Comments on: HijackThis 2.0.4 – Analiza Setarilor Modificate de Virusi din PC-ul tau http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/ Totul despre virusi, antivirusi si securitate IT Fri, 10 Feb 2012 20:49:22 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Dragos http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-79996 Dragos Tue, 06 Dec 2011 17:34:34 +0000 http://www.faravirusi.com/?p=3944#comment-79996 Am si eu nevoie de ajutor. Cand am luat acest virus aveam telefonu conectat la pc,si mi-au fost ascunse toate fisierele de pe card,nu sunt sterse pentru k atunci knd dau scanare mi le arata . Cum as putea sa fac sa mi le arata din nou?? AStept un raspuns Multumesc Am si eu nevoie de ajutor.
Cand am luat acest virus aveam telefonu conectat la pc,si mi-au fost ascunse toate fisierele de pe card,nu sunt sterse pentru k atunci knd dau scanare mi le arata .
Cum as putea sa fac sa mi le arata din nou??
AStept un raspuns
Multumesc

]]> By: Gigi http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-64592 Gigi Tue, 04 Oct 2011 14:19:07 +0000 http://www.faravirusi.com/?p=3944#comment-64592 Bifeaza si apasa Fix Checked pentru liniile: O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll O18 – Protocol: dssrequest – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file) O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file) Apoi descarca Malwarebytes Anti-Malware, fa-i update, scaneaza Full si indeparteaza infectiile (daca exista). http://www.malwarebytes.org/mbam-download.php Pune apoi logul aici. Bifeaza si apasa Fix Checked pentru liniile:

O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll
O18 – Protocol: dssrequest – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file)
O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file)

Apoi descarca Malwarebytes Anti-Malware, fa-i update, scaneaza Full si indeparteaza infectiile (daca exista).
http://www.malwarebytes.org/mbam-download.php

Pune apoi logul aici.

]]> By: Vanesa http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-64588 Vanesa Tue, 04 Oct 2011 14:00:23 +0000 http://www.faravirusi.com/?p=3944#comment-64588 Ma puteti ajuta si pe mine? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:47:03, on 03.10.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17099) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Acer\Acer VCM\RS_Service.exe c:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe c:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\WebCam\M3000\M3000Mnt.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt O4 - HKLM\..\Run: [SBAMTray] "c:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Deluxe Tree] C:\Documents and Settings\Vanesa\My Documents\My Pictures\Christmas.exe O4 - HKCU\..\Run: [DesktopXmasTree] C:\Documents and Settings\Vanesa\My Documents\My Pictures\DesktopLightingTree.exe O4 - HKCU\..\Run: [Happy Christmas] C:\Documents and Settings\Vanesa\My Documents\My Pictures\HappyChristmas.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: WBSYS. C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe O23 - Service: VIPRE Antivirus Premium (SBAMSvc) - Sunbelt Software - c:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - c:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9489 bytes Ma puteti ajuta si pe mine?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:47:03, on 03.10.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
c:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
c:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0709&m=aspire_one
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 – URLSearchHook: (no name) – {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} – (no file)
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: RealPlayer Download and Record Plugin for Internet Explorer – {3049C3E9-B461-4BC5-8870-4C09146192CA} – C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: (no name) – {B164E929-A1B6-4A06-B104-2CD0E90A88FF} – (no file)
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 – HKLM\..\Run: [TkBellExe] “C:\program files\real\realplayer\update\realsched.exe” -osboot
O4 – HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 – HKLM\..\Run: [SBAMTray] “c:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe”
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Deluxe Tree] C:\Documents and Settings\Vanesa\My Documents\My Pictures\Christmas.exe
O4 – HKCU\..\Run: [DesktopXmasTree] C:\Documents and Settings\Vanesa\My Documents\My Pictures\DesktopLightingTree.exe
O4 – HKCU\..\Run: [Happy Christmas] C:\Documents and Settings\Vanesa\My Documents\My Pictures\HappyChristmas.exe
O4 – HKCU\..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\drivers\itech1\imonlsp.dll
O18 – Protocol: dssrequest – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file)
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 – Protocol: sacore – {5513F07E-936B-4E52-9B00-067394E91CC5} – (no file)
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – AppInit_DLLs: WBSYS. C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 – Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) – Intel Corporation – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Raw Socket Service (RS_Service) – Acer Incorporated – C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 – Service: VIPRE Antivirus Premium (SBAMSvc) – Sunbelt Software – c:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 – Service: SB Recovery Service (SBPIMSvc) – Sunbelt Software – c:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe
O23 – Service: ServiceLayer – Nokia. – C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


