrotherSoft_Extreme\tbBrot.dll” [2010-09-12 3863136]
“{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}”= “c:\program files\Brothersoft\tbBrot.dll” [2010-10-10 3906656]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

[HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Adobe Reader Speed Launcher”=”c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2009-12-18 40368]
“DAEMON Tools-1033″=”c:\program files\D-Tools\daemon.exe” [2003-12-27 81920]
“WMPNSCFG”=”c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-10-18 204288]
“HP Software Update”=”c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-10-14 49152]
“Le Petit Robert Hyperappel”=”d:\lepetitrobert\prhyper.exe” [2001-10-11 22560]
“NvCplDaemon”=”c:\windows\system32\NvCpl.dll” [2006-08-11 7630848]
“swg”=”c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2010-09-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=”c:\windows\system32\NvCpl.dll” [2006-08-11 7630848]
“IgfxTray”=”c:\windows\system32\igfxtray.exe” [2005-04-05 94208]
“HotKeysCmds”=”c:\windows\system32\hkcmd.exe” [2005-04-05 77824]
“Persistence”=”c:\windows\system32\igfxpers.exe” [2005-04-05 114688]
“SweetIM”=”c:\program files\SweetIM\Messenger\SweetIM.exe” [2010-08-30 111928]
“Adobe Reader Speed Launcher”=”c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2009-12-18 40368]
“Adobe ARM”=”c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-12-11 948672]
“SAOB Monitor”=”c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe” [2010-08-20 2536448]
“TrueImageMonitor.exe”=”c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe” [2010-08-21 5458848]
“Acronis Scheduler2 Service”=”c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe” [2010-08-21 390736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=”c:\windows\system32\CTFMON.EXE” [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“RunNarrator”=”Narrator.exe” [2006-10-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableLinkedConnections”= 1 (0×1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exeautocheck autochk *

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“MCAgentExe”=
“VirusScan Online”=c:\program files\McAfee.com\VSO\mcvsshld.exe
“VSOCheckTask”=”c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“OASClnt”=c:\program files\McAfee.com\VSO\oasclnt.exe
“MCAgentExe”=c:\progra~1\mcafee.com\agent\McAgent.exe
“MCUpdateExe”=c:\progra~1\mcafee.com\agent\McUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\\Documents and Settings\\Emilia.ACASA-B240FBC99\\Desktop\\jocuri\\Delta Force Land Warrior 3\\Dflw.exe”=
“c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe”=
“c:\\Program Files\\Opera\\opera.exe”=
“c:\\Program Files\\GSC Game World\\Outbreak Demo\\OutBreak.exe”=
“c:\\Program Files\\Geneious\\Geneious.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\WINDOWS\\system32\\dplaysvr.exe”=
“c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\WINDOWS\\system32\\sessmgr.exe”=
“d:\\download\\SweetImSetup.exe”=
“d:\\Program Files\\BitTorrent\\BitTorrent.exe”=
“c:\\Program Files\\uTorrent\\uTorrent.exe”=
“d:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe”=
“d:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe”=
“c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe”=
“%windir%\\system32\\sessmgr.exe”=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3389:TCP”= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [11.05.2010 14:22 137216]
R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [11.05.2010 14:22 5248]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [09.12.2010 16:42 752128]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [09.12.2010 16:42 3975088]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [09.12.2010 16:42 163232]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [08.07.2009 12:57 17408]
S2 ATE_PROCMON;ATE_PROCMON;\??\d:\program files\Anti Trojan Elite\ATEPMon.sys –> d:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 gupdate;Serviciul Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.09.2010 21:46 136176]
S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [12.05.2005 11:43 241731]
S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [21.09.2010 02:34 93440]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [22.06.2009 18:06 113128]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\EMILIA~1.ACA\LOCALS~1\Temp0000ce9.nmc\nse\bin\ndiskio.sys –> c:\docume~1\EMILIA~1.ACA\LOCALS~1\Temp0000ce9.nmc\nse\bin\ndiskio.sys [?]
S3 nsak_42111AAB;nsak_42111AAB;\??\c:\docume~1\EMILIA~1.ACA\LOCALS~1\Temp0000455.nmc\nse\bin\nsak.sys –> c:\docume~1\EMILIA~1.ACA\LOCALS~1\Temp0000455.nmc\nse\bin\nsak.sys [?]
S3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys –> c:\windows\system32\Drivers\Tetris.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 19:46]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 19:46]

