HijackThis log – instructiuni

By Radu FaraVirusi(com) on October 16, 2008

Spuneam intr-un articol precedent despre o dezinfectie eficienta a sistemului ca o varianta ar fi si postarea unui log HijackThis pe un forum specializat in analiza lui.

Pentru ca atunci nu dadusem niste instructiuni prea detaliate despre el, iata mai jos cum poti crea un log corect.

Descarci HijackThis de aici.
Il instalezi dar nu-l rulezi inca.

Te duci in My Computer-> Tools-> Folder options-> View si bifezi: “Show hidden files and folders”, apoi debifezi: “Hide protected operating file systems”. Dati OK.

Apoi rulezi HijackThis.exe
In fereastra care apare bifeaza Don’t show this frame again when I startup HijackThis.
Apasa primul buton de sus Do a system scan and save a logfile.
Copiaza logul din Notepad si posteaza-l intr-un nou topic pe un forum: recomand SoftPedia.

Nu fixa nimic cu HJT, cele mai multe intrari de acolo sunt legitime !

In unele cazuri este necesara de asemenea redenumirea hijackthis.exe in test.exe sau orice altceva, si rularea programului dupa aceea.

Succes!

Posted in Alte Solutii de Securitate, Devirusare | 104 Responses

Radu FaraVirusi(com)

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

104 responses to “HijackThis log – instructiuni”

Intr-o lume PLINA DE VIRUSI… » Blog Archive » Pirate par WillPolo - cum scap de el ?
October 30, 2008 at 12:09 PM | Permalink

[...] 1. Faci un log HijackThis conform instructiunilor de aici. [...]
anonim
February 26, 2009 at 1:21 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:24 AM, on 2/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Google\Quick Search Box\qsb.exe
C:\WINDOWS.0\System32\WScript.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS.0\system32\msiexec.exe
C:\Documents and Settings\CIRICIPRIANA.60B9AF6C789646F\Local Settings\Temporary Internet Files\Content.IE5\2UBPVYFI\HiJackThis[1].exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Piraté par WillPolo —- Ingénieur en hacking ——– fuck u ———-
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 – BHO: Google Dictionary Compression sdch – {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O3 – Toolbar: &Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [BDMCon] “C:\Program Files\Softwin\BitDefender10\bdmcon.exe” /reg
O4 – HKLM\..\Run: [BDAgent] “C:\Program Files\Softwin\BitDefender10\bdagent.exe”
O4 – HKLM\..\Run: [Google Quick Search Box] “C:\Program Files\Google\Quick Search Box\qsb.exe” /autorun
O4 – HKLM\..\Run: [WillPolo] C:\WINDOWS.0\WillPolo.vbs
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] “C:\Program Files\NOS\bin\getPlus_HelperSvc.exe” /UninstallGet1noarp
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS.0\system32\msnsc.exe (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS.0\system32\msnsc.exe (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS.0\system32\msnsc.exe (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS.0\system32\msnsc.exe (User ‘Default user’)
O4 – HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘Default user’)
O4 – Startup: Reboot.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {53F6FCCD-9E22-4d71-86EA-6E43136192AB} – (no file)
O9 – Extra button: (no name) – {925DAB62-F9AC-4221-806A-057BFB1014AA} – (no file)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 – DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) – http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{20C63602-52A2-4E0A-BE59-8CBC2D1F6503}: NameServer = 213.154.124.1 193.231.252.1
O17 – HKLM\System\CS1\Services\Tcpip\..\{20C63602-52A2-4E0A-BE59-8CBC2D1F6503}: NameServer = 213.154.124.1 193.231.252.1
O18 – Filter: x-sdch – {B1759355-3EEC-4C1E-B0F1-B719FE26E377} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 – Service: getPlus(R) Helper – NOS Microsystems Ltd. – C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: BitDefender Desktop Update Service (LIVESRV) – SOFTWIN S.R.L. – C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS.0\system32\nvsvc32.exe
O23 – Service: BitDefender Virus Shield (VSSERV) – SOFTWIN S.R.L. – C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 – Service: BitDefender Communicator (XCOMM) – SOFTWIN S.R.L – C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

–
End of file – 6317 bytes
1. Radu
  February 26, 2009 at 1:42 PM | Permalink | Reply
  
  anonim, ai instructiuni de dezinfectie pentru problema ta aici: http://www.faravirusi.com/2008/10/30/pirate-par-willpolo-cum-scap-de-el/
Intr-o lume PLINA DE VIRUSI… » Blog Archive » WinPC Defender - instructiuni de dezinfectie
April 20, 2009 at 11:44 PM | Permalink

[...] si unele setari Internet Explorer ce va afisa diverse mesaje in timpul navigarii pe internet. Log-ul HijackThis va afisa urmatoarele intrari suspecte: O2 – BHO: IEocx Class – [...]
Jogu
May 15, 2009 at 10:24 AM | Permalink | Reply

spune si cum trebuie interpretat acest log ! cand iti dai seama ca ceva nu e bine ?
FaraVirusi.com » Kaspersky Virus Removal – scanare si dezinfectie GRATUITA
July 30, 2009 at 11:06 AM | Permalink

[...] alta optiune interesanta este “Manual cure”, ce functioneaza intr-un mod asemanator HijackThis. Apasati butonul “Collect system information” pentru a culege informatii despre [...]
ammy
August 10, 2009 at 1:23 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:22 PM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\DOCUME~1\Amanda\LOCALS~1\Temp\svchost32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Zapp Online Express\ZappOnlineExpress.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Amanda\LOCALS~1\Temp\vshost32.exe
C:\Documents and Settings\Amanda\Desktop\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Amanda\LOCALS~1\Temp\vshost32.exe
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 – BHO: Google Dictionary Compression sdch – {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 – HKLM\..\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 – HKLM\..\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe”
O4 – HKLM\..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 – HKCU\..\Run: [Windows Workstation] C:\DOCUME~1\Amanda\LOCALS~1\Temp\svchost32.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{8D0D213C-BD5C-4C6E-AED0-A5498AC3B147}: NameServer = 80.97.178.3 172.16.253.242
O18 – Filter: x-sdch – {B1759355-3EEC-4C1E-B0F1-B719FE26E377} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: C-DillaSrv – C-Dilla Ltd – C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 – Service: ESET HTTP Server (EhttpSrv) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 – Service: ESET Service (ekrn) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 7203 bytes .
FaraVirusi.com » Blog Archive » TrustWarrior – Noua amenintare Rogue (Ghid pentru Devirusare)
September 18, 2009 at 12:32 PM | Permalink

