Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

« 1 / 5 »

IP Camera HikVision nu o gasesc i...

Cand devine un film clasic?

Cu mașina spre Budapesta ...

Ridicare act de identitate cu pro...

Calorifere + incalzire in pardose...

Sfat achizitie laptop buget 1500-...

Boxe Devialet

Mai poarta careva papuci prin oras?

Amortizoare - 2024 - gaz / ulei ?...

Calatorie Bucuresti - Timisoara, ...

Țuica are gust ciudat

Copii nascuti in Romania

Felicitari Republica Moldova pent...

Ușa exterioara care scar5...

Decizie dificila intre doua model...

Orange nu onoreaza premiile din P...

View New Content

hijack this - silvius_tec07

Last Updated: Jul 06 2010 21:09, Started by silvius_tec07 , Apr 03 2010 16:49

Please log in to reply

48 replies to this topic

#19
silvius_tec07

Posted 05 April 2010 - 16:15

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

crysty2k5, on 5th April 2010, 16:31, said:

Vezi daca mai sunt probleme

Nu ma sunt. Multumesc mult de ajutor! DeamonTools-ul nu prea merge, dar o sa vad ce are! Thanks again!! Happy Easter! :thumbup:

#20
rootkit

Posted 05 April 2010 - 16:24

Awake. Security DNA

Grup: Senior Members
Posts: 34,883
Înscris: 07.02.2007

Ok. Daca mai e ceva, revino aici.

Pentru probleme cu Daemon Tools, mergi pe Windows > Software.

#21
silvius_tec07

Posted 27 May 2010 - 20:58

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

Quote

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 9:51:01 PM, on 5/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GamezJoint Toolbar\2.6.1.11950\mvbapp.exe
C:\Program Files\GamezJoint Toolbar\2.6.1.11950\mvbapp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\BrowserZinc\browserzinc139.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BrowserZinc\browserzinc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Kituri\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.softpedia.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.softpedia.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Softpedia
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Count Access Advancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Count Access Advancer\5.6.0.7190\CAAIEAddOn.dll (file missing)
O2 - BHO: Advanced Access Controller - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Advanced Access Controller\4.6.0.2670\AACIEAddOn.dll (file missing)
O2 - BHO: Customized Web Management - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Customized Web Management\1.6.0.3840\CWMIE.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll (file missing)
O2 - BHO: Internet Content Assistant - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Internet Content Assistant\1.6.0.3960\ICAIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: GamezJoint Toolbar - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\GamezJoint Toolbar\2.6.1.11950\mvb0.dll (file missing)
O2 - BHO: Automated Result Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Automated Result Operator\4.6.0.2810\AROIEAddOn.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: GamezJoint Toolbar - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\GamezJoint Toolbar\2.6.1.11950\mvb0.dll (file missing)
O3 - Toolbar: Daemon Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [BDSwitchAgent] C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Internet Connection Wizard Task] "C:\Program Files\Internet Connection Wizard\1.6.0.2350\InternetToday.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nod32] C:\DOCUME~1\Silvius\LOCALS~1\Temp\nodqq.exe
O4 - HKCU\..\Run: [VideoBarApp] C:\Program Files\GamezJoint Toolbar\2.6.1.11950\mvbapp.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [dso32] C:\DOCUME~1\Silvius\LOCALS~1\Temp\dsoqq.exe
O8 - Extra context menu item: &Funband Serach - res://C:\Program Files\GamezJoint Toolbar\2.6.1.11950\mvb0.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserZinc Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\BrowserZinc\browserzinc139.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Acestea sunt rezultatele ce provin dintr-o scaanare cu hijack this. Eu am o problema numita IE Error Scrit (Internet Explorer nu vrea sa mi se deschida si, nici windows media player). Am incercat toate lucrurile posibile l-am dezinstalat de multe ori si i-am facut atat updateuri manuale cat si automate. Eu am folosit o versiune veche de antivirus (BITDEFENDER 9) asa ca l-am dezinstalat si am instalat avira. Problema e ca mi se blocheaza cand il pun sa scaneze, dar imi apar jos fisiere care sunt infectate. Deci, va rog mult ajutati-ma si daca se poate, fara sa trebuiasca sa reinstalez windowsul!

--
End of file - 8470 bytes

#22
rootkit

Posted 27 May 2010 - 22:02

Awake. Security DNA

Grup: Senior Members
Posts: 34,883
Înscris: 07.02.2007

Descarca: ComboFix si salveaza-l pe Desktop.

Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat:

Quote

File::
C:\DOCUME~1\Silvius\LOCALS~1\Temp\dsoqq.exe
C:\DOCUME~1\Silvius\LOCALS~1\Temp\nodqq.exe

Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos.

[ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ]
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI.