2011-01-02 c:\windows\Tasks\User_Feed_Synchronization-{4115CD7C-8438-4E30-AA92-887A0FC275F8}.job
- c:\windows\system32\msfeedssync.exe [2007-12-12 01:31]
.
.
——- Supplementary Scan ——-
.
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyServer = http=127.0.0.1:25458
IE: Add to Google Photos Screensa&ver – c:\windows\system32\GPhotos.scr/200
IE: E&xport în Microsoft Excel – c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki… – c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF – ProfilePath – c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Mozilla\Firefox\Profiles\7qukowrr.default\
FF – prefs.js: browser.search.defaulturl – hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
FF – prefs.js: browser.search.selectedEngine – Google
FF – prefs.js: browser.startup.homepage – hxxp://google.com
FF – prefs.js: keyword.URL – hxxp://search.sweetim.com/search.asp?src=2&q=
FF – Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} – c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF – Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} – %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
FF – Ext: Yoono: {d9284e50-81fc-11da-a72b-0800200c9a66} – %profile%\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF – Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} – %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
.
- – - – ORPHANS REMOVED – - – -

HKCU-Run-nwiz – nwiz.exe
HKCU-Run-QuickTime Task – c:\program files\QuickTime\qttask.exe
HKCU-Run-Messenger (Yahoo!) – ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
HKLM-Run-Anti Trojan Elite – d:\program files\Anti Trojan Elite\TJEnder.exe
Notify-dimsntfy – (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-02 22:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Le Petit Robert Hyperappel = d:\lepetitrobert\prhyper.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????\????.??\??????????????????????|? ??\???A??|x???]??|????????\??????|Z????????????,K????????????

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.
——————— LOCKED REGISTRY KEYS ———————

[HKEY_USERS\S-1-5-21-1614895754-562591055-839522115-1003\Software\SecuROM\License information*]
“datasecu”=hex:e1,45,5c,1a,5c,cb,63,8d,ce,9c,2c,3f,b2,ce,a9,40,0a,3d,99,dd,c8,
bf,56,44,8b,7f,bc,cd,3c,00,6a,fa,97,b2,4f,1e,a7,2e,8b,9b,3f,02,a5,18,0a,fe,\
“rkeysecu”=hex:67,3a,1b,5a,2d,71,1b,ae,75,0b,36,e2,8b,f5,37,e3

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=”FlashBroker”
“LocalizedString”=”@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101″

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=”c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe”

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=”IFlashBroker4″

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=”1.0″
.
——————— DLLs Loaded Under Running Processes ———————

- – - – - – - > ‘explorer.exe’(3760)
c:\windows\system32\WININET.dll
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\progra~1\PHOTOZ~1\pzShell.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
———————— Other Running Processes ————————
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\progra~1\mcafee.com\vso\mcshield.exe
d:\progra~1\Bandoo\Bandoo.exe
c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2011-01-02 22:36:40 – machine was rebooted
ComboFix-quarantined-files.txt 2011-01-02 20:36

Pre-Run: 646.217.728 bytes free
Post-Run: 1.448.091.648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=”Microsoft Windows Recovery Console” /cmdcons
UnsupportedDebug=”do not select this” /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=optin /fastdetect

- – End Of File – - 8BF3D6DAEF34E706613CD42A1775BCED
emilia
January 2, 2011 at 10:40 PM | Permalink | Reply

Am facut exact cum mi-ai zis!Programul asta a mai instalat ceva:Recoverying Console.E normal?

P.S. Programul ala Smart Engine a intrat fara sa vreau prin Opera 10,spunandu-mi ca am troieni si eu l-am instalat.Cred ca defapt el a adus troieni,nu?
emilia
January 2, 2011 at 10:46 PM | Permalink | Reply

My God!!!AM IAR CONEXIUNE!!!!!!!!MULTUMESC MULT!
Credeam ca singura sansa de reparare e sa reinstalez Windows-ul.MULTUMESC MULT!!!!AVETI UN SITE SUPER!
Gigi
January 2, 2011 at 10:51 PM | Permalink | Reply

E normal.

Descarca Remove Hosts, dezarhiveaza-l si executa fisierul. Restart.
Vei recapata acces la saiturile blocate prin fisierul hosts.

