HijackThis 2.0.4 – Analiza Setarilor Modificate de Virusi din PC-ul tau

Un bun inceput intr-o devirusare eficienta inseamna si o analiza preliminara a setarilor sistemului si evidentierea celor modificate de virusi, spyware, troieni, etc.
HijackThis, de la Trend Micro este cel mai utilizat instrument de generare a unor log-uri. In general marea majoritatea a virusilor “lasa urme” vizibile pentru un ochi experimentat la citirea log-ului HijackThis.

De curand acest program a fost imbunatatit si a fost lansata versiunea 2.0.4.
Schimbarile aduse acestei versiuni:

* Fixed parser issues on winlogon notify
* Fixed issues to handle certain environment variables
* Rename HJT generates complete scan log

Iata din nou instructiunile pentru realizarea unui log HijackThis.

Descarci HijackThis de aici.
Il instalezi dar nu-l rulezi inca.

Te duci in My Computer-> Tools-> Folder options-> View si bifezi: “Show hidden files and folders”, apoi debifezi: “Hide protected operating file systems”. Apesi OK.


Apoi rulezi HijackThis.exe
In fereastra care apare bifeaza Don’t show this frame again when I startup HijackThis.
Apasa primul buton de sus Do a system scan and save a logfile.
Copiaza logul din Notepad si posteaza-l intr-un nou topic pe un forum: recomand SoftPedia.
De asemenea mi-l poti trimite prin e-mail pentru analiza.

Nu fixa nimic cu HJT, cele mai multe intrari de acolo sunt legitime !
In unele cazuri este necesara de asemenea redenumirea hijackthis.exe in test.exe sau orice altceva, si rularea ulterioara a programului.


Cand vi se recomanda de catre un expert remedierea unor intrari “infectate”, procedati astfel: bifati casuta din dreptul intrarii respective si apasati butonul “Fix checked”.

hijackthis 2.0.4

Administrator FaraVirusi.com
voluntar al Comodo Malware Research Team, expert Malwarebytes Anti-Malware

51 responses to “HijackThis 2.0.4 – Analiza Setarilor Modificate de Virusi din PC-ul tau”

  1. warsnno

    Cine stie sa imi spuna si mie daca am virusi.Nu am nici un antivirus instalat cand am avut avira 10 mi-a gasit un virus(windos-ul abia instalat) si dupa ce am dat restart nu mai aveam nimic pe ecran.Si am instalat windos-ul din nou stiu ca am un virus dar nu stiu daca este periculos.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:58:07 PM, on 4/22/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Documents and Settings\dori\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{F6F8B713-D753-4BA6-9244-E3791391FD93}
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{F6F8B713-D753-4BA6-9244-E3791391FD93}
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
    R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 – BHO: ChromeFrame BHO – {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} – C:\Program Files\Google\Chrome Frame\Application\5.0.375.15\npchrome_frame.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 – HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 – HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 – HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
    O4 – HKCU\..\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
    O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\dori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
    O4 – HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User ‘SYSTEM’)
    O4 – HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User ‘Default user’)
    O4 – HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘Default user’)
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O18 – Protocol: gcf – {9875BFAF-B04D-445E-8A69-BE36838CDE3E} – C:\Program Files\Google\Chrome Frame\Application\5.0.375.15\npchrome_frame.dll
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
    O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: ServiceLayer – Nokia – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    End of file – 6217 bytes

  2. Andrei R.

    Exista un manual sau ceva pt tot ce poate sa apara in log? As incerca sa imi fac un log si sa incerc sa vad singur daca am ceva in neregula desi la mine sunt sanse f mici sa am o infectie sau ceva :-?…

  3. omega
  4. omega
  5. andolis49

    Eu de obicei urc logoul aici http://www.hijackthis.de/

  6. Andrei R.

    Multumesc pentru raspuns, dar eu nu ma refeream la instructiuni de folosire, ci la legenda pt posibile intrari… adica ce e fiecare… sau macar grupuri mari, etc 😀

  7. Andrei R.

    Abia acum am vazut jos de tot… pe clasificari.. multumesc mult!

  8. mac

    Mda… Bun programelul asta insa cam slab in info! In rest, nimic, de zis, laudabil efortul autorilor!

  9. cobra

    Pe mine m-a frapat faptul că a apărut varianta 2.0.4 iar varianta beta este 2.0.3.
    Cum naiba vine asta?

  10. DanS

    Am si eu o intrebare :
    – cand vreau sa instalez anumite programe ( nu toate ) imi apare
    urmatorul mesaj : http://imgur.com/ImxL7.gif
    – sau cand vreau sa deschid un document cu Open Office
    cu extensia .xls ( bineinteles Excel ) apare iar mesajul :
    http://imgur.com/fFvjZ.gif .
    Intrebarea este ” Ce trebuie sa fac in acest caz ?”
    Precizez ca unitatea centrala este productie DELL
    sistemul de operare Windows XP SP1 licienta DELL
    care si-a facut upgrate la SP3 ( “la zi” ) actual SP3 .
    *exista cumva vreun virus care ar putea sa faca asa ceva ?
    – am instalat antivirus Avast 5 , SpyBot-Search & Destroy
    va anexez si urmatoru log file in speranta ca poate ma
    puteti ajuta :

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:33:00, on 23.04.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    E:\Kit\Lupo PenSuite v6.80 Full\Launcher\ASuite.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Dniel\Desktop\HiJackThis.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 – URLSearchHook: Wisdom-soft toolbar – {6dfc55bb-bfff-485a-9709-90c3fdf6db58} – C:\Program Files\Wisdom-soft\tbWisd.dll
    O2 – BHO: AskBar BHO – {201f27d4-3704-41d6-89c1-aa35e39143ed} – C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 – BHO: BitComet ClickCapture – {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} – C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
    O2 – BHO: (no name) – {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} – (no file)
    O2 – BHO: Wisdom-soft toolbar – {6dfc55bb-bfff-485a-9709-90c3fdf6db58} – C:\Program Files\Wisdom-soft\tbWisd.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 – Toolbar: Foxit Toolbar – {3041d03e-fd4b-44e0-b742-2d9b88305f98} – C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 – Toolbar: Wisdom-soft toolbar – {6dfc55bb-bfff-485a-9709-90c3fdf6db58} – C:\Program Files\Wisdom-soft\tbWisd.dll
    O4 – HKLM\..\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [nwiz] “nwiz.exe” /install
    O4 – HKLM\..\Run: [ASuite] “E:\Kit\Lupo PenSuite v6.80 Full\Launcher\ASuite.exe”
    O4 – HKLM\..\Run: [UnlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
    O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
    O4 – HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
    O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
    O9 – Extra button: BitComet – {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} – res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264857055031
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\System32\browseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\System32\browseui.dll
    O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
    O23 – Service: ScsiAccess – Unknown owner – C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    O23 – Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) – Webroot Software, Inc. (www.webroot.com) – C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe


    End of file – 5935 bytes

    Va multumesc anticipat ,
    DanS

  11. Basano

    Imi puteti analiza si mie ?” log hijackthis ” va rog frumos

    Scan saved at 3:14:30 PM, on 4/23/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\MASTER\Desktop\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\ievkbd.dll
    O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
    O4 – HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 – HKLM\..\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe”
    O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
    O8 – Extra context menu item: Add to Anti-Banner – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\ie_banner_deny.htm
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 – Extra button: &Virtuelle Tastatur – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 – Extra button: Li&nks untersuchen – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
    O17 – HKLM\System\CCS\Services\Tcpip\..\{B335AAA5-852D-4188-B56D-4EDD7B4A373F}: NameServer = 213.154.124.1 193.231.252.1
    O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
    O20 – AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 – Service: Kaspersky Security Suite CBE Win7 (AVP) – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe
    O23 – Service: DefenseWall internal service (defensewall_serv) – Unknown owner – C:\Windows\system32\defensewall_serv.exe (file missing)
    O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\Windows\system32\nvvsvc.exe
    O23 – Service: O&O Defrag – O&O Software GmbH – C:\Program Files\OO Software\Defrag\oodag.exe
    O23 – Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe


    End of file – 4984 bytes

  12. xtrem

    Pusesem si eu o intrebare legat de Comodo IS 4 si a disparut. De ce?

