Un bun inceput intr-o devirusare eficienta inseamna si o analiza preliminara a setarilor sistemului si evidentierea celor modificate de virusi, spyware, troieni, etc.
HijackThis, de la Trend Micro este cel mai utilizat instrument de generare a unor log-uri. In general marea majoritatea a virusilor “lasa urme” vizibile pentru un ochi experimentat la citirea log-ului HijackThis.
De curand acest program a fost imbunatatit si a fost lansata versiunea 2.0.4.
Schimbarile aduse acestei versiuni:
* Fixed parser issues on winlogon notify
* Fixed issues to handle certain environment variables
* Rename HJT generates complete scan log
Iata din nou instructiunile pentru realizarea unui log HijackThis.
Descarci HijackThis de aici.
Il instalezi dar nu-l rulezi inca.
Te duci in My Computer-> Tools-> Folder options-> View si bifezi: “Show hidden files and folders”, apoi debifezi: “Hide protected operating file systems”. Apesi OK.
Apoi rulezi HijackThis.exe
In fereastra care apare bifeaza Don’t show this frame again when I startup HijackThis.
Apasa primul buton de sus Do a system scan and save a logfile.
Copiaza logul din Notepad si posteaza-l intr-un nou topic pe un forum: recomand SoftPedia.
De asemenea mi-l poti trimite prin e-mail pentru analiza.
Nu fixa nimic cu HJT, cele mai multe intrari de acolo sunt legitime !
In unele cazuri este necesara de asemenea redenumirea hijackthis.exe in test.exe sau orice altceva, si rularea ulterioara a programului.
Cand vi se recomanda de catre un expert remedierea unor intrari “infectate”, procedati astfel: bifati casuta din dreptul intrarii respective si apasati butonul “Fix checked”.
Related posts:
Loading ...
Cine stie sa imi spuna si mie daca am virusi.Nu am nici un antivirus instalat cand am avut avira 10 mi-a gasit un virus(windos-ul abia instalat) si dupa ce am dat restart nu mai aveam nimic pe ecran.Si am instalat windos-ul din nou stiu ca am un virus dar nu stiu daca este periculos.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:58:07 PM, on 4/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\dori\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{F6F8B713-D753-4BA6-9244-E3791391FD93}
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam/{F6F8B713-D753-4BA6-9244-E3791391FD93}
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: ChromeFrame BHO – {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} – C:\Program Files\Google\Chrome Frame\Application\5.0.375.15\npchrome_frame.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 – HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 – HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 – HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe” -onlytray
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\dori\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 – HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User ‘SYSTEM’)
O4 – HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User ‘Default user’)
O4 – HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘Default user’)
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O18 – Protocol: gcf – {9875BFAF-B04D-445E-8A69-BE36838CDE3E} – C:\Program Files\Google\Chrome Frame\Application\5.0.375.15\npchrome_frame.dll
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Google Update Service (gupdate) (gupdate) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: ServiceLayer – Nokia – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
–
End of file – 6217 bytes
@warsnno: Fisierul C:\WINDOWS\system32\msnsc.exe poate fi periculos in anumite situatii. Te rog arhiveaza-l si pune-i o parola. Apoi trimite-mi-l prin e-mail.
In rest log-ul este curat.
Exista un manual sau ceva pt tot ce poate sa apara in log? As incerca sa imi fac un log si sa incerc sa vad singur daca am ceva in neregula desi la mine sunt sanse f mici sa am o infectie sau ceva
…
http://www.imsafeonline.ro/hijackthis-tutorial.html
monk2000@speed.1s.fr
Eu de obicei urc logoul aici http://www.hijackthis.de/
Multumesc pentru raspuns, dar eu nu ma refeream la instructiuni de folosire, ci la legenda pt posibile intrari… adica ce e fiecare… sau macar grupuri mari, etc
Abia acum am vazut jos de tot… pe clasificari.. multumesc mult!
Mda… Bun programelul asta insa cam slab in info! In rest, nimic, de zis, laudabil efortul autorilor!
Pe mine m-a frapat faptul că a apărut varianta 2.0.4 iar varianta beta este 2.0.3.
Cum naiba vine asta?