Apoi descarca Malwarebytes Anti-Malware, instaleaza-l, fa update si scaneaza PC complet.
La sfarsit indeparteaza infectiile gasite apasand Remove Selected.
emilia
January 2, 2011 at 11:04 PM | Permalink | Reply

Sigur e neaparata nevoie chestia cu hosts??Am acces la cele care nu mergeau,ex google,youtube.O sa fac chestia cu Malware anti malware.Acum am descarcat si Avast versiunea 5.1.E buna?Vreau sa-l tin ca antivirus.
emilia
January 2, 2011 at 11:20 PM | Permalink | Reply

Totusi,vad ca nu mai merge Daemon Tools.Zice C://daemon.dll error.A fost sters de combo fix.Cum sa fac sa mearga iar?Sa-l reinstalez?
Gigi
January 3, 2011 at 7:54 AM | Permalink | Reply

Nu patesti absolut nimic daca stergi hosts.

Avast e un antivirus bun, asta folosesc si eu alaturi de Comodo Firewall.

Reinstaleaza Daemon Tools si se va repara fisierul sters.
emilia
January 4, 2011 at 3:56 PM | Permalink | Reply

Nu sunt multumita de Avast!!mi face calculatorul sa se blocheze si sa mearga greu!Vreau sa-l dezinstalez dar nu vad iconul Unistall si nici la Add/remove programes nu-l gasesc.Cum sa-l dezinstalez?
1. Nick
  January 4, 2011 at 4:04 PM | Permalink | Reply
  
  @emilia
  Citeşte cu atenţie şi descarcă utilitarul de aici :
  http://www.avast.com/uninstall-utility
setmefreetl
January 4, 2011 at 4:19 PM | Permalink | Reply

@radu imi poti zice dc imi gasesc mereu la scan cu malwarebits KEY_LOCAL_MACHINESOFTWAREMicrosoftMSSMGR (Trojan.Downloader) poate sti de la ce mi se inf pc ca nu sunt singurul utilizator ..am inst pe el nis 2011.
emilia
January 4, 2011 at 4:19 PM | Permalink | Reply

Multumesc mult!Am reusit sa deinzstalez.Acum merge repede si nu se mai blocheaza.
setmefreetl
January 4, 2011 at 4:53 PM | Permalink | Reply

