HijackThis log – instructiuni

Spuneam intr-un articol precedent despre o dezinfectie eficienta a sistemului ca o varianta ar fi si postarea unui log HijackThis pe un forum specializat in analiza lui.

Pentru ca atunci nu dadusem niste instructiuni prea detaliate despre el, iata mai jos cum poti crea un log corect.

Descarci HijackThis de aici.
Il instalezi dar nu-l rulezi inca.

Te duci in My Computer-> Tools-> Folder options-> View si bifezi: “Show hidden files and folders”, apoi debifezi: “Hide protected operating file systems”. Dati OK.

Apoi rulezi HijackThis.exe
In fereastra care apare bifeaza Don’t show this frame again when I startup HijackThis.
Apasa primul buton de sus Do a system scan and save a logfile.
Copiaza logul din Notepad si posteaza-l intr-un nou topic pe un forum: recomand SoftPedia.


Nu fixa nimic cu HJT, cele mai multe intrari de acolo sunt legitime !

In unele cazuri este necesara de asemenea redenumirea hijackthis.exe in test.exe sau orice altceva, si rularea programului dupa aceea.

Succes!

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

105 responses to “HijackThis log – instructiuni”

  1. ady

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:41:12 AM, on 3/7/2010
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\ady\Downloads\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ro/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 – Hosts: ::1 localhost
    O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 – Toolbar: BitDefender Toolbar – {381FFDE8-2394-4f90-B10D-FC6124A40F8C} – C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
    O4 – HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
    O4 – HKLM\..\Run: [BDAgent] “C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe”
    O4 – HKLM\..\Run: [BitDefender Antiphishing Helper] “C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe”
    O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
    O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 – HKCU\..\Run: [PimpToolV3] C:\Program Files\StatusPimp\PimpTool\PimpTool.exe
    O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O13 – Gopher Prefix:
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 – Service: BitDefender Arrakis Server (Arrakis3) – BitDefender S.R.L. http://www.bitdefender.com – C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
    O23 – Service: BitDefender Desktop Update Service (LIVESRV) – BitDefender SRL – C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 – Service: TeamViewer 5 (TeamViewer5) – TeamViewer GmbH – C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    O23 – Service: BitDefender Virus Shield (VSSERV) – BitDefender S. R. L. – C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

  2. setmefree

    “radu”zi si mie daca am pc “bolnav” pls….Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:38:37 AM, on 3/7/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\VM331_STI.EXE
    C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
    C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Alice Messenger\alicemessenger.exe
    C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
    C:\Program Files\Alice ti aiuta\bin\mpbtn.exe
    C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
    C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
    C:\Program Files\Comodo\Dragon\dragon.exe
    C:\Program Files\Comodo\Dragon\dragon.exe
    C:\Program Files\Comodo\Dragon\dragon.exe
    C:\DOCUME~1\valy\LOCALS~1\Temp\DragonSetup_1.exe
    C:\Program Files\Comodo\Dragon\dragon.exe
    C:\Documents and Settings\valy\My Documents\Downloads\chituri\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2452477
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
    R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
    R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 – URLSearchHook: Games Bar 2 Toolbar – {90980889-669e-4bb9-9e4b-69563bf04375} – C:\Program Files\Games_Bar_2\tbGame.dll
    O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: Symantec NCO BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll
    O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\Program Files\Norton 360\Engine\4.0.0.127\IPSBHO.DLL
    O2 – BHO: Games Bar 2 Toolbar – {90980889-669e-4bb9-9e4b-69563bf04375} – C:\Program Files\Games_Bar_2\tbGame.dll
    O3 – Toolbar: Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll
    O3 – Toolbar: Games Bar 2 Toolbar – {90980889-669e-4bb9-9e4b-69563bf04375} – C:\Program Files\Games_Bar_2\tbGame.dll
    O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 – HKLM\..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
    O4 – HKLM\..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
    O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
    O4 – HKLM\..\Run: [HitmanPro35] “C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe” /scan:boot
    O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 – HKLM\..\Run: [331BigDog] C:\WINDOWS\VM331_STI.EXE
    O4 – HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
    O4 – HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
    O4 – HKCU\..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”
    O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
    O4 – HKCU\..\Run: [AliceMessenger] “C:\Program Files\Alice Messenger\alicemessenger.exe”
    O4 – Global Startup: Alice ti aiuta.lnk = C:\Program Files\Alice ti aiuta\bin\matcli.exe
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 – Service: Norton 360 (N360) – Symantec Corporation – C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
    O23 – Service: Network WanMiniport First Position – Unknown owner – C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
    O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    End of file – 7403 bytes

  3. Nick

    Radu,poti,te rog, sa-mi confirmi,ca nu am probleme? :roll:

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 11:12:41, on 07.03.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    C:\PROGRA~1\HDTUNE~1\HDTune.exe
    C:\Program Files\Weather Clock\WeatherClock.exe
    C:\Program Files\System Explorer\SystemExplorer.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Weather Clock\WClock.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ask.com/?o=15709&l=dis
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 – BHO: IDM Helper – {0055C089-8582-441B-A0BF-17B458C2A3A8} – C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 – BHO: Symantec NCO BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 – Toolbar: Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    O4 – HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe
    O4 – HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
    O4 – HKCU\..\Run: [SystemExplorerAutoStart] “C:\Program Files\System Explorer\SystemExplorer.exe” /TRAY
    O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
    O4 – HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
    O4 – HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)
    O4 – Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O8 – Extra context menu item: Descarcã conþinutul fiºierului FLV cu IDM – C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 – Extra context menu item: Descarcã cu IDM – C:\Program Files\Internet Download Manager\IEExt.htm
    O8 – Extra context menu item: Descarcã toate link-urile cu IDM – C:\Program Files\Internet Download Manager\IEGetAll.htm
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 – DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) – http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1252915572545
    O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
    O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
    O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
    O23 – Service: Norton Internet Security (NIS) – Symantec Corporation – C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    O23 – Service: PDAgent – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 – Service: PDEngine – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 – Service: StarWind AE Service (StarWindServiceAE) – StarWind Software – C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


    End of file – 6649 bytes

  4. Nick

    A4? :lol:

  5. setmefree

    “radu” mersi mult ..si nu am probleme cu pc. da am vrut sa stiu sigur daca am ce neinregula cu el

  6. Nick

    @Radu
    Vezi tu,psihologic analizând,marea majoritate a postărilor mele,trezesc (voluntar sau involuntar) micul drăcuşor ironic,care zace apatic, pe undeva în creieraşul tău!Lucru care nu poate ,decât sa ma bucure! :twisted:

  7. emilia

    Acum am dat din my computer sistem restore – off fara sa instalez un nou antivirus si am deschis apoi yahoo.mail; la alt site nu am observat aceasta problema; doar ca lucra calc mai greu si nu se deschidea emailul; acum incerc sa descarc avira editia free si sa vad daca gaseste ceva.