Am si eu o intrebare :
– cand vreau sa instalez anumite programe ( nu toate ) imi apare
urmatorul mesaj : http://imgur.com/ImxL7.gif
– sau cand vreau sa deschid un document cu Open Office
cu extensia .xls ( bineinteles Excel ) apare iar mesajul :
http://imgur.com/fFvjZ.gif .
Intrebarea este ” Ce trebuie sa fac in acest caz ?”
Precizez ca unitatea centrala este productie DELL
sistemul de operare Windows XP SP1 licienta DELL
care si-a facut upgrate la SP3 ( “la zi” ) actual SP3 .
*exista cumva vreun virus care ar putea sa faca asa ceva ?
– am instalat antivirus Avast 5 , SpyBot-Search & Destroy
va anexez si urmatoru log file in speranta ca poate ma
puteti ajuta :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:00, on 23.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
E:\Kit\Lupo PenSuite v6.80 Full\Launcher\ASuite.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dniel\Desktop\HiJackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 – URLSearchHook: Wisdom-soft toolbar – {6dfc55bb-bfff-485a-9709-90c3fdf6db58} – C:\Program Files\Wisdom-soft\tbWisd.dll
O2 – BHO: AskBar BHO – {201f27d4-3704-41d6-89c1-aa35e39143ed} – C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 – BHO: BitComet ClickCapture – {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} – C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 – BHO: (no name) – {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} – (no file)
O2 – BHO: Wisdom-soft toolbar – {6dfc55bb-bfff-485a-9709-90c3fdf6db58} – C:\Program Files\Wisdom-soft\tbWisd.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: Foxit Toolbar – {3041d03e-fd4b-44e0-b742-2d9b88305f98} – C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 – Toolbar: Wisdom-soft toolbar – {6dfc55bb-bfff-485a-9709-90c3fdf6db58} – C:\Program Files\Wisdom-soft\tbWisd.dll
O4 – HKLM\..\Run: [NvCplDaemon] “RUNDLL32.EXE” C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] “nwiz.exe” /install
O4 – HKLM\..\Run: [ASuite] “E:\Kit\Lupo PenSuite v6.80 Full\Launcher\ASuite.exe”
O4 – HKLM\..\Run: [UnlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe”
O4 – HKLM\..\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O9 – Extra button: BitComet – {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} – res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) – http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264857055031
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\System32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\System32\browseui.dll
O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: ScsiAccess – Unknown owner – C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 – Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) – Webroot Software, Inc. (www.webroot.com) – C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
–
End of file – 5935 bytes
Va multumesc anticipat ,
DanS
@DanS: Log-ul tau este curat. Introdu CD-ul Windows in unitatea CD-R, apoi du-te la Start >> Run si scrie: sfc /scannow. Apasa apoi Enter. Va apare o fereastra cu o bara de progresie. Asteapta sa termine si vezi daca problema persista.
Imi puteti analiza si mie ?” log hijackthis ” va rog frumos
Scan saved at 3:14:30 PM, on 4/23/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskhost.exe
C:\Users\MASTER\Desktop\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\ievkbd.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~1\Office12\GR469A~1.DLL
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
O4 – HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 – HKLM\..\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe”
O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O8 – Extra context menu item: Add to Anti-Banner – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\ie_banner_deny.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 – Extra button: &Virtuelle Tastatur – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 – Extra button: Li&nks untersuchen – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\klwtbbho.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{B335AAA5-852D-4188-B56D-4EDD7B4A373F}: NameServer = 213.154.124.1 193.231.252.1
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~1\Office12\GRA32A~1.DLL
O20 – AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 – Service: Kaspersky Security Suite CBE Win7 (AVP) – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE Win7\avp.exe
O23 – Service: DefenseWall internal service (defensewall_serv) – Unknown owner – C:\Windows\system32\defensewall_serv.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\Windows\system32\nvvsvc.exe
O23 – Service: O&O Defrag – O&O Software GmbH – C:\Program Files\OO Software\Defrag\oodag.exe
O23 – Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
–
End of file – 4984 bytes
Pusesem si eu o intrebare legat de Comodo IS 4 si a disparut. De ce?
@xtrem: Datorita faptului ca ai hotarat sa-ti schimbi nick-ul, postarile au fost retinute in commentary queue. Nu e vina mea.