[...] log-ului HijackThis: O4 – HKCU..Run: [xinoprpc.exe] C:WINDOWSsystem32xinoprpc.exe O4 – HKCU..Run: [...]
mihaistar82
September 20, 2009 at 9:32 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29:50, on 20.09.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\mihai.MIHAI-1C47962F2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\PPStream\PPStream.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\mihai.MIHAI-1C47962F2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mihai.MIHAI-1C47962F2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\mihai.MIHAI-1C47962F2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
R3 – URLSearchHook: (no name) – CFBFAE00-17A6-11D0-99CB-00C04FD64497} – (no file)
R3 – URLSearchHook: TvFree77 Toolbar – {88be816a-bc8e-495f-8030-742423118df5} – C:\Program Files\TvFree77\tbTvFr.dll
R3 – URLSearchHook: (no name) – {cc60fb1d-77b8-469e-8f60-abd8874bd04a} – (no file)
R3 – URLSearchHook: strongtv Toolbar – {c66feb4e-45c5-4323-b0dd-e1df966913b9} – C:\Program Files\strongtv\tbstro.dll
R3 – URLSearchHook: 24xtv.com Toolbar – {ebd70932-fc1d-4b81-9523-257e3ef8eb25} – C:\Program Files\24xtv.com\tb24x0.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: AskBar BHO – {201f27d4-3704-41d6-89c1-aa35e39143ed} – C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 – BHO: bacau Toolbar – {33a098fd-0e0e-4fc7-bc8d-9845e083bed7} – C:\Program Files\bacau\tbbaca.dll
O2 – BHO: TvFree77 Toolbar – {88be816a-bc8e-495f-8030-742423118df5} – C:\Program Files\TvFree77\tbTvFr.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 – BHO: strongtv Toolbar – {c66feb4e-45c5-4323-b0dd-e1df966913b9} – C:\Program Files\strongtv\tbstro.dll
O2 – BHO: Google Dictionary Compression sdch – {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} – C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 – BHO: 24xtv.com Toolbar – {ebd70932-fc1d-4b81-9523-257e3ef8eb25} – C:\Program Files\24xtv.com\tb24x0.dll
O3 – Toolbar: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 – Toolbar: (no name) – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – (no file)
O3 – Toolbar: TvFree77 Toolbar – {88be816a-bc8e-495f-8030-742423118df5} – C:\Program Files\TvFree77\tbTvFr.dll
O3 – Toolbar: bacau Toolbar – {33a098fd-0e0e-4fc7-bc8d-9845e083bed7} – C:\Program Files\bacau\tbbaca.dll
O3 – Toolbar: strongtv Toolbar – {c66feb4e-45c5-4323-b0dd-e1df966913b9} – C:\Program Files\strongtv\tbstro.dll
O3 – Toolbar: 24xtv.com Toolbar – {ebd70932-fc1d-4b81-9523-257e3ef8eb25} – C:\Program Files\24xtv.com\tb24x0.dll
O3 – Toolbar: Ask Toolbar – {3041d03e-fd4b-44e0-b742-2d9b88305f98} – C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe” -osboot
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [diagnostics] “C:\Program Files/Thomson/ST330/diagnostics/diagnostics.exe” /icon -l:en
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\mihai.MIHAI-1C47962F2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 – HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 – HKCU\..\Run: [FlashGet 3] “C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe” -minimize
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – Startup: PPS.lnk = C:\Program Files\PPStream\PPStream.exe
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} (ChatRepublicPlayer ActiveX) – http://www.superstarracing.net/ChatRepublicPlayer.cab
O16 – DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) – http://quickscan.bitdefender.com/cab/ActiveQscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{C20B7DB2-8E41-4130-9A88-81FC0E4FB087}: NameServer = 193.231.100.130 193.231.100.134
O23 – Service: ASKUpgrade – Unknown owner – C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: SpeedTouch 330 Manager (st330service) – THOMSON Telecom Belgium – C:\Program Files/Thomson/ST330/service/st330service.exe
O23 – Service: STI Simulator – Unknown owner – C:\WINDOWS\System32\PAStiSvc.exe

–
End of file – 9472 bytes
1. Radu
  September 20, 2009 at 11:31 AM | Permalink | Reply
  
  @mihaistar82: Log-ul este in regula, insa ai cam multe toolbar-uri instalate, gen: 2xtv.com, ask bar si altele. Daca le-ai instalat tu, este ok. Daca nu, dezinstaleaza-le.
FaraVirusi.com » Blog Archive » Security Tool – Ghid pentru Devirusare Completa
October 3, 2009 at 7:01 PM | Permalink

[...] log-ul HijackThis apar urmatoarele intrari: O4 – HKLM..Run: [4946550101] %UserProfile%Application [...]
FaraVirusi.com » Blog Archive » Dezinstalare Total Security – Ghid pentru devirusare completa
October 13, 2009 at 9:47 PM | Permalink

[...] log-ul HijackThis apar urmatoarele intrari: O2 – BHO: &Research – [...]
FaraVirusi.com » Blog Archive » Dezinstaleaza Windows Enterprise Defender – Ghid pentru Devirusare Completa
October 15, 2009 at 2:25 PM | Permalink