    Cu multumiri

  8. Mihai

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:07:55 PM, on 7/6/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lexmark 2500 Series\lxddmon.exe
    C:\Program Files\Lexmark 2500 Series\lxddamon.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    D:\BitComet\BitComet.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Miky\Desktop\HiJackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 124.247.211.238:3128
    R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 – URLSearchHook: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
    R3 – URLSearchHook: (no name) – {00A6FAF6-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1-072E-44cf-8957-5838F569A31D} – C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
    O2 – BHO: Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 – BHO: mwsBar BHO – {07B18EA1-A523-4961-B6BB-170DE4475CCA} – C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 – BHO: Lexmark Toolbar – {1017A80C-6F09-4548-A84D-EDD6AC9525F0} – C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 – BHO: Adobe PDF Link Helper – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: AVG Safe Search – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG9\avgssie.dll
    O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: JQSIEStartDetectorImpl Class – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 – BHO: SMTTB2009 Class – {FCBCCB87-9224-4B8D-B117-F56D924BEB18} – C:\Program Files\HyperCam Toolbar\tbcore3.dll
    O2 – BHO: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
    O3 – Toolbar: Lexmark Toolbar – {1017A80C-6F09-4548-A84D-EDD6AC9525F0} – C:\Program Files\Lexmark Toolbar\toolband.dll
    O3 – Toolbar: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
    O3 – Toolbar: HyperCam Toolbar – {338B4DFE-2E2C-4338-9E41-E176D497299E} – C:\Program Files\HyperCam Toolbar\tbcore3.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 – Toolbar: BS.Player ControlBar – {2C688203-7EB3-4327-9995-1CB417BA23F9} – C:\Program Files\BS.Player ControlBar\BSToolbar.dll
    O3 – Toolbar: My Web Search – {07B18EA9-A523-4961-B6BB-170DE4475CCA} – C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O4 – HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 – HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 – HKLM\..\Run: [lxddmon.exe] “C:\Program Files\Lexmark 2500 Series\lxddmon.exe”
    O4 – HKLM\..\Run: [lxddamon] “C:\Program Files\Lexmark 2500 Series\lxddamon.exe”
    O4 – HKLM\..\Run: [FaxCenterServer] “C:\Program Files\Lexmark Fax Solutions\fm3032.exe” /s
    O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
    O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
    O4 – HKLM\..\Run: [LogMeIn Hamachi Ui] “C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe” –auto-start
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 – HKLM\..\Run: [My Web Search Bar Search Scope Monitor] “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=2 /w /h
    O4 – HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [bcservice] D:\BitComet\bcservice.exe
    O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
    O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\Miky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
    O4 – HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
    O4 – HKCU\..\Run: [BitComet] “D:\BitComet\BitComet.exe”
    O4 – HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
    O4 – Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 – Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O8 – Extra context menu item: &Search – http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000341&p=GRfox000&si=&a=eXoqwANDqnzXZHC06bbDFw&n=2010061708
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O16 – DPF: {530F7E80-690F-438E-8A4F-E6CAECB4B6F3} (PLUGIN Control) – http://89.122.209.17:8088/CMSPlugin.cab
    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1272220127015
    O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272220087484
    O16 – DPF: {6F80BF27-CB16-4589-8C6A-DB422AAB2ED9} (HEM Video Decoder) – http://89.122.209.17:8088/vcredist_x86.exe
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 – HKLM\System\CCS\Services\Tcpip\..\{C97641AE-7319-486B-A91B-C95E959FB276}: NameServer = 81.180.123.74 80.96.202.14
    O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG9\avgpp.dll
    O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 – Winlogon Notify: avgrsstarter – C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 – Service: AVG Free E-mail Scanner (avg9emc) – AVG Technologies CZ, s.r.o. – C:\Program Files\AVG\AVG9\avgemc.exe
    O23 – Service: AVG Free WatchDog (avg9wd) – AVG Technologies CZ, s.r.o. – C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) – Apple Computer, Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
    O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 – Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) – LogMeIn Inc. – C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
    O23 – Service: lxddCATSCustConnectService – Lexmark International, Inc. – C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe
    O23 – Service: lxdd_device – – C:\WINDOWS\system32\lxddcoms.exe
    O23 – Service: My Web Search Service (MyWebSearchService) – MyWebSearch.com – C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
    O23 – Service: nProtect GameGuard Service (npggsvc) – Unknown owner – C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: PnkBstrA – Unknown owner – C:\WINDOWS\system32\PnkBstrA.exe
    O23 – Service: PnkBstrB – Unknown owner – C:\WINDOWS\system32\PnkBstrB.exe
    O24 – Desktop Component 0: (no name) – http://i37.tinypic.com/2njvlz7.jpg
    O24 – Desktop Component 1: (no name) – http://www.gangsters.ro/images/themes/nt/fals.gif
    O24 – Desktop Component 2: (no name) – http://www.gangsters.ro/images/qicons/trade-off.gif
    O24 – Desktop Component 3: (no name) – http://www.the-west.ro/images/index/preview_pictures/tmb/thumb06.jpg


    End of file – 11741 bytes

    Mi se reseteaza pc fara sa fac nimic si mi se minimizeaza jocurile.Sper sa ma ajutati!

  9. mIHAI

    ms si scuze de email da mie nu imi aparea ca sa postat mesaju…

  10. ViorelFlorin

    Radu,poti sa-mi confirmi si mie ca nu am probleme?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:28:52, on 21.07.2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\ThreatFire\TFService.exe
    C:\Program Files\Wuala Dokan\mounter.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe
    C:\Program Files\Panda USB Vaccine\USBVaccine.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\ThreatFire\TFTray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Ditto\Ditto.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\PortableApps.com\PortableAppsPlatform.exe
    D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\AIMP2\AIMP2.exe
    D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\FirefoxPortable\FirefoxPortable.exe
    D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\FirefoxPortable\App\firefox\firefox.exe
    D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\FirefoxPortable\App\firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    D:\Downloads\HiJackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 – BHO: BitComet ClickCapture – {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} – D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\tools\bitcometbho.dll
    O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 – HKLM\..\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
    O4 – HKLM\..\Run: [avast5] “C:\Program Files\Alwil Software\Avast5\avastUI.exe” /nogui
    O4 – HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
    O4 – HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 – HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe
    O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
    O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
    O8 – Extra context menu item: &D&ownload &with BitComet – res://D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\BitComet.exe/AddLink.htm
    O8 – Extra context menu item: &D&ownload all video with BitComet – res://D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\BitComet.exe/AddVideo.htm
    O8 – Extra context menu item: &D&ownload all with BitComet – res://D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\BitComet.exe/AddAllLink.htm
    O9 – Extra button: BitComet – {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} – res://D:\G\backup apps\PortableAppsBackup-2010-02-14-Drive\PortableApps\BitComet_1.18\tools\bitcometbho.dll/206 (file missing)
    O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O13 – Gopher Prefix:
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 – Service: AMD External Events Utility – AMD – C:\Windows\system32\atiesrxx.exe
    O23 – Service: avast! Antivirus – AVAST Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 – Service: avast! Mail Scanner – AVAST Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 – Service: avast! Web Scanner – AVAST Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 – Service: NMSAccess – Unknown owner – C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 – Service: nProtect GameGuard Service (npggsvc) – Unknown owner – C:\Windows\system32\GameMon.des.exe (file missing)
    O23 – Service: Steam Client Service – Valve Corporation – C:\Program Files\Common Files\Steam\SteamService.exe
    O23 – Service: ThreatFire – PC Tools – C:\Program Files\ThreatFire\TFService.exe
    O23 – Service: wDokanMounter – Unknown owner – C:\Program Files\Wuala Dokan\mounter.exe


    End of file – 6870 bytes

  11. ViorelFlorin

    Probleme cu Pc-ul? Nu prea,dar cateodata aud niste voci distorsionate si mam panicat,am crezut ca cineva ma spioneaza.Imediat am dat erase la toate hardurile(a durat vreo 8 ore) dupa care am facut reinstall de windows si de atunci nu am mai auzit asa ceva.Oricine care se afla in locul meu cred ca proceda la fel mai ales ca eu fac tranzactii online era normal.Ciudat era ca auzeam vocile alea(parca zici ca era chineza :)) cand cumparam ceva de la magazine online si bagam numarul cardului.

    Multumesc mult pentru raspunsul acordat.

    Cheers

  12. any

    am virusi in comp si nu stiu cum sa ii scot stie cineva cum se poate scoate va rog din suflet sa imi spuneti

  13. odo

    Salut!!! Am intalnit saptamana trecuta la cineva o ciudatenie de virus, care de fapt infecta toate procesele pc-ului: soundmax, svghost, explorer, iexplorer, notepad etc… Daca le eliminam cu antivirusul (avira) dupa un restart tot imi apareau, daca le bagam la carantina, la fel…doar ca singurul proces care putea fi eliminat este explorer.exe Daca il stergeam pe acesta ciuciu icoane, bara de start etc. Am incercat sa intru sa verific starea pc-ului in safe mod dar nu mergea nici ala… de dezintalat programe nu mergea, sa aleg optinui nu mergea…era cam paralizat calculatorul…. Asa ca a trebuit sa formatez si sa bag windowsul la loc… Dupa aceasta am instalat antivirusul si tot ce aveam nevoie (scanate si fara virusi) si povestea se repeta… Windowsul si programele sunt curate (sunt scanate si le am si io in pc si fara nici un incident)…
    Calculatorul are 2 harduri: unul formatat complet iar in celalalt sunt jocuri mici cracuite…Am scanat si acel hard si tot ce am reusit sa gasesc sunt decat cracurile jocurilor biggrin.gif Cand nu instalez nici un antivirus merge uns smile.gif)
    Am facut un hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:57:50 PM, on 11/4/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\deea&ana\Desktop\HijackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    End of file – 1896 bytes

  14. smockerikkk

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:53:01 PM, on 11/12/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\system\dwm.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Razer\Krait\razerhid.exe
    C:\Program Files\Razer\Krait\razertra.exe
    C:\Program Files\Razer\Krait\razerofa.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\System32\mshta.exe
    C:\WINDOWS\System32\mshta.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    c:\program files\steam\steamapps\smockerikkksan\counter-strike\hl.exe
    C:\Program Files\Steam\GameOverlayUI.exe
    c:\windows\system32\wuaucldt.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\mshta.exe
    C:\Documents and Settings\TEMP.EVEREST\My Documents\Downloads\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dvdvideosoft.com/r/AfterInstallWC_YouTubeDownload.htm
    R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 – BHO: YSPManager – {25BC7718-0BFA-40EA-B381-4B2D9732D686} – C:\Program Files\Yahoo!\Search Protection\ysp.dll
    O2 – BHO: Winamp Toolbar Loader – {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} – C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 – BHO: Conduit Engine – {30F9B915-B755-4826-820B-08FBA6BD249D} – C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O2 – BHO: Softonic-Eng7 Toolbar – {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files\Softonic-Eng7\tbSof0.dll
    O2 – BHO: DVDVideoSoftTB Toolbar – {872b5b88-9db5-4310-bdd0-ac189557e5f5} – C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
    O2 – BHO: SkypeIEPluginBHO – {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O2 – BHO: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_2.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 – Toolbar: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_2.dll
    O3 – Toolbar: Winamp Toolbar – {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} – C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 – Toolbar: DVDVideoSoftTB Toolbar – {872b5b88-9db5-4310-bdd0-ac189557e5f5} – C:\Program Files\DVDVideoSoftTB\tbDVD2.dll
    O3 – Toolbar: Softonic-Eng7 Toolbar – {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files\Softonic-Eng7\tbSof0.dll
    O3 – Toolbar: Conduit Engine – {30F9B915-B755-4826-820B-08FBA6BD249D} – C:\Program Files\ConduitEngine\ConduitEngin0.dll
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 – HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
    O4 – HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
    O4 – HKCU\..\Run: [wuaucldt] c:\documents and settings\temp.everest\wuaucldt.exe
    O4 – HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
    O8 – Extra context menu item: Free YouTube Download – C:\Documents and Settings\TEMP.EVEREST\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
    O9 – Extra button: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 – Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 – Extra button: (no name) – {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} – C:\Program Files\Yahoo!\Search Protection\ysp.dll
    O9 – Extra ‘Tools’ menuitem: Yahoo! Search Protection – {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} – C:\Program Files\Yahoo!\Search Protection\ysp.dll
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O18 – Protocol: skype-ie-addon-data – {91774881-D725-4E58-B298-07617B9B86A8} – C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 – Service: ATK Keyboard Service (ATKKeyboardService) – ASUSTeK COMPUTER INC. – C:\WINDOWS\ATKKBService.exe
    O23 – Service: IpSectPro service (darkness) – SecureNet – C:\WINDOWS\system\dwm.exe
    O23 – Service: ESET HTTP Server (EhttpSrv) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 – Service: ESET Service (ekrn) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    End of file – 7641 bytes