  13. xtrem

    Vad ca nu mi se raspunde. Atunci voi aplica aici. Poate voi avea succes …. Pot schimba Avira Free + Online Armor Free cu Comodo Internet Security 4? Ofera ceeasi securitate?

  14. xtrem

    De ce este mediata atata timp intrebarea mea?

  15. Basano

    Multumesc pentru indolenta de care da-i dovada RADULE si raspunzi numai la acele persoane pe care le cunosti sau cine stie ce criterii mai aplici? ….mersi ……

  16. Basano

    Am postat si eu un log hijackthis si nu ai vrut sa-mi raspunzi…Eu iti multumesc si pentru ca nu ai raspuns
    traim in Romania si raspunsurile se fac pe unele criterii…….

  17. bcman

    1.Nu te mai criza
    2.Ai vreun motiv pt care ai facut acest log si esti asa disperat sa afli daca e bun sau nu?
    3.Esti curat. M-am uitat eu.
    4.Poate Radu nu are tot timpul liber pt a te ajuta.
    5. Cu placere.

  18. Nick

    @basano
    Eşti curat ca lacrima unui prunc, n-am avut în viaţa mea aşa frumuseţe de log! 😀
    Felicitări! Se vede de la o poştă ca promoţia aia de KIS CBE , de pe aici , probabil , şi-a făcut datoria ! 🙄

  19. Cum scap de smss32.exe ? – Ghid pentru Devirusare

    […] Realizati un log HijackThis si apoi bifati si apasati “Fix checked” pentru intrarile: F2 – REG:system.ini: […]

  20. Basano

    Multumesc mult ! Radule si tie Nick……

  21. c@t@lin c

    Buna dimineata , de o perioada computerul meu se cam blockeaza , adica imi apare in stanga sus (NOT RESPONDING) si cred ca e virusat , am scanat cu Malwarebytes si nu am gasit nimik , am descarcat Hijack si am sa postez un log aici sa vedeti daca am vre-un virus , va zic asta deoarece din cand in cand gasesc rootkituri , dar nu gasesc Trojanul ,

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:39:59 AM, on 4/29/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
    C:\Windows\FixCamera.exe
    C:\Windows\vsnpstd3.exe
    C:\Windows\tsnpstd3.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AntiLogger\AntiLogger.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
    C:\Windows\RTHDCPL.exe
    C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\The KMPlayer\KMPlayer.exe
    C:\Users\John\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 – BHO: HP Print Enhancer – {0347C33E-8762-4905-BF09-768834316C61} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 – BHO: URLRedirectionBHO – {B4F3A835-0E21-4959-BA22-42B3008E02FF} – C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 – BHO: HP Smart BHO Class – {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 – HKLM\..\Run: [OutpostFeedBack] “C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe” /dump:os_startup
    O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
    O4 – HKLM\..\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
    O4 – HKLM\..\Run: [BCSSync] “C:\Program Files\Microsoft Office\Office14\BCSSync.exe” /DelayServices
    O4 – HKLM\..\Run: [OutpostMonitor] “C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe” /tray /noservice
    O4 – HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
    O4 – HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
    O4 – HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
    O4 – HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
    O4 – HKLM\..\Run: [AntiLogger] “C:\Program Files\AntiLogger\AntiLogger.exe” /minimized
    O4 – HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 – HKLM\..\Run: [SpywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”
    O4 – HKLM\..\Run: [NortonAntiBot] “C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe”
    O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 – HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 – HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – HKCU\..\Run: [SpywareTerminatorUpdate] “C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe”
    O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 – Extra ‘Tools’ menuitem: Se&nd to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 – Extra button: OneNote Lin&ked Notes – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} – C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 – Extra ‘Tools’ menuitem: OneNote Lin&ked Notes – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} – C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 – Extra button: Show or hide HP Smart Web Printing – {DDE87865-83C5-48c4-8357-2F5B1AA84522} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 – Filter hijack: text/xml – {807573E5-5146-11D5-A672-00B0D022E945} – C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 – AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
    O23 – Service: Agnitum Client Security Service (acssrv) – Agnitum Ltd. – C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
    O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 – Service: MBAMService – Malwarebytes Corporation – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
    O23 – Service: NMSAccess – Unknown owner – C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 – Service: Spyware Terminator Realtime Shield Service (sp_rssrv) – Crawler.com – C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 – Service: SymantecAntiBotAgent – Symantec – C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
    O23 – Service: SymantecAntiBotWatcher – Symantec – C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
    MULTUMESC ANTICIPAT!

    End of file – 7883 bytes

  22. clara

    Buna, imi puteti analiza si mie log-ul. Multumesc frumos

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:56:45, on 30.04.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    D:\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 – HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
    R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 – URLSearchHook: DefaultSearchHook Class – {C94E154B-1459-4A47-966B-4B843BEFC7DB} – C:\Program Files\AskSearch\bin\DefaultSearch.dll
    R3 – URLSearchHook: (no name) – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – (no file)
    O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
    O2 – BHO: (no name) – {259F616C-A300-44F5-B04A-ED001A26C85C} – (no file)
    O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 – HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
    O4 – HKLM\..\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
    O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
    O4 – HKLM\..\Run: [iTunesHelper] “D:\iTunes\iTunesHelper.exe”
    O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – HKCU\..\Run: [DeskSpace] D:\programs\desk space\deskspace.exe
    O4 – HKCU\..\Run: [AutoStartNPSAgent] D:\samsung\NPSAgent.exe
    O4 – HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 – HKLM\..\Policies\Explorer\Run: [XPRTRFVB] C:\WINDOWS\system32\msnmsg.exe
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 – Extra button: (no name) – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.getietool.com/redirect.php (file missing)
    O9 – Extra ‘Tools’ menuitem: IE Anti-Spyware – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.getietool.com/redirect.php (file missing)
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
    O17 – HKLM\System\CCS\Services\Tcpip\..\{A7D8B182-A550-41A4-92D3-BAF51169DF49}: NameServer = 85.255.113.142,85.255.112.80
    O17 – HKLM\System\CCS\Services\Tcpip\..\{D318E551-51AA-4C62-8EB3-EDE1EA09AEBA}: NameServer = 85.255.113.142,85.255.112.80
    O17 – HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
    O17 – HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
    O17 – HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
    O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
    O23 – Service: ESET HTTP Server (EhttpSrv) – Unknown owner – C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
    O23 – Service: ESET Service (ekrn) – Unknown owner – C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
    O23 – Service: FsUsbExService – Teruten – C:\WINDOWS\system32\FsUsbExService.Exe
    O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
    O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
    O23 – Service: ServiceLayer – Nokia. – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 – Service: Ulead Burning Helper (UleadBurningHelper) – Ulead Systems, Inc. – C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    End of file – 7806 bytes