#23
silvius_tec07

Posted 28 May 2010 - 11:09

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

Quote

ComboFix 10-05-27.02 - Silvius 05/28/2010  11:49:51.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.660 [GMT 3:00]
Running from: c:\documents and settings\Silvius\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Silvius\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\Silvius\LOCALS~1\Temp\dsoqq.exe"
"c:\docume~1\Silvius\LOCALS~1\Temp\nodqq.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\Silvius\LOCALS~1\Temp\dsoqq.exe
c:\docume~1\Silvius\LOCALS~1\Temp\nodqq.exe
c:\documents and settings\All Users\Application Data\BrowserZinc
c:\documents and settings\All Users\Application Data\BrowserZinc\browserzinc139.exe
c:\documents and settings\Silvius\Local Settings\Temporary Internet Files\mvb06759.tmp
C:\hc3hvi0.exe
c:\program files\Automated Result Operator\4.6.0.2810\AROIeaddon.dll
c:\program files\BrowserZinc
c:\program files\BrowserZinc\browserzinc.dll
c:\program files\BrowserZinc\browserzinc.exe
c:\program files\BrowserZinc\uninstall.exe
c:\program files\Customized Web Management\1.6.0.3840\CWMIe.dll
c:\program files\GamezJoint Toolbar\2.6.1.11950\mvbapp.exe
c:\program files\Internet Content Assistant\1.6.0.3960\ICAIe.dll
c:\program files\WhenUSearch
c:\program files\WhenUSearch\Content\css\dialog.css
c:\program files\WhenUSearch\Content\css\menu.css
c:\program files\WhenUSearch\Content\css\module_weather.css
c:\program files\WhenUSearch\Content\css\module_weather_dialog.css
c:\program files\WhenUSearch\Content\css\quick.css
c:\program files\WhenUSearch\Content\customize.html
c:\program files\WhenUSearch\Content\daemon.ico
c:\program files\WhenUSearch\Content\dialog.css
c:\program files\WhenUSearch\Content\global.js
c:\program files\WhenUSearch\Content\images\add_image.gif
c:\program files\WhenUSearch\Content\images\add_image_down.gif
c:\program files\WhenUSearch\Content\images\add_image_on.gif
c:\program files\WhenUSearch\Content\images\arrow_down.gif
c:\program files\WhenUSearch\Content\images\arrow_down_on.gif
c:\program files\WhenUSearch\Content\images\arrow_right.gif
c:\program files\WhenUSearch\Content\images\arrow_right_on.gif
c:\program files\WhenUSearch\Content\images\button_go.gif
c:\program files\WhenUSearch\Content\images\button_go_down.gif
c:\program files\WhenUSearch\Content\images\button_go_on.gif
c:\program files\WhenUSearch\Content\images\button_search_down.gif
c:\program files\WhenUSearch\Content\images\button_search_off.gif
c:\program files\WhenUSearch\Content\images\button_search_on.gif
c:\program files\WhenUSearch\Content\images\button_search_sm_down.gif
c:\program files\WhenUSearch\Content\images\button_search_sm_off.gif
c:\program files\WhenUSearch\Content\images\button_search_sm_on.gif
c:\program files\WhenUSearch\Content\images\button_specials_on.gif
c:\program files\WhenUSearch\Content\images\corner_bottom_left.gif
c:\program files\WhenUSearch\Content\images\corner_top_left.gif
c:\program files\WhenUSearch\Content\images\delete_button.gif
c:\program files\WhenUSearch\Content\images\delete_button_down.gif
c:\program files\WhenUSearch\Content\images\delete_button_on.gif
c:\program files\WhenUSearch\Content\images\divider.gif
c:\program files\WhenUSearch\Content\images\dot_orange.gif
c:\program files\WhenUSearch\Content\images\dt_min_logo.gif
c:\program files\WhenUSearch\Content\images\gear.gif
c:\program files\WhenUSearch\Content\images\gear_down.gif
c:\program files\WhenUSearch\Content\images\gear_grey.gif
c:\program files\WhenUSearch\Content\images\gear_on.gif
c:\program files\WhenUSearch\Content\images\instructions_border_corner.gif
c:\program files\WhenUSearch\Content\images\instructions_border_right.gif
c:\program files\WhenUSearch\Content\images\instructions_border_top.gif
c:\program files\WhenUSearch\Content\images\link.gif
c:\program files\WhenUSearch\Content\images\lock.gif
c:\program files\WhenUSearch\Content\images\lock_down.gif
c:\program files\WhenUSearch\Content\images\lock_grey.gif
c:\program files\WhenUSearch\Content\images\lock_on.gif
c:\program files\WhenUSearch\Content\images\logo_searchbar_down.gif
c:\program files\WhenUSearch\Content\images\logo_searchbar_off.gif
c:\program files\WhenUSearch\Content\images\logo_searchbar_on.gif
c:\program files\WhenUSearch\Content\images\main_bg.gif
c:\program files\WhenUSearch\Content\images\manage.gif
c:\program files\WhenUSearch\Content\images\manage_down.gif
c:\program files\WhenUSearch\Content\images\manage_grey.gif
c:\program files\WhenUSearch\Content\images\manage_on.gif
c:\program files\WhenUSearch\Content\images\menu_aim_bw.gif
c:\program files\WhenUSearch\Content\images\menu_arrow_right.gif
c:\program files\WhenUSearch\Content\images\menu_bg.gif
c:\program files\WhenUSearch\Content\images\menu_left_bg.gif
c:\program files\WhenUSearch\Content\images\menu_main_bw.gif
c:\program files\WhenUSearch\Content\images\menu_pbandit_bw.gif
c:\program files\WhenUSearch\Content\images\menu_right_bg.gif
c:\program files\WhenUSearch\Content\images\menu_ucontrol_bw.gif
c:\program files\WhenUSearch\Content\images\menu_ucontrol_filler_bw.gif
c:\program files\WhenUSearch\Content\images\menu_whenu_bw.gif
c:\program files\WhenUSearch\Content\images\message_alert.gif
c:\program files\WhenUSearch\Content\images\min_new_res_menu.gif
c:\program files\WhenUSearch\Content\images\min_new_res_menu_down.gif
c:\program files\WhenUSearch\Content\images\min_new_res_menu_on.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new_down.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new_on.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new_text.gif
c:\program files\WhenUSearch\Content\images\min_new_results_new_text_on.gif
c:\program files\WhenUSearch\Content\images\module_weather_left_bg_top.gif
c:\program files\WhenUSearch\Content\images\more_bg.gif
c:\program files\WhenUSearch\Content\images\more_bottom_bg.gif
c:\program files\WhenUSearch\Content\images\more_bottom_main.gif
c:\program files\WhenUSearch\Content\images\more_bottom_main_bg.gif
c:\program files\WhenUSearch\Content\images\more_left_bg.gif
c:\program files\WhenUSearch\Content\images\more_right_bg.gif
c:\program files\WhenUSearch\Content\images\more_top_bg.gif
c:\program files\WhenUSearch\Content\images\more_top_left.gif
c:\program files\WhenUSearch\Content\images\more_top_left_bw.gif
c:\program files\WhenUSearch\Content\images\more_top_right.gif
c:\program files\WhenUSearch\Content\images\more_top_right_bw.gif
c:\program files\WhenUSearch\Content\images\more_top_x.gif
c:\program files\WhenUSearch\Content\images\more_top_x_bw.gif
c:\program files\WhenUSearch\Content\images\more_top_x_down.gif
c:\program files\WhenUSearch\Content\images\more_top_x_on.gif
c:\program files\WhenUSearch\Content\images\mount.gif
c:\program files\WhenUSearch\Content\images\mount_down.gif
c:\program files\WhenUSearch\Content\images\mount_grey.gif