  15. emilia

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:17, on 02.01.2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program

    Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\LePetitRobert\prhyper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Wrofaav.exe
    C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzr.exe
    C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\SDM143\Free

    Ride Games.exe
    D:\Anti-Spyware Blocker\Anti-Virus.exe
    C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzm.exe
    C:\WINDOWS\system32\svchost.exe
    D:\PROGRA~1\Bandoo\Bandoo.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Emilia.ACASA-B240FBC99\My

    Documents\Downloads\HiJackThis.exe
    C:\WINDOWS\system32\cidaemon.exe

    R1 – HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title

    = Microsoft Internet Explorer
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,AutoConfigURL = 1000043050@romtelecom1.net
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = http=127.0.0.1:25458
    R3 – URLSearchHook: (no name) –

    {00A6FAF6-072E-44cf-8957-5838F569A31D} – C:\Program

    Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (file missing)
    R3 – URLSearchHook: BrotherSoft Extreme Toolbar –

    {51a86bb3-6602-4c85-92a5-130ee4864f13} – C:\Program

    Files\BrotherSoft_Extreme\tbBrot.dll
    R3 – URLSearchHook: Brothersoft Toolbar –

    {e8de9422-3b2c-4243-bf6f-235da84d8ef8} – C:\Program

    Files\Brothersoft\tbBrot.dll
    R3 – URLSearchHook: SweetIM ToolbarURLSearchHook Class –

    {EEE6C35D-6118-11DC-9C72-001320C79847} – C:\Program

    Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O1 – Hosts: 74.125.45.100 4-open-davinci.com
    O1 – Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 – Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 – Hosts: 69.65.50.147 http://www.google.com
    O1 – Hosts: 69.65.50.147 google.com
    O1 – Hosts: 69.65.50.147 google.com.au
    O1 – Hosts: 69.65.50.147 http://www.google.com.au
    O1 – Hosts: 69.65.50.147 google.be
    O1 – Hosts: 69.65.50.147 http://www.google.be
    O1 – Hosts: 69.65.50.147 google.com.br
    O1 – Hosts: 69.65.50.147 http://www.google.com.br
    O1 – Hosts: 69.65.50.147 google.ca
    O1 – Hosts: 69.65.50.147 http://www.google.ca
    O1 – Hosts: 69.65.50.147 google.ch
    O1 – Hosts: 69.65.50.147 http://www.google.ch
    O1 – Hosts: 69.65.50.147 google.de
    O1 – Hosts: 69.65.50.147 http://www.google.de
    O1 – Hosts: 69.65.50.147 google.dk
    O1 – Hosts: 69.65.50.147 http://www.google.dk
    O1 – Hosts: 69.65.50.147 google.fr
    O1 – Hosts: 69.65.50.147 http://www.google.fr
    O1 – Hosts: 69.65.50.147 google.ie
    O1 – Hosts: 69.65.50.147 http://www.google.ie
    O1 – Hosts: 69.65.50.147 google.it
    O1 – Hosts: 69.65.50.147 http://www.google.it
    O1 – Hosts: 69.65.50.147 google.co.jp
    O1 – Hosts: 69.65.50.147 http://www.google.co.jp
    O1 – Hosts: 69.65.50.147 google.nl
    O1 – Hosts: 69.65.50.147 http://www.google.nl
    O1 – Hosts: 69.65.50.147 google.no
    O1 – Hosts: 69.65.50.147 http://www.google.no
    O1 – Hosts: 69.65.50.147 google.co.nz
    O1 – Hosts: 69.65.50.147 http://www.google.co.nz
    O1 – Hosts: 69.65.50.147 google.pl
    O1 – Hosts: 69.65.50.147 http://www.google.pl
    O1 – Hosts: 69.65.50.147 google.se
    O1 – Hosts: 69.65.50.147 http://www.google.se
    O1 – Hosts: 69.65.50.147 google.co.uk
    O1 – Hosts: 69.65.50.147 http://www.google.co.uk
    O1 – Hosts: 69.65.50.147 google.co.za
    O1 – Hosts: 69.65.50.147 http://www.google.co.za
    O1 – Hosts: 69.65.50.147 http://www.google-analytics.com
    O1 – Hosts: 69.65.50.147 http://www.bing.com
    O1 – Hosts: 69.65.50.147 search.yahoo.com
    O1 – Hosts: 69.65.50.147 http://www.search.yahoo.com
    O1 – Hosts: 69.65.50.147 uk.search.yahoo.com
    O1 – Hosts: 69.65.50.147 ca.search.yahoo.com
    O1 – Hosts: 69.65.50.147 de.search.yahoo.com
    O1 – Hosts: 69.65.50.147 fr.search.yahoo.com
    O1 – Hosts: 69.65.50.147 au.search.yahoo.com
    O1 – Hosts: 69.65.50.147 http://www.youtube.com
    O1 – Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 – Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 – Hosts: 74.125.45.100 secure-plus-payments.com
    O1 – Hosts: 74.125.45.100 http://www.getantivirusplusnow.com
    O1 – Hosts: 74.125.45.100 http://www.secure-plus-payments.com
    O1 – Hosts: 74.125.45.100 http://www.getavplusnow.com
    O1 – Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 – Hosts: 74.125.45.100 urs.microsoft.com
    O1 – Hosts: 74.125.45.100 http://www.securesoftwarebill.com
    O1 – Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 – Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 – Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O3 – Toolbar: McAfee VirusScan –

    {BA52B914-B692-46c4-B683-905236F6F655} –

    c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 – Toolbar: EPSON Web-To-Page –

    {EE5D279F-081B-4404-994D-C6B60AAEBA6D} – C:\Program

    Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 – Toolbar: SweetIM Toolbar for Internet Explorer –

    {EEE6C35B-6118-11DC-9C72-001320C79847} – C:\Program

    Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 – Toolbar: BrotherSoft Extreme Toolbar –

    {51a86bb3-6602-4c85-92a5-130ee4864f13} – C:\Program

    Files\BrotherSoft_Extreme\tbBrot.dll
    O3 – Toolbar: Conduit Engine –

    {30F9B915-B755-4826-820B-08FBA6BD249D} – C:\Program

    Files\ConduitEngine\ConduitEngine.dll
    O3 – Toolbar: Brothersoft Toolbar –

    {e8de9422-3b2c-4243-bf6f-235da84d8ef8} – C:\Program

    Files\Brothersoft\tbBrot.dll
    O3 – Toolbar: Google Toolbar –

    {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program

    Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 – HKLM\..\Run: [avast!]

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 – HKLM\..\Run: [HotKeysCmds]

    C:\WINDOWS\system32\hkcmd.exe
    O4 – HKLM\..\Run: [Persistence]

    C:\WINDOWS\system32\igfxpers.exe
    O4 – HKLM\..\Run: [SweetIM] C:\Program

    Files\SweetIM\Messenger\SweetIM.exe
    O4 – HKLM\..\Run: [Anti Trojan Elite] D:\Program Files\Anti Trojan

    Elite\TJEnder.exe :NO
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program

    Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common

    Files\Adobe\ARM\1.0\AdobeARM.exe”
    O4 – HKLM\..\Run: [SAOB Monitor] C:\Program

    Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    O4 – HKLM\..\Run: [TrueImageMonitor.exe] “C:\Program

    Files\Acronis\TrueImageHome\TrueImageMonitor.exe”
    O4 – HKLM\..\Run: [Acronis Scheduler2 Service] “C:\Program

    Files\Common Files\Acronis\Schedule2\schedhlp.exe”
    O4 – HKCU\..\Run: [nwiz] nwiz.exe /install
    O4 – HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program

    Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    O4 – HKCU\..\Run: [QuickTime Task] “C:\Program

    Files\QuickTime\qttask.exe” -atboottime
    O4 – HKCU\..\Run: [MSMSGS] “C:\Program

    Files\Messenger\msmsgs.exe” /background
    O4 – HKCU\..\Run: [DAEMON Tools-1033] “C:\Program

    Files\D-Tools\daemon.exe” -lang 1033
    O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

    Player\WMPNSCFG.exe
    O4 – HKCU\..\Run: [HP Software Update] C:\Program Files\HP\HP

    Software Update\HPWuSchd2.exe
    O4 – HKCU\..\Run: [Le Petit Robert Hyperappel]

    D:\LePetitRobert\prhyper.exe
    O4 – HKCU\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [Messenger (Yahoo!)]