[...] log-ul HijackThis apar urmatoarea intrare: O4 – HKLM..Run: [Windows Enterprise Defender] [...]
Elisabetha
October 29, 2009 at 12:03 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:49, on 28.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Mariutza\LOCALS~1\Temp\vshost32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Mariutza\LOCALS~1\Temp\scvhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mariutza\My Documents\utorrent-1.9-alpha-15380.upx.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Mariutza\Desktop\HiJackThis.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender10\vsserv.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13157&gct=&gc=1&q=%s
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 – URLSearchHook: Winamp Search Class – {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} – C:\Program Files\Winamp Toolbar\winamptb.dll
R3 – URLSearchHook: SweetIM ToolbarURLSearchHook Class – {EEE6C35D-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 – URLSearchHook: DefaultSearchHook Class – {C94E154B-1459-4A47-966B-4B843BEFC7DB} – C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 – REG:system.ini: Shell=Explorer.exe ,C:\WINDOWS\nvcsvc32.exe ,C:\WINDOWS\woc32.exe
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Mariutza\LOCALS~1\Temp\vshost32.exe
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: AskBar BHO – {201f27d4-3704-41d6-89c1-aa35e39143ed} – C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 – BHO: Winamp Toolbar Loader – {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} – C:\Program Files\Winamp Toolbar\winamptb.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SWEETIE – {EEE6C35C-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 – Toolbar: SweetIM Toolbar for Internet Explorer – {EEE6C35B-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 – Toolbar: Winamp Toolbar – {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} – C:\Program Files\Winamp Toolbar\winamptb.dll
O3 – Toolbar: Ask Toolbar – {3041d03e-fd4b-44e0-b742-2d9b88305f98} – C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 – HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 – HKLM\..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [BDMCon] “C:\Program Files\Softwin\BitDefender10\bdmcon.exe” /reg
O4 – HKLM\..\Run: [BDAgent] “C:\Program Files\Softwin\BitDefender10\bdagent.exe”
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 – HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 – HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 – HKCU\..\Run: [Windows Workstation] C:\DOCUME~1\Mariutza\LOCALS~1\Temp\scvhost.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] ~”C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Winamp Search – C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 – Extra button: (no name) – {53F6FCCD-9E22-4d71-86EA-6E43136192AB} – (no file)
O9 – Extra button: (no name) – {925DAB62-F9AC-4221-806A-057BFB1014AA} – (no file)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) – file://C:\Program Files\THE GAME OF LIFE by Hasbro\Images\stg_drm.ocx
O16 – DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} – http://www.bitdefender.ro/scan_ro/scan8/oscan8.cab
O16 – DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) – file://C:\Program Files\THE GAME OF LIFE by Hasbro\Images\armhelper.ocx
O23 – Service: BitDefender Scan Server (bdss) – Unknown owner – C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 – Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) – Apple Computer, Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: ESET HTTP Server (EhttpSrv) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 – Service: ESET Service (ekrn) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: BitDefender Desktop Update Service (LIVESRV) – SOFTWIN S.R.L. – C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) – CACE Technologies – C:\Program Files\WinPcap\rpcapd.exe
O23 – Service: BitDefender Virus Shield (VSSERV) – SOFTWIN S.R.L. – C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 – Service: Wyyo Service – Unknown owner – C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo135.exe
O23 – Service: BitDefender Communicator (XCOMM) – SOFTWIN S.R.L – C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 – Desktop Component 0: (no name) – http://images.hi5.com/images/1x1_trans.gif

–
End of file – 12774 bytes
1. Radu
  October 29, 2009 at 12:24 AM | Permalink | Reply
  
  @Elisabetha: Ai un virus de tip anti-virus rogue.
  
  Descarca Malwarebytes Anti-Malware il instalezi fara a modifica ceva in timpul instalarii si apoi apesi “Finish”.
  Isi va actualiza baza de date, iar dupa lansarea programului bifezi “Full scan” si scanezi Pc-ul. La final apesi “Show results” si “Save log file”.
  Apoi imi trimiti log-ul rezultat prin e-mail: faravirusicom@gmail.com si apesi “Remove selected”.
szaky007
November 26, 2009 at 9:55 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:28 AM, on 11/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\yahooui.exe
C:\WINDOWS\seocfg.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\V0270Mon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\szaky.PAKPARAK.000\Desktop\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 – REG:system.ini: Shell=Explorer.exe ,C:\WINDOWS\system32\yahooui.exe ,C:\WINDOWS\seocfg.exe
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG8\avgssie.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 – HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 – HKLM\..\Run: [V0270Mon.exe] C:\WINDOWS\V0270Mon.exe
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKCU\..\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe”
O4 – HKCU\..\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKCU\..\Run: [Creative Live! Cam Manager] “C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe”
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: PartyPoker.com – {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} – C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 – Extra ‘Tools’ menuitem: PartyPoker.com – {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} – C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) – http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG8\avgpp.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – Winlogon Notify: avgrsstarter – C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: AVG Free8 WatchDog (avg8wd) – AVG Technologies CZ, s.r.o. – C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: NBService – Nero AG – C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: ScsiAccess – Unknown owner – C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 – Service: StarWind AE Service (StarWindServiceAE) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 7589 bytes
1. Radu
  November 26, 2009 at 11:20 AM | Permalink | Reply
  
  @szaky007: Log-ul tau este curat. Aveai vreo problema deosebita?
szaky007
November 26, 2009 at 1:02 PM | Permalink | Reply

pai am ceva virus de messenger care tot trimite asta :
intra ca nu e nici un virus
11/26/2009 12:14:02 AM): o cunosti
: sa intrii sa imi zici ce parere ai ca sigur recunosti personaju

si nush cum sa scap de el ca am dat si scan cu AVg asta free da nimic acum cred ca instalez avast apoi daca nu merge… duc la magazin de farmece si il blestem pe hackeru ala nenorocit =))
1. Radu
  November 26, 2009 at 1:06 PM | Permalink | Reply
  
  @szaky007: Ai e-mail.
Claus
December 14, 2009 at 7:55 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:27, on 14.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.robattle.net
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R3 – URLSearchHook: DefaultSearchHook Class – {C94E154B-1459-4A47-966B-4B843BEFC7DB} – (no file)
O2 – BHO: HP Print Enhancer – {0347C33E-8762-4905-BF09-768834316C61} – C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 – BHO: HP Print Clips – {053F9267-DC04-4294-A72C-58F732D338C0} – C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: AcroIEToolbarHelper Class – {AE7CD045-E861-484f-8273-0445EE161910} – C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: Adobe PDF – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 – Toolbar: BitDefender Toolbar – {381FFDE8-2394-4f90-B10D-FC6124A40F8C} – C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [BDAgent] “C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe”
O4 – HKLM\..\Run: [BitDefender Antiphishing Helper] “C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: HP Clipbook – {58ECB495-38F0-49cb-A538-10282ABF65E7} – C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 – Extra button: HP Smart Select – {700259D7-1666-479a-93B1-3250410481E8} – C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{32540F7B-A36D-435B-B5AE-92A11197DDEC}: NameServer = 213.154.124.1 193.231.252.1
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 – Service: BitDefender Arrakis Server (Arrakis3) – BitDefender S.R.L. http://www.bitdefender.com – C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 – Service: ASUS System Control Service (AsSysCtrlService) – Unknown owner – C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Serviciu Actualizare Desktop BitDefender (LIVESRV) – BitDefender S.R.L. – C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 – Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) – TuneUp Software – C:\WINDOWS\System32\TUProgSt.exe
O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 – Service: Scut antivirus BitDefender (VSSERV) – BitDefender S.R.L. – C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