c:\program files\WhenUSearch\Content\images\mount_on.gif
c:\program files\WhenUSearch\Content\images\nav_button_bg.gif
c:\program files\WhenUSearch\Content\images\nav_button_bg_down.gif
c:\program files\WhenUSearch\Content\images\nav_button_bg_on.gif
c:\program files\WhenUSearch\Content\images\notyet.gif
c:\program files\WhenUSearch\Content\images\notyet_bw.gif
c:\program files\WhenUSearch\Content\images\open_bg.gif
c:\program files\WhenUSearch\Content\images\open_bottom_bg.gif
c:\program files\WhenUSearch\Content\images\open_bottom_left.gif
c:\program files\WhenUSearch\Content\images\open_bottom_left_bw.gif
c:\program files\WhenUSearch\Content\images\open_bottom_right.gif
c:\program files\WhenUSearch\Content\images\open_bottom_right_bw.gif
c:\program files\WhenUSearch\Content\images\open_cancel.gif
c:\program files\WhenUSearch\Content\images\open_cancel_down.gif
c:\program files\WhenUSearch\Content\images\open_cancel_on.gif
c:\program files\WhenUSearch\Content\images\open_defaults.gif
c:\program files\WhenUSearch\Content\images\open_defaults_down.gif
c:\program files\WhenUSearch\Content\images\open_defaults_on.gif
c:\program files\WhenUSearch\Content\images\open_open.gif
c:\program files\WhenUSearch\Content\images\open_open_down.gif
c:\program files\WhenUSearch\Content\images\open_open_on.gif
c:\program files\WhenUSearch\Content\images\open_save.gif
c:\program files\WhenUSearch\Content\images\open_save_down.gif
c:\program files\WhenUSearch\Content\images\open_save_on.gif
c:\program files\WhenUSearch\Content\images\open_search.gif
c:\program files\WhenUSearch\Content\images\open_search_down.gif
c:\program files\WhenUSearch\Content\images\open_search_on.gif
c:\program files\WhenUSearch\Content\images\right_bg.gif
c:\program files\WhenUSearch\Content\images\right_bg_grey.gif
c:\program files\WhenUSearch\Content\images\right_instructions.gif
c:\program files\WhenUSearch\Content\images\right_instructions_on.gif
c:\program files\WhenUSearch\Content\images\right_instructions_red.gif
c:\program files\WhenUSearch\Content\images\right_left.gif
c:\program files\WhenUSearch\Content\images\right_left_grey.gif
c:\program files\WhenUSearch\Content\images\right_main_bg.gif
c:\program files\WhenUSearch\Content\images\right_more_left.gif
c:\program files\WhenUSearch\Content\images\right_more_off.gif
c:\program files\WhenUSearch\Content\images\right_more_on.gif
c:\program files\WhenUSearch\Content\images\right_more_up.gif
c:\program files\WhenUSearch\Content\images\spacer.gif
c:\program files\WhenUSearch\Content\images\tab_left_bg.gif
c:\program files\WhenUSearch\Content\images\tab_left_bw.gif
c:\program files\WhenUSearch\Content\images\tab_left_down.gif
c:\program files\WhenUSearch\Content\images\tab_left_off.gif
c:\program files\WhenUSearch\Content\images\tab_left_on.gif
c:\program files\WhenUSearch\Content\images\tab_right_down.gif
c:\program files\WhenUSearch\Content\images\tab_right_off.gif
c:\program files\WhenUSearch\Content\images\tab_right_on.gif
c:\program files\WhenUSearch\Content\images\unmount.gif
c:\program files\WhenUSearch\Content\images\unmount_down.gif
c:\program files\WhenUSearch\Content\images\unmount_grey.gif
c:\program files\WhenUSearch\Content\images\unmount_on.gif
c:\program files\WhenUSearch\Content\index.htm
c:\program files\WhenUSearch\Content\instructions.html
c:\program files\WhenUSearch\Content\loading.html
c:\program files\WhenUSearch\Content\main_menu_sub.html
c:\program files\WhenUSearch\Content\menu.css
c:\program files\WhenUSearch\Content\menu_emu.html
c:\program files\WhenUSearch\Content\menu_main.html
c:\program files\WhenUSearch\Content\menu_manage.html
c:\program files\WhenUSearch\Content\menu_opt.html
c:\program files\WhenUSearch\Content\menu_ucontrol.html
c:\program files\WhenUSearch\Content\menu_whenu.html
c:\program files\WhenUSearch\Content\message.html
c:\program files\WhenUSearch\Content\min.html
c:\program files\WhenUSearch\Content\module_weather.css
c:\program files\WhenUSearch\Content\module_weather_dialog.css
c:\program files\WhenUSearch\Content\more.html
c:\program files\WhenUSearch\Content\movement.js
c:\program files\WhenUSearch\Content\newresults.html
c:\program files\WhenUSearch\Content\notyet.html
c:\program files\WhenUSearch\Content\open_browser.html
c:\program files\WhenUSearch\Content\open_search.html
c:\program files\WhenUSearch\Content\quick.css
c:\program files\WhenUSearch\Content\quick_coupon.html
c:\program files\WhenUSearch\Content\quick_instructions.html
c:\program files\WhenUSearch\Content\quick_search.html
c:\program files\WhenUSearch\Content\quick_tutorial.html
c:\program files\WhenUSearch\Content\right.html
c:\program files\WhenUSearch\Content\search.html
c:\program files\WhenUSearch\Content\splash.html
c:\program files\WhenUSearch\Content\tooltip_emu.html
c:\program files\WhenUSearch\Content\tooltip_go.html
c:\program files\WhenUSearch\Content\tooltip_logo.html
c:\program files\WhenUSearch\Content\tooltip_manage.html
c:\program files\WhenUSearch\Content\tooltip_more.html
c:\program files\WhenUSearch\Content\tooltip_opt.html
c:\program files\WhenUSearch\Content\tooltip_search.html
c:\program files\WhenUSearch\Content\tooltip_slider.html
c:\program files\WhenUSearch\Content\tooltip_whenu.html
c:\program files\WhenUSearch\Content\tooltip_whenu2.html
c:\program files\WhenUSearch\Content\ui.cfg
c:\program files\WhenUSearch\Content\uninst.ico
c:\program files\WhenUSearch\search.db
c:\program files\WhenUSearch\search.htm
c:\program files\WhenUSearch\Uninst.exe
C:\r3fhr.exe
c:\windows\system32\_004541_.tmp.dll
c:\windows\system32\_004542_.tmp.dll
c:\windows\system32\_004543_.tmp.dll
c:\windows\system32\_004544_.tmp.dll
c:\windows\system32\_004551_.tmp.dll
c:\windows\system32\_004552_.tmp.dll
c:\windows\system32\_004553_.tmp.dll
c:\windows\system32\_004554_.tmp.dll
c:\windows\system32\_004556_.tmp.dll
c:\windows\system32\_004557_.tmp.dll
c:\windows\system32\_004560_.tmp.dll
c:\windows\system32\_004561_.tmp.dll
c:\windows\system32\_004563_.tmp.dll
c:\windows\system32\_004564_.tmp.dll
c:\windows\system32\_004565_.tmp.dll
c:\windows\system32\_004567_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004571_.tmp.dll
c:\windows\system32\_004575_.tmp.dll
c:\windows\system32\_004576_.tmp.dll
c:\windows\system32\_004578_.tmp.dll
c:\windows\system32\_004581_.tmp.dll
c:\windows\system32\_004584_.tmp.dll
c:\windows\system32\_004585_.tmp.dll
c:\windows\system32\_004586_.tmp.dll
c:\windows\system32\_004587_.tmp.dll
c:\windows\system32\_004588_.tmp.dll
c:\windows\system32\_004591_.tmp.dll
c:\windows\system32\_004592_.tmp.dll
c:\windows\system32\_004593_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\_004595_.tmp.dll
c:\windows\system32\_004600_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\Cache
D:\Autorun.inf
D:\hc3hvi0.exe
D:\r3fhr.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BROWSERZINC_SERVICE
-------\Service_BrowserZinc Service