    ~”C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – HKCU\..\Run: [MyWebSearch Email Plugin]

    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 – HKCU\..\Run: [KOO9RV9K4Z]

    C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzm.exe
    O4 – HKCU\..\Run: [SMH2B46TDP] C:\WINDOWS\Wrofaav.exe
    O4 – HKCU\..\Run: [NtWqIVLZEWZU]

    C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzr.exe
    O4 – HKCU\..\Run: [Smart Engine] “C:\Documents and Settings\All

    Users\Application Data\5655e9\SM565_231.exe” /s /d
    O4 – HKCU\..\Run: [swg] “C:\Program

    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
    O4 – HKCU\..\Run: [Exent_SDM]

    C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\SDM143\Free

    Ride Games.exe “l ‘Startup’ u

    ‘http://www.freeridegames.com/do/SDM?action=config&contentId=

    %d’ p ’143′ c ’528950′”
    O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

    C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

    C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK

    SERVICE’)
    O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

    C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
    O4 – HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User

    ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

    C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
    O4 – HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User

    ‘Default user’)
    O4 – Global Startup: Anti-Spyware Blocker.lnk = D:\Anti-Spyware

    Blocker\Anti-Virus.exe
    O8 – Extra context menu item: &Search –

    http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100

    000334&p=ZCman000&si=&a=BFW.ghZImK7NnEmaCFI53Q&n=20101

    00915
    O8 – Extra context menu item: Add to Google Photos Screensa&ver –

    res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 – Extra context menu item: E&xport în Microsoft Excel –

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 – Extra context menu item: Google Sidewiki… – res://C:\Program

    Files\Google\Google

    Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB50

    1E03.dll/cmsidewiki.html
    O9 – Extra button: Cercetare –

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} –

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: HP Smart Select –

    {DDE87865-83C5-48c4-8357-2F5B1AA84522} – C:\Program

    Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583}

    - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 –

    {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O10 – Unknown file in Winsock LSP:

    c:\windows\system32\nwprovau.dll
    O20 – AppInit_DLLs:
    O23 – Service: Acronis Scheduler2 Service (AcrSch2Svc) – Acronis –

    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 – Service: Acronis Nonstop Backup service (afcdpsrv) – Acronis –

    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL

    Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 – Service: avast! Antivirus – ALWIL Software – C:\Program

    Files\Alwil Software\Avast4\ashServ.exe
    O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program

    Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program

    Files\Alwil Software\Avast4\ashWebSv.exe
    O23 – Service: Bandoo Coordinator – Discordia Limited –

    D:\PROGRA~1\Bandoo\Bandoo.exe
    O23 – Service: Boonty Games – Unknown owner – C:\Program

    Files\Common Files\BOONTY Shared\Service\Boonty.exe (file

    missing)
    O23 – Service: C-DillaCdaC11BA – Macrovision –

    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 – Service: Serviciul Google Update (gupdate) (gupdate) – Google

    Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 – Service: Google Software Updater (gusvc) – Google – C:\Program

    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision

    Corporation – C:\Program Files\Common

    Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 – Service: McAfee WSC Integration (McDetect.exe) – Unknown

    owner – c:\program files\mcafee.com\agent\mcdetect.exe (file

    missing)
    O23 – Service: McAfee.com McShield (McShield) – McAfee Inc. –

    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 – Service: McAfee Task Scheduler (McTskshd.exe) – Unknown

    owner – c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file

    missing)
    O23 – Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe)

    - Unknown owner –

    C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA

    Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: PDEngine – Raxco Software, Inc. – C:\Program

    Files\Raxco\PerfectDisk\PDEngine.exe
    O23 – Service: PDScheduler (PDSched) – Raxco Software, Inc. –

    C:\Program Files\Raxco\PerfectDisk\PDSched.exe


    End of file – 13465 bytes

  16. Gigi

    @Emilia:

    In Hijack-This bifeaza si apasa Fix Checked pentru liniile:

    O4 – HKCU..Run: [KOO9RV9K4Z] C:DOCUME~1EMILIA~1.ACALOCALS~1TempWzm.exe
    O4 – HKCU..Run: [SMH2B46TDP] C:WINDOWSWrofaav.exe
    O4 – HKCU..Run: [NtWqIVLZEWZU] C:DOCUME~1EMILIA~1.ACALOCALS~1TempWzr.exe
    O4 – HKCU..Run: [Smart Engine] “C:Documents and SettingsAll UsersApplication Data5655e9SM565_231.exe” /s /d
    O4 – HKCU..Run: [Exent_SDM] C:DOCUME~1EMILIA~1.ACALOCALS~1TempSDM143Free Ride Games.exe “l ‘Startup’ u
    O4 – Global Startup: Anti-Spyware Blocker.lnk = D:Anti-Spyware BlockerAnti-Virus.exe

    Apoi:

    Descarca Combofix.
    Descarca fisierul CFScript.txt si trage-l cu masul peste Combofix (vezi poza).
    Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
    La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI.

  17. emilia

    ComboFix 11-01-02.02 – Emilia 02.01.2011 22:18:30.1.1 – x86
    Microsoft Windows XP Professional 5.1.2600.2.1250.40.1033.18.503.227 [GMT 2:00]
    Running from: c:\documents and settings\Emilia.ACASA-B240FBC99\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Emilia.ACASA-B240FBC99\Desktop\CFScript.txt

    FILE ::
    “c:\docume~1\EMILIA.ACA\LOCAL Settings\Temp\SDM143\Free Ride Games.exe”
    “c:\docume~1\EMILIA.ACA\LOCAL Settings\Temp\Wzm.exe”
    “c:\documents and settings\All Users\Application Data\5655e9\SM565_231.exe”
    “c:\documents and settings\EMILIA.ACA\LOCAL Settings\Temp\Wzr.exe”
    “c:\windows\Wrofaav.exe”
    “d:\anti-spyware blocker\Anti-Virus.exe”
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Smart Engine
    c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Smart Engine\cookies.sqlite
    c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Smart Engine\Instructions.ini
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\ANTIGEN.sys
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\ANTIGEN.tmp
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\cb.drv
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\ddv.tmp
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\eb.drv
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\energy.drv
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\exec.sys
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\fix.sys
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\kernel32.dll
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\PE.dll
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\PE.tmp
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\ppal.dll
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\runddlkey.exe
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\runddlkey.tmp
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\snl2w.sys
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\tempdoc.exe
    c:\documents and settings\Emilia.ACASA-B240FBC99\Recent\tjd.dll
    c:\documents and settings\Emilia.ACASA-B240FBC99\Uninstall.exe
    c:\program files\FunWebProducts
    c:\program files\FunWebProducts\Shared020D4B9.dat
    c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    c:\program files\MyWebSearch
    c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
    c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
    c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
    c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
    c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
    c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
    c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
    c:\program files\MyWebSearch\bar\Cache013C864
    c:\program files\MyWebSearch\bar\Cache020649A
    c:\program files\MyWebSearch\bar\Cache0206DE1
    c:\program files\MyWebSearch\bar\Cache020736F.bin
    c:\program files\MyWebSearch\bar\Cache0207534.bin
    c:\program files\MyWebSearch\bar\Cache02075D0.bin
    c:\program files\MyWebSearch\bar\Cache020767C.bin
    c:\program files\MyWebSearch\bar\Cache02B3DF2.bin
    c:\program files\MyWebSearch\bar\Cache02B3F78.bmp
    c:\program files\MyWebSearch\bar\Cache02B411E.bin
    c:\program files\MyWebSearch\bar\Cache02B42F3.bin
    c:\program files\MyWebSearch\bar\Cache\files.ini
    c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
    c:\program files\MyWebSearch\bar\Game\CHESS.F3S
    c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
    c:\program files\MyWebSearch\bar\History\search3
    c:\program files\MyWebSearch\bar\icons\CM.ICO
    c:\program files\MyWebSearch\bar\icons\MFC.ICO
    c:\program files\MyWebSearch\bar\icons\PSS.ICO
    c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
    c:\program files\MyWebSearch\bar\icons\WB.ICO
    c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
    c:\program files\MyWebSearch\bar\Message\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
    c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
    c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
    c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
    c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
    c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
    c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
    c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
    c:\program files\MyWebSearch\bar\Settings\s_pid.dat
    C:\readme.txt
    c:\windows\daemon.dll
    c:\windows\system32\_004731_.tmp.dll
    c:\windows\system32\_004732_.tmp.dll
    c:\windows\system32\_004733_.tmp.dll
    c:\windows\system32\_004734_.tmp.dll
    c:\windows\system32\_004741_.tmp.dll
    c:\windows\system32\_004742_.tmp.dll
    c:\windows\system32\_004743_.tmp.dll
    c:\windows\system32\_004745_.tmp.dll
    c:\windows\system32\_004746_.tmp.dll
    c:\windows\system32\_004749_.tmp.dll
    c:\windows\system32\_004750_.tmp.dll
    c:\windows\system32\_004752_.tmp.dll
    c:\windows\system32\_004753_.tmp.dll
    c:\windows\system32\_004754_.tmp.dll
    c:\windows\system32\_004756_.tmp.dll
    c:\windows\system32\_004759_.tmp.dll
    c:\windows\system32\_004760_.tmp.dll
    c:\windows\system32\_004761_.tmp.dll
    c:\windows\system32\_004764_.tmp.dll
    c:\windows\system32\_004765_.tmp.dll
    c:\windows\system32\_004767_.tmp.dll
    c:\windows\system32\_004770_.tmp.dll
    c:\windows\system32\_004772_.tmp.dll
    c:\windows\system32\_004773_.tmp.dll
    c:\windows\system32\_004774_.tmp.dll
    c:\windows\system32\_004775_.tmp.dll
    c:\windows\system32\_004778_.tmp.dll
    c:\windows\system32\_004779_.tmp.dll
    c:\windows\system32\_004780_.tmp.dll
    c:\windows\system32\_004781_.tmp.dll
    c:\windows\system32\_004782_.tmp.dll
    c:\windows\system32\_004787_.tmp.dll
    c:\windows\system32\_004789_.tmp.dll
    c:\windows\system32\_004790_.tmp.dll
    c:\windows\system32\f3PSSavr.scr
    c:\windows\system32\ReadMe.txt
    c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    c:\windows\Temp\scsE.tmp
    c:\windows\Temp\scsF.tmp
    c:\windows\Wrofa0.exe
    c:\windows\Wrofa1.exe
    c:\windows\Wrofa2.exe
    c:\windows\Wrofa3.exe
    c:\windows\Wrofa4.exe
    c:\windows\Wrofa5.exe
    c:\windows\Wrofa6.exe
    c:\windows\Wrofa7.exe
    c:\windows\Wrofa8.exe
    c:\windows\Wrofa9.exe
    c:\windows\Wrofaa.exe
    c:\windows\Wrofaaa.exe
    c:\windows\Wrofaab.exe
    c:\windows\Wrofaac.exe
    c:\windows\Wrofaad.exe
    c:\windows\Wrofaae.exe
    c:\windows\Wrofaaf.exe
    c:\windows\Wrofaag.exe
    c:\windows\Wrofaah.exe
    c:\windows\Wrofaai.exe
    c:\windows\Wrofaaj.exe
    c:\windows\Wrofaak.exe
    c:\windows\Wrofaal.exe
    c:\windows\Wrofaam.exe
    c:\windows\Wrofaan.exe
    c:\windows\Wrofaao.exe
    c:\windows\Wrofaap.exe
    c:\windows\Wrofaaq.exe
    c:\windows\Wrofaar.exe
    c:\windows\Wrofaas.exe
    c:\windows\Wrofaat.exe
    c:\windows\Wrofaau.exe
    c:\windows\Wrofaav.exe
    c:\windows\Wrofaaw.exe
    c:\windows\Wrofab.exe
    c:\windows\Wrofac.exe
    c:\windows\Wrofad.exe
    c:\windows\Wrofae.exe
    c:\windows\Wrofaf.exe
    c:\windows\Wrofag.exe
    c:\windows\Wrofah.exe
    c:\windows\Wrofai.exe
    c:\windows\Wrofaj.exe
    c:\windows\Wrofak.exe
    c:\windows\Wrofal.exe
    c:\windows\Wrofam.exe
    c:\windows\Wrofan.exe
    c:\windows\Wrofao.exe
    c:\windows\Wrofap.exe
    c:\windows\Wrofaq.exe
    c:\windows\Wrofar.exe
    c:\windows\Wrofas.exe
    c:\windows\Wrofat.exe
    c:\windows\Wrofau.exe
    c:\windows\Wrofav.exe
    c:\windows\Wrofaw.exe
    c:\windows\Wrofax.exe
    c:\windows\Wrofay.exe
    c:\windows\Wrofaz.exe
    d:\anti-spyware blocker\Anti-Virus.exe
    d:\pcforu~1\Ebook\AFFIrm~1.exe