Asa am setat programul pentru a aproba automat doar comentariile celor care au mai postat pe aici deja.
Si aceia sunt recunoscuti dupa nick, e-mail si IP. Daca se schimba oricare din acestea = utilizator nou.
Vad ca nu mi se raspunde. Atunci voi aplica aici. Poate voi avea succes …. Pot schimba Avira Free + Online Armor Free cu Comodo Internet Security 4? Ofera ceeasi securitate?
De ce este mediata atata timp intrebarea mea?
Multumesc pentru indolenta de care da-i dovada RADULE si raspunzi numai la acele persoane pe care le cunosti sau cine stie ce criterii mai aplici? ….mersi ……
Am postat si eu un log hijackthis si nu ai vrut sa-mi raspunzi…Eu iti multumesc si pentru ca nu ai raspuns
traim in Romania si raspunsurile se fac pe unele criterii…….
@Basano: Nu stau non-stop pe blog. Treaba asta o fac benevol si timpul meu este limitat. Cand intru sa aprob unele comentarii, nu inseamna in mod necesar ca voi si raspunde la toate in aceeasi zi.
Nu trebuie sa te superi fara rost. Prejudecatile strica pe oameni si de asemenea generalizarile.
Iar log-ul tau este curat.
1.Nu te mai criza
2.Ai vreun motiv pt care ai facut acest log si esti asa disperat sa afli daca e bun sau nu?
3.Esti curat. M-am uitat eu.
4.Poate Radu nu are tot timpul liber pt a te ajuta.
5. Cu placere.
@basano
Eşti curat ca lacrima unui prunc, n-am avut în viaţa mea aşa frumuseţe de log!
Felicitări! Se vede de la o poştă ca promoţia aia de KIS CBE , de pe aici , probabil , şi-a făcut datoria !
[...] Realizati un log HijackThis si apoi bifati si apasati “Fix checked” pentru intrarile: F2 – REG:system.ini: [...]
Multumesc mult ! Radule si tie Nick……
Buna dimineata , de o perioada computerul meu se cam blockeaza , adica imi apare in stanga sus (NOT RESPONDING) si cred ca e virusat , am scanat cu Malwarebytes si nu am gasit nimik , am descarcat Hijack si am sa postez un log aici sa vedeti daca am vre-un virus , va zic asta deoarece din cand in cand gasesc rootkituri , dar nu gasesc Trojanul ,
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:39:59 AM, on 4/29/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe
C:\Windows\FixCamera.exe
C:\Windows\vsnpstd3.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
C:\Windows\RTHDCPL.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Users\John\AppData\Local\Opera\Opera\temporary_downloads\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: HP Print Enhancer – {0347C33E-8762-4905-BF09-768834316C61} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 – BHO: URLRedirectionBHO – {B4F3A835-0E21-4959-BA22-42B3008E02FF} – C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 – BHO: HP Smart BHO Class – {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 – HKLM\..\Run: [OutpostFeedBack] “C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe” /dump:os_startup
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKLM\..\Run: [Malwarebytes' Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 – HKLM\..\Run: [BCSSync] “C:\Program Files\Microsoft Office\Office14\BCSSync.exe” /DelayServices
O4 – HKLM\..\Run: [OutpostMonitor] “C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe” /tray /noservice
O4 – HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 – HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 – HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] “C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 – HKLM\..\Run: [AntiLogger] “C:\Program Files\AntiLogger\AntiLogger.exe” /minimized
O4 – HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [SpywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”
O4 – HKLM\..\Run: [NortonAntiBot] “C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe”
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 – HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [SpywareTerminatorUpdate] “C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe”
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: Se&nd to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 – Extra button: OneNote Lin&ked Notes – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} – C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 – Extra ‘Tools’ menuitem: OneNote Lin&ked Notes – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} – C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 – Extra button: Show or hide HP Smart Web Printing – {DDE87865-83C5-48c4-8357-2F5B1AA84522} – C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 – Filter hijack: text/xml – {807573E5-5146-11D5-A672-00B0D022E945} – C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 – AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 – Service: Agnitum Client Security Service (acssrv) – Agnitum Ltd. – C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: MBAMService – Malwarebytes Corporation – C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 – Service: NMSAccess – Unknown owner – C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 – Service: Spyware Terminator Realtime Shield Service (sp_rssrv) – Crawler.com – C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 – Service: SymantecAntiBotAgent – Symantec – C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 – Service: SymantecAntiBotWatcher – Symantec – C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
MULTUMESC ANTICIPAT!