  23. ion08

    ….cand ai timp….multumesc anticipat!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:45:55 PM, on 5/2/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    D:\games\heroes 3\RegisterSOD\Remind32.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\totalcmd\TOTALCMD.EXE
    D:\downloads\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 – REG:system.ini: UserInit=userinit.exe
    O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O4 – HKLM\..\Run: [VirtualCloneDrive] “C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s
    O4 – HKLM\..\Run: [AVP] “C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe”
    O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
    O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
    O4 – HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
    O4 – Startup: H3 The Shadow of Death(TM).lnk = D:\games\heroes 3\RegisterSOD\Remind32.exe
    O8 – Extra context menu item: Add to Anti-Banner – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O9 – Extra button: &Virtual keyboard – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 – Extra button: URLs c&heck – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O20 – AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    O23 – Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) – Unknown owner – C:\Windows\System32\alg.exe (file missing)
    O23 – Service: Kaspersky Internet Security (AVP) – Kaspersky Lab – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 – Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) – Unknown owner – C:\Windows\System32\lsass.exe (file missing)
    O23 – Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) – Unknown owner – C:\Windows\system32\fxssvc.exe (file missing)
    O23 – Service: @keyiso.dll,-100 (KeyIso) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
    O23 – Service: @comres.dll,-2797 (MSDTC) – Unknown owner – C:\Windows\System32\msdtc.exe (file missing)
    O23 – Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
    O23 – Service: NVIDIA Display Driver Service (nvsvc) – Unknown owner – C:\Windows\system32\nvvsvc.exe (file missing)
    O23 – Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
    O23 – Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) – Unknown owner – C:\Windows\system32\locator.exe (file missing)
    O23 – Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
    O23 – Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) – Unknown owner – C:\Windows\System32\snmptrap.exe (file missing)
    O23 – Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) – Unknown owner – C:\Windows\System32\spoolsv.exe (file missing)
    O23 – Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) – Unknown owner – C:\Windows\system32\sppsvc.exe (file missing)
    O23 – Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) – NVIDIA Corporation – C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 – Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) – TuneUp Software – C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
    O23 – Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) – Unknown owner – C:\Windows\system32\UI0Detect.exe (file missing)
    O23 – Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
    O23 – Service: @%SystemRoot%\system32\vds.exe,-100 (vds) – Unknown owner – C:\Windows\System32\vds.exe (file missing)
    O23 – Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) – Unknown owner – C:\Windows\system32\vssvc.exe (file missing)
    O23 – Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) – Unknown owner – C:\Windows\system32\wbengine.exe (file missing)
    O23 – Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) – Unknown owner – C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 – Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) – Unknown owner – C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file – 6569 bytes

  24. ion08

    nu….doar vroiam o confirmare ca totul este ok….mulltumesc pentru promptitudine:)

  25. andreea

    ComboFix 10-05-03.06 – Deea 04.05.2010 18:28:38.1.2 – x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1250.40.1033.18.1919.979 [GMT 3:00]
    Running from: E:\ComboFix.exe
    AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\325 USB PC Camera
    c:\programdata\Microsoft\Windows\Start Menu\Programs\325 USB PC Camera \AMCap.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\325 USB PC Camera \Uninstall.lnk
    c:\users\Deea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    c:\users\Public\mds.sys
    c:\users\Public\mdt.sys
    c:\users\Public\winbrd.jpg
    D:\Autorun.inf
    E:\autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
    .

    2010-05-04 15:24 . 2010-05-04 15:26 ——– d—–w- C:\32788R22FWJFW
    2010-05-04 13:13 . 2010-05-04 13:13 ——– d—–w- c:\programdata\Kaspersky Lab
    2010-05-04 13:12 . 2009-10-22 10:54 37392 —-a-w- c:\windows\system32\drivers\58880472.sys
    2010-05-04 13:12 . 2009-10-09 20:31 311312 —-a-w- c:\windows\system32\drivers\5888047.sys
    2010-05-04 13:12 . 2009-09-25 14:59 128016 —-a-w- c:\windows\system32\drivers\58880471.sys
    2010-05-04 12:54 . 2010-05-04 12:54 ——– d—–w- c:\users\Deea\AppData\Roaming\Malwarebytes
    2010-05-04 12:53 . 2010-04-29 12:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-04 12:53 . 2010-05-04 12:53 ——– d—–w- c:\program files\Malwarebytes’ Anti-Malware
    2010-05-04 12:53 . 2010-05-04 12:53 ——– d—–w- c:\programdata\Malwarebytes
    2010-05-04 12:53 . 2010-04-29 12:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-03 15:40 . 2010-05-03 15:40 ——– d—–w- c:\users\Deea\AppData\Local\Yahoo!
    2010-05-03 15:40 . 2010-05-03 16:21 ——– d—–w- c:\programdata\Yahoo! Companion
    2010-05-03 15:40 . 2009-12-14 14:52 607472 —-a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
    2010-04-28 15:51 . 2009-12-11 07:44 133720 —-a-w- c:\windows\system32\drivers\ksecpkg.sys
    2010-04-28 15:51 . 2009-12-11 07:38 1037312 —-a-w- c:\windows\system32\lsasrv.dll
    2010-04-21 20:10 . 2010-02-11 07:10 293376 —-a-w- c:\windows\system32\browserchoice.exe
    2010-04-15 15:50 . 2010-02-27 12:07 3954568 —-a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-15 15:50 . 2010-02-27 12:07 3899280 —-a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-15 15:50 . 2010-03-08 21:33 427520 —-a-w- c:\windows\system32\vbscript.dll
    2010-04-15 15:50 . 2010-02-27 07:32 221696 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-15 15:50 . 2010-02-27 07:32 95744 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-15 15:50 . 2010-02-27 07:32 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 16:22 . 2009-12-29 06:55 172032 —-a-w- c:\windows\system32\wintrust.dll
    2010-04-14 16:22 . 2010-01-09 06:52 132608 —-a-w- c:\windows\system32\cabview.dll
    2010-04-05 14:35 . 2010-04-05 14:35 ——– d—–w- c:\users\Deea\AppData\Local\eBook Reader
    2010-04-05 09:30 . 2010-04-05 09:31 ——– d—–w- c:\users\Deea\AppData\Local\Google