(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-28  )))))))))))))))))))))))))))))))
.

2010-05-27 16:52 . 2010-05-27 16:52 -------- d-----w- c:\documents and settings\Silvius\Application Data\Avira
2010-05-27 16:41 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-27 16:41 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-27 16:41 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-27 16:41 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-27 16:41 . 2010-05-27 16:41 -------- d-----w- c:\program files\Avira
2010-05-27 16:41 . 2010-05-27 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-27 16:38 . 2010-05-27 16:44 38784 ----a-w- c:\documents and settings\Silvius\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-27 16:37 . 2010-05-27 16:44 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-27 16:37 . 2010-05-27 16:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-27 16:37 . 2010-05-27 16:36 115712 --sh--r- C:\bu8.exe
2010-05-27 16:18 . 2010-05-27 18:36 -------- d-----w- c:\documents and settings\Silvius\Application Data\TeamViewer
2010-05-27 16:17 . 2010-05-27 16:17 -------- d-----w- c:\program files\TeamViewer
2010-05-27 08:07 . 2010-05-27 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-05-27 08:07 . 2010-05-27 08:07 -------- d-----w- C:\ProgramData
2010-05-27 08:07 . 2010-05-27 08:07 -------- d-----w- c:\program files\Electronic Arts
2010-05-27 08:04 . 2010-05-27 08:04 10134 ----a-r- c:\documents and settings\Silvius\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-05-27 08:04 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2010-05-27 08:04 . 2010-05-27 08:04 -------- d-----w- c:\program files\Microsoft WSE
2010-05-27 08:03 . 2006-09-28 13:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-27 08:03 . 2010-05-27 08:03 -------- d-----w- c:\windows\Logs
2010-05-26 17:42 . 2010-05-27 13:53 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-05-26 17:42 . 2010-05-26 17:49 -------- d-----w- c:\documents and settings\Silvius\Application Data\DAEMON Tools Lite
2010-05-26 17:42 . 2010-05-26 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-05-14 12:48 . 2010-05-14 12:48 -------- d-----w- c:\program files\Internet Content Assistant
2010-05-14 12:48 . 2010-05-14 12:48 906477 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\icasetup.exe
2010-05-14 12:48 . 2010-05-14 12:48 -------- d-----w- c:\program files\Customized Web Management
2010-05-14 12:48 . 2010-05-14 12:48 1310013 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\cwmsetup.exe
2010-05-14 12:46 . 2010-05-10 04:09 3038911 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\Setup.exe
2010-05-12 16:29 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-05-12 16:29 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-05-07 20:35 . 2010-05-07 20:35 58644 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-07 20:18 . 2010-05-07 20:18 -------- d-----w- c:\program files\iPod
2010-05-07 20:18 . 2010-05-07 20:19 -------- d-----w- c:\program files\iTunes
2010-05-07 20:13 . 2010-05-07 20:13 -------- d-----w- c:\program files\Bonjour
2010-05-07 20:11 . 2010-05-07 20:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-07 20:09 . 2010-05-07 20:10 -------- d-----w- c:\program files\Safari
2010-05-07 20:08 . 2010-05-07 20:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-05-03 19:55 . 2010-05-07 15:32 -------- d-----w- c:\documents and settings\Silvius\Application Data\dvdcss
2010-05-02 14:11 . 2010-05-18 13:57 -------- d-----w- c:\documents and settings\Silvius\Application Data\vlc
2010-05-02 14:08 . 2010-05-02 14:08 -------- d-----w- c:\program files\VideoLAN
2010-05-01 20:11 . 2010-05-01 20:11 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2010-05-01 17:56 . 2010-05-01 18:35 -------- d-----w- c:\program files\Paint.NET
2010-05-01 17:56 . 2010-05-01 18:44 -------- d-----w- c:\documents and settings\Silvius\Local Settings\Application Data\Paint.NET
2010-05-01 17:54 . 2010-05-01 17:54 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-01 17:54 . 2010-05-01 17:54 -------- d-----w- c:\program files\Reference Assemblies
2010-05-01 17:53 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-01 17:52 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-01 17:52 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-01 17:52 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-01 17:52 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-01 17:52 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-01 17:52 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-01 17:52 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-01 17:52 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-05-01 17:42 . 2010-05-01 17:42 -------- d-----r- C:\AHCache
2010-05-01 17:34 . 2010-05-01 17:34 213504 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-01 17:34 . 2010-05-01 17:34 1061 ----a-w- c:\windows\system32\SpoonUninstall-Saint Paint Studio.dat
2010-05-01 17:34 . 2010-05-01 17:34 -------- d-----w- c:\program files\Saint Paint
2010-05-01 05:11 . 2010-05-01 05:11 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-04-29 20:20 . 2010-04-29 20:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-29 19:04 . 2010-04-29 19:04 -------- d-----w- c:\documents and settings\Silvius\Application Data\ImgBurn
2010-04-29 18:51 . 2010-04-29 18:52 -------- dc-h--w- c:\windows\ie8
2010-04-29 18:09 . 2010-04-29 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-29 18:09 . 2010-04-29 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-29 16:01 . 2010-04-29 16:01 -------- d-----w- c:\documents and settings\Silvius\Local Settings\Application Data\Yahoo!
2010-04-29 16:00 . 2010-04-29 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-29 16:00 . 2010-04-29 16:04 -------- d-----w- c:\documents and settings\Silvius\Application Data\Yahoo!
2010-04-29 16:00 . 2009-12-14 14:52 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-04-29 15:59 . 2010-04-29 18:32 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-29 15:08 . 2010-04-29 15:08 -------- d-----w- c:\windows\system32\Adobe
2010-04-28 17:59 . 2010-04-28 17:59 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-28 13:55 . 2010-04-28 13:55 -------- d-----w- c:\documents and settings\Silvius\Application Data\WhenU
2010-04-28 13:54 . 2010-04-28 13:54 -------- d-----w- c:\program files\Common Files\WhenU
2010-04-28 13:51 . 2010-05-26 17:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-28 13:36 . 2009-08-06 16:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-28 13:36 . 2009-08-06 16:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-28 10:26 . 2010-04-28 10:30 -------- d-----w- c:\documents and settings\Silvius\Local Settings\Application Data\Adobe
2010-04-28 09:06 . 2010-04-29 19:30 -------- d-----w- c:\windows\system32\scripting
2010-04-28 09:06 . 2010-04-29 19:30 -------- d-----w- c:\windows\l2schemas
2010-04-28 09:06 . 2010-04-29 19:30 -------- d-----w- c:\windows\system32\en
2010-04-28 09:06 . 2010-04-29 19:30 -------- d-----w- c:\windows\system32\bits