–
End of file – 5860 bytes

Gata, am reusit, nu stiu ce spunea acolo de IE 6, ca am Firefox, dar in fine…
1. Radu
  December 14, 2009 at 8:10 PM | Permalink | Reply
  
  @claus: Log-ul tau este curat.
Claus
December 14, 2009 at 8:28 PM | Permalink | Reply

Mda, probabil o fi ceva blocat in DVD-RW, altfel nu inteleg de ce face asa.:-??
catalin c
December 14, 2009 at 8:36 PM | Permalink | Reply

Virus or unwanted program ‘TR/Crypt.XPACK.Gen [trojan]‘
detected in file ‘C:\WINDOWS\Temp\_avast4_\unp24155767.tmp.
Action performed: Delete file……Asta am gasit cand am scanat cu Avira pe hardul meu ….am facut greseala sa descarc si sa incerc acest antivirus de pe site-ul oficial AVAST….si exemplul nu este singular site-ul cu linku-ul combofix in care este si STOPZILLA ….este un trojan generic….deci nu descarcati ACEL SOFTWARE capcana sau ROGUE……am sa revin cu un log COMBOFIX …..
denis.
December 16, 2009 at 1:29 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:01 AM, on 2/1/2002
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\Ahead\Lib\NMBGMO~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\Ahead\Lib\NMINDE~2.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Documents and Settings\Administrator\My Documents\Descărcări\HiJackThis(3).exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://speedtouch.lan/
R3 – URLSearchHook: (no name) – {9CB65206-89C4-402c-BA80-02D8C59F9B1D} – C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 – URLSearchHook: Reganam Toolbar – {db9d7a78-a76c-4bf2-97c6-258925ee1542} – C:\Program Files\Reganam\tbReg0.dll
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: Ask Search Assistant BHO – {9CB65201-89C4-402c-BA80-02D8C59F9B1D} – C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 – BHO: Reganam Toolbar – {db9d7a78-a76c-4bf2-97c6-258925ee1542} – C:\Program Files\Reganam\tbReg0.dll
O2 – BHO: Ask Toolbar BHO – {FE063DB1-4EC0-403e-8DD8-394C54984B2C} – C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Ask Toolbar – {FE063DB9-4EC0-403e-8DD8-394C54984B2C} – C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 – Toolbar: Reganam Toolbar – {db9d7a78-a76c-4bf2-97c6-258925ee1542} – C:\Program Files\Reganam\tbReg0.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\PROGRA~1\COMMON~1\Ahead\Lib\NMBGMO~1.EXE”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [VistaStartMenu] “C:\Program Files\Vista Start Menu\VistaStartMenu.exe”
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&xport în Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O23 – Service: NBService – Nero AG – C:\PROGRA~1\Nero\NERO7~1\NEROBA~1\NBSERV~1.EXE
O23 – Service: NMIndexingService – Nero AG – C:\PROGRA~1\COMMON~1\Ahead\Lib\NMINDE~2.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe

–
End of file – 5212 bytes
FaraVirusi.com » Scapa de Troianul sshnas.dll – Instructiuni pentru Devirusare
December 22, 2009 at 10:01 AM | Permalink

[...] ce pot apare intr-un log HijackThis [...]
FaraVirusi.com » Siszyd32.exe – Cum scap de el? (Solutie pentru Devirusare)
December 22, 2009 at 1:02 PM | Permalink