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-04 15:32 . 2010-02-05 11:26 81984 —-a-w- c:\windows\system32\bdod.bin
    2010-05-03 15:40 . 2009-11-01 14:27 ——– d—–w- c:\programdata\Yahoo!
    2010-05-03 15:40 . 2009-11-01 14:27 ——– d—–w- c:\program files\Yahoo!
    2010-05-02 14:02 . 2009-11-01 19:36 ——– d—–w- c:\users\Deea\AppData\Roaming\uTorrent
    2010-05-02 06:44 . 2009-11-01 19:37 ——– d—–w- c:\program files\uTorrent
    2010-04-30 21:17 . 2009-11-01 14:03 ——– d—–w- c:\program files\Opera
    2010-04-17 19:35 . 2009-11-01 18:40 ——– d—–w- c:\users\Deea\AppData\Roaming\Winamp
    2010-04-15 20:31 . 2009-11-08 19:46 ——– d—–w- c:\programdata\Microsoft Help
    2010-04-07 20:10 . 2009-11-01 14:01 ——– d—–w- c:\program files\Common Files\Adobe
    2010-04-04 21:33 . 2009-12-12 14:13 ——– d—–w- c:\programdata\Corel
    2010-03-31 16:41 . 2010-03-31 16:41 ——– d—–w- c:\program files\CCleaner
    2010-03-31 16:39 . 2009-11-01 18:40 ——– d—–w- c:\program files\Winamp
    2010-03-30 17:55 . 2009-11-06 22:09 ——– d—–w- c:\users\Deea\AppData\Roaming\Skype
    2010-03-25 17:07 . 2009-11-01 18:04 ——– d–h–w- c:\program files\InstallShield Installation Information
    2010-03-25 17:07 . 2009-11-03 16:12 2485883 —-a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
    2010-03-21 09:29 . 2009-11-01 16:57 ——– d—–w- c:\program files\iTunes
    2010-03-21 09:28 . 2010-03-21 09:28 ——– d—–w- c:\program files\iPod
    2010-03-21 09:28 . 2009-11-01 16:56 ——– d—–w- c:\program files\Common Files\Apple
    2010-03-21 09:28 . 2009-11-01 16:56 ——– d—–w- c:\programdata\Apple Computer
    2010-03-21 09:27 . 2010-03-21 09:26 ——– d—–w- c:\program files\QuickTime
    2010-03-21 09:20 . 2010-03-21 09:20 72488 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-03-16 15:33 . 2009-11-06 22:12 ——– d—–w- c:\users\Deea\AppData\Roaming\skypePM
    2010-03-02 18:16 . 2009-12-12 14:14 2516 –sha-w- c:\programdata\KGyGaAvL.sys
    2010-03-02 18:16 . 2009-12-12 14:14 2516 –sha-w- c:\programdata\KGyGaAvL.sys
    2010-03-02 18:16 . 2009-12-12 14:14 88 –sh–r- c:\programdata\EB23E43201.sys
    2010-03-02 18:16 . 2009-12-12 14:14 88 –sh–r- c:\programdata\EB23E43201.sys
    2010-03-02 18:16 . 2010-03-02 18:13 2516 –sha-w- c:\programdata\Protexis\KGyGaAvL.sys
    2010-03-02 18:15 . 2010-03-02 18:13 88 –sh–r- c:\programdata\Protexis\EB23E43201.sys
    2010-03-02 18:13 . 2009-11-01 13:54 160488 —-a-w- c:\users\Deea\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-24 07:16 . 2009-11-01 14:13 181632 ——w- c:\windows\system32\MpSigStub.exe
    2010-02-23 07:56 . 2010-03-31 15:23 977920 —-a-w- c:\windows\system32\wininet.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    “{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “c:\program files\Winamp Toolbar\winamptb.dll” [2009-05-06 1262888]
    “{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}”= “c:\program files\BS_Player\tbBS_P.dll” [2009-07-02 2215960]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
    2009-07-02 08:18 2215960 —-a-w- c:\program files\BS_Player\tbBS_P.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    “{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}”= “c:\program files\BS_Player\tbBS_P.dll” [2009-07-02 2215960]

    [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    “{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}”= “c:\program files\BS_Player\tbBS_P.dll” [2009-07-02 2215960]

    [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    “DAEMON Tools Lite”=”c:\program files\DAEMON Tools Lite\DTLite.exe” [2009-10-30 369200]
    “Sidebar”=”c:\program files\Windows Sidebar\sidebar.exe” [2009-07-14 1173504]
    “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=”c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-08-03 202024]
    “Google Update”=”c:\users\Deea\AppData\Local\Google\Update\GoogleUpdate.exe” [2010-04-05 136176]
    “Messenger (Yahoo!)”=”c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe” [2010-03-19 5248312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    “atwtusb”=”atwtusb.exe beta” [X]
    “FixCamera”=”c:\windows\FixCamera.exe” [2007-02-12 20480]
    “tsnp325″=”c:\windows\tsnp325.exe” [2006-10-10 270336]
    “snp325″=”c:\windows\vsnp325.exe” [2006-10-10 827392]
    “WinampAgent”=”c:\program files\Winamp\winampa.exe” [2009-07-01 37888]
    “ArcSoft Connection Service”=”c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe” [2010-03-18 207360]
    “GrooveMonitor”=”c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072]
    “AdobeCS4ServiceManager”=”c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe” [2008-08-14 611712]
    “BDMCon”=”c:\program files\Softwin\BitDefender10\bdmcon.exe” [2007-04-02 290816]
    “BDAgent”=”c:\program files\Softwin\BitDefender10\bdagent.exe” [2007-03-26 69632]
    “NeroFilterCheck”=”c:\program files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 153136]
    “NBKeyScan”=”c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-08-08 1828136]
    “QuickTime Task”=”c:\program files\QuickTime\QTTask.exe” [2009-11-10 417792]
    “iTunesHelper”=”c:\program files\iTunes\iTunesHelper.exe” [2010-02-15 141608]
    “Adobe Reader Speed Launcher”=”c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2010-04-04 36272]
    “Adobe ARM”=”c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2010-03-24 952768]
    “Malwarebytes Anti-Malware (reboot)”=”c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2010-04-29 1090952]

    c:\users\Deea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    setup_9.0.0.722_04.05.2010_15-23.lnk – c:\users\Deea\Desktop\Virus Removal Tool\setup_9.0.0.722_04.05.2010_15-23\startup.exe [2010-5-4 72208]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    “ConsentPromptBehaviorAdmin”= 5 (0x5)
    “ConsentPromptBehaviorUser”= 3 (0x3)
    “EnableUIADesktopToggle”= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    “aux”=wdmaud.drv

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-01 691696]
    R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]
    S0 58880472;58880472 Boot Guard Driver;c:\windows\system32\DRIVERS\58880472.sys [2009-10-22 37392]
    S1 58880471;58880471;c:\windows\system32\DRIVERS\58880471.sys [2009-09-25 128016]
    S1 setup_9.0.0.722_04.05.2010_15-23drv;setup_9.0.0.722_04.05.2010_15-23drv;c:\windows\system32\DRIVERS\5888047.sys [2009-10-09 311312]
    S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
    S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-04-03 10251904]

    .
    Contents of the ‘Scheduled Tasks’ folder

    2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1978590124-3122013574-4123153948-1001Core.job
    – c:\users\Deea\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-05 09:30]

    2010-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1978590124-3122013574-4123153948-1001UA.job
    – c:\users\Deea\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-05 09:30]
    .
    .
    ——- Supplementary Scan ——-
    .
    uStart Page = hxxp://search.babylon.com/home
    uInternet Settings,ProxyOverride = *.local
    IE: &Winamp Search – c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel – c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .
    – – – – ORPHANS REMOVED – – – –

    HKCU-Run-AdobeBridge – (no file)
    HKCU-Run-Netlog Music Tool – c:\program files\Netlog Music Tool\NetlogMusicTool.exe
    HKLM-Run-CorelDRAW Graphics Suite 11b – c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe

    .
    ——————— LOCKED REGISTRY KEYS ———————

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-05-04 18:38:42
    ComboFix-quarantined-files.txt 2010-05-04 15:38

    Pre-Run: 15.457.546.240 bytes free
    Post-Run: 15.460.376.576 bytes free

    – – End Of File – – E5A7CAA7367ABC1918747A72EE4FD2C9

  26. Ana Maria Tanasa

    Buna…imi poti spune, cand ai timp si daca vrei, ce sa repar de acolo ca Pc’ul meu e infectat si nu mai stiu cum sa il curat…multumesc anticipat