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 08:58 . 2010-04-26 14:44 -------- d-----w- c:\documents and settings\Silvius\Application Data\uTorrent
2010-05-27 07:58 . 2010-04-25 10:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-16 06:05 . 2010-04-26 14:45 -------- d-----w- c:\program files\uTorrent
2010-05-14 12:47 . 2010-05-14 12:47 -------- d-----w- c:\program files\Internet Connection Wizard
2010-05-14 12:47 . 2010-05-14 12:47 1522654 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\icwsetup.exe
2010-05-14 12:47 . 2010-05-14 12:47 -------- d-----w- c:\program files\Advanced Access Controller
2010-05-14 12:47 . 2010-05-14 12:47 864919 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\aacsetup.exe
2010-05-14 12:47 . 2010-05-14 12:47 -------- d-----w- c:\program files\Common Files\Count Access Advancer
2010-05-14 12:47 . 2010-05-14 12:47 -------- d-----w- c:\program files\Count Access Advancer
2010-05-14 12:47 . 2010-05-14 12:47 1105217 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\caasetup.exe
2010-05-14 12:47 . 2010-05-14 12:47 -------- d-----w- c:\program files\Automated Result Operator
2010-05-14 12:47 . 2010-05-14 12:46 829466 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\arosetup.exe
2010-05-14 12:46 . 2010-05-14 12:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}
2010-05-14 12:46 . 2010-05-14 12:46 -------- d-----w- c:\program files\GamezJoint Toolbar
2010-05-12 19:51 . 2010-04-25 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 04:09 . 2010-05-14 12:46 356352 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbsh.dll
2010-05-10 04:09 . 2010-05-14 12:46 307200 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll
2010-05-10 04:09 . 2010-05-14 12:46 307200 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll
2010-05-10 04:09 . 2010-05-14 12:46 586099 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbterm.exe
2010-05-10 04:09 . 2010-05-14 12:46 678582 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\3A0AAFF0\B94081D6\mvbsvc.exe
2010-05-10 04:09 . 2010-05-14 12:46 498358 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbpx.exe
2010-05-10 04:09 . 2010-05-14 12:46 539318 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe
2010-05-10 04:09 . 2010-05-14 12:46 506550 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\93CE9E2B\B94081D6\mvbasst.exe
2010-05-10 04:09 . 2010-05-14 12:46 572086 -c--a-w- c:\documents and settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\75918810\B94081D6\mvbapp.exe
2010-05-07 20:34 . 2010-04-25 15:42 -------- d-----w- c:\documents and settings\Silvius\Application Data\Apple Computer
2010-05-07 20:18 . 2010-04-25 15:38 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 17:55 . 2010-04-25 09:46 73928 ----a-w- c:\documents and settings\Silvius\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-01 17:54 . 2010-04-25 11:05 -------- d-----w- c:\program files\MSBuild
2010-05-01 11:14 . 2010-04-25 14:29 -------- d-----w- c:\program files\Opera
2010-04-29 19:32 . 2010-04-25 09:36 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-29 18:38 . 2010-04-25 11:05 -------- d-----w- c:\program files\Microsoft Works
2010-04-29 18:09 . 2010-04-25 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-29 16:01 . 2010-04-25 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-04-29 16:01 . 2010-04-25 11:25 -------- d-----w- c:\program files\Yahoo!
2010-04-28 10:25 . 2010-04-25 09:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 14:45 . 2010-04-26 14:45 -------- d-----w- c:\program files\Ask.com
2010-04-26 12:12 . 2010-04-26 12:12 -------- d-----w- c:\documents and settings\Silvius\Application Data\Media Player Classic
2010-04-25 15:42 . 2010-04-25 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-25 15:41 . 2010-04-25 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-25 15:40 . 2010-04-25 15:40 -------- d-----w- c:\program files\QuickTime
2010-04-25 15:39 . 2010-04-25 15:39 -------- d-----w- c:\program files\Apple Software Update
2010-04-25 15:38 . 2010-04-25 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-04-25 14:53 . 2010-04-25 14:53 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-04-25 14:49 . 2010-04-25 14:48 -------- d-----w- c:\program files\Joost
2010-04-25 14:46 . 2010-04-25 14:46 -------- d-----w- c:\documents and settings\Silvius\Application Data\Joost
2010-04-25 14:41 . 2010-04-25 14:41 -------- d-----w- c:\documents and settings\Silvius\Application Data\JLC's Software
2010-04-25 14:41 . 2010-04-25 14:41 -------- d-----w- c:\program files\JLC's Software
2010-04-25 14:33 . 2010-04-25 14:33 4286 ----a-r- c:\documents and settings\Silvius\Application Data\Microsoft\Installer\{37F9008D-20E7-4A0D-BF57-57AA9D5DA6D8}\_F836E56A9D4FC6B7322F4C.exe
2010-04-25 14:33 . 2010-04-25 14:33 4286 ----a-r- c:\documents and settings\Silvius\Application Data\Microsoft\Installer\{37F9008D-20E7-4A0D-BF57-57AA9D5DA6D8}\_050722CC25DEB57EC86707.exe
2010-04-25 14:33 . 2010-04-25 14:33 10134 ----a-r- c:\documents and settings\Silvius\Application Data\Microsoft\Installer\{37F9008D-20E7-4A0D-BF57-57AA9D5DA6D8}\_83BB12F3AD532243F12A07.exe
2010-04-25 13:53 . 2010-04-25 13:53 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-04-25 13:30 . 2010-04-25 11:09 -------- d-----w- c:\program files\Realtek
2010-04-25 13:30 . 2010-04-25 13:30 -------- d-----w- c:\documents and settings\Silvius\Application Data\InstallShield
2010-04-25 12:34 . 2010-04-25 12:34 -------- d-----w- c:\program files\FOX ONE
2010-04-25 12:24 . 2010-04-25 12:22 -------- d-----w- c:\program files\Intel
2010-04-25 12:24 . 2010-04-25 12:24 -------- d-----w- c:\program files\Marvell
2010-04-25 12:16 . 2010-04-25 12:16 -------- d-----w- c:\documents and settings\Silvius\Application Data\ATI
2010-04-25 12:16 . 2010-04-25 12:16 130 ----a-w- c:\documents and settings\Silvius\Local Settings\Application Data\fusioncache.dat
2010-04-25 12:10 . 2010-04-25 12:08 -------- d-----w- c:\program files\ATI Technologies
2010-04-25 12:09 . 2010-04-25 10:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-25 12:06 . 2010-04-25 12:06 -------- d-----w- c:\program files\LiveUpdate
2010-04-25 11:43 . 2010-04-25 11:43 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-04-25 11:43 . 2010-04-25 11:43 -------- d-----w- c:\program files\muvee Technologies
2010-04-25 11:43 . 2010-04-25 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\muvee Technologies
2010-04-25 11:40 . 2010-04-25 09:58 -------- d-----w- c:\program files\Gigabyte
2010-04-25 11:15 . 2010-04-25 11:15 5279 ----a-w- C:\huadio.tmp
2010-04-25 11:08 . 2010-04-25 11:08 -------- d-----w- c:\program files\PBX Telecom
2010-04-25 11:07 . 2010-04-25 11:07 -------- d-----w- c:\program files\Xradio
2010-04-25 11:07 . 2010-04-25 11:07 -------- d-----w- c:\documents and settings\Silvius\Application Data\xradio
2010-04-25 10:39 . 2010-04-25 10:38 -------- d-----w- c:\program files\Common Files\Softwin
2010-04-25 10:29 . 2010-04-25 10:29 -------- d-----w- c:\program files\Realtek Sound Manager
2010-04-25 10:29 . 2010-04-25 10:29 -------- d-----w- c:\program files\AvRack
2010-04-25 10:26 . 2010-04-25 10:26 -------- d-----w- c:\program files\Common Files\Nero
2010-04-25 10:26 . 2010-04-25 10:26 -------- d-----w- c:\documents and settings\Silvius\Application Data\Nero
2010-04-25 10:26 . 2010-04-25 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-25 10:26 . 2010-04-25 10:25 -------- d-----w- c:\program files\Nero
2010-04-25 10:19 . 2010-04-25 10:19 -------- d-----w- c:\documents and settings\Silvius\Application Data\Symantec
2010-04-25 09:37 . 2010-04-25 09:37 -------- d-----w- c:\program files\microsoft frontpage
2010-04-25 09:33 . 2010-04-25 09:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-08 10:20 . 2010-04-08 10:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 10:20 . 2010-04-08 10:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 13:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-03-19 5248312]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-15 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-03 16120832]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Internet Connection Wizard Task"="c:\program files\Internet Connection Wizard\1.6.0.2350\InternetToday.exe" [2010-05-10 404150]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\PBX Telecom\\PBX TV\\pbxtv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/28/2010 4:51 PM 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/27/2010 7:41 PM 135336]
R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [4/25/2010 2:18 PM 170128]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [4/25/2010 3:25 PM 9344]
S3 huadio;huadio;C:\huadio.tmp [4/25/2010 2:15 PM 5279]
S3 WMIBIOS;%WMIBIOS.ServiceName%;c:\windows\system32\drivers\wmibios.sys [4/25/2010 2:15 PM 18272]
S3 WMIINFO;WMIINFO Driver;c:\windows\system32\drivers\wmiinfo.sys [4/25/2010 2:15 PM 21184]
.
Contents of the 'Scheduled Tasks' folder