uite @radu atsa e logu meu ..poate ai timp sa te uiti peste el …cu respect
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Returnil\RVS3\rvsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\LogMeIn\x86\RaMaint.exe
C:\Programmi\LogMeIn\x86\LogMeIn.exe
C:\Programmi\Malwarebytes’ Anti-Malware\mbamservice.exe
C:\Programmi\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\VirusTotalUploader2\VirusTotalUpload2.exe
C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\vali\Documenti\Downloads\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Symantec NCO BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Programmi\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\Programmi\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O3 – Toolbar: Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Programmi\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 – HKLM\..\Run: [LogMeIn GUI] “C:\Programmi\LogMeIn\x86\LogMeInSystray.exe”
O4 – HKLM\..\Run: [Malwarebytes' Anti-Malware] “C:\Programmi\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [RocketDock] “C:\Programmi\RocketDock\RocketDock.exe”
O4 – HKCU\..\Run: [uTorrent] “C:\Programmi\uTorrent\uTorrent.exe”
O4 – HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVIZIO LOCALE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVIZIO DI RETE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 – Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 – Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 – Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292161287140
O20 – Winlogon Notify: winntn32 – C:\WINDOWS\SYSTEM32\winntn32.dll
O23 – Service: Forceware Web Interface (ForcewareWebInterface) – Apache Software Foundation – C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: LMIGuardianSvc – LogMeIn, Inc. – C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
O23 – Service: LogMeIn Maintenance Service (LMIMaint) – LogMeIn, Inc. – C:\Programmi\LogMeIn\x86\RaMaint.exe
O23 – Service: LogMeIn – LogMeIn, Inc. – C:\Programmi\LogMeIn\x86\LogMeIn.exe
O23 – Service: MBAMService – Malwarebytes Corporation – C:\Programmi\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 – Service: Norton Internet Security (NIS) – Symantec Corporation – C:\Programmi\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 – Service: ForceWare IP service (nSvcIp) – NVIDIA Corporation – C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 – Service: ForceWare user log service (nSvcLog) – NVIDIA Corporation – C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Returnil System Safe Core Service (RVSMONBL) – CJSC Returnil Software – C:\Programmi\Returnil\RVS3\rvsmon.exe
O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\Programmi\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 – Service: VideoAcceleratorService – Speedbit Ltd. – C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
zame77
January 8, 2011 at 12:46 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:29, on 08.01.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsPixArtPAC207Monitor.exe
C:Program FilesAVGAVG10avgtray.exe
C:Program FilesDAEMON Tools LiteDTLite.exe
C:Windowssystem32taskhost.exe
C:Program FilesAVGAVG10Identity Protectionagentbinavgidsmonitor.exe
C:Windowssystem32conhost.exe
C:Windowssystem32taskeng.exe
C:Program FilesIObitGame BoosterGameBox.exe
C:Windowssystem32ctfmon.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32taskhost.exe
D:Descarcate NetHiJackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ro/
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:Program FilesAVGAVG10avgssie.dll
O2 – BHO: McAfee SiteAdvisor BHO – {B164E929-A1B6-4A06-B104-2CD0E90A88FF} – c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:Program FilesAsk.comGenericAskToolbar.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:Program FilesJavajre6binjp2ssv.dll
O3 – Toolbar: McAfee SiteAdvisor Toolbar – {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} – c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O3 – Toolbar: Nero Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:Program FilesAsk.comGenericAskToolbar.dll
O4 – HKLM..Run: [Monitor] C:WindowsPixArtPAC207Monitor.exe
O4 – HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG10avgtray.exe
O4 – HKCU..Run: [DAEMON Tools Lite] “C:Program FilesDAEMON Tools LiteDTLite.exe” -autorun
O4 – HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘LOCAL SERVICE’)
O4 – HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘NETWORK SERVICE’)
O4 – Startup: RDS – Shortcut.lnk = ?
O4 – Global Startup: rock.url
O13 – Gopher Prefix:
O17 – HKLMSystemCCSServicesTcpip..{A1B1257A-0404-45EA-90BC-1873FA7D7DEF}: NameServer = 81.196.58.161 193.231.236.10
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:Program FilesAVGAVG10avgpp.dll
O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
O23 – Service: AVG Firewall (avgfws) – AVG Technologies CZ, s.r.o. – C:Program FilesAVGAVG10avgfws.exe
O23 – Service: AVGIDSAgent – AVG Technologies CZ, s.r.o. – C:Program FilesAVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe
O23 – Service: AVG WatchDog (avgwd) – AVG Technologies CZ, s.r.o. – C:Program FilesAVGAVG10avgwdsvc.exe
O23 – Service: McAfee SiteAdvisor Service – Unknown owner – C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
O23 – Service: @C:Program FilesNeroUpdateNASvc.exe,-200 (NAUpdate) – Nero AG – C:Program FilesNeroUpdateNASvc.exe
O23 – Service: NMSAccess – Unknown owner – C:Program FilesCDBurnerXPNMSAccessU.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:Windowssystem32nvsvc32.exe
O23 – Service: ServiceLayer – Nokia – C:Program FilesPC Connectivity SolutionServiceLayer.exe

–
End of file – 4568 bytes
Chestia asta cu ”rock.url”-se deschide singura,VA ROG AJUTATI-MA !
emilia
February 13, 2011 at 3:12 PM | Permalink | Reply