End of file – 9489 bytes

]]> By: valentin http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-16161 valentin Tue, 25 May 2010 08:32:32 +0000 http://www.faravirusi.com/?p=3944#comment-16161 merge cam greu merge cam greu

]]> By: Radu FaraVirusi(com) http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-15944 Radu FaraVirusi(com) Mon, 24 May 2010 17:28:16 +0000 http://www.faravirusi.com/?p=3944#comment-15944 @valentin: Este in regula log-ul tau. Ai ceva probleme cu Pc-ul? @valentin: Este in regula log-ul tau.
Ai ceva probleme cu Pc-ul?

]]> By: valentin http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-15939 valentin Mon, 24 May 2010 17:19:52 +0000 http://www.faravirusi.com/?p=3944#comment-15939 salut , se poate uita cineva la log -ul meu ??? mersi anticipat ptr raspuns Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:16:37 PM, on 5/24/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe C:\Users\vali\Downloads\HijackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O17 - HKLM\System\CCS\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe -- End of file - 7284 bytes salut ,
se poate uita cineva la log -ul meu ??? mersi anticipat ptr raspuns
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:37 PM, on 5/24/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\vali\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 – BHO: (no name) – {02478D38-C3F9-4efb-9B51-7695ECA05670} – (no file)
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: IEVkbdBHO – {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
O2 – BHO: Search Helper – {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} – C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: Windows Live Toolbar Helper – {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 – BHO: link filter bho – {E33CF602-D945-461A-83F0-819F76A199F8} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 – Toolbar: &Windows Live Toolbar – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 – Toolbar: Ask Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 – HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 – HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 – HKLM\..\Run: [nmctxth] “C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe”
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe”
O4 – HKCU\..\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O8 – Extra context menu item: Add to Anti-Banner – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: &Virtual keyboard – {4248FE82-7FCB-46AC-B270-339F08212110} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: URLs c&heck – {CCF151D8-D089-449F-A5A4-D9909053F20F} – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 – Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 – DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} –
O17 – HKLM\System\CCS\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
O17 – HKLM\System\CS1\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
O17 – HKLM\System\CS2\Services\Tcpip\..\{4C3A156C-7CA5-491E-9DB4-0E34CAB3B55C}: NameServer = 217.156.46.1,217.156.46.2
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 – AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 – Service: Kaspersky Internet Security (AVP) – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 – Service: Linksys Updater (LinksysUpdater) – Unknown owner – C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 – Service: Nero BackItUp Scheduler 3 – Nero AG – C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 – Service: Pure Networks Platform Service (nmservice) – Cisco Systems, Inc. – C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 – Service: PLFlash DeviceIoControl Service – Prolific Technology Inc. – C:\Windows\system32\IoctlSvc.exe


End of file – 7284 bytes

]]> By: Cum scap de smss32.exe ? – Ghid pentru Devirusare « RazvanMarcu's Blog http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-15140 Cum scap de smss32.exe ? – Ghid pentru Devirusare « RazvanMarcu's Blog Sun, 09 May 2010 12:00:24 +0000 http://www.faravirusi.com/?p=3944#comment-15140 [...] Realizati un log HijackThis si apoi bifati si apasati “Fix checked” pentru intrarile: F2 – REG:system.ini: [...] [...] Realizati un log HijackThis si apoi bifati si apasati “Fix checked” pentru intrarile: F2 – REG:system.ini: [...]