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:12:41 PM, on 5/4/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
    C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\lkads.exe
    C:\WINDOWS\system32\lktsrv.exe
    C:\Program Files\National Instruments\MAX\nimxs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\WINDOWS\system32\nisvcloc.exe
    C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\TuneUp Utilities 2009\Integrator.exe
    C:\Program Files\TuneUp Utilities 2009\DiskDoctor.exe
    C:\Program Files\TuneUp Utilities 2009\OneClick.exe
    C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
    C:\WINDOWS\System32\TuneUpDefragService.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
    R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
    O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
    O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
    O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271853487000
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
    O23 – Service: Avira FireWall (AntiVirFirewallService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
    O23 – Service: Avira AntiVir MailGuard (AntiVirMailService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 – Service: Avira AntiVir WebGuard (AntiVirWebService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 – Service: Lookout Citadel Server (LkCitadelServer) – National Instruments, Inc. – C:\WINDOWS\system32\lkcitdl.exe
    O23 – Service: National Instruments PSP Server Locator (lkClassAds) – National Instruments Corporation – C:\WINDOWS\system32\lkads.exe
    O23 – Service: National Instruments Time Synchronization (lkTimeSync) – National Instruments Corporation – C:\WINDOWS\system32\lktsrv.exe
    O23 – Service: NI Configuration Manager (mxssvr) – National Instruments Corporation – C:\Program Files\National Instruments\MAX\nimxs.exe
    O23 – Service: National Instruments Domain Service (NIDomainService) – National Instruments Corporation – C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    O23 – Service: NILM License Manager – Macrovision Corporation – C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    O23 – Service: NI Service Locator (niSvcLoc) – National Instruments Corporation – C:\WINDOWS\system32\nisvcloc.exe
    O23 – Service: National Instruments Variable Engine (NITaggerService) – National Instruments Corporation – C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
    O23 – Service: OpcEnum – OPC Foundation – C:\WINDOWS\system32\OpcEnum.exe
    O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 – Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) – TuneUp Software – C:\WINDOWS\System32\TUProgSt.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    End of file – 9267 bytes

  27. Cum scap de smss32.exe ? – Ghid pentru Devirusare « RazvanMarcu's Blog

    […] Realizati un log HijackThis si apoi bifati si apasati “Fix checked” pentru intrarile: F2 – REG:system.ini: […]

  28. valentin

    salut ,
    se poate uita cineva la log -ul meu ??? mersi anticipat ptr raspuns
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:16:37 PM, on 5/24/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    C:\Users\vali\Downloads\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
    O2 – BHO: Search Helper – {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} – C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: Windows Live Toolbar Helper – {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O3 – Toolbar: &Windows Live Toolbar – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 – Toolbar: Ask Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 – HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 – HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 – HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
    O4 – HKLM\..\Run: [nmctxth] “C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe”
    O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
    O4 – HKLM\..\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe”
    O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
    O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
    O8 – Extra context menu item: Add to Anti-Banner – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 – Extra button: &Virtual keyboard – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 – Extra button: URLs c&heck – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O16 – DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} –
    O17 – HKLM\System\CCS\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
    O17 – HKLM\System\CS1\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
    O17 – HKLM\System\CS2\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
    O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 – AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 – Service: Kaspersky Internet Security (AVP) – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 – Service: Linksys Updater (LinksysUpdater) – Unknown owner – C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 – Service: Nero BackItUp Scheduler 3 – Nero AG – C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 – Service: Pure Networks Platform Service (nmservice) – Cisco Systems, Inc. – C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 – Service: PLFlash DeviceIoControl Service – Prolific Technology Inc. – C:\Windows\system32\IoctlSvc.exe


    End of file – 7284 bytes

  29. valentin

    merge cam greu

  30. Vanesa

    Ma puteti ajuta si pe mine?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:47:03, on 03.10.2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17099)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    c:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    c:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one
    R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 – URLSearchHook: (no name) – {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} – (no file)
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
    O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 – BHO: (no name) – {B164E929-A1B6-4A06-B104-2CD0E90A88FF} – (no file)
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 – HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
    O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 – HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
    O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
    O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
    O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 – HKLM\..\Run: [TkBellExe] “C:\program files\real\realplayer\update\realsched.exe” -osboot
    O4 – HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
    O4 – HKLM\..\Run: [SBAMTray] “c:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe”
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [Deluxe Tree] C:\Documents and Settings\Vanesa\My Documents\My Pictures\Christmas.exe
    O4 – HKCU\..\Run: [DesktopXmasTree] C:\Documents and Settings\Vanesa\My Documents\My Pictures\DesktopLightingTree.exe
    O4 – HKCU\..\Run: [Happy Christmas] C:\Documents and Settings\Vanesa\My Documents\My Pictures\HappyChristmas.exe
    O4 – HKCU\..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
    O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
    O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll
    O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll
    O18 – Protocol: dssrequest – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file)
    O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file)
    O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 – AppInit_DLLs: WBSYS. C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
    O23 – Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 – Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) – Intel Corporation – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
    O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
    O23 – Service: Raw Socket Service (RS_Service) – Acer Incorporated – C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 – Service: VIPRE Antivirus Premium (SBAMSvc) – Sunbelt Software – c:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
    O23 – Service: SB Recovery Service (SBPIMSvc) – Sunbelt Software – c:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
    O23 – Service: ServiceLayer – Nokia. – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


    End of file – 9489 bytes

    1. Gigi

      Bifeaza si apasa Fix Checked pentru liniile:

      O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll
      O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll
      O18 – Protocol: dssrequest – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file)
      O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file)

      Apoi descarca Malwarebytes Anti-Malware, fa-i update, scaneaza Full si indeparteaza infectiile (daca exista).
      http://www.malwarebytes.org/mbam-download.php

      Pune apoi logul aici.

  31. Dragos

    Am si eu nevoie de ajutor.
    Cand am luat acest virus aveam telefonu conectat la pc,si mi-au fost ascunse toate fisierele de pe card,nu sunt sterse pentru k atunci knd dau scanare mi le arata .
    Cum as putea sa fac sa mi le arata din nou??
    AStept un raspuns
    Multumesc

  32. George

    Buna!
    Am si eu nevoie de ajutor caci de peste o luna am un troian.
    Doar Combofix imi arata la rubrica Reg Loading Points ca este siszyd32.exe:
    [HKLM\~\startupfolder\C:^Documents and Settings^adi^Start Menu^Programs^StartUp^siszyd32.exe]

    Postez logul HijackThis (l-am redenumit Test.exe) cu speranta ca cineva ma poate ajuta:

    of Trend Micro HijackThis v2.0.4
    Scan saved at 04:58:01, on 7/14/2012
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Documents and Settings\adi\Desktop\DEVIRUSARE\Test.exe

    R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre7\bin\ssv.dll
    O2 – BHO: WOT Helper – {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} – C:\Program Files\WOT\WOT.dll
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 – Toolbar: WOT – {71576546-354D-41c9-AAE8-31F2EC22BF0D} – C:\Program Files\WOT\WOT.dll
    O4 – HKLM\..\Run: [00PCTFW] “C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” -s
    O4 – HKLM\..\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
    O4 – HKCU\..\Policies\Explorer\Run: [Avast] C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    O4 – Global Startup: RDS.lnk = ?
    O6 – HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 – HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 – Extra button: (no name) – {09E90109-A9AA-4980-BCEF-76F8D924E902} – (no file)
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: (no name) – {09E90109-A9AA-4980-BCEF-76F8D924E902} – (no file) (HKCU)
    O16 – DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} – http://quickscan.bitdefender.com/qsax/qsax.cab
    O16 – DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} – http://download.eset.com/special/eos/OnlineScanner.cab
    O16 – DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} (Qualys BrowserCheck) – https://browsercheck.qualys.com/qbc_ax.cab
    O16 – DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} – http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_2_0.cab
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 – HKLM\System\CCS\Services\Tcpip\..\{9C312060-C0EE-462D-9DDB-B5580F6FF6F9}: NameServer = 193.231.252.221 213.154.124.221
    O18 – Protocol: wot – {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} – C:\Program Files\WOT\WOT.dll
    O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\System32\browseui.dll
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\System32\browseui.dll
    O23 – Service: SAS Core Service (!SASCORE) – SUPERAntiSpyware.com – C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
    O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
    O23 – Service: avast! Antivirus – AVAST Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 – Service: Google Update Service (gupdate1c987d58499b23e) (gupdate1c987d58499b23e) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 – Service: MBAMService – Malwarebytes Corporation – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
    O23 – Service: PC Tools Firewall Plus (PCToolsFirewallPlus) – Unknown owner – C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 – Service: Secunia PSI Agent – Secunia – C:\Program Files\Secunia\PSI\PSIA.exe
    O23 – Service: UI Assistant Service – Unknown owner – C:\Program Files\Join Air\AssistantServices.exe