–
End of file – 7883 bytes
@C@t@lin c: Log-ul tau este curat.
Totusi, ai multe programe anti-malware instalate.
Posibil ca sa intre in conflict Norton AntiBot cu Avira si\sau cu Spyware Terminator. Ai de asemenea si un antilogger. MBAM este si el cu licenta si protectie in timp real?
Daca da, incearca sa lasi activa doar Avira, iar daca problemele dispar este din cauza acestor programe ce intra in conflict unul cu altul.
Buna, imi puteti analiza si mie log-ul. Multumesc frumos
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:45, on 30.04.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 – HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 – URLSearchHook: DefaultSearchHook Class – {C94E154B-1459-4A47-966B-4B843BEFC7DB} – C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 – URLSearchHook: (no name) – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – (no file)
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: (no name) – {259F616C-A300-44F5-B04A-ED001A26C85C} – (no file)
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 – HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [iTunesHelper] “D:\iTunes\iTunesHelper.exe”
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Google Update] “C:\Documents and Settings\gabitza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” /c
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [DeskSpace] D:\programs\desk space\deskspace.exe
O4 – HKCU\..\Run: [AutoStartNPSAgent] D:\samsung\NPSAgent.exe
O4 – HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 – HKLM\..\Policies\Explorer\Run: [XPRTRFVB] C:\WINDOWS\system32\msnmsg.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 – Extra button: (no name) – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.getietool.com/redirect.php (file missing)
O9 – Extra ‘Tools’ menuitem: IE Anti-Spyware – {9034A523-D068-4BE8-A284-9DF278BE776E} – http://www.getietool.com/redirect.php (file missing)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 – HKLM\System\CCS\Services\Tcpip\..\{A7D8B182-A550-41A4-92D3-BAF51169DF49}: NameServer = 85.255.113.142,85.255.112.80
O17 – HKLM\System\CCS\Services\Tcpip\..\{D318E551-51AA-4C62-8EB3-EDE1EA09AEBA}: NameServer = 85.255.113.142,85.255.112.80
O17 – HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
O17 – HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
O17 – HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: ESET HTTP Server (EhttpSrv) – Unknown owner – C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (file missing)
O23 – Service: ESET Service (ekrn) – Unknown owner – C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 – Service: FsUsbExService – Teruten – C:\WINDOWS\system32\FsUsbExService.Exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
O23 – Service: ServiceLayer – Nokia. – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: Ulead Burning Helper (UleadBurningHelper) – Ulead Systems, Inc. – C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
–
End of file – 7806 bytes
@clara: Bifeaza si apasa “Fix checked” pentru intrarile:
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 – HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=0&l=dir
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R3 – URLSearchHook: DefaultSearchHook Class – {C94E154B-1459-4A47-966B-4B843BEFC7DB} – C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O4 – HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 – HKLM\..\Policies\Explorer\Run: [XPRTRFVB] C:\WINDOWS\system32\msnmsg.exe
O17 – HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
O17 – HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
O17 – HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.142 85.255.112.80
….cand ai timp….multumesc anticipat!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:45:55 PM, on 5/2/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\games\heroes 3\RegisterSOD\Remind32.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\SysWOW64\DllHost.exe
C:\totalcmd\TOTALCMD.EXE
D:\downloads\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 – REG:system.ini: UserInit=userinit.exe
O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 – HKLM\..\Run: [VirtualCloneDrive] “C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s
O4 – HKLM\..\Run: [AVP] “C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe”
O4 – HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 – Startup: H3 The Shadow of Death(TM).lnk = D:\games\heroes 3\RegisterSOD\Remind32.exe