    —– File Replicators —–

    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395393.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395394.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395396.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395397.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395398.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395400.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395401.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395402.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395404.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395405.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395406.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395408.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395409.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395410.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395412.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395413.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395414.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395416.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395417.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395418.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395420.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395421.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395422.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395424.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395425.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395426.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395428.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395429.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395430.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395432.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395433.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395434.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395436.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395437.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395438.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395440.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395441.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395442.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395444.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395445.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395446.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395448.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395449.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395450.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395452.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395453.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395454.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395456.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395457.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395458.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395460.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395461.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395462.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395464.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395465.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395466.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395468.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395469.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395470.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395472.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395473.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395474.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395476.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395477.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395478.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395480.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395481.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395482.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395484.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395485.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395486.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395488.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395489.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395490.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395492.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395493.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395494.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395496.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395497.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395498.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395500.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395501.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395502.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395504.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395505.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395506.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395508.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395509.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395510.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395512.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395513.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395514.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395516.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395517.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395518.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395520.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395521.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395522.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395524.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395525.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395526.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395528.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395529.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395530.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395532.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395533.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395534.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395536.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395537.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395538.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395540.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395541.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395542.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395544.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395545.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395546.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395548.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395549.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395550.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395552.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395553.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395554.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395556.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395557.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395558.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395560.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395561.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395562.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395564.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395565.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395566.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395568.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395569.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395570.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395572.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395573.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395574.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395576.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395577.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395578.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395580.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395581.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395582.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395584.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395585.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395586.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395588.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395589.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395590.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395592.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395593.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395594.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395596.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395597.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395598.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395600.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395601.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395602.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395604.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395605.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395606.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395608.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395609.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395610.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395612.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395613.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395614.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395616.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395617.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395618.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395620.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395621.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395622.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395624.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395625.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395626.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395628.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395629.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395630.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395632.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395633.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395634.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0395636.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0399662.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0399663.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP218\A0399665.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400776.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400777.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400779.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400780.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400781.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400783.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400784.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400785.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400787.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400788.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400789.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400791.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400792.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400793.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400795.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400796.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400797.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0400799.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0402809.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0402810.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP219\A0402812.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404828.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404829.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404831.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404832.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404833.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP220\A0404835.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408309.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408310.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408312.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408313.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408314.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408316.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408317.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408318.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408320.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408321.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408322.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408324.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408325.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408326.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408328.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408329.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408330.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408332.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408333.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408334.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408336.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408337.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408338.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408340.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408341.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408342.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408344.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408345.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408346.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408348.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408349.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408350.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408352.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408353.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408354.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408356.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408357.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408358.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408360.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408361.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408362.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408364.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408365.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408366.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408368.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408369.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408370.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408372.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408373.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408374.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408376.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408377.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408378.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408380.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408381.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408382.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408384.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408385.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408386.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408388.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408389.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408390.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408392.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408393.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408394.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408396.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408397.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408398.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408400.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408401.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408402.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408404.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408439.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408440.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP222\A0408442.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409180.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409181.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409183.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409184.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409185.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409187.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409188.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409189.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409191.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409192.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409193.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409195.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409196.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409197.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409199.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409200.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409201.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409203.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409204.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409205.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409207.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409208.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409209.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409211.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409212.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409213.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409215.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409216.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409217.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409219.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409220.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409221.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409223.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409224.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409225.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409227.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409228.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409229.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409231.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409232.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409233.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP226\A0409235.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP228\A0410410.exe
    c:\system volume information\_restore{EC6A45C0-D6B7-4BA6-84C8-02A373364BFA}\RP228\A0410411.exe
    c:\windows\Wrofa0.exe
    c:\windows\Wrofa1.exe
    c:\windows\Wrofa2.exe
    c:\windows\Wrofa3.exe
    c:\windows\Wrofa4.exe
    c:\windows\Wrofa5.exe
    c:\windows\Wrofa6.exe
    c:\windows\Wrofa7.exe
    c:\windows\Wrofa8.exe
    c:\windows\Wrofa9.exe
    c:\windows\Wrofaa.exe
    c:\windows\Wrofaaa.exe
    c:\windows\Wrofaab.exe
    c:\windows\Wrofaac.exe
    c:\windows\Wrofaad.exe
    c:\windows\Wrofaae.exe
    c:\windows\Wrofaaf.exe
    c:\windows\Wrofaag.exe
    c:\windows\Wrofaah.exe
    c:\windows\Wrofaai.exe
    c:\windows\Wrofaaj.exe
    c:\windows\Wrofaak.exe
    c:\windows\Wrofaal.exe
    c:\windows\Wrofaam.exe
    c:\windows\Wrofaan.exe
    c:\windows\Wrofaao.exe
    c:\windows\Wrofaap.exe
    c:\windows\Wrofaaq.exe
    c:\windows\Wrofaar.exe
    c:\windows\Wrofaas.exe
    c:\windows\Wrofaat.exe
    c:\windows\Wrofaau.exe
    c:\windows\Wrofaav.exe
    c:\windows\Wrofaaw.exe
    c:\windows\Wrofab.exe
    c:\windows\Wrofac.exe
    c:\windows\Wrofad.exe
    c:\windows\Wrofae.exe
    c:\windows\Wrofaf.exe
    c:\windows\Wrofag.exe
    c:\windows\Wrofah.exe
    c:\windows\Wrofai.exe
    c:\windows\Wrofaj.exe
    c:\windows\Wrofak.exe
    c:\windows\Wrofal.exe
    c:\windows\Wrofam.exe
    c:\windows\Wrofan.exe
    c:\windows\Wrofao.exe
    c:\windows\Wrofap.exe
    c:\windows\Wrofaq.exe
    c:\windows\Wrofar.exe
    c:\windows\Wrofas.exe
    c:\windows\Wrofat.exe
    c:\windows\Wrofau.exe
    c:\windows\Wrofav.exe
    c:\windows\Wrofaw.exe
    c:\windows\Wrofax.exe
    c:\windows\Wrofay.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Legacy_BOONTY_GAMES
    ——-\Legacy_SSHNAS
    ——-\Service_Boonty Games

    ((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
    .