    End of file – 5306 bytes

    1. Gigi
  33. George

    Multumesc pt raspuns dar citisem demult asta si m-am dus si la sursa.
    Am aplicat tot insa fara folos.
    Am MBAM Pro care nu gaseste nimic. Iar Kaspersky Removal Tool nu poate fi instalat in normal mode, apare BSOD. Doar in safe mode merge si nu gaseste nimic nici el (baza de virusi e deja din 30 iunie)
    Ma lupt de peste o luna jumate cu acest rootkit siszyd32.exe si am citit cam tot.
    Mai am o intrebare: am internet fiberlink 2 RDS dar nu pot intra in safe mode with networking.
    Am si Digi Net Mobil. Exista vreo cale de a intra in safe mode cu conexiune la net?
    Multumesc anticipat pt ajutor!

  34. ionut

    Salut

    Am reusit sa fac pasi de mai sus pentru a scoate antivirus security pro si acum scaneaza malwarebytes dar am o nedumerire referitor la pasii urmatori , acela de a inlocui fisierul C Windows/System 32/Drivers/etc/HOSTS avand in vedere ca nu merge linkul postat de tine http://www.faravirusi.com/hosts/permisiuni_hosts.bat.
    Ce trebuie sa mai fac si cum?

  35. ionut

    Salut

    Ma puteti ajuta va rog ca sa stiu ce trebuie sa fac mai departe?

    Listez rezultatul scanarii cu malwarebytes

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    http://www.malwarebytes.org

    Database version: v2013.12.19.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.16428
    BIANCA :: BIANCA-PC [administrator]

    Protection: Enabled

    19.12.2013 12:07:29
    Log.txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 370542
    Time elapsed: 4 hour(s), 3 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 5
    C:\Windows\System32\appiOVER.dll (Spyware.Password) -> No action taken.
    C:\Windows\Temp\eraB22E.tmp (Worm.Parite) -> No action taken.
    C:\Users\BIANCA\AppData\Local\Temp\zmv79FE.tmp (Worm.Parite) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> No action taken.

    Registry Keys Detected: 34
    HKCR\CLSID\{74BF5F35-F6C1-8470-3E33-B7CDBA094E1D} (PUP.Optional.MultiPlug.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74BF5F35-F6C1-8470-3E33-B7CDBA094E1D} (PUP.Optional.MultiPlug.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{74BF5F35-F6C1-8470-3E33-B7CDBA094E1D} (PUP.Optional.MultiPlug.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74BF5F35-F6C1-8470-3E33-B7CDBA094E1D} (PUP.Optional.MultiPlug.A) -> No action taken.
    HKCR\CLSID\{B621504A-A06C-5B67-0CCF-729FD63F9AF5} (PUP.Optional.MultiPlug.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B621504A-A06C-5B67-0CCF-729FD63F9AF5} (PUP.Optional.MultiPlug.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B621504A-A06C-5B67-0CCF-729FD63F9AF5} (PUP.Optional.MultiPlug.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B621504A-A06C-5B67-0CCF-729FD63F9AF5} (PUP.Optional.MultiPlug.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6} (PUP.Optional.EasyLife.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6} (PUP.Optional.EasyLife.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
    HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} (PUP.Optional.SilentInstall.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} (PUP.Optional.SilentInstall.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> No action taken.
    HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken.
    HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> No action taken.
    HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> No action taken.
    HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
    HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro (PUP.Optional.OptimizerPro.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
    HKCR\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Trojan.BHO) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
    HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
    HKCR\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
    HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Trojan.BHO) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Trojan.BHO) -> No action taken.

    Registry Values Detected: 8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.Sakura.ED64) -> Data: C:\ProgramData\7VXr7Xn3\7VXr7Xn3.exe -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.Sakura.ED64) -> Data: C:\ProgramData\7VXr7Xn3\7VXr7Xn3.exe -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Optimizer Pro (PUP.Optional.OptimizePro.A) -> Data: C:\Program Files\Optimizer Pro\OptProLauncher.exe -> No action taken.
    HKCU\Control Panel\don’t load|wscui.cpl (Hijack.SecurityCenter) -> Data: No -> No action taken.
    HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://conversion.pcutilitiespro.revenuewire.net/driverpro/xsell -> No action taken.
    HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {403EFDD3-5348-4668-9AAC-EC7F0995308D} -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|My Web Search Bar Search Scope Monitor (PUP.Optional.MindSpark) -> Data: “C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe” /m=2 /w /h -> No action taken.
    HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {403EFDD3-5348-4668-9AAC-EC7F0995308D} -> No action taken.

    Registry Data Items Detected: 7
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Trojan.Sakura.ED64) -> Bad: (C:\ProgramData\7VXr7Xn3\7VXr7Xn3.exe) Good: () -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bad: (c:\progra~1\easylife\sprote~1.dll) Good: () -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bad: (c:\progra~1\browse~1\sprote~1.dll) Good: () -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.SProtect.A) -> Bad: (c:\progra~1\websea~1\sprote~1.dll) Good: () -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Detected: 8
    C:\Program Files\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\BetterSoft\OptimizerPro (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\BetterSoft\OptimizerPro\3036567561 (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Users\BIANCA\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\BIANCA\AppData\Roaming\OpenCandy\587D755A37874D91BF0203C4E72A6078 (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\BIANCA\AppData\Roaming\OpenCandy\7008D5930B924779B500A17AD1FF4D4A (PUP.Optional.OpenCandy) -> No action taken.
    C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> No action taken.