Buna!Cred ca am iar o problema!Calculatorul merge incetinit iar.Am luat un serial pt un program era ceva .exe am dat dublu click dar nu s-a deschis.Nu-l gasesc nicaieri in calculator sa-l sterg.La downloads in mozilla dau open file’s folder dar nu se deschide nimic.Banuiesc ca e un virus si nu pot sa l sterg.Uitati un log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:07, on 13.02.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzm.exe
C:\WINDOWS\Wrofaa.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\LePetitRobert\prhyper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Emilia.ACASA-B240FBC99\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzl.exe
D:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\Emilia.ACASA-B240FBC99\My Documents\Downloads\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25458
R3 – URLSearchHook: BrotherSoft Extreme Toolbar – {51a86bb3-6602-4c85-92a5-130ee4864f13} – C:\Program Files\BrotherSoft_Extreme\tbBrot.dll
R3 – URLSearchHook: Brothersoft Toolbar – {e8de9422-3b2c-4243-bf6f-235da84d8ef8} – C:\Program Files\Brothersoft\tbBrot.dll
R3 – URLSearchHook: SweetIM ToolbarURLSearchHook Class – {EEE6C35D-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: McAfee VirusScan – {BA52B914-B692-46c4-B683-905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 – Toolbar: EPSON Web-To-Page – {EE5D279F-081B-4404-994D-C6B60AAEBA6D} – C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 – Toolbar: SweetIM Toolbar for Internet Explorer – {EEE6C35B-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 – Toolbar: BrotherSoft Extreme Toolbar – {51a86bb3-6602-4c85-92a5-130ee4864f13} – C:\Program Files\BrotherSoft_Extreme\tbBrot.dll
O3 – Toolbar: Conduit Engine – {30F9B915-B755-4826-820B-08FBA6BD249D} – C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 – Toolbar: Brothersoft Toolbar – {e8de9422-3b2c-4243-bf6f-235da84d8ef8} – C:\Program Files\Brothersoft\tbBrot.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 – HKCU\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 – HKCU\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKCU\..\Run: [Le Petit Robert Hyperappel] D:\LePetitRobert\prhyper.exe
O4 – HKCU\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKCU\..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [F.lux] “C:\Documents and Settings\Emilia.ACASA-B240FBC99\Local Settings\Apps\F.lux\flux.exe” /noshow
O4 – HKCU\..\Run: [CE8SIIFGSU] C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzl.exe
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User ‘Default user’)
O8 – Extra context menu item: Add to Google Photos Screensa&ver – res://C:\WINDOWS\system32\GPhotos.scr/200
O8 – Extra context menu item: E&xport în Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Google Sidewiki… – res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 – Extra button: Cercetare – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: HP Smart Select – {DDE87865-83C5-48c4-8357-2F5B1AA84522} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 – DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) – file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
O16 – DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) – file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
O23 – Service: C-DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: Serviciul Google Update (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: PDEngine – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 – Service: PDScheduler (PDSched) – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDSched.exe

–
End of file – 8513 bytes
1. Radu FaraVirusi(com)
  February 13, 2011 at 4:13 PM | Permalink | Reply
  
  @emilia: Cum vrei sa nu te infectezi daca nu ai niciun antivirus instalat?!
  
  Bifeaza si remediaza urmatoarele linii:
  
  O4 – HKCU\..\Run: [F.lux] “C:\Documents and Settings\Emilia.ACASA-B240FBC99\Local Settings\Apps\F.lux\flux.exe” /noshow
  O4 – HKCU\..\Run: [CE8SIIFGSU] C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzl.exe
  
  Apoi instaleaza obligatoriu un Antivirus: recomand Avira sau Avast!
  
  Daca problema persista, descarca Malwarebytes Anti-Malware si Dr. Web CureIt! si scaneaza cu ele.
emilia
February 13, 2011 at 3:13 PM | Permalink | Reply

+ca la messenger nu pot vedea ce mi timite cel ce vb cu mine sau ce scriu eu.
emilia
February 14, 2011 at 4:25 PM | Permalink | Reply

Multumesc pentru ajutor.Am luat Avast 5.1.889 sper ca n-o sa mi mai blocheze sistemul.
1. Radu FaraVirusi(com)
  February 14, 2011 at 4:30 PM | Permalink | Reply
  
  @emilia: Cu placere
emilia
February 14, 2011 at 8:59 PM | Permalink | Reply

Totusi,problema cu messul nu s-a remediat.nu pot vedea textul care il trimit sau il primesc.Nu mi apare decat pe desktop in dreapta jos cand imi da mesaj cineva dar in fereastra nu…
emilia
February 14, 2011 at 9:02 PM | Permalink | Reply

Si am impresia ca nici nu se trimite ce scriu eu…
emilia
February 15, 2011 at 9:37 PM | Permalink | Reply

Gata,am rezolvat cu messul.Am folosit Combo Fix.Dar asta e tot datorita voua caci de aici am invatat cum sa folosesc programul.Multumesc
Emilia
May 21, 2011 at 1:33 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:45, on 21.05.2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Emilia\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Users\Emilia\Desktop\KillProcess.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\werfault.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Downloads\HiJackThis.exe

O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 1105 bytes

Am probleme cu calculatorul.
PS. Nu am putut sa debifez: “Hide protected operating file systems” pentru ca nu gasesc Tools.Sunt pe Vista Home Premium si nu stiu unde e optiunea aia.