[...] In log-ul HijackThis apar urmatoarele intrari: [...]
barry
January 6, 2010 at 12:40 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:33:37, on 06.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
C:\WINDOWS\msa.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIBUKEY\Server\WkSvW32.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CloneCD51\CloneCDTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Media Key\MagicKey.exe
C:\Program Files\Media Key\OSD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Documents and Settings\Strong\Desktop\registrybooster aaaaaa.exe
C:\DOCUME~1\Strong\LOCALS~1\Temp\is-7M7LT.tmp\registrybooster aaaaaa.tmp
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\Strong\Desktop\HiJackThis bbbbbb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com/
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 – URLSearchHook: SweetIM ToolbarURLSearchHook Class – {EEE6C35D-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\ntclip.exe
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Solid Converter PDF – {259F616C-A300-44F5-B04A-ED001A26C85C} – C:\Program Files\PDF2word\SCPDF\ExploreExtPDF.dll
O2 – BHO: Browser Defender BHO – {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} – C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 – BHO: IEHlprObj Class – {8CA5ED52-F3FB-4414-A105-2E3491156990} – (no file)
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 – BHO: Adobe PDF Conversion Toolbar Helper – {AE7CD045-E861-484f-8273-0445EE161910} – C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 – BHO: SWEETIE – {EEE6C35C-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: McAfee VirusScan – {BA52B914-B692-46c4-B683-905236F6F655} – c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 – Toolbar: Adobe PDF – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 – Toolbar: SweetIM Toolbar for Internet Explorer – {EEE6C35B-6118-11DC-9C72-001320C79847} – C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 – Toolbar: Solid Converter PDF – {259F616C-A300-44F5-B04A-ED001A26C85C} – C:\Program Files\PDF2word\SCPDF\ExploreExtPDF.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 – Toolbar: PC Tools Browser Guard – {472734EA-242A-422B-ADF8-83D1E48CC825} – C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 – HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [VSOCheckTask] “C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe” /checktask
O4 – HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 – HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 – HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 – HKLM\..\Run: [RemoteControl] “C:\Program Files\PowerDVD\PDVDServ.exe”
O4 – HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 – HKLM\..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 – HKLM\..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”
O4 – HKLM\..\Run: [CloneCDTray] “C:\Program Files\CloneCD51\CloneCDTray.exe” /s
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 – HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 – HKLM\..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 – HKLM\..\Run: [photo_id] C:\WINDOWS\system32\photo_id.exe
O4 – HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [NTCLIP] C:\WINDOWS\ntclip.exe
O4 – HKLM\..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [H/PC Connection Agent] C:\PROGRA~1\MICROS~3\wcescomm.exe
O4 – HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 – HKCU\..\Run: [L09AXLRD_39611906] “D:\PROGRAME\Encarta 2009\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE” -m
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKCU\..\Run: [EncryptionAndDecryption] C:\Program Files\EncryptionAndDecryption\Encrypt.exe
O4 – HKCU\..\Run: [photo_id] C:\Documents and Settings\Strong\photo_id.exe
O4 – HKCU\..\Run: [PUT2VIDQLG] C:\DOCUME~1\Strong\LOCALS~1\Temp\c.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – Startup: siszyd32.exe
O4 – Global Startup: Media Key.lnk = C:\Program Files\Media Key\MagicKey.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Google Sidewiki… – res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 – Extra button: Create Mobile Favorite – {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 – Extra button: (no name) – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 – Extra ‘Tools’ menuitem: Create Mobile Favorite… – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 – Extra button: Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: Cercetare – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MIA2FC~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra button: (no name) – SolidConverterPDF – (no file) (HKCU)
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: Avira Upgrade Service (AntiVirUpgradeService) – Unknown owner – C:\DOCUME~1\Strong\LOCALS~1\Temp\AVSETUP_49c758c0\basic\avupgsvc.exe (file missing)
O23 – Service: Browser Defender Update Service – Threat Expert Ltd. – C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: McAfee WSC Integration (McDetect.exe) – McAfee, Inc – c:\program files\mcafee.com\agent\mcdetect.exe
O23 – Service: McAfee.com McShield (McShield) – McAfee Inc. – c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 – Service: McAfee Task Scheduler (McTskshd.exe) – McAfee, Inc – c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 – Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) – McAfee, Inc – C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 – Service: Nero BackItUp Scheduler 3 – Nero AG – C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 – Service: Net Burner iSCSI Service (NetBurnerService) – Paragon GmbH – C:\Program Files\Paragon Software\Drive Backup 8.5 Professional\Net Burner Service\NetBurnerService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: PD91Agent – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 – Service: PD91Engine – Raxco Software, Inc. – C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 – Service: PC Tools Auxiliary Service (sdAuxService) – PC Tools – C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 – Service: PC Tools Security Service (sdCoreService) – PC Tools – C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 – Service: WIBU-KEY Server (WkSvW32.exe) – WIBU-SYSTEMS AG – C:\Program Files\WIBUKEY\Server\WkSvW32.exe

–
End of file – 13609 bytes
FaraVirusi.com » wwwpos32.exe – Cum scap de el? (Solutie pentru devirusare)
January 24, 2010 at 1:24 PM | Permalink

[...] In log-ul HijackThis apar urmatoarele intrari: [...]
FaraVirusi.com » Dezinstalare Antivir – Ghid pentru Devirusare completa
January 28, 2010 at 10:02 AM | Permalink

[...] Log-ul HijackThis va afisa intrarea: [...]
Ilie
January 30, 2010 at 10:57 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:59 AM, on 1/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\fpplock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ilie\Desktop\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
F2 – REG:system.ini: Shell=Explorer.exe ,C:\WINDOWS\system32\jlwitys.exe
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Skype add-on (mastermind) – {22BF413B-C6D2-4d91-82A9-A0F997BA588C} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 – BHO: Winamp Toolbar Loader – {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} – C:\Program Files\Winamp Toolbar\winamptb.dll
O2 – BHO: Softonic-Eng7 Toolbar – {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files\Softonic-Eng7\tbSof1.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 – Toolbar: Winamp Toolbar – {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} – C:\Program Files\Winamp Toolbar\winamptb.dll
O3 – Toolbar: Softonic-Eng7 Toolbar – {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} – C:\Program Files\Softonic-Eng7\tbSof1.dll
O3 – Toolbar: PandoraTV Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 – HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 – HKLM\..\Run: [UnlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [My App] C:\Program Files\Desktop Clock\Desktop Clock.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 – HKLM\..\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 – HKLM\..\Run: [Warning: do not remove it!] fpplock.exe
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKCU\..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 – HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User ‘Default user’)
O4 – Global Startup: Exif Launcher S.lnk = ?
O8 – Extra context menu item: &Winamp Search – C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 – Extra context menu item: Google Sidewiki… – res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: (no name) – {5067A26B-1337-4436-8AFE-EE169C2DA79F} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer – {5067A26B-1337-4436-8AFE-EE169C2DA79F} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Skype – {77BF5300-1474-4EC7-9980-D32B190E9B07} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{6630F75B-BDC4-4E7E-AEBB-2A4A7812B1A9}: NameServer = 208.67.222.222,208.67.220.220
O17 – HKLM\System\CS1\Services\Tcpip\..\{6630F75B-BDC4-4E7E-AEBB-2A4A7812B1A9}: NameServer = 208.67.222.222,208.67.220.220
O17 – HKLM\System\CS2\Services\Tcpip\..\{6630F75B-BDC4-4E7E-AEBB-2A4A7812B1A9}: NameServer = 208.67.222.222,208.67.220.220
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 – Service: ESET HTTP Server (EhttpSrv) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 – Service: ESET Service (ekrn) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: NBService – Nero AG – C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: ServiceLayer – Nokia – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 11127 bytes
1. Radu
  January 30, 2010 at 11:02 PM | Permalink | Reply
  
  Log-ul tau este in regula.
Ilie
January 30, 2010 at 11:07 PM | Permalink | Reply

Sarut MANA <:-p<:-p<:-p Daca Nu ar Exista Un astfel De Blog Nu stiu ce M-as Face !!!
1. Radu
  January 30, 2010 at 11:09 PM | Permalink | Reply
  
  @Ilie: Cu placere. Te mai asteptam pe aici.
Bogdan
January 31, 2010 at 3:30 PM | Permalink | Reply