    Files Detected: 517
    C:\Windows\System32\appiOVER.dll (Spyware.Password) -> No action taken.
    C:\Windows\Temp\eraB22E.tmp (Worm.Parite) -> No action taken.
    C:\Users\BIANCA\AppData\Local\Temp\zmv79FE.tmp (Worm.Parite) -> No action taken.
    C:\ProgramData\7VXr7Xn3\7VXr7Xn3.exe (Trojan.Sakura.ED64) -> No action taken.
    C:\Program Files\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizePro.A) -> No action taken.
    C:\Program Files\EasyLife\sprotector.dll (PUP.Optional.SProtect.A) -> No action taken.
    C:\Program Files\BrowseToSave\sprotector.dll (PUP.Optional.SProtect.A) -> No action taken.
    C:\Program Files\WebSearch\sprotector.dll (PUP.Optional.SProtect.A) -> No action taken.
    C:\ProgramData\SeyarrCih-NeWTaab\5161a8c526c79.dll (PUP.Optional.MultiPlug.A) -> No action taken.
    C:\ProgramData\BurrowsEE2siave\5161a88a8b40c.dll (PUP.Optional.MultiPlug.A) -> No action taken.
    C:\Program Files\Conduit\Community Alerts\Alert0.dll (PUP.Optional.Conduit) -> No action taken.
    C:\Program Files\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro) -> No action taken.
    C:\Program Files\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro) -> No action taken.
    C:\Program Files\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro) -> No action taken.
    C:\Program Files\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro) -> No action taken.
    C:\Program Files\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro) -> No action taken.
    c:\program files\google\desktop\install\{8017d3cd-c810-a983-b717-ae606f4f77aa}\ \…\‮ﯹ๛\{8017d3cd-c810-a983-b717-ae606f4f77aa}\u0000004.@ (Rootkit.Zaccess) -> No action taken.
    c:\program files\google\desktop\install\{8017d3cd-c810-a983-b717-ae606f4f77aa}\ \…\‮ﯹ๛\{8017d3cd-c810-a983-b717-ae606f4f77aa}\u00000cb.@ (Rootkit.0Access) -> No action taken.
    c:\program files\google\desktop\install\{8017d3cd-c810-a983-b717-ae606f4f77aa}\ \…\‮ﯹ๛\{8017d3cd-c810-a983-b717-ae606f4f77aa}\u\80000000.@ (Trojan.0Access) -> No action taken.
    C:\ProgramData\fl90qm29.dss (Trojan.FakeMS) -> No action taken.
    C:\ProgramData\ms504FA5F7.dat (Trojan.Ransom.Gend) -> No action taken.
    C:\ProgramData\7VXr7Xn3\1920623175673390120.exe (Spyware.Password.pony) -> No action taken.
    C:\ProgramData\BurrowsEE2siave\uninstall.exe (PUP.Optional.SilentInstall.A) -> No action taken.
    C:\ProgramData\SeyarrCih-NeWTaab\uninstall.exe (PUP.Optional.SilentInstall.A) -> No action taken.
    C:\Users\BIANCA\AppData\Local\Conduit\CT2786678\uTorrentBarAutoUpdaterHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\BIANCA\AppData\Local\Temp\mism.exe (PUP.Optional.Conduit.A) -> No action taken.
    C:\Users\BIANCA\AppData\Local\Temp\syaF6BC.tmp (Worm.Parite) -> No action taken.
    C:\Users\BIANCA\AppData\Roaming\OpenCandy\7008D5930B924779B500A17AD1FF4D4A\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> No action taken.
    C:\Users\BIANCA\Downloads\DTLite4454-0315.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\BIANCA\Downloads\BOGDAN ARTISTU .exe (PUP.Optional.Installex) -> No action taken.
    C:\Users\BIANCA\Downloads\Net Framework Pack For Games.zip.exe (PUP.Optional.InstalleRex) -> No action taken.
    C:\Users\BIANCA\Downloads\vlc-2.0.5-win32-fdu.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\BIANCA\Downloads\VLCMediaPlayerSetup-5JBWxvx.exe (PUP.Optional.Somoto) -> No action taken.
    C:\Users\BIANCA\Downloads\VLCMediaPlayerSetup-fXLRnUI.exe (PUP.Optional.Somoto) -> No action taken.
    C:\Users\BIANCA\Downloads\SoftonicDownloader_for_internet-explorer.exe (PUP.Optional.Softonic) -> No action taken.
    C:\Users\BIANCA\Downloads\SoftonicDownloader_for_pcsx2.exe (PUP.Optional.Softonic.A) -> No action taken.
    C:\Users\BIANCA\Downloads\SoftonicDownloader_for_skype.exe (PUP.Optional.Softonic) -> No action taken.
    C:\Users\BIANCA\Downloads\SoftonicDownloader_for_winamp.exe (PUP.Optional.Softonic.A) -> No action taken.
    C:\Users\BIANCA\Downloads\Scary_MoVie_5_2013_RC_BRRip_XViD_juggs.exe (PUP.Optional.OneClickDownloader.A) -> No action taken.
    C:\Users\BIANCA\Downloads\setup.exe (PUP.Optional.InstalleRex) -> No action taken.
    C:\Users\BIANCA\Downloads\ps1001-oc-jd.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\BIANCA\Downloads\SORIN COPILUL DE AUR .exe (PUP.Optional.Installex) -> No action taken.
    C:\Users\BIANCA\Downloads\Yolanda Be Cool – Sweat Naked (Original Mix).exe (PUP.Optional.Installex) -> No action taken.
    C:\Win\lsass.exe (Trojan.Autoit) -> No action taken.
    C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> No action taken.
    C:\Windows\Temp\aga4401.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\aja6306.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\aka6D04.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ala6F07.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ala7000.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ala7001.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ala7609.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ama7C02.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ama7C03.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ama8007.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\apa9B06.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\apa9B07.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\aqaA801.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\aqjA501.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mja5A7E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka647C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka667F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka6778.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka6B7E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka6B7F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka6B80.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka6C87.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka6D81.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mka6D82.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mla777F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mma7D78.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mma7F7B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mma7F7C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mna8880.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\moa9481.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mqaA17C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\mwaDC79.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fyaF833.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gda273E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gea2C3D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gja6344.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gka693D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gka693E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gka6B40.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gla703F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gla7242.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gma7C40.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gma7E43.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\goa9443.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gpa9E41.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gpa9E42.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gsaBC3C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\guaD142.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dee2F21.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dja6325.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\craAB1D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dja6326.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eka692D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uaa4D0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uaa4D1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uja5DC8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uja5ED1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uka66CD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uka66CE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uka68D0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uka68D1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ula6EC8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ula72CE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ula75CA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ula75CB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ula77CD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ula77CE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uma7CCD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uma7FC9.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\una8AD1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\una8BCA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uraABC8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\usaB9CC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\uxaE9D1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vja5FDA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vja62D7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vja62D8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vja62D9.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vka65D3.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vka65D4.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vka67D6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vka67D7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\gwaE243.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hka6547.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hka674A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hka694C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hka6A46.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hla6E4C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hla704E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hla734B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hma7D49.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hna8748.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hna8B4D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\hoa9146.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\huaCE46.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\iea2E50.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ika6556.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ika6759.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ika6853.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ika6854.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ika6C68.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ika6D52.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ila6F55.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ila6F56.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ila6F57.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ila7251.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ima7953.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ina8A54.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ina8A55.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ina8A56.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ioa8D50.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ioa8E59.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ioa8E5A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\iqaA958.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cja6019.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cja621C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cja6315.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cka6518.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cka671B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cka6A17.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cla6E1D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cla7416.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cna821A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\cna821B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\coa951D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\proB39D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qia59A3.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qka65A4.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qka65A5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qka65A6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qka67A7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qka6AA4.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qka6AA5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qka6CA6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qma7EA1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qna8AA2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qoa8CA5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qpa9DA5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qraAAA0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\qraB1A2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sja5FBC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska64BA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska65B4.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska65B5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska65B6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska66BD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska66BE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska67B7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska69BA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ska69BB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sla6EB9.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sla70BC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sla71B5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sla73B8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sla73B9.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sma7BB4.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sma7DB7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\soa8DBD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\spa9FB7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ssaB5B7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\staBEBC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\taa9C0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\axaEE06.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bja6112.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bka6612.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bka6613.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bla710A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bla7222.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bla750F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bma780C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bma7C11.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bna8313.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bpa9F0C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\bqaA60E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wja60E4.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wja61DD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wja63E0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wka65E3.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wka66DC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wka6AE2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wka6AE3.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wla6FE1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wna83DE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wpa99DE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wpa9BE1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wqaA0E0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wraACE1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\wzaFFE0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xia55EC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xja5AEB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xja62E6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xja62E7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xka67E6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xka67E7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xka68EF.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xka69E8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xka6BEB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xla70EA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dja6327.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dka6824.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dka691E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dka691F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dka6A27.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dla7425.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dla7722.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dma8120.