2010-05-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 08:50]

2010-05-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: &Funband Serach - c:\program files\GamezJoint Toolbar\2.6.1.11950\mvb0.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-VideoBarApp - c:\program files\GamezJoint Toolbar\2.6.1.11950\mvbapp.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-BDSwitchAgent - c:\progra~1\Softwin\BITDEF~1\bdswitch.exe
AddRemove-BrowserZinc - c:\program files\BrowserZinc\uninstall.exe
AddRemove-WhenUSearch - c:\program files\WhenUSearch\Uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 11:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys splz.sys hal.dll >>UNKNOWN [0x87189938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75d1f28
\Driver\atapi -> atapi.sys @ 0xf731cb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7237bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7226a0d
SendHandler -> NDIS.sys @ 0xf723ab40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\huadio]
"ImagePath"="\??\c:\huadio.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-05-28  12:00:48 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-28 09:00

Pre-Run: 175,614,201,856 bytes free
Post-Run: 175,942,266,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 8063B0D271EC4222047CC0C6FF7ECD3C

Uite rezultatele! Mai departe ce fac?

#24
silvius_tec07

Posted 28 May 2010 - 11:53

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

silvius_tec07, on 28th May 2010, 12:09, said:

Uite rezultatele! Mai departe ce fac?

Am uitat sa spun: acuma merge IE si Windows Media Player si, chiar Avira, asa ca i-am dat o scanare! Uite rezultatele:

Quote

Avira AntiVir Personal
Report file date: Friday, May 28, 2010  12:24

Scanning for 2167395 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : SILVIUS-063F023

Version information:
BUILD.DAT       : 10.0.0.567     32097 Bytes   4/19/2010 15:07:00
AVSCAN.EXE      : 10.0.3.0      433832 Bytes    4/1/2010 10:37:38
AVSCAN.DLL      : 10.0.3.0       46440 Bytes    4/1/2010 10:57:04
LUKE.DLL        : 10.0.2.3      104296 Bytes    3/7/2010 16:33:04
LUKERES.DLL     : 10.0.0.1       12648 Bytes   2/10/2010 21:40:49
VBASE000.VDF    : 7.10.0.0    19875328 Bytes   11/6/2009 07:05:36
VBASE001.VDF    : 7.10.1.0     1372672 Bytes  11/19/2009 17:27:49
VBASE002.VDF    : 7.10.3.1     3143680 Bytes   1/20/2010 15:37:42
VBASE003.VDF    : 7.10.3.75     996864 Bytes   1/26/2010 14:37:42
VBASE004.VDF    : 7.10.4.203   1579008 Bytes    3/5/2010 09:29:03
VBASE005.VDF    : 7.10.6.82    2494464 Bytes   4/15/2010 17:48:42
VBASE006.VDF    : 7.10.6.83       2048 Bytes   4/15/2010 17:48:42
VBASE007.VDF    : 7.10.6.84       2048 Bytes   4/15/2010 17:48:42
VBASE008.VDF    : 7.10.6.85       2048 Bytes   4/15/2010 17:48:42
VBASE009.VDF    : 7.10.6.86       2048 Bytes   4/15/2010 17:48:42
VBASE010.VDF    : 7.10.6.87       2048 Bytes   4/15/2010 17:48:42
VBASE011.VDF    : 7.10.6.88       2048 Bytes   4/15/2010 17:48:42
VBASE012.VDF    : 7.10.6.89       2048 Bytes   4/15/2010 17:48:42
VBASE013.VDF    : 7.10.6.90       2048 Bytes   4/15/2010 17:48:42
VBASE014.VDF    : 7.10.6.123    126464 Bytes   4/19/2010 17:48:43
VBASE015.VDF    : 7.10.6.152    123392 Bytes   4/21/2010 17:48:43
VBASE016.VDF    : 7.10.6.178    122880 Bytes   4/22/2010 17:48:43
VBASE017.VDF    : 7.10.6.206    120320 Bytes   4/26/2010 17:48:43
VBASE018.VDF    : 7.10.6.232     99328 Bytes   4/28/2010 17:48:43
VBASE019.VDF    : 7.10.7.2      155648 Bytes   4/30/2010 17:48:43
VBASE020.VDF    : 7.10.7.26     119808 Bytes    5/4/2010 17:48:43
VBASE021.VDF    : 7.10.7.51     118272 Bytes    5/6/2010 17:48:43
VBASE022.VDF    : 7.10.7.75     404992 Bytes   5/10/2010 17:48:43
VBASE023.VDF    : 7.10.7.100    125440 Bytes   5/13/2010 17:48:43
VBASE024.VDF    : 7.10.7.119    177664 Bytes   5/17/2010 17:48:44
VBASE025.VDF    : 7.10.7.139    129024 Bytes   5/19/2010 17:48:44
VBASE026.VDF    : 7.10.7.157    145920 Bytes   5/21/2010 17:48:44
VBASE027.VDF    : 7.10.7.173    147456 Bytes   5/25/2010 17:48:44
VBASE028.VDF    : 7.10.7.174      2048 Bytes   5/25/2010 17:48:44
VBASE029.VDF    : 7.10.7.175      2048 Bytes   5/25/2010 17:48:44
VBASE030.VDF    : 7.10.7.176      2048 Bytes   5/25/2010 17:48:44
VBASE031.VDF    : 7.10.7.187    129024 Bytes   5/27/2010 17:48:44
Engineversion   : 8.2.1.242
AEVDF.DLL       : 8.1.2.0       106868 Bytes   5/27/2010 17:48:45
AESCRIPT.DLL    : 8.1.3.29     1343866 Bytes   5/27/2010 17:48:45
AESCN.DLL       : 8.1.6.1       127347 Bytes   5/27/2010 17:48:45
AESBX.DLL       : 8.1.3.1       254324 Bytes   5/27/2010 17:48:45
AERDL.DLL       : 8.1.4.6       541043 Bytes   5/27/2010 17:48:45
AEPACK.DLL      : 8.2.1.1       426358 Bytes   3/19/2010 10:34:51
AEOFFICE.DLL    : 8.1.1.0       201081 Bytes   5/27/2010 17:48:44
AEHEUR.DLL      : 8.1.1.27     2670967 Bytes   5/27/2010 17:48:44
AEHELP.DLL      : 8.1.11.3      242039 Bytes    4/1/2010 14:05:25
AEGEN.DLL       : 8.1.3.9       377203 Bytes   5/27/2010 17:48:44
AEEMU.DLL       : 8.1.2.0       393588 Bytes   5/27/2010 17:48:44
AECORE.DLL      : 8.1.15.3      192886 Bytes   5/27/2010 17:48:44
AEBB.DLL        : 8.1.1.0        53618 Bytes   5/27/2010 17:48:44
AVWINLL.DLL     : 10.0.0.0       19304 Bytes   1/14/2010 10:03:38
AVPREF.DLL      : 10.0.0.0       44904 Bytes   1/14/2010 10:03:35
AVREP.DLL       : 10.0.0.8       62209 Bytes   2/18/2010 14:47:40
AVREG.DLL       : 10.0.3.0       53096 Bytes    4/1/2010 10:35:46
AVSCPLR.DLL     : 10.0.3.0       83816 Bytes    4/1/2010 10:39:51
AVARKT.DLL      : 10.0.0.14     227176 Bytes    4/1/2010 10:22:13
AVEVTLOG.DLL    : 10.0.0.8      203112 Bytes   1/26/2010 07:53:30
SQLITE3.DLL     : 3.6.19.0      355688 Bytes   1/28/2010 10:57:58
AVSMTP.DLL      : 10.0.0.17      63848 Bytes   3/16/2010 13:38:56
NETNT.DLL       : 10.0.0.0       11624 Bytes   2/19/2010 12:41:00
RCIMAGE.DLL     : 10.0.0.26    2550120 Bytes   1/28/2010 11:10:20
RCTEXT.DLL      : 10.0.53.0      97128 Bytes    4/9/2010 12:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Friday, May 28, 2010  12:24