Ajutati-ma si pe mine! Am prins si eu virusul si nu stiu ce sa fac. am facut un log HijackThis cum a zis mai sus.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:39 PM, on 1/31/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe
C:\Windows\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktopComic.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\user\Desktop\HiJackThis.exe
C:\Windows\system32\notepad.exe

O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 – Service: Nakido – Nakido – C:\Program Files\Nakido\nakido.exe
O23 – Service: NBService – Nero AG – C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 2445 bytes
1. Radu
  January 31, 2010 at 3:35 PM | Permalink | Reply
  
  @Bogdan: Virusul de messenger ? Nu pare activ in sistem. Ai incercat metoda descrisa aici: http://www.faravirusi.com/2010/01/30/httproamateursxx-freehostking-comprofile-php-site-infectat-propagat-prin-yahoo-messenger/ ?
Bogdan
January 31, 2010 at 3:46 PM | Permalink | Reply

Da,virusul ala. am sters YahooAuth2.dll ca yxpb.exe nu l-am gasit. Este in regula tot?
1. Radu
  January 31, 2010 at 4:01 PM | Permalink | Reply
  
  @Bogdan: Da, este in regula.
monica dinu
February 1, 2010 at 4:14 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:10 PM, on 2/1/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\dinu\My Documents\Downloads\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R3 – URLSearchHook: (no name) – {9CB65206-89C4-402c-BA80-02D8C59F9B1D} – C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 – URLSearchHook: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Ask Search Assistant BHO – {9CB65201-89C4-402c-BA80-02D8C59F9B1D} – C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 – BHO: Ask Toolbar BHO – {FE063DB1-4EC0-403e-8DD8-394C54984B2C} – C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O2 – BHO: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Ask Toolbar – {FE063DB9-4EC0-403e-8DD8-394C54984B2C} – C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 – Toolbar: BS Player Toolbar – {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} – C:\Program Files\BS_Player\tbBS_1.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 – HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [Mozilla Quick Launch] “C:\Program Files\mozilla.org\Mozilla\Mozilla.exe” -turbo
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Yahoo! Messenger – {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} – C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 – Extra ‘Tools’ menuitem: Yahoo! Messenger – {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} – C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260623155140
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: PnkBstrA – Unknown owner – C:\WINDOWS\System32\PnkBstrA.exe

–
End of file – 4477 bytes
1. Radu
  February 1, 2010 at 4:17 PM | Permalink | Reply
  
  @monica dinu: Log-ul tau este curat.
monica dinu
February 1, 2010 at 4:19 PM | Permalink | Reply

Asta e tot? gata?
monica dinu
February 1, 2010 at 4:24 PM | Permalink | Reply

sunteti super! va multumesc din suflet! atfel nu as fi stiut ce sa fac! eu l-am contactat de la o ruda din strainatate si am crezut ca imi spune ca eu chiar am un astfel de cont si am crezut ca e doar o gluma a unor prieteni! oricum, multumesc!
1. Radu
  February 1, 2010 at 4:27 PM | Permalink | Reply
  
  @monica: Cu placere. Poti recomanda site-ul nostru si altora daca ti-a placut.
Luci2000
February 2, 2010 at 12:38 AM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:07 AM, on 2/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Drive Space Indicator\DrvSpace.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Administrator\My Documents\Downloads\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cool-digitv.net/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 – HKLM\..\Run: [DriveSpace] C:\Program Files\Drive Space Indicator\DrvSpace.exe
O4 – HKLM\..\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 – HKLM\..\Run: [RemoteControl9] “C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe”
O4 – HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 – HKLM\..\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 – HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 – HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 – HKLM\..\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe” /hide
O4 – HKCU\..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKCU\..\Run: [FreeCall] “C:\Program Files\FreeCall.com\FreeCall\freecall.exe” -nosplash -minimized
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User ‘Default user’)
O4 – Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Export la Microsoft &Excel – res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 – Extra context menu item: Google Sidewiki… – res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 – Extra button: Trimitere la OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: Trimit&ere la OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 – Extra button: PokerStars – {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} – C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ESET HTTP Server (EhttpSrv) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 – Service: ESET Service (ekrn) – ESET – C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Process Monitor (LVPrcSrv) – Logitech Inc. – C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\WINDOWS\System32\TuneUpDefragService.exe
O23 – Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) – TuneUp Software – C:\WINDOWS\System32\TUProgSt.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 6787 bytes
1. Radu
  February 2, 2010 at 3:33 PM | Permalink | Reply
  
  @Luci2000: Log-ul tau este curat.
Alexandra
February 2, 2010 at 4:55 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:49, on 02.02.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Wedding Countdown\Wedding.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Silence..I kill You\Desktop\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.dapyx.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 – REG:system.ini: Shell=explorer.exe ,
O1 – Hosts: ::1 localhost
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: BitComet ClickCapture – {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} – C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 – BHO: URLRedirectionBHO – {B4F3A835-0E21-4959-BA22-42B3008E02FF} – C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 – HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 – HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 – HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 – HKLM\..\Run: [UCam_Menu] “c:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “c:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0″
O4 – HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 – HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe “C:\Program Files\HP\HP UT\”
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 – HKLM\..\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 – HKLM\..\Run: [RemoteControl8] “C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe”
O4 – HKLM\..\Run: [PDVD8LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe”
O4 – HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [BCSSync] “C:\Program Files\Microsoft Office\Office14\BCSSync.exe” /DelayServices
O4 – HKLM\..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 – HKLM\..\Run: [lxdnmon.exe] “C:\Program Files\Lexmark 2600 Series\lxdnmon.exe”
O4 – HKLM\..\Run: [lxdnamon] “C:\Program Files\Lexmark 2600 Series\lxdnamon.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [UnlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 – HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 – HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 – HKCU\..\Run: [EA Core] “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent
O4 – HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe”
O4 – HKCU\..\Run: [WeddingCountDown] “C:\Program Files\Wedding Countdown\Wedding.exe”
O4 – HKCU\..\Run: [Vidalia] “C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe”
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O8 – Extra context menu item: &D&ownload &with BitComet – res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 – Extra context menu item: &D&ownload all video with BitComet – res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 – Extra context menu item: &D&ownload all with BitComet – res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 – Extra context menu item: S&end to OneNote – res:///105
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 – {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} – C:\Windows\WindowsMobile\INetRepl.dll
O9 – Extra button: (no name) – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\Windows\WindowsMobile\INetRepl.dll
O9 – Extra ‘Tools’ menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 – {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} – C:\Windows\WindowsMobile\INetRepl.dll
O9 – Extra button: Linked &Notes – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} – C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 – Extra ‘Tools’ menuitem: Linked &Notes – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} – C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 – Gopher Prefix:
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 – SharedTaskScheduler: Windows DreamScene – {E31004D1-A431-41B8-826F-E902F9D95C81} – C:\Windows\System32\DreamScene.dll
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: Com4Qlb – Hewlett-Packard Development Company, L.P. – C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: hpqwmiex – Hewlett-Packard Development Company, L.P. – C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 – Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) – Intel Corporation – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 – Service: lxdnCATSCustConnectService – Lexmark International, Inc. – C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 – Service: lxdn_device – – C:\Windows\system32\lxdncoms.exe
O23 – Service: Nero BackItUp Scheduler 3 – Nero AG – C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 – Service: Nero BackItUp Scheduler 4.0 – Unknown owner – C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\Windows\system32\nvvsvc.exe
O23 – Service: ScsiAccess – Unknown owner – C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 – Service: TeamViewer 5 (TeamViewer5) – TeamViewer GmbH – C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 – Service: Vodafone Mobile Connect Service (VMCService) – Vodafone – C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 11807 bytes
1. Radu
  February 2, 2010 at 5:05 PM | Permalink | Reply
  
