A disparut RUN

luci, urmeaza instructiunile de aici: http://forum.softped...t...t&p=2611447

Multumesc mult pykko ,acum totul e ok!

luci38, on Apr 15 2008, 16:54, said:

Cu placere!

Buna ziua

Va rog daca puteti sa ma ajutati. Am Avast Profesional versiunea 4.8, Spybot si Firewall incroporat de Vista, pentru ca nu am incredere 100% in avast scanez saptamanal calc cu un antivirus online, de regula cu Windows Live OneCare, de cele mai multe imi rezolva eventualele probleme gasite, dar de cateva zile am gasit unii virusi si nu ii poate rezolva, nici macar nu imi spune detalii, spune doar 2 amenintari grave, pe care nu le poate rezolva. Avastul nu spune nimic. Va tirmit un log daca puteti sa ma ajutati ca eu nu stiu sa-l citesc. Va multumesc anticipat. Orice parere mi-ar fi de folos.


Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 19:43:04, on 27.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Genius\ioCentre\gAutoPan.exe
C:\Genius\ioCentre\gAutoScroll.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gMGlass.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Genius\ioCentre\gKbStatus.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Genius\ioCentre\gTaskSwitch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.co...d2-41fde8d1391d
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ask.com/w...}&o=14482&l=dis
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 86.34.134.154 bb.spiruharet.ro
O1 - Hosts: 82.98.248.165 spiruharet.blackboard.com
O2 - BHO: Google Plus - {01677B4B-0610-4814-94A0-5F570DD7A88F} - C:\PROGRA~1\GOOGLE~1\17GOOG~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: GAddons - Find what you need faster! - {78FF2F80-613A-47d7-8871-912B1236F704} - C:\PROGRA~1\EASYSE~1\BHO\7SUPER~1.DLL
O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: expiorer.exe.lnk = ?
O4 - Global Startup: NCProTray.lnk = C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...o/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...961/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69360BC8-8394-4B11-B730-7420A3B66A3F}: NameServer = 82.76.253.115 82.76.253.125
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - AppInit_DLLs:    C:\Windows\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10178 bytes

Ai zis ca ai Avast cu firewall-ul din Vista. Eu vad si Comodo pe acolo....

Descarca

Malwarebytes Anti-Malware 1.45

si salveaza-l pe Desktop.

Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.



Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele.

Database version: 4XXX



Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan.



La terminarea scanarii apasa OK si apoi Show Results.





Asigura-te ca e totul bifat si apoi apasa Remove Selected.





La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.



Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.)

Multumesc Crysty, asa este am avut Comodo Firewall dar l-am scos inainte de de a scana cu HiJackThis cand ajung acasa o sa fac ce mi-ai spus sa vedem ce iese. Multumesc.

Astept log-ul aici.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versiunea bazei de date: 4046

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

28.04.2010 19:02:00
mbam-log-2010-04-28 (19-02-00).txt

Modul de scanare: Scanare completa (C:\|D:\|)
Obiecte scanate: 250937
Timp trecut: 53 minute, 36 secunde

Procese din Memorie Infectate: 0
Module de Memorie Infectate: 0
Chei de Registru Infectate: 15
Valori de Registru Infectate: 10
Date din Registru Infectate: 0
Foldere Infectate: 3
Fisiere Infectate: 8

Procese din Memorie Infectate:
(Nu au fost detectate obiecte malicioase)

Module de Memorie Infectate:
(Nu au fost detectate obiecte malicioase)

Chei de Registru Infectate:
HKEY_CLASSES_ROOT\CLSID\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ea256ed-74b3-4322-b1e0-53d00c693e6e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01677b4b-0610-4814-94a0-5f570dd7a88f} (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78ff2f80-613a-47d7-8871-912b1236f704} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.bhobridge (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.bhobridge.1 (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.supersearchfirefoxmgr (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\supersearch.supersearchfirefoxmgr.1 (Adware.SuperSearch) -> Quarantined and deleted successfully.

Valori de Registru Infectate:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\firstinstallflag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.

Date din Registru Infectate:
(Nu au fost detectate obiecte malicioase)

Foldere Infectate:
C:\Program Files\ThunMail (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\BHO (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch (Adware.SuperSearch) -> Quarantined and deleted successfully.

Fisiere Infectate:
C:\Program Files\GooglePlusVideos\17.GooglePlusVideos.dll (Trojan.SearchRedir.G) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\BHO\7.SuperSearch.dll (Trojan.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{25697716-A65F-4BBF-AEB4-39028724B253}\RP44\A0022455.0XE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\BHO\SVConfig.ini (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\EasySearch\BHO\what.are.GAddons.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected] (Adware.SuperSearch) -> Quarantined and deleted successfully.
C:\Windows\irc.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.