O8 – Extra context menu item: Add to Anti-Banner – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 – Extra button: &Virtual keyboard – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 – Extra button: URLs c&heck – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O20 – AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
O23 – Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) – Unknown owner – C:\Windows\System32\alg.exe (file missing)
O23 – Service: Kaspersky Internet Security (AVP) – Kaspersky Lab – C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 – Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) – Unknown owner – C:\Windows\System32\lsass.exe (file missing)
O23 – Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) – Unknown owner – C:\Windows\system32\fxssvc.exe (file missing)
O23 – Service: @keyiso.dll,-100 (KeyIso) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: @comres.dll,-2797 (MSDTC) – Unknown owner – C:\Windows\System32\msdtc.exe (file missing)
O23 – Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: NVIDIA Display Driver Service (nvsvc) – Unknown owner – C:\Windows\system32\nvvsvc.exe (file missing)
O23 – Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) – Unknown owner – C:\Windows\system32\locator.exe (file missing)
O23 – Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) – Unknown owner – C:\Windows\System32\snmptrap.exe (file missing)
O23 – Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) – Unknown owner – C:\Windows\System32\spoolsv.exe (file missing)
O23 – Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) – Unknown owner – C:\Windows\system32\sppsvc.exe (file missing)
O23 – Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) – NVIDIA Corporation – C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 – Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) – TuneUp Software – C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 – Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) – TuneUp Software – C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 – Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) – Unknown owner – C:\Windows\system32\UI0Detect.exe (file missing)
O23 – Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) – Unknown owner – C:\Windows\system32\lsass.exe (file missing)
O23 – Service: @%SystemRoot%\system32\vds.exe,-100 (vds) – Unknown owner – C:\Windows\System32\vds.exe (file missing)
O23 – Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) – Unknown owner – C:\Windows\system32\vssvc.exe (file missing)
O23 – Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) – Unknown owner – C:\Windows\system32\wbengine.exe (file missing)
O23 – Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) – Unknown owner – C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 – Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) – Unknown owner – C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file – 6569 bytes
@ion08: Log-ul tau este in regula. Ai probleme cu PC-ul?
nu….doar vroiam o confirmare ca totul este ok….mulltumesc pentru promptitudine:)
ComboFix 10-05-03.06 – Deea 04.05.2010 18:28:38.1.2 – x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.40.1033.18.1919.979 [GMT 3:00]
Running from: E:\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\325 USB PC Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\325 USB PC Camera \AMCap.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\325 USB PC Camera \Uninstall.lnk
c:\users\Deea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\users\Public\mds.sys
c:\users\Public\mdt.sys
c:\users\Public\winbrd.jpg
D:\Autorun.inf
E:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.
2010-05-04 15:24 . 2010-05-04 15:26 ——– d—–w- C:\32788R22FWJFW
2010-05-04 13:13 . 2010-05-04 13:13 ——– d—–w- c:\programdata\Kaspersky Lab
2010-05-04 13:12 . 2009-10-22 10:54 37392 —-a-w- c:\windows\system32\drivers\58880472.sys
2010-05-04 13:12 . 2009-10-09 20:31 311312 —-a-w- c:\windows\system32\drivers\5888047.sys
2010-05-04 13:12 . 2009-09-25 14:59 128016 —-a-w- c:\windows\system32\drivers\58880471.sys
2010-05-04 12:54 . 2010-05-04 12:54 ——– d—–w- c:\users\Deea\AppData\Roaming\Malwarebytes
2010-05-04 12:53 . 2010-04-29 12:39 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-04 12:53 . 2010-05-04 12:53 ——– d—–w- c:\program files\Malwarebytes’ Anti-Malware
2010-05-04 12:53 . 2010-05-04 12:53 ——– d—–w- c:\programdata\Malwarebytes
2010-05-04 12:53 . 2010-04-29 12:39 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
2010-05-03 15:40 . 2010-05-03 15:40 ——– d—–w- c:\users\Deea\AppData\Local\Yahoo!