  @Alexandra: Log-ul este curat.
Alexandra
February 2, 2010 at 7:09 PM | Permalink | Reply

Mersi mult de tot … o sa recomand site-ul … de foarte mare ajutor… O seara placuta
1. Radu
  February 2, 2010 at 7:27 PM | Permalink | Reply
  
  @Alexandra: Cu placere.
Luci2000
February 2, 2010 at 8:46 PM | Permalink | Reply

Ms mult.Te-am adaugat la blogeroll .Foarte interesant blogul chiar multi au nevoie de informatii de aici.Apropo ai putea sa-ti pui si un avatar intra aici http://en.gravatar.com/ sa ai fi avatar la comentariile tale:P
1. Radu
  February 2, 2010 at 10:37 PM | Permalink | Reply
  
  @Luci2000: Multumesc si eu. Daca as pune avatar pe gravatar.com ar trebui sa-mi schimb nick-ul. Radu este deja folosit.
Alice
February 3, 2010 at 1:46 PM | Permalink | Reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:34, on 03.02.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Kucsor\Desktop\Piratii din Caraibe\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Kucsor\Desktop\utorrent.exe
C:\PROGRA~1\AIMP2\AIMP2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Kucsor\Desktop\HiJackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 – URLSearchHook: TvOnline by WebDessign Toolbar – {77d0b2ea-9fb1-491c-bd40-04e2232bdd22} – C:\Program Files\TvOnline_by_WebDessign\tbTvO0.dll
R3 – URLSearchHook: PHPNukeEN Toolbar – {dd02a4eb-4afd-4d60-99d8-e67f964ca813} – C:\Program Files\PHPNukeEN\tbPHP1.dll
R3 – URLSearchHook: the blinkx toolbar – {F08555B0-9CC3-11D2-AA8E-000000000567} – C:\Program Files\blinkx Remote Toolbar\the_blinkx_shook.dll
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: The blinkx Toolbar – {0069B690-7A2B-41C5-98CA-9F535B4C8532} – C:\Program Files\blinkx Remote Toolbar\the_blinkx_bho.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: TvOnline by WebDessign Toolbar – {77d0b2ea-9fb1-491c-bd40-04e2232bdd22} – C:\Program Files\TvOnline_by_WebDessign\tbTvO0.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 – BHO: URLRedirectionBHO – {B4F3A835-0E21-4959-BA22-42B3008E02FF} – D:\TATA(^~1\MICROS~1\Office14\URLREDIR.DLL
O2 – BHO: PHPNukeEN Toolbar – {dd02a4eb-4afd-4d60-99d8-e67f964ca813} – C:\Program Files\PHPNukeEN\tbPHP1.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 – Toolbar: TvOnline by WebDessign Toolbar – {77d0b2ea-9fb1-491c-bd40-04e2232bdd22} – C:\Program Files\TvOnline_by_WebDessign\tbTvO0.dll
O3 – Toolbar: PHPNukeEN Toolbar – {dd02a4eb-4afd-4d60-99d8-e67f964ca813} – C:\Program Files\PHPNukeEN\tbPHP1.dll
O3 – Toolbar: The blinkx Toolbar – {E5A1ECE5-3E3D-4FE7-8447-78CB1FD377C6} – C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 – HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 – HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 – HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [uTorrent] “C:\Documents and Settings\Kucsor\Desktop\utorrent.exe”
O4 – HKCU\..\Run: [blinkx_toolbar] “C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe” -startservice
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Documents and Settings\Kucsor\Desktop\Piratii din Caraibe\DAEMON Tools Lite\DTLite.exe” -autorun
O4 – HKCU\..\Run: [swg] “C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O8 – Extra context menu item: E&xport to Microsoft Excel – res://D:\TATA(^~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 – Extra context menu item: Google Sidewiki… – res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 – Extra button: ShopperReports – Compare product prices – {C5428486-50A0-4a02-9D20-520B59A9F9B2} – C:\Program Files\ShoppingReport\Bin\2.6.63\ShoppingReport.dll (file missing)
O9 – Extra button: ShopperReports – Compare travel rates – {C5428486-50A0-4a02-9D20-520B59A9F9B3} – C:\Program Files\ShoppingReport\Bin\2.6.63\ShoppingReport.dll (file missing)
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) – http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 – DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) – http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 – DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) – http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 – Filter hijack: text/xml – {807573E5-5146-11D5-A672-00B0D022E945} – C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: nProtect GameGuard Service (npggsvc) – Unknown owner – C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 – Service: npkcmsvc – INCA Internet Co., Ltd. – C:\WINDOWS\system32\npkcmsvc.exe
O23 – Service: Power Manager (PowerManager) – Unknown owner – C:\WINDOWS\svchost.exe
O23 – Service: TeamViewer 5 (TeamViewer5) – TeamViewer GmbH – C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 7544 bytes
1. Radu
  February 3, 2010 at 2:53 PM | Permalink | Reply
  