]]> By: Radu FaraVirusi(com) http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-14924 Radu FaraVirusi(com) Tue, 04 May 2010 19:33:26 +0000 http://www.faravirusi.com/?p=3944#comment-14924 @Ana Maria Tanasa: Log-ul este curat, insa da-mi mai multe detalii despre infectie: cum se numeste virusul, unde este localizat, ce efecte are asupra PC-ului ? @Ana Maria Tanasa: Log-ul este curat, insa da-mi mai multe detalii despre infectie: cum se numeste virusul, unde este localizat, ce efecte are asupra PC-ului ?

]]> By: Ana Maria Tanasa http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-14923 Ana Maria Tanasa Tue, 04 May 2010 19:18:11 +0000 http://www.faravirusi.com/?p=3944#comment-14923 Buna...imi poti spune, cand ai timp si daca vrei, ce sa repar de acolo ca Pc'ul meu e infectat si nu mai stiu cum sa il curat...multumesc anticipat Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:12:41 PM, on 5/4/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\National Instruments\MAX\nimxs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\TuneUp Utilities 2009\Integrator.exe C:\Program Files\TuneUp Utilities 2009\DiskDoctor.exe C:\Program Files\TuneUp Utilities 2009\OneClick.exe C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe C:\WINDOWS\System32\TuneUpDefragService.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271853487000 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira FireWall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 9267 bytes Buna…imi poti spune, cand ai timp si daca vrei, ce sa repar de acolo ca Pc’ul meu e infectat si nu mai stiu cum sa il curat…multumesc anticipat

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:41 PM, on 5/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\Program Files\TuneUp Utilities 2009\DiskDoctor.exe
C:\Program Files\TuneUp Utilities 2009\OneClick.exe
C:\Program Files\TuneUp Utilities 2009\RegistryCleaner.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 – Toolbar: DAEMON Tools Toolbar – {32099AAC-C132-4136-9E9A-4E364A424E17} – C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKCU\..\Run: [Messenger (Yahoo!)] “C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\DTLite.exe” -autorun
O4 – HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271853487000
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Avira FireWall (AntiVirFirewallService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
O23 – Service: Avira AntiVir MailGuard (AntiVirMailService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 – Service: Avira AntiVir Scheduler (AntiVirSchedulerService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 – Service: Avira AntiVir Guard (AntiVirService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 – Service: Avira AntiVir WebGuard (AntiVirWebService) – Avira GmbH – C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 – Service: Lookout Citadel Server (LkCitadelServer) – National Instruments, Inc. – C:\WINDOWS\system32\lkcitdl.exe
O23 – Service: National Instruments PSP Server Locator (lkClassAds) – National Instruments Corporation – C:\WINDOWS\system32\lkads.exe
O23 – Service: National Instruments Time Synchronization (lkTimeSync) – National Instruments Corporation – C:\WINDOWS\system32\lktsrv.exe
O23 – Service: NI Configuration Manager (mxssvr) – National Instruments Corporation – C:\Program Files\National Instruments\MAX\nimxs.exe
O23 – Service: National Instruments Domain Service (NIDomainService) – National Instruments Corporation – C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 – Service: NILM License Manager – Macrovision Corporation – C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 – Service: NI Service Locator (niSvcLoc) – National Instruments Corporation – C:\WINDOWS\system32\nisvcloc.exe
O23 – Service: National Instruments Variable Engine (NITaggerService) – National Instruments Corporation – C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: OpcEnum – OPC Foundation – C:\WINDOWS\system32\OpcEnum.exe
O23 – Service: TuneUp Drive Defrag Service (TuneUp.Defrag) – TuneUp Software – C:\WINDOWS\System32\TuneUpDefragService.exe
O23 – Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) – TuneUp Software – C:\WINDOWS\System32\TUProgSt.exe
O23 – Service: Yahoo! Updater (YahooAUService) – Yahoo! Inc. – C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


End of file – 9267 bytes

]]> By: andreea http://www.faravirusi.com/2010/04/22/hijackthis-2-0-4-analiza-setarilor-modificate-de-virusi-din-pc-ul-tau/comment-page-1/#comment-14909 andreea Tue, 04 May 2010 15:57:18 +0000 http://www.faravirusi.com/?p=3944#comment-14909 Da , am scanat. Multumesc mult. Da , am scanat. Multumesc mult.

]]>