Descarca

Kaspersky Virus Removal Tool 2010 9.0.0.722

Instaleaza-l, scoate cablul de Internet, opreste protectia real-time(scutul) a antivirus-ului instalat pe PC si scaneaza full cu acest utilitar.



La terminarea scanarii dezinfecteaza/sterge toate fisierele detectate.

Restart, activeaza protectia antivirus, conecteaza cablul de internet.

nu a mai gasit nimic

Multumesc crysty2k5 pentru ajutor. La scanarea cu Kaspersky Virus Removal Tool 2010 9.0.0.722 nu a gasit nimic, tind sa cred ca e curat acum, pentru siguranta o sa il rescanez cu Windown OneCare astazi sau maine si postez rezultatul. Oricum pe viitor imi recomanzi sa folosesc programele date de tine?

Da, nu influienteaza cu nimic. Doar scanezi cu ele cand crezi ca e ceva suspect si revii aici

am aceeasi problema ,mi-a disparut RUN .am descarcat fisierul "repara" postat in pagina anterioara,am dat install si reboot dar nu am reaolvat nimic.ma poate ajuta si pe mine cineva?multumesc mult.postez  si un log hijackthis

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 8:15:28 PM, on 5/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\msd32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\EDITH\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: <HTML><HEAD><TITLE>Yahoo!</TITLE>
O1 - Hosts: </HEAD><BODY BGCOLOR=white vlink=blue>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --><center>
O1 - Hosts: <table width=675 cellpadding=0 cellspacing=2 border=0>
O1 - Hosts: <tr>
O1 - Hosts: <td width=1% valign=top><a href="http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo"></a></td>
O1 - Hosts: <td align=right><font face=arial size=-1><a href="/404/*http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.co...p</a></font><hr size=1 noshade></td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=3>
O1 - Hosts: <tr>
O1 - Hosts: <td bgcolor=003399 colspan=2>
O1 - Hosts: <font face=Arial size=+1 color=white><b>Sorry, the page you requested was not found.</b></font>
O1 - Hosts: </td>
O1 - Hosts: </tr></table>
O1 - Hosts: <br>
O1 - Hosts: <table border=0 width=675 cellspacing=0 cellpadding=1>
O1 - Hosts: <tr>
O1 - Hosts: <td valign=top width=229 bgcolor=ffffff>
O1 - Hosts: <table width="100%" cellpadding=1 cellspacing=0 border=0 bgcolor=dcdcdc><tr>
O1 - Hosts: <td valign=top align=center><table width="100%" cellpadding=3 cellspacing=0 border=0 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=dcdcdc><td><font face=arial><b>Search Yahoo!</b></font></td></tr>
O1 - Hosts: <tr bgcolor=white><td valign=top align=center>
O1 - Hosts: <form action="http://search.yahoo....oo.com/search">
O1 - Hosts: <input size="14" name="p" value=""> 
O1 - Hosts: <input type="SUBMIT" value="Search">
O1 - Hosts: <font face=arial size=-2>? <a href="http://search.yahoo....ns?p=">advanced search</a> ? <a href="http://buzz.yahoo.com">most popular</a></font>
O1 - Hosts: </form></td></tr></table>
O1 - Hosts: <table width=100% border=0 cellspacing=0 cellpadding=3 bgcolor=ffffff>
O1 - Hosts: <tr bgcolor=ccccff><td>
O1 - Hosts: <FONT face=arial size=+1>Yahoo! Web Hosting</font>
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td>
O1 - Hosts: <a href=http://webhosting.yahoo.com/ps/wh/prod/><img align=left src=http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/j_advan48.gif width=48 height=48 border=0 alt="Yahoo! Web Hosting"></a>
O1 - Hosts: <font face=arial size=-1>Yahoo! Web Hosting has <a href="http://webhosting.ya...wh/prod/">three affordable plans</a> to meet your needs - starting at just $11.95.
O1 - Hosts: </td></tr>
O1 - Hosts: <tr><td align=right>
O1 - Hosts: <b><font face=arial size=-1><a href=http://webhosting.yahoo.com/ps/wh/prod/>Learn more...</a></font></b>
O1 - Hosts: </td></tr>
O1 - Hosts: </table>
O1 - Hosts: </td></tr></table>
O1 - Hosts: </td>
O1 - Hosts: <td width=1> </td>
O1 - Hosts: <td valign=top align=center width=445>
O1 - Hosts: <script language="Javascript" type="text/javascript"
O1 - Hosts: src="http://adserver.yaho...es&l=MON&c=sr">
O1 - Hosts: </script>
O1 - Hosts: <noscript>
O1 - Hosts: <iframe
O1 - Hosts: src="http://adserver.yaho...c=sh&bg=ffffff"
O1 - Hosts: width=470 height=580 marginwidth=0 marginheight=0 hspace=0
O1 - Hosts: vspace=0 frameborder=0 scrolling=no>
O1 - Hosts: </iframe>
O1 - Hosts: </noscript>
O1 - Hosts: </td>
O1 - Hosts: </tr>
O1 - Hosts: </table>
O1 - Hosts: <br>
O1 - Hosts: <table cellpadding=0 cellspacing=0 border=0 width=675><tr><td bgcolor=a0b8c8>
O1 - Hosts: <table cellpadding=1 cellspacing=1 border=0 width="100%">
O1 - Hosts: <tr valign=top bgcolor=ffffff><td align=center>
O1 - Hosts: <font face=arial size=-2><A
O1 - Hosts: href="http://rd.yahoo.com/...o.com/">Address Book</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...om/">Alerts</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/.../">Auctions</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...ahoo.com/">Bill Pay</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...">Bookmarks</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...">Briefcase</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...">Broadcast</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/.../">Calendar</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/....com/">Chat</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...Classifieds</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...com/">Clubs</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...">Companion</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...m/">Experts</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...com/">Games</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...">Greetings</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...ahoo.com/">Home Pages</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...m/">Invites</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/....com/">Mail</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/....com/">Maps</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...oo.com/">Member Directory</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...">Messenger</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/....yahoo.com/">My Yahoo!</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/....com/">News</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...">PayDirect</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...oo.com/">People Search</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...">Personals</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...om/">Photos</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/.../">Shopping</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...om/">Sports</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...hoo.com/">Stock Quotes</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...oo.com/">TV</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...om/">Travel</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...m/">Weather</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...Yahooligans</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...oo.com/">Yellow Pages</A> ? <A
O1 - Hosts: href="http://rd.yahoo.com/...ml">more...</A>
O1 - Hosts: </font></td></tr></table></td></tr></table>
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Wiirvice] C:\WINDOWS\System32\winin2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msrtm] C:\WINDOWS\msd32.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; InfoPath.2)" -"http://acasa.minicli...intasdasd.html"
O4 - HKUS\S-1-5-20\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18064 bytes