    2011-01-02 19:54 . 2011-01-02 19:54 ——– d—–w- c:\documents and settings\All Users\Application Data\Bandoo
    2011-01-01 16:05 . 2004-08-04 12:00 4224 -c–a-w- c:\windows\system32\dllcache\beep.sys
    2011-01-01 16:05 . 2004-08-04 12:00 4224 —-a-w- c:\windows\system32\drivers\beep.sys
    2010-12-29 13:22 . 2010-12-29 13:23 ——– d—–w- c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\InfraRecorder
    2010-12-28 23:41 . 2010-12-28 23:41 15592 —-a-w- c:\windows\system32\drivers\cmderd.sys
    2010-12-26 14:26 . 2009-11-03 12:07 679936 —-a-w- c:\windows\system32\D3DX81ab.dll
    2010-12-26 14:26 . 2009-11-03 12:07 1970176 —-a-w- c:\windows\system32\d3dx9.dll
    2010-12-19 16:40 . 2010-12-19 16:40 ——– d—–w- c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\ScummVM
    2010-12-19 13:49 . 2010-12-19 13:49 ——– d–h–w- c:\windows\PIF
    2010-12-19 13:48 . 2010-12-19 13:48 ——– d—–w- c:\documents and settings\Emilia.ACASA-B240FBC99\Local Settings\Application Data\DOSBox
    2010-12-17 16:07 . 2010-12-17 16:07 ——– d—–w- c:\program files\Chat Republic Games
    2010-12-17 16:07 . 2010-12-17 16:07 ——– d—–w- c:\documents and settings\All Users\Application Data\Chat Republic Games
    2010-12-12 14:36 . 2010-12-17 16:07 ——– d—–w- c:\documents and settings\Emilia.ACASA-B240FBC99\Local Settings\Application Data\Chat Republic Games
    2010-12-09 14:42 . 2010-12-09 14:42 163232 —-a-w- c:\windows\system32\drivers\afcdp.sys
    2010-12-09 14:42 . 2010-12-09 14:42 752128 —-a-w- c:\windows\system32\drivers\tdrpm273.sys
    2010-12-09 14:42 . 2010-12-09 14:42 600928 —-a-w- c:\windows\system32\drivers\timntr.sys
    2010-12-09 14:41 . 2010-12-09 14:41 170464 —-a-w- c:\windows\system32\drivers\snapman.sys
    2010-12-09 14:39 . 2010-12-09 14:40 ——– d—–w- c:\program files\Acronis
    2010-12-09 14:38 . 2010-12-09 14:42 ——– d—–w- c:\program files\Common Files\Acronis

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 16:17 . 2010-11-30 16:17 45056 —-a-r- c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
    2010-11-10 13:55 . 2010-11-10 14:01 737280 —-a-w- c:\windows\iun6002.exe
    2010-10-07 23:56 . 2003-11-07 13:28 444952 —-a-w- c:\windows\system32\wrap_oal.dll
    2010-10-07 23:56 . 2003-11-07 13:28 109080 —-a-w- c:\windows\system32\OpenAL32.dll
    .

    ——- Sigcheck ——-

    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . E32B18F70C14AD5479696EC7850C15FA . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
    [7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    “{51a86bb3-6602-4c85-92a5-130ee4864f13}”= “c:\program files\BrotherSoft_Extreme\tbBrot.dll” [2010-09-12 3863136]
    “{e8de9422-3b2c-4243-bf6f-235da84d8ef8}”= “c:\program files\Brothersoft\tbBrot.dll” [2010-10-10 3906656]
    “{EEE6C35D-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll” [2010-06-13 138552]

    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

    [HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    “{EEE6C35B-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll” [2010-06-13 1438520]
    “{51a86bb3-6602-4c85-92a5-130ee4864f13}”= “c:\program files\BrotherSoft_Extreme\tbBrot.dll” [2010-09-12 3863136]
    “{30F9B915-B755-4826-820B-08FBA6BD249D}”= “c:\program files\ConduitEngine\ConduitEngine.dll” [2010-09-12 3863136]
    “{e8de9422-3b2c-4243-bf6f-235da84d8ef8}”= “c:\program files\Brothersoft\tbBrot.dll” [2010-10-10 3906656]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

    [HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    “{EEE6C35B-6118-11DC-9C72-001320C79847}”= “c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll” [2010-06-13 1438520]
    “{51A86BB3-6602-4C85-92A5-130EE4864F13}”= “c:\program files\BrotherSoft_Extreme\tbBrot.dll” [2010-09-12 3863136]
    “{E8DE9422-3B2C-4243-BF6F-235DA84D8EF8}”= “c:\program files\Brothersoft\tbBrot.dll” [2010-10-10 3906656]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

    [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]

    [HKEY_CLASSES_ROOT\clsid\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    “Adobe Reader Speed Launcher”=”c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2009-12-18 40368]
    “DAEMON Tools-1033″=”c:\program files\D-Tools\daemon.exe” [2003-12-27 81920]
    “WMPNSCFG”=”c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-10-18 204288]
    “HP Software Update”=”c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-10-14 49152]
    “Le Petit Robert Hyperappel”=”d:\lepetitrobert\prhyper.exe” [2001-10-11 22560]
    “NvCplDaemon”=”c:\windows\system32\NvCpl.dll” [2006-08-11 7630848]
    “swg”=”c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2010-09-29 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    “NvCplDaemon”=”c:\windows\system32\NvCpl.dll” [2006-08-11 7630848]
    “IgfxTray”=”c:\windows\system32\igfxtray.exe” [2005-04-05 94208]
    “HotKeysCmds”=”c:\windows\system32\hkcmd.exe” [2005-04-05 77824]
    “Persistence”=”c:\windows\system32\igfxpers.exe” [2005-04-05 114688]
    “SweetIM”=”c:\program files\SweetIM\Messenger\SweetIM.exe” [2010-08-30 111928]
    “Adobe Reader Speed Launcher”=”c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2009-12-18 40368]
    “Adobe ARM”=”c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-12-11 948672]
    “SAOB Monitor”=”c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe” [2010-08-20 2536448]
    “TrueImageMonitor.exe”=”c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe” [2010-08-21 5458848]
    “Acronis Scheduler2 Service”=”c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe” [2010-08-21 390736]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    “CTFMON.EXE”=”c:\windows\system32\CTFMON.EXE” [2004-08-04 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    “RunNarrator”=”Narrator.exe” [2006-10-04 53760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    “EnableLinkedConnections”= 1 (0×1)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exeautocheck autochk *

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    “MCAgentExe”=
    “VirusScan Online”=c:\program files\McAfee.com\VSO\mcvsshld.exe
    “VSOCheckTask”=”c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    “OASClnt”=c:\program files\McAfee.com\VSO\oasclnt.exe
    “MCAgentExe”=c:\progra~1\mcafee.com\agent\McAgent.exe
    “MCUpdateExe”=c:\progra~1\mcafee.com\agent\McUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    “AntiVirusOverride”=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    “c:\\Documents and Settings\\Emilia.ACASA-B240FBC99\\Desktop\\jocuri\\Delta Force Land Warrior 3\\Dflw.exe”=
    “c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe”=
    “c:\\Program Files\\Opera\\opera.exe”=
    “c:\\Program Files\\GSC Game World\\Outbreak Demo\\OutBreak.exe”=
    “c:\\Program Files\\Geneious\\Geneious.exe”=
    “c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe”=
    “c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
    “c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
    “c:\\WINDOWS\\system32\\dplaysvr.exe”=
    “c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe”=
    “c:\\WINDOWS\\system32\\sessmgr.exe”=
    “d:\\download\\SweetImSetup.exe”=
    “d:\\Program Files\\BitTorrent\\BitTorrent.exe”=
    “c:\\Program Files\\uTorrent\\uTorrent.exe”=
    “d:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe”=
    “d:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe”=
    “c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe”=
    “%windir%\\system32\\sessmgr.exe”=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    “3389:TCP”= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R0 d344bus;d344bus;c:\windows\system32\drivers\d344bus.sys [11.05.2010 14:22 137216]
    R0 d344prt;d344prt;c:\windows\system32\drivers\d344prt.sys [11.05.2010 14:22 5248]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [09.12.2010 16:42 752128]
    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [09.12.2010 16:42 3975088]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [09.12.2010 16:42 163232]
    R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [08.07.2009 12:57 17408]
    S2 ATE_PROCMON;ATE_PROCMON;\??\d:\program files\Anti Trojan Elite\ATEPMon.sys –> d:\program files\Anti Trojan Elite\ATEPMon.sys [?]
    S2 gupdate;Serviciul Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.09.2010 21:46 136176]
    S2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [12.05.2005 11:43 241731]
    S3 adusbser;AnyDATA USB Device for Legacy Serial Communication;c:\windows\system32\drivers\adusbser.sys [21.09.2010 02:34 93440]
    S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [22.06.2009 18:06 113128]
    S3 NDISKIO;NDISKIO;\??\c:\docume~1\EMILIA~1.ACA\LOCALS~1\Temp0000ce9.nmc\nse\bin\ndiskio.sys –> c:\docume~1\EMILIA~1.ACA\LOCALS~1\Temp0000ce9.nmc\nse\bin\ndiskio.sys [?]
    S3 nsak_42111AAB;nsak_42111AAB;\??\c:\docume~1\EMILIA~1.ACA\LOCALS~1\Temp0000455.nmc\nse\bin\nsak.sys –> c:\docume~1\EMILIA~1.ACA\LOCALS~1\Temp0000455.nmc\nse\bin\nsak.sys [?]
    S3 Tetris;Tetris driver;c:\windows\system32\Drivers\Tetris.sys –> c:\windows\system32\Drivers\Tetris.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the ‘Scheduled Tasks’ folder