2010-05-03 15:40 . 2010-05-03 16:21 ——– d—–w- c:\programdata\Yahoo! Companion
2010-05-03 15:40 . 2009-12-14 14:52 607472 —-a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2010-04-28 15:51 . 2009-12-11 07:44 133720 —-a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 15:51 . 2009-12-11 07:38 1037312 —-a-w- c:\windows\system32\lsasrv.dll
2010-04-21 20:10 . 2010-02-11 07:10 293376 —-a-w- c:\windows\system32\browserchoice.exe
2010-04-15 15:50 . 2010-02-27 12:07 3954568 —-a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 15:50 . 2010-02-27 12:07 3899280 —-a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 15:50 . 2010-03-08 21:33 427520 —-a-w- c:\windows\system32\vbscript.dll
2010-04-15 15:50 . 2010-02-27 07:32 221696 —-a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 15:50 . 2010-02-27 07:32 95744 —-a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 15:50 . 2010-02-27 07:32 123392 —-a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 16:22 . 2009-12-29 06:55 172032 —-a-w- c:\windows\system32\wintrust.dll
2010-04-14 16:22 . 2010-01-09 06:52 132608 —-a-w- c:\windows\system32\cabview.dll
2010-04-05 14:35 . 2010-04-05 14:35 ——– d—–w- c:\users\Deea\AppData\Local\eBook Reader
2010-04-05 09:30 . 2010-04-05 09:31 ——– d—–w- c:\users\Deea\AppData\Local\Google
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 15:32 . 2010-02-05 11:26 81984 —-a-w- c:\windows\system32\bdod.bin
2010-05-03 15:40 . 2009-11-01 14:27 ——– d—–w- c:\programdata\Yahoo!
2010-05-03 15:40 . 2009-11-01 14:27 ——– d—–w- c:\program files\Yahoo!
2010-05-02 14:02 . 2009-11-01 19:36 ——– d—–w- c:\users\Deea\AppData\Roaming\uTorrent
2010-05-02 06:44 . 2009-11-01 19:37 ——– d—–w- c:\program files\uTorrent
2010-04-30 21:17 . 2009-11-01 14:03 ——– d—–w- c:\program files\Opera
2010-04-17 19:35 . 2009-11-01 18:40 ——– d—–w- c:\users\Deea\AppData\Roaming\Winamp
2010-04-15 20:31 . 2009-11-08 19:46 ——– d—–w- c:\programdata\Microsoft Help
2010-04-07 20:10 . 2009-11-01 14:01 ——– d—–w- c:\program files\Common Files\Adobe
2010-04-04 21:33 . 2009-12-12 14:13 ——– d—–w- c:\programdata\Corel
2010-03-31 16:41 . 2010-03-31 16:41 ——– d—–w- c:\program files\CCleaner
2010-03-31 16:39 . 2009-11-01 18:40 ——– d—–w- c:\program files\Winamp
2010-03-30 17:55 . 2009-11-06 22:09 ——– d—–w- c:\users\Deea\AppData\Roaming\Skype
2010-03-25 17:07 . 2009-11-01 18:04 ——– d–h–w- c:\program files\InstallShield Installation Information
2010-03-25 17:07 . 2009-11-03 16:12 2485883 —-a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-03-21 09:29 . 2009-11-01 16:57 ——– d—–w- c:\program files\iTunes
2010-03-21 09:28 . 2010-03-21 09:28 ——– d—–w- c:\program files\iPod
2010-03-21 09:28 . 2009-11-01 16:56 ——– d—–w- c:\program files\Common Files\Apple
2010-03-21 09:28 . 2009-11-01 16:56 ——– d—–w- c:\programdata\Apple Computer
2010-03-21 09:27 . 2010-03-21 09:26 ——– d—–w- c:\program files\QuickTime
2010-03-21 09:20 . 2010-03-21 09:20 72488 —-a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-16 15:33 . 2009-11-06 22:12 ——– d—–w- c:\users\Deea\AppData\Roaming\skypePM
2010-03-02 18:16 . 2009-12-12 14:14 2516 –sha-w- c:\programdata\KGyGaAvL.sys
2010-03-02 18:16 . 2009-12-12 14:14 2516 –sha-w- c:\programdata\KGyGaAvL.sys
2010-03-02 18:16 . 2009-12-12 14:14 88 –sh–r- c:\programdata\EB23E43201.sys
2010-03-02 18:16 . 2009-12-12 14:14 88 –sh–r- c:\programdata\EB23E43201.sys
2010-03-02 18:16 . 2010-03-02 18:13 2516 –sha-w- c:\programdata\Protexis\KGyGaAvL.sys
2010-03-02 18:15 . 2010-03-02 18:13 88 –sh–r- c:\programdata\Protexis\EB23E43201.sys
2010-03-02 18:13 . 2009-11-01 13:54 160488 —-a-w- c:\users\Deea\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 07:16 . 2009-11-01 14:13 181632 ——w- c:\windows\system32\MpSigStub.exe