Edited by ady4x4, 11 May 2010 - 19:18.

Bifeaza si apasa Fix Checked pentru:

ady4x4, on 11th May 2010, 20:17, said:

Navigheaza in C:\Windows\System32\drivers\etc si sterge fisierul hosts

Apoi:

Descarca: ComboFix si salveaza-l pe Desktop.

Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat:

Quote

Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos.

[ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ]
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI.

Edited by Official, 11 May 2010 - 20:28.

nu reusesc sa rulez combofix-ul .cand trag fisierul peste el porneste si imi apare cfscript name error. are vreo legatura faptul ca dupa log-ul postat am scanat cu SUPERAntiSpyware ( e posibil sa fi sters el acele fisiere?)multumesc

Edited by ady4x4, 11 May 2010 - 20:56.

Ai denumit corect fisierul CFScript.txt ? Sa nu fie CFScript.txt.txt. Atentie la extensia fisierelor. Daca sistemul nu este setat sa vezi extensia lor, salveaza-l CFScript simplu.

LE: Descarca fisierul de aici:

Edited by Official, 11 May 2010 - 21:17.

1 fisier este vazut de SUPERAntiSpyware.

http://www.superanti.../MSD32.EXE.html

1 fisier este vazut de Dr. Web

Navigheaza in:

Quote

Si sterge fisierul hosts.

Descarca

SUPERAntiSpyware 4.37.1000

si salveaza-l pe Desktop.

Instaleaza-l, apoi deschide fereasta principala si apasa Check for Updates...

Definition Database Version

Core: 4XXX



Dupa update, apasa Scan your Computer...

Asigura-te ca e bifat Perform Complete Scan si apasa Next.



Dupa scanare si afisarea rezultatelor, apasa Next.



Apoi Yes.



Posteaza apoi aici rezultatele scanarii.

Descarca

Dr.Web CureIt!5.00.10

Scoate cablul de Internet, opreste protectia real-time(scutul) a antivirus-ului instalat pe PC si scaneaza full cu acest utilitar.

Initial, la rulare, Dr.Web CureIt! incepe un Express Scan. Apasa butonul Stop in dreapta cand acesta are culoarea verde.



Bifeaza apoi in stanga Complete Scan si asa in dreapta pe butonul verde Play.



La terminarea scanarii dezinfecteaza/sterge toate fisierele detectate.

Restart, activeaza protectia antivirus, conecteaza cablul de internet.

nu gasesc log-ul lui SUPERAntiSpyware dar nu a mai gasit nimic.RUN-ul a aparut si el la locul lui . multumesc tuturor.cand pornesc pc nu se poate face nimic sa nu mai apara mesajul cu choose to start :recovery console sau windows xp (aproximativ ).multumesc mult