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-1078081533-1606980848-839522115-1003\Software\Microsoft\MediaPlayer\Preferences\autometadatacurrentdownloadcount
    [NOTE]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\BITS\stateindex
    [NOTE]      The registry entry is invisible.
c:\windows\explorer.exe
c:\WINDOWS\explorer.exe
    [NOTE]      The process is not visible.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '62' Module(s) have been scanned
Scan process 'opera.exe' - '72' Module(s) have been scanned
Scan process 'wmplayer.exe' - '111' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'explorer.exe' - '117' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '29' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'uTorrent.exe' - '57' Module(s) have been scanned
Scan process 'avgnt.exe' - '50' Module(s) have been scanned
Scan process 'vsnpstd3.exe' - '18' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '67' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '36' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '43' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '15' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'inetinfo.exe' - '70' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '29' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '20' Module(s) have been scanned
Scan process 'spoolsv.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '73' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
Master boot sector HD2
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1018' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\3A0AAFF0\B94081D6\mvbsvc.exe
    [DETECTION] Is the TR/Buzus.ebcx Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe
    [DETECTION] Is the TR/Buzus.ebdd Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\75918810\B94081D6\mvbapp.exe
    [DETECTION] Is the TR/Buzus.ebcu Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\93CE9E2B\B94081D6\mvbasst.exe
    [DETECTION] Is the TR/Buzus.ebcv Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\caasetup.exe
    [DETECTION] Is the TR/Meredrop.A.9804 Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbpx.exe
    [DETECTION] Is the TR/Buzus.ebcy Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbsh.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbterm.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Documents and Settings\Silvius\Local Settings\Application Data\GamezJoint Toolbar\2.6.1.11950\bin\mvbup.exe
    [DETECTION] Is the TR/Buzus.ebcz Trojan
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe
    [DETECTION] Is the TR/Buzus.ebcz Trojan
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Setup.exe
    [DETECTION] Is the TR/Buzus.ebct Trojan
--> OFFLINE/75918810/B94081D6/mvbapp.exe
  [DETECTION] Is the TR/Buzus.ebcu Trojan
--> OFFLINE/93CE9E2B/B94081D6/mvbasst.exe
  [DETECTION] Is the TR/Buzus.ebcv Trojan
--> OFFLINE/53CCABA1/B94081D6/mvbdl.exe
  [DETECTION] Is the TR/Buzus.ebdd Trojan
--> OFFLINE/mFileBagIDE.dll/bag/mvbpx.exe
  [DETECTION] Is the TR/Buzus.ebcy Trojan
--> OFFLINE/3A0AAFF0/B94081D6/mvbsvc.exe
  [DETECTION] Is the TR/Buzus.ebcx Trojan
--> OFFLINE/mFileBagIDE.dll/bag/mvbterm.exe
  [DETECTION] Is the TR/Dropper.Gen Trojan
  --> OFFLINE/mFileBagIDE.dll/bag/mvbsh.dll
    [1] Archive type: OVL
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
  --> OFFLINE/48C8FBD2/B94081D6/ProductInfo.dll
    [1] Archive type: OVL
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
  --> OFFLINE/mFileBagIDE.dll/bag/ProductInfo.dll
    [1] Archive type: OVL
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\Advanced Access Controller\4.6.0.2670\FF\components\AACFFAddOn.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\Automated Result Operator\4.6.0.2810\FF\components\AROFFAddOn.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\Count Access Advancer\5.6.0.7190\chromesh.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\Count Access Advancer\5.6.0.7190\Chrome\CAAChromeAddOn.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\Count Access Advancer\5.6.0.7190\FF\components\CAAFFAddOn.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\Customized Web Management\1.6.0.3840\FF\components\CWMFFAddOn.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\GamezJoint Toolbar\2.6.1.11950\ProductInfo.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\Internet Connection Wizard\1.6.0.2350\ITConfigMgr.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Program Files\Internet Content Assistant\1.6.0.3960\icapx.exe
    [DETECTION] Is the TR/Buzus.ecau Trojan
C:\Program Files\Internet Content Assistant\1.6.0.3960\FF\components\ICAFFAddOn.dll
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Qoobox\Quarantine\C\hc3hvi0.exe.vir
    [DETECTION] Is the TR/Agent.128512.D Trojan
C:\Qoobox\Quarantine\C\r3fhr.exe.vir
    [DETECTION] Is the TR/Viking.B Trojan
C:\Qoobox\Quarantine\C\Program Files\Automated Result Operator\4.6.0.2810\AROIEAddOn.dll.vir
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Qoobox\Quarantine\C\Program Files\Customized Web Management\1.6.0.3840\CWMIE.dll.vir
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Qoobox\Quarantine\C\Program Files\GamezJoint Toolbar\2.6.1.11950\mvbapp.exe.vir
    [DETECTION] Is the TR/Buzus.ebcu Trojan
C:\Qoobox\Quarantine\C\Program Files\Internet Content Assistant\1.6.0.3960\ICAIE.dll.vir
[0] Archive type: OVL
  [DETECTION] Is the TR/Buzus.M.96 Trojan
--> Object
  [DETECTION] Is the TR/Buzus.M.96 Trojan
C:\Qoobox\Quarantine\C\Program Files\WhenUSearch\search.htm.vir
    [DETECTION] Contains recognition pattern of the ADSPY/WhenUSearch.G adware or spyware
C:\Qoobox\Quarantine\C\Program Files\WhenUSearch\Uninst.exe.vir
    [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
Begin scan in 'D:\'