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\doa8D21.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\dqaA524.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\draAD1F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\draB125.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eja622B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eja622C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eka6528.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eka6529.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eka6631.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vka6CD5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vna86DB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vob91D3.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vpa9AD7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oka6595.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\pqaA39E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\sja5FBB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\vka6AD2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xla75EA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yla74F0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nka6585.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nka6586.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nka6788.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nka6882.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nka6883.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nka698B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nla6E8A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nla7389.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nla738A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nma7888.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nma7889.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nma8084.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\noa8E88.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\npa9A89.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\nqaA285.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oda228D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oia5494.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oja5C90.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oka648C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oka648D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oka648E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xla77EC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xoa92EB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xoa95E8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xpa9EED.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xsaBBEE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\xxfEAE6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yaa5F8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ybaAF8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yja62F6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yka64F9.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yka67F5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yka67F6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yka6AF2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yka6B01.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yka6CF4.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yka6CF5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yla6F07.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yla6FF1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yla73F6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\iwaDD53.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jia5762.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jja5C61.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jja6160.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jka6862.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jka6863.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jka6D62.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jka6D63.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jla6E5B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jla6E5C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jla7261.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jla736A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jla7770.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jma785A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jma785B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jma7A62.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jma815F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jna8361.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jna8B5D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\joa905C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\joa9462.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\joa955B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jsaB95F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\jyaF862.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rja63B1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rja63B2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rka69AA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rka6BAD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rla72AF.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rla74B2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rna85B2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rna8BAB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rpa97BC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rpa99AF.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rqaA6AA.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rsaB9AD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\rsaBBB0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eka692E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eka692F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eka6B30.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eka6C2A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ekb6731.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ela7129.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ela732C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ela7628.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ema7D2A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ema7F2D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ena8729.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eoa902D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\epa9A2C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eraB328.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\eybF92D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fja6132.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fja623B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fja6334.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fka6537.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fka6538.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fka673A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fka6834.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fka6835.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fka6836.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fka6A36.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fla733B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fma7B37.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fna8A35.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\foa9433.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fpa9839.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fpa9B35.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fpa9D38.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fpa9D39.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fqaA034.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\fvaD73B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kha4F66.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kja626A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kja626B.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kka646C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kka696C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kla7167.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kla736A.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kla7464.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kla7666.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\koa9165.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\kxyE767.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lka6576.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lka6577.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lka666F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lka6670.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lka6671.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lka6872.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lka6D71.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lla706E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lla7177.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lla7770.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lma7C6F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lna8277.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lnb8777.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\loa8D6F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\loa9175.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\loa9471.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lpa9B73.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lqaA275.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ltaBE6E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\lvaD577.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tha4DC1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tja60C4.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tja62C7.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tka67C6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tka6AC3.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tka6DBF.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tka6DC0.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tla6FC2.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tla74C1.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tla77BE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tma7DC6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tna82C5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tna82C6.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\tna87C5.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oka668E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oka6891.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oka6892.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oka6D90.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ola708D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ola7290.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ooa8C95.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\opa978D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\opa9990.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\opa9991.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\opa9C8C.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\oqaA38E.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\pja619F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\pja6298.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\pka6798.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\pka6C97.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\pla7196.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\pma819D.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ppa999F.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ppa9F98.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yla76F3.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yma7AF9.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yma7FF8.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yma7FF9.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\yna87F3.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\ypa9CF9.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zga3CFF.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zja63FF.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zja6400.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zja6401.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zka68FE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zka6DFE.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zma81FB.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zna8AFF.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zraAAFD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zsaB4FC.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zsoBAFD.tmp (Worm.Parite) -> No action taken.
    C:\Windows\Temp\zsoBAFE.tmp (Worm.Parite) -> No action taken.
    D:\client\Metin2 2010.exe (Trojan.Patch) -> No action taken.
    D:\filme dudu\36 Quai Des Orfevres(foarte bun).exe (Trojan.Autoit) -> No action taken.
    D:\filme dudu\apocalypse code.exe (Trojan.Autoit) -> No action taken.
    D:\filme dudu\Belea Mare in Miami comedie te caci pe tine de ras (da).exe (Trojan.Autoit) -> No action taken.
    D:\filme dudu\Comedie – Wanted.exe (Trojan.Autoit) -> No action taken.
    D:\filme dudu\Senseless (super comedie).exe (Trojan.Autoit) -> No action taken.
    D:\filme dudu\Stolen[2012]BRRip XviD-ETRG.exe (Trojan.Autoit) -> No action taken.
    D:\KITURI\Adobe Acrobat 6.0 Professional 6.0 (Serial).zip (Spyware.Password) -> No action taken.
    D:\KITURI\Adobe Acrobat Pro 9 – Seriale (Spyware.Password) -> No action taken.
    D:\KITURI\Adobe Acrobat v6.0 Professional Corporate.zip (Spyware.Password) -> No action taken.
    D:\KITURI\Adobe After Effects 3.1 (Serial).zip (Spyware.Password) -> No action taken.
    D:\KITURI\Adobe Audition 3.0 Crack.zip (Spyware.Password) -> No action taken.
    D:\KITURI\Adobe Photo Shop 7.0 Italiano Full Fix Aggiornamento Serial.zip (Spyware.Password) -> No action taken.
    D:\KITURI\Advance mp3 sound Recorder 1.2.zip (Spyware.Password) -> No action taken.
    D:\KITURI\Advanced 2 Pages Per Sheet PDF Merger 1.8.zip (Spyware.Password) -> No action taken.
    D:\KITURI\Advanced PDF Combiner 1.5.zip (Spyware.Password) -> No action taken.
    D:\KITURI\Adobe Acrobat Reader 9.0 Professional Multilanguage + Keygenerator crack(no cd).zip (Spyware.Password) -> No action taken.
    D:\KITURI\Adobe Acrobat PDF Writer 5.0\_ISDel.exe (Trojan.Agent) -> No action taken.
    D:\KITURI\Metin2Paradise2\Metin2Paradise2\metin2.bin2 (Trojan.Downloader) -> No action taken.
    C:\Win\names.txt (Worm.AutoIT) -> No action taken.
    C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> No action taken.
    C:\Program Files\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Windows\Tasks\schedule!2844174011.job (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Windows\Tasks\schedule!3036567561.job (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Help.lnk (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (PUP.Optional.MindSpark) -> No action taken.
    C:\ProgramData\BetterSoft\OptimizerPro\3036567561.ini (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Users\BIANCA\AppData\Roaming\OpenCandy\587D755A37874D91BF0203C4E72A6078\TuneUpUtilities2013-2200319_en-US.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\BIANCA\AppData\Roaming\OpenCandy\7008D5930B924779B500A17AD1FF4D4A\1538.ico (PUP.Optional.OpenCandy) -> No action taken.
    C:\Users\BIANCA\AppData\Roaming\OpenCandy\7008D5930B924779B500A17AD1FF4D4A\nitro_reader3_en_x86_p3v6.exe (PUP.Optional.OpenCandy) -> No action taken.
    C:\ProgramData\InstallMate\OptimizerPro\Custom.dll (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\InstallMate\OptimizerPro\Readme.txt (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\InstallMate\OptimizerPro\Setup.dat (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\InstallMate\OptimizerPro\Setup.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\InstallMate\OptimizerPro\Setup.ico (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll (PUP.Optional.OptimizerPro.A) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Trojan.BHO) -> No action taken.
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Trojan.BHO) -> No action taken.

    (end)

  36. Andrei10

    Am si eu o problema imi apare eroare nvmctray.dll(the specified module could not be found) am downloadat superantispaware ,mi a cazut numerosi virusi, totul a plecat de la o eroare cand intram counter strike,imi spunea ceva ca nu gaseste fisier sau ceva, oricum ceva de software(eroare de nvidia) am cautat drivere pentru nvidia, am instalat, si imi arata ca am placa, dar tot nu mi merea imi dadea erori, acum dintr o data aceasta eroare, in momentul de fata am dezinstalat placa video, si as vrea sa mearga programele si sa scap de erori , un ajutor ?

Leave a Reply