2010-02-23 07:56 . 2010-03-31 15:23 977920 —-a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “c:\program files\Winamp Toolbar\winamptb.dll” [2009-05-06 1262888]
“{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}”= “c:\program files\BS_Player\tbBS_P.dll” [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 08:18 2215960 —-a-w- c:\program files\BS_Player\tbBS_P.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}”= “c:\program files\BS_Player\tbBS_P.dll” [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}”= “c:\program files\BS_Player\tbBS_P.dll” [2009-07-02 2215960]
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“DAEMON Tools Lite”=”c:\program files\DAEMON Tools Lite\DTLite.exe” [2009-10-30 369200]
“Sidebar”=”c:\program files\Windows Sidebar\sidebar.exe” [2009-07-14 1173504]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=”c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-08-03 202024]
“Google Update”=”c:\users\Deea\AppData\Local\Google\Update\GoogleUpdate.exe” [2010-04-05 136176]
“Messenger (Yahoo!)”=”c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe” [2010-03-19 5248312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“atwtusb”=”atwtusb.exe beta” [X]
“FixCamera”=”c:\windows\FixCamera.exe” [2007-02-12 20480]
“tsnp325″=”c:\windows\tsnp325.exe” [2006-10-10 270336]
“snp325″=”c:\windows\vsnp325.exe” [2006-10-10 827392]
“WinampAgent”=”c:\program files\Winamp\winampa.exe” [2009-07-01 37888]
“ArcSoft Connection Service”=”c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe” [2010-03-18 207360]
“GrooveMonitor”=”c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072]
“AdobeCS4ServiceManager”=”c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe” [2008-08-14 611712]
“BDMCon”=”c:\program files\Softwin\BitDefender10\bdmcon.exe” [2007-04-02 290816]
“BDAgent”=”c:\program files\Softwin\BitDefender10\bdagent.exe” [2007-03-26 69632]
“NeroFilterCheck”=”c:\program files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 153136]
“NBKeyScan”=”c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-08-08 1828136]
“QuickTime Task”=”c:\program files\QuickTime\QTTask.exe” [2009-11-10 417792]
“iTunesHelper”=”c:\program files\iTunes\iTunesHelper.exe” [2010-02-15 141608]
“Adobe Reader Speed Launcher”=”c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2010-04-04 36272]
“Adobe ARM”=”c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2010-03-24 952768]
“Malwarebytes Anti-Malware (reboot)”=”c:\program files\Malwarebytes’ Anti-Malware\mbam.exe” [2010-04-29 1090952]
c:\users\Deea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.05.2010_15-23.lnk – c:\users\Deea\Desktop\Virus Removal Tool\setup_9.0.0.722_04.05.2010_15-23\startup.exe [2010-5-4 72208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0×5)
“ConsentPromptBehaviorUser”= 3 (0×3)
“EnableUIADesktopToggle”= 0 (0×0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“aux”=wdmaud.drv
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-01 691696]
R1 aiptektp;HyperPen;c:\windows\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]
S0 58880472;58880472 Boot Guard Driver;c:\windows\system32\DRIVERS\58880472.sys [2009-10-22 37392]
S1 58880471;58880471;c:\windows\system32\DRIVERS\58880471.sys [2009-09-25 128016]
S1 setup_9.0.0.722_04.05.2010_15-23drv;setup_9.0.0.722_04.05.2010_15-23drv;c:\windows\system32\DRIVERS\5888047.sys [2009-10-09 311312]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys [2007-04-03 10251904]
.
Contents of the ‘Scheduled Tasks’ folder
2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1978590124-3122013574-4123153948-1001Core.job
- c:\users\Deea\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-05 09:30]
2010-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1978590124-3122013574-4123153948-1001UA.job
- c:\users\Deea\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-05 09:30]
.
.