  Alice, bifeaza si apasa “Fix checked” pentru urmatoarele intrari:
  O4 – HKCU\..\Run: [blinkx_toolbar] “C:\Program Files\blinkx Remote Toolbar\the_blinkx_toolbar.exe” -startservice
  O23 – Service: Power Manager (PowerManager) – Unknown owner – C:\WINDOWS\svchost.exe
  
  Apoi instaleaza-ti un antivirus pentru a scana si scapa si de restul infectiilor. Fara Antivirus PC-ul tau nu are cum sa ramana neinfectat, mai ales cu o conexiune de internet activa.
Alice
February 3, 2010 at 10:24 PM | Permalink | Reply

ok,si ce antivirus mi-ai recomanda…?:d…
Nick
February 3, 2010 at 10:40 PM | Permalink | Reply

@Alice
Aruncă o privire aici,și vezi cam ce ți se potrivește…
http://www.raymond.cc/blog/archives/2010/02/03/best-performing-speed-and-memory-usage-antivirus-and-internet-security-for-2010/
florin
February 4, 2010 at 12:46 PM | Permalink | Reply

ma poate ajuta cineva sa-mi spuna daca sistemul meu “sufera” de ceva si daca are vreo “boala” care sunt remediile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:16, on 04/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OEM\OSD_1.9\OsdService.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msvmcls64.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\OEM\OSD_1.9\osd.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\roxana\Desktop\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: Adobe PDF Reader Link Helper – {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Lexmark Toolbar – {1017a80c-6f09-4548-a84d-edd6ac9525f0} – C:\Program Files\Lexmark Toolbar\toolband.dll
O2 – BHO: Skype add-on (mastermind) – {22bf413b-c6d2-4d91-82a9-a0f997ba588c} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Windows Live Toolbar Helper – {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\Windows Live Toolbar\msntb.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {dbc80044-a445-435b-bc74-9c25c1c588a9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {e7e6f031-17ce-4c07-bc86-eabfe594f69c} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 – Toolbar: Windows Live Toolbar – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\Windows Live Toolbar\msntb.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: Lexmark Toolbar – {1017A80C-6F09-4548-A84D-EDD6AC9525F0} – C:\Program Files\Lexmark Toolbar\toolband.dll
O4 – HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 – HKLM\..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 – HKLM\..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [lxdimon.exe] “C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe”
O4 – HKLM\..\Run: [lxdiamon] “C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe”
O4 – HKLM\..\Run: [FaxCenterServer] “C:\Program Files\\Lexmark Fax Solutions\fm3032.exe” /s
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [MS Virtual CLS] C:\WINDOWS\system32\msvmcls64.exe
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [cdoosoft] C:\DOCUME~1\roxana\LOCALS~1\Temp\olhrwef.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 – HKCU\..\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount
O4 – Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exe
O4 – Global Startup: Bluetooth Manager.lnk = ?
O4 – Global Startup: OSD.lnk = ?
O8 – Extra context menu item: &Windows Live Search – res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 – Extra context menu item: Add to Windows &Live Favorites – http://favorites.live.com/quickadd.aspx
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 – Extra context menu item: e&xport în microsoft excel – res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra button: (no name) – {5067a26b-1337-4436-8afe-ee169c2da79f} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer – {5067a26b-1337-4436-8afe-ee169c2da79f} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Skype – {77bf5300-1474-4ec7-9980-d32b190e9b07} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Cercetare – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Encarta Search Bar – {B205A35E-1FC4-4CE3-818B-899DBBB3388C} – C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O11 – Options group: [java_sun] Java (Sun)
O17 – HKLM\System\CCS\Services\Tcpip\..\{53999642-D2BF-4AA6-A985-0AECD4448858}: NameServer = 192.168.1.254
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: Background Intelligent Transfer Service (BITS) – Unknown owner – C:\WINDOWS\
O23 – Service: BlueSoleil Hid Service – Unknown owner – C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Java Quick Starter (javaquickstarterservice) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: lxdiCATSCustConnectService (lxdicatscustconnectservice) – Lexmark International, Inc. – C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 – Service: lxdi_device – – C:\WINDOWS\system32\lxdicoms.exe
O23 – Service: Macromedia Licensing Service (macromedia licensing service) – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: Microsoft Office Diagnostics Service (odserv) – Unknown owner – C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 – Service: OSD Service (OsdService) – TODO: – C:\Program Files\OEM\OSD_1.9\OsdService.exe
O23 – Service: ServiceLayer (servicelayer) – Nokia. – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: Start BT in service – Unknown owner – C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 – Service: StarWind AE Service (starwindserviceae) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 – Service: TOSHIBA Bluetooth Service – TOSHIBA CORPORATION – C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 – Service: Vodafone Mobile Connect Service (VMCService) – Vodafone – C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 – Service: Automatic Updates (wuauserv) – Unknown owner – C:\WINDOWS\
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 12586 bytes
1. Radu
  February 4, 2010 at 2:36 PM | Permalink | Reply
  
  @florin: Am primit si mail-ul tau. Ti-am trimis raspuns.
setmefree
February 19, 2010 at 6:29 PM | Permalink | Reply

SCZ
setmefree
February 20, 2010 at 9:45 AM | Permalink | Reply

E ROG DACA PC MEU E Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:23 PM, on 2/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Documents and Settings\valy\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
C:\Program Files\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Documents and Settings\valy\My Documents\Downloads\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://it.search.yahoo.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://it.search.yahoo.com
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Symantec NCO BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O3 – Toolbar: Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O4 – HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 – HKLM\..\Run: [SoundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray
O4 – HKLM\..\Run: [YSearchProtection] “C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe”
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [HitmanPro35] “C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe” /scan:boot
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\valy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 – HKCU\..\Run: [RocketDock] “C:\Program Files\RocketDock\RocketDock.exe”
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 – Protocol: symres – {AA1061FE-6C41-421F-9344-69640C9732AB} – C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O23 – Service: Norton Security Suite (N360) – Symantec Corporation – C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
O23 – Service: Network WanMiniport First Position – Unknown owner – C:\Program Files\Telecom Italia\WanMiniport1st\srvany.exe
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

–
End of file – 6620 bytes
CURAT