    2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 19:46]

    2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 19:46]

    2011-01-02 c:\windows\Tasks\User_Feed_Synchronization-{4115CD7C-8438-4E30-AA92-887A0FC275F8}.job
    - c:\windows\system32\msfeedssync.exe [2007-12-12 01:31]
    .
    .
    ——- Supplementary Scan ——-
    .
    mWindow Title = Microsoft Internet Explorer
    uInternet Settings,ProxyServer = http=127.0.0.1:25458
    IE: Add to Google Photos Screensa&ver – c:\windows\system32\GPhotos.scr/200
    IE: E&xport în Microsoft Excel – c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki… – c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    FF – ProfilePath – c:\documents and settings\Emilia.ACASA-B240FBC99\Application Data\Mozilla\Firefox\Profiles\7qukowrr.default\
    FF – prefs.js: browser.search.defaulturl – hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}
    FF – prefs.js: browser.search.selectedEngine – Google
    FF – prefs.js: browser.startup.homepage – hxxp://google.com
    FF – prefs.js: keyword.URL – hxxp://search.sweetim.com/search.asp?src=2&q=
    FF – Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} – c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF – Ext: BrotherSoft Extreme Community Toolbar: {51a86bb3-6602-4c85-92a5-130ee4864f13} – %profile%\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
    FF – Ext: Yoono: {d9284e50-81fc-11da-a72b-0800200c9a66} – %profile%\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
    FF – Ext: wmlbrowser: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} – %profile%\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}
    .
    - – - – ORPHANS REMOVED – - – -

    HKCU-Run-nwiz – nwiz.exe
    HKCU-Run-QuickTime Task – c:\program files\QuickTime\qttask.exe
    HKCU-Run-Messenger (Yahoo!) – ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    HKLM-Run-Anti Trojan Elite – d:\program files\Anti Trojan Elite\TJEnder.exe
    Notify-dimsntfy – (no file)

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista – rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-02 22:33
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes …

    scanning hidden autostart entries …

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Le Petit Robert Hyperappel = d:\lepetitrobert\prhyper.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????\????.??\??????????????????????|? ??\???A??|x???]??|????????\??????|Z????????????,K????????????

    scanning hidden files …

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ——————— LOCKED REGISTRY KEYS ———————

    [HKEY_USERS\S-1-5-21-1614895754-562591055-839522115-1003\Software\SecuROM\License information*]
    “datasecu”=hex:e1,45,5c,1a,5c,cb,63,8d,ce,9c,2c,3f,b2,ce,a9,40,0a,3d,99,dd,c8,
    bf,56,44,8b,7f,bc,cd,3c,00,6a,fa,97,b2,4f,1e,a7,2e,8b,9b,3f,02,a5,18,0a,fe,\
    “rkeysecu”=hex:67,3a,1b,5a,2d,71,1b,ae,75,0b,36,e2,8b,f5,37,e3

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @=”FlashBroker”
    “LocalizedString”=”@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101″

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    “Enabled”=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @=”c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe”

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @=”IFlashBroker4″

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @=”{00020424-0000-0000-C000-000000000046}”

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
    “Version”=”1.0″
    .
    ——————— DLLs Loaded Under Running Processes ———————

    - – - – - – - > ‘explorer.exe’(3760)
    c:\windows\system32\WININET.dll
    c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\wpdshserviceobj.dll
    c:\progra~1\PHOTOZ~1\pzShell.dll
    c:\windows\system32\portabledevicetypes.dll
    c:\windows\system32\portabledeviceapi.dll
    .
    ———————— Other Running Processes ————————
    .
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\progra~1\mcafee.com\vso\mcshield.exe
    d:\progra~1\Bandoo\Bandoo.exe
    c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-02 22:36:40 – machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-02 20:36

    Pre-Run: 646.217.728 bytes free
    Post-Run: 1.448.091.648 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT=”Microsoft Windows Recovery Console” /cmdcons
    UnsupportedDebug=”do not select this” /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=optin /fastdetect

    - – End Of File – - 8BF3D6DAEF34E706613CD42A1775BCED

  18. emilia

    Am facut exact cum mi-ai zis!Programul asta a mai instalat ceva:Recoverying Console.E normal?

    P.S. Programul ala Smart Engine a intrat fara sa vreau prin Opera 10,spunandu-mi ca am troieni si eu l-am instalat.Cred ca defapt el a adus troieni,nu?

  19. emilia

    My God!!!AM IAR CONEXIUNE!!!!!!!!MULTUMESC MULT!
    Credeam ca singura sansa de reparare e sa reinstalez Windows-ul.MULTUMESC MULT!!!!AVETI UN SITE SUPER!

  20. Gigi

    E normal.

    Descarca Remove Hosts, dezarhiveaza-l si executa fisierul. Restart.
    Vei recapata acces la saiturile blocate prin fisierul hosts.

    Apoi descarca Malwarebytes Anti-Malware, instaleaza-l, fa update si scaneaza PC complet.
    La sfarsit indeparteaza infectiile gasite apasand Remove Selected.

  21. emilia

    Sigur e neaparata nevoie chestia cu hosts??Am acces la cele care nu mergeau,ex google,youtube.O sa fac chestia cu Malware anti malware.Acum am descarcat si Avast versiunea 5.1.E buna?Vreau sa-l tin ca antivirus.

  22. emilia

    Totusi,vad ca nu mai merge Daemon Tools.Zice C://daemon.dll error.A fost sters de combo fix.Cum sa fac sa mearga iar?Sa-l reinstalez?

  23. Gigi

    Nu patesti absolut nimic daca stergi hosts.

    Avast e un antivirus bun, asta folosesc si eu alaturi de Comodo Firewall.

    Reinstaleaza Daemon Tools si se va repara fisierul sters.

  24. emilia

    Nu sunt multumita de Avast!!mi face calculatorul sa se blocheze si sa mearga greu!Vreau sa-l dezinstalez dar nu vad iconul Unistall si nici la Add/remove programes nu-l gasesc.Cum sa-l dezinstalez?

    1. Nick

      @emilia
      Citeşte cu atenţie şi descarcă utilitarul de aici :
      http://www.avast.com/uninstall-utility

  25. setmefreetl

    @radu imi poti zice dc imi gasesc mereu la scan cu malwarebits KEY_LOCAL_MACHINESOFTWAREMicrosoftMSSMGR (Trojan.Downloader) poate sti de la ce mi se inf pc ca nu sunt singurul utilizator ..am inst pe el nis 2011.

  26. emilia

    Multumesc mult!Am reusit sa deinzstalez.Acum merge repede si nu se mai blocheaza.

  27. setmefreetl

    uite @radu atsa e logu meu ..poate ai timp sa te uiti peste el …cu respect
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Returnil\RVS3\rvsmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programmi\LogMeIn\x86\LogMeInSystray.exe
    C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Programmi\RocketDock\RocketDock.exe
    C:\Programmi\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Programmi\LogMeIn\x86\RaMaint.exe
    C:\Programmi\LogMeIn\x86\LogMeIn.exe
    C:\Programmi\Malwarebytes’ Anti-Malware\mbamservice.exe
    C:\Programmi\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
    C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Programmi\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Programmi\VirusTotalUploader2\VirusTotalUpload2.exe
    C:\Documents and Settings\vali\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\vali\Documenti\Downloads\HiJackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: Symantec NCO BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Programmi\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\Programmi\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
    O3 – Toolbar: Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Programmi\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    O4 – HKLM\..\Run: [LogMeIn GUI] “C:\Programmi\LogMeIn\x86\LogMeInSystray.exe”
    O4 – HKLM\..\Run: [Malwarebytes' Anti-Malware] “C:\Programmi\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKCU\..\Run: [RocketDock] “C:\Programmi\RocketDock\RocketDock.exe”
    O4 – HKCU\..\Run: [uTorrent] “C:\Programmi\uTorrent\uTorrent.exe”
    O4 – HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVIZIO LOCALE’)
    O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVIZIO DI RETE’)
    O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 – Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
    O10 – Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
    O10 – Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292161287140
    O20 – Winlogon Notify: winntn32 – C:\WINDOWS\SYSTEM32\winntn32.dll
    O23 – Service: Forceware Web Interface (ForcewareWebInterface) – Apache Software Foundation – C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 – Service: LMIGuardianSvc – LogMeIn, Inc. – C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe
    O23 – Service: LogMeIn Maintenance Service (LMIMaint) – LogMeIn, Inc. – C:\Programmi\LogMeIn\x86\RaMaint.exe
    O23 – Service: LogMeIn – LogMeIn, Inc. – C:\Programmi\LogMeIn\x86\LogMeIn.exe
    O23 – Service: MBAMService – Malwarebytes Corporation – C:\Programmi\Malwarebytes’ Anti-Malware\mbamservice.exe
    O23 – Service: Norton Internet Security (NIS) – Symantec Corporation – C:\Programmi\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    O23 – Service: ForceWare IP service (nSvcIp) – NVIDIA Corporation – C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 – Service: ForceWare user log service (nSvcLog) – NVIDIA Corporation – C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: Returnil System Safe Core Service (RVSMONBL) – CJSC Returnil Software – C:\Programmi\Returnil\RVS3\rvsmon.exe
    O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\Programmi\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    O23 – Service: VideoAcceleratorService – Speedbit Ltd. – C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