——- Supplementary Scan ——-
.
uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search – c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel – c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- – - – ORPHANS REMOVED – - – -
HKCU-Run-AdobeBridge – (no file)
HKCU-Run-Netlog Music Tool – c:\program files\Netlog Music Tool\NetlogMusicTool.exe
HKLM-Run-CorelDRAW Graphics Suite 11b – c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe
.
——————— LOCKED REGISTRY KEYS ———————
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-04 18:38:42
ComboFix-quarantined-files.txt 2010-05-04 15:38
Pre-Run: 15.457.546.240 bytes free
Post-Run: 15.460.376.576 bytes free
- – End Of File – - E5A7CAA7367ABC1918747A72EE4FD2C9
@andreea: Mai trimiti link-uri automate pe messenger ?
Se pare ca nu.
Atunci ai scapat de infectie.
Ai efectuat si o scanare cu Malwarebytes Anti-Malware ?
Da , am scanat. Multumesc mult.
Buna…imi poti spune, cand ai timp si daca vrei, ce sa repar de acolo ca Pc’ul meu e infectat si nu mai stiu cum sa il curat…multumesc anticipat
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:41 PM, on 5/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\Program Files\TuneUp Utilities 2009\DiskDoctor.exe
C:\Program Files\TuneUp Utilities 2009\OneClick.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271853487000
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Avira FireWall (AntiVirFirewallService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 – Service: Avira AntiVir MailGuard (AntiVirMailService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: Avira AntiVir WebGuard (AntiVirWebService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 – Service: Lookout Citadel Server (LkCitadelServer) – National Instruments, Inc. – C:\WINDOWS\system32\lkcitdl.exe
O23 – Service: National Instruments PSP Server Locator (lkClassAds) – National Instruments Corporation – C:\WINDOWS\system32\lkads.exe
O23 – Service: National Instruments Time Synchronization (lkTimeSync) – National Instruments Corporation – C:\WINDOWS\system32\lktsrv.exe
O23 – Service: NI Configuration Manager (mxssvr) – National Instruments Corporation – C:\Program Files\National Instruments\MAX\nimxs.exe
O23 – Service: National Instruments Domain Service (NIDomainService) – National Instruments Corporation – C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 – Service: NILM License Manager – Macrovision Corporation – C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 – Service: NI Service Locator (niSvcLoc) – National Instruments Corporation – C:\WINDOWS\system32\nisvcloc.exe
O23 – Service: National Instruments Variable Engine (NITaggerService) – National Instruments Corporation – C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: OpcEnum – OPC Foundation – C:\WINDOWS\system32\OpcEnum.exe
O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\WINDOWS\System32\TuneUpDefragService.exe
O23 – Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) – TuneUp Software – C:\WINDOWS\System32\TUProgSt.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
–
End of file – 9267 bytes
@Ana Maria Tanasa: Log-ul este curat, insa da-mi mai multe detalii despre infectie: cum se numeste virusul, unde este localizat, ce efecte are asupra PC-ului ?
[...] Realizati un log HijackThis si apoi bifati si apasati “Fix checked” pentru intrarile: F2 – REG:system.ini: [...]
salut ,
se poate uita cineva la log -ul meu ??? mersi anticipat ptr raspuns
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:37 PM, on 5/24/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\vali\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
O2 – BHO: Search Helper – {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} – C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: Windows Live Toolbar Helper – {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 – Toolbar: &Windows Live Toolbar – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 – Toolbar: Ask Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 – HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [nmctxth] “C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe”
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe”
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O8 – Extra context menu item: Add to Anti-Banner – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: &Virtual keyboard – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: URLs c&heck – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 – DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} –
O17 – HKLM\System\CCS\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
O17 – HKLM\System\CS1\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
O17 – HKLM\System\CS2\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 – AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 – Service: Kaspersky Internet Security (AVP) – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 – Service: Linksys Updater (LinksysUpdater) – Unknown owner – C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 – Service: Nero BackItUp Scheduler 3 – Nero AG – C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 – Service: Pure Networks Platform Service (nmservice) – Cisco Systems, Inc. – C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 – Service: PLFlash DeviceIoControl Service – Prolific Technology Inc. – C:\Windows\system32\IoctlSvc.exe
–
End of file – 7284 bytes
@valentin: Este in regula log-ul tau.
Ai ceva probleme cu Pc-ul?
merge cam greu