  28. zame77

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:44:29, on 08.01.2011
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:Windowssystem32Dwm.exe
    C:WindowsExplorer.EXE
    C:WindowsPixArtPAC207Monitor.exe
    C:Program FilesAVGAVG10avgtray.exe
    C:Program FilesDAEMON Tools LiteDTLite.exe
    C:Windowssystem32taskhost.exe
    C:Program FilesAVGAVG10Identity Protectionagentbinavgidsmonitor.exe
    C:Windowssystem32conhost.exe
    C:Windowssystem32taskeng.exe
    C:Program FilesIObitGame BoosterGameBox.exe
    C:Windowssystem32ctfmon.exe
    C:Program FilesMozilla Firefoxfirefox.exe
    C:Windowssystem32SearchFilterHost.exe
    C:Windowssystem32taskhost.exe
    D:Descarcate NetHiJackThis.exe

    R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.ro/
    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
    R0 – HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
    R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
    O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:Program FilesAVGAVG10avgssie.dll
    O2 – BHO: McAfee SiteAdvisor BHO – {B164E929-A1B6-4A06-B104-2CD0E90A88FF} – c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
    O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:Program FilesAsk.comGenericAskToolbar.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:Program FilesJavajre6binjp2ssv.dll
    O3 – Toolbar: McAfee SiteAdvisor Toolbar – {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} – c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
    O3 – Toolbar: Nero Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:Program FilesAsk.comGenericAskToolbar.dll
    O4 – HKLM..Run: [Monitor] C:WindowsPixArtPAC207Monitor.exe
    O4 – HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG10avgtray.exe
    O4 – HKCU..Run: [DAEMON Tools Lite] “C:Program FilesDAEMON Tools LiteDTLite.exe” -autorun
    O4 – HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘LOCAL SERVICE’)
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘LOCAL SERVICE’)
    O4 – HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User ‘NETWORK SERVICE’)
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User ‘NETWORK SERVICE’)
    O4 – Startup: RDS – Shortcut.lnk = ?
    O4 – Global Startup: rock.url
    O13 – Gopher Prefix:
    O17 – HKLMSystemCCSServicesTcpip..{A1B1257A-0404-45EA-90BC-1873FA7D7DEF}: NameServer = 81.196.58.161 193.231.236.10
    O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:Program FilesAVGAVG10avgpp.dll
    O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – c:PROGRA~1mcafeeSITEAD~1mcieplg.dll
    O23 – Service: AVG Firewall (avgfws) – AVG Technologies CZ, s.r.o. – C:Program FilesAVGAVG10avgfws.exe
    O23 – Service: AVGIDSAgent – AVG Technologies CZ, s.r.o. – C:Program FilesAVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe
    O23 – Service: AVG WatchDog (avgwd) – AVG Technologies CZ, s.r.o. – C:Program FilesAVGAVG10avgwdsvc.exe
    O23 – Service: McAfee SiteAdvisor Service – Unknown owner – C:Program FilesMcAfeeSiteAdvisorMcSACore.exe
    O23 – Service: @C:Program FilesNeroUpdateNASvc.exe,-200 (NAUpdate) – Nero AG – C:Program FilesNeroUpdateNASvc.exe
    O23 – Service: NMSAccess – Unknown owner – C:Program FilesCDBurnerXPNMSAccessU.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:Windowssystem32nvsvc32.exe
    O23 – Service: ServiceLayer – Nokia – C:Program FilesPC Connectivity SolutionServiceLayer.exe


    End of file – 4568 bytes
    Chestia asta cu ”rock.url”-se deschide singura,VA ROG AJUTATI-MA !

  29. emilia

    Buna!Cred ca am iar o problema!Calculatorul merge incetinit iar.Am luat un serial pt un program era ceva .exe am dat dublu click dar nu s-a deschis.Nu-l gasesc nicaieri in calculator sa-l sterg.La downloads in mozilla dau open file’s folder dar nu se deschide nimic.Banuiesc ca e un virus si nu pot sa l sterg.Uitati un log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:07, on 13.02.2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzm.exe
    C:\WINDOWS\Wrofaa.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\LePetitRobert\prhyper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Emilia.ACASA-B240FBC99\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzl.exe
    D:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Documents and Settings\Emilia.ACASA-B240FBC99\My Documents\Downloads\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25458
    R3 – URLSearchHook: BrotherSoft Extreme Toolbar – {51a86bb3-6602-4c85-92a5-130ee4864f13} – C:\Program Files\BrotherSoft_Extreme\tbBrot.dll
    R3 – URLSearchHook: Brothersoft Toolbar – {e8de9422-3b2c-4243-bf6f-235da84d8ef8} – C:\Program Files\Brothersoft\tbBrot.dll
    R3 – URLSearchHook: SweetIM ToolbarURLSearchHook Class – {EEE6C35D-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 – Toolbar: McAfee VirusScan – {BA52B914-B692-46c4-B683-905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 – Toolbar: EPSON Web-To-Page – {EE5D279F-081B-4404-994D-C6B60AAEBA6D} – C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 – Toolbar: SweetIM Toolbar for Internet Explorer – {EEE6C35B-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 – Toolbar: BrotherSoft Extreme Toolbar – {51a86bb3-6602-4c85-92a5-130ee4864f13} – C:\Program Files\BrotherSoft_Extreme\tbBrot.dll
    O3 – Toolbar: Conduit Engine – {30F9B915-B755-4826-820B-08FBA6BD249D} – C:\Program Files\ConduitEngine\ConduitEngine.dll
    O3 – Toolbar: Brothersoft Toolbar – {e8de9422-3b2c-4243-bf6f-235da84d8ef8} – C:\Program Files\Brothersoft\tbBrot.dll
    O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 – HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
    O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
    O4 – HKCU\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    O4 – HKCU\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
    O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 – HKCU\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 – HKCU\..\Run: [Le Petit Robert Hyperappel] D:\LePetitRobert\prhyper.exe
    O4 – HKCU\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKCU\..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [F.lux] “C:\Documents and Settings\Emilia.ACASA-B240FBC99\Local Settings\Apps\F.lux\flux.exe” /noshow
    O4 – HKCU\..\Run: [CE8SIIFGSU] C:\DOCUME~1\EMILIA~1.ACA\LOCALS~1\Temp\Wzl.exe
    O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
    O4 – HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
    O4 – HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User ‘Default user’)
    O8 – Extra context menu item: Add to Google Photos Screensa&ver – res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 – Extra context menu item: E&xport în Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 – Extra context menu item: Google Sidewiki… – res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 – Extra button: Cercetare – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: HP Smart Select – {DDE87865-83C5-48c4-8357-2F5B1AA84522} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O10 – Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 – DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) – file:///C:/Program%20Files/Zuma/Images/stg_drm.ocx
    O16 – DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) – file:///C:/Program%20Files/Zuma/Images/armhelper.ocx
    O23 – Service: C-DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 – Service: Serviciul Google Update (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: PDEngine – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 – Service: PDScheduler (PDSched) – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk\PDSched.exe


    End of file – 8513 bytes

  30. emilia

    +ca la messenger nu pot vedea ce mi timite cel ce vb cu mine sau ce scriu eu.

  31. emilia

    Multumesc pentru ajutor.Am luat Avast 5.1.889 sper ca n-o sa mi mai blocheze sistemul.

  32. emilia

    Totusi,problema cu messul nu s-a remediat.nu pot vedea textul care il trimit sau il primesc.Nu mi apare decat pe desktop in dreapta jos cand imi da mesaj cineva dar in fereastra nu…

  33. emilia

    Si am impresia ca nici nu se trimite ce scriu eu…

  34. emilia

    Gata,am rezolvat cu messul.Am folosit Combo Fix.Dar asta e tot datorita voua caci de aici am invatat cum sa folosesc programul.Multumesc

  35. Emilia

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:26:45, on 21.05.2011
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16386)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Emilia\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files\BitTorrent\BitTorrent.exe
    C:\Users\Emilia\Desktop\KillProcess.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\Explorer.exe
    C:\Program Files\windows defender\MSASCui.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\werfault.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Downloads\HiJackThis.exe

    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    End of file – 1105 bytes

    Am probleme cu calculatorul.
    PS. Nu am putut sa debifez: “Hide protected operating file systems” pentru ca nu gasesc Tools.Sunt pe Vista Home Premium si nu stiu unde e optiunea aia.

  36. dark vader

    fixed Don’t Send ddraw.dll download http://www.dll-files.com/dllindex/dll-files.shtml?ddraw enjoi all programs and games(example: NFSU2)

Leave a Reply