Beginning disinfection:
C:\Qoobox\Quarantine\C\Program Files\WhenUSearch\Uninst.exe.vir
    [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
    [NOTE]      The file was moved to the quarantine directory under the name '4f723c6b.qua'.
C:\Qoobox\Quarantine\C\Program Files\WhenUSearch\search.htm.vir
    [DETECTION] Contains recognition pattern of the ADSPY/WhenUSearch.G adware or spyware
    [NOTE]      The file was moved to the quarantine directory under the name '57ed13c3.qua'.
C:\Qoobox\Quarantine\C\Program Files\Internet Content Assistant\1.6.0.3960\ICAIE.dll.vir
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '05924909.qua'.
C:\Qoobox\Quarantine\C\Program Files\GamezJoint Toolbar\2.6.1.11950\mvbapp.exe.vir
    [DETECTION] Is the TR/Buzus.ebcu Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '6384071e.qua'.
C:\Qoobox\Quarantine\C\Program Files\Customized Web Management\1.6.0.3840\CWMIE.dll.vir
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '262d2bc1.qua'.
C:\Qoobox\Quarantine\C\Program Files\Automated Result Operator\4.6.0.2810\AROIEAddOn.dll.vir
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '593419a5.qua'.
C:\Qoobox\Quarantine\C\r3fhr.exe.vir
    [DETECTION] Is the TR/Viking.B Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '15a735ce.qua'.
C:\Qoobox\Quarantine\C\hc3hvi0.exe.vir
    [DETECTION] Is the TR/Agent.128512.D Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '69e875ae.qua'.
C:\Program Files\Internet Content Assistant\1.6.0.3960\FF\components\ICAFFAddOn.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '44c05ac3.qua'.
C:\Program Files\Internet Content Assistant\1.6.0.3960\icapx.exe
    [DETECTION] Is the TR/Buzus.ecau Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '5d886179.qua'.
C:\Program Files\Internet Connection Wizard\1.6.0.2350\ITConfigMgr.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '31f64d5a.qua'.
C:\Program Files\GamezJoint Toolbar\2.6.1.11950\ProductInfo.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '4063752d.qua'.
C:\Program Files\Customized Web Management\1.6.0.3840\FF\components\CWMFFAddOn.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '4e5b440c.qua'.
C:\Program Files\Count Access Advancer\5.6.0.7190\FF\components\CAAFFAddOn.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '0b7e3d78.qua'.
C:\Program Files\Count Access Advancer\5.6.0.7190\Chrome\CAAChromeAddOn.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '027539d2.qua'.
C:\Program Files\Count Access Advancer\5.6.0.7190\chromesh.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '5a052092.qua'.
C:\Program Files\Automated Result Operator\4.6.0.2810\FF\components\AROFFAddOn.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '76ce5944.qua'.
C:\Program Files\Advanced Access Controller\4.6.0.2670\FF\components\AACFFAddOn.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '483c39ad.qua'.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Setup.exe
    [DETECTION] Is the TR/Buzus.ebct Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '2b0312fa.qua'.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\productinfo.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '0dd65317.qua'.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\mvbup.exe
    [DETECTION] Is the TR/Buzus.ebcz Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '3f4d28be.qua'.
C:\Documents and Settings\Silvius\Local Settings\Application Data\GamezJoint Toolbar\2.6.1.11950\bin\mvbup.exe
    [DETECTION] Is the TR/Buzus.ebcz Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '350803c0.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\ProductInfo.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '0a546789.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbterm.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '74776ba2.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbsh.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '210f6f6a.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\mvbpx.exe
    [DETECTION] Is the TR/Buzus.ebcy Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '2c991e42.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\mFileBagIDE.dll\bag\caasetup.exe
    [DETECTION] Is the TR/Meredrop.A.9804 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '30c50bb4.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\93CE9E2B\B94081D6\mvbasst.exe
    [DETECTION] Is the TR/Buzus.ebcv Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '01174785.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\75918810\B94081D6\mvbapp.exe
    [DETECTION] Is the TR/Buzus.ebcu Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '6d4153b3.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\53CCABA1\B94081D6\mvbdl.exe
    [DETECTION] Is the TR/Buzus.ebdd Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '24db76b5.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\48C8FBD2\B94081D6\ProductInfo.dll
    [DETECTION] Is the TR/Buzus.M.96 Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '7f417e68.qua'.
C:\Documents and Settings\All Users\Application Data\{CDD79DF9-3373-4A1D-9DB1-AA56711672D7}\OFFLINE\3A0AAFF0\B94081D6\mvbsvc.exe
    [DETECTION] Is the TR/Buzus.ebcx Trojan
    [NOTE]      The file was moved to the quarantine directory under the name '19fc728d.qua'.

End of the scan: Friday, May 28, 2010  13:19
Used time: 53:38 Minute(s)

The scan has been done completely.

   8558 Scanned directories
160091 Files were scanned
     41 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
     32 Files were moved to quarantine
      0 Files were renamed

      0 Files cannot be scanned
160050 Files not concerned
   1726 Archives were scanned
      0 Warnings
     32 Notes
357826 Objects were scanned with rootkit scan
      3 Hidden objects were found

Edited by silvius_tec07, 28 May 2010 - 12:21.

#25
rootkit

Posted 28 May 2010 - 12:45

Awake. Security DNA

Grup: Senior Members
Posts: 34,883
Înscris: 07.02.2007

Pune urmatorul folder intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza.

Quote

C:\Qoobox

NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM !

Descarca

Malwarebytes Anti-Malware 1.46

si salveaza-l pe Desktop.

Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.

Posted Image

Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele.

Database version: 4XXX

Posted Image

Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan.

Posted Image

La terminarea scanarii apasa OK si apoi Show Results.

Posted Image

Asigura-te ca e totul bifat si apoi apasa Remove Selected.

Posted Image

La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

Posted Image

Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.)

Posted Image

#26
silvius_tec07

Posted 28 May 2010 - 12:54

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

crysty2k5, on 28th May 2010, 13:45, said:

Cum parolez arhiva?
Daca ii dau file<password nu-mi apare parola!
Ti-am trimis PM dar n-am reusit sa parolez arhiva!

Edited by silvius_tec07, 28 May 2010 - 13:17.

#27
silvius_tec07

Posted 28 May 2010 - 14:12

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

Quote

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versiunea bazei de date: 4151

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/28/2010 3:11:24 PM
mbam-log-2010-05-28 (15-11-24).txt

Modul de scanare: Scanare completa (A:\|C:\|D:\|E:\|)
Obiecte scanate: 175679
Timp trecut: 59 minute, 38 secunde

Procese din Memorie Infectate: 0
Module de Memorie Infectate: 0
Chei de Registru Infectate: 13
Valori de Registru Infectate: 3
Date din Registru Infectate: 0
Foldere Infectate: 7
Fisiere Infectate: 55

Procese din Memorie Infectate:
(Nu au fost detectate obiecte malicioase)

Module de Memorie Infectate:
(Nu au fost detectate obiecte malicioase)

Chei de Registru Infectate:
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\BrowserZinc (Adware.BrowserZinc) -> Quarantined and deleted successfully.

Valori de Registru Infectate:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.

Date din Registru Infectate:
(Nu au fost detectate obiecte malicioase)

Foldere Infectate:
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Cache (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins (Adware.DoubleD) -> Quarantined and deleted successfully.

Fisiere Infectate:
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\ExtractZipFile.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Cache\default1.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Cache\loading.dat (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Cache\loading.gif (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Logo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Option.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_RSS.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Search.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_Smiley_Config.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_01.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_02.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_03.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_04.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_05.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\Module_WebDropdown_06.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\pixel.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\profile.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\SearchEngineList.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\tbcore.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\ToolbarLayout.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\UpdateCentre.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Data\UpdateCentreBk.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\About.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Component_ComboBox.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Logo.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Option.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Option_Menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS_Menu.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_RSS_Menu.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_Search.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_01.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_01.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_02.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_02.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_03.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_03.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_04.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_04.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_05.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_05.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_06.mg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Icons\Module_WebDropdown_06.png (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin1.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin2.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin3.skf (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Silvius\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\TDF\Skins\myskin4.skf (Adware.DoubleD) -> Quarantined and deleted successfully.

#28
rootkit

Posted 28 May 2010 - 14:20

Awake. Security DNA

Grup: Senior Members
Posts: 34,883
Înscris: 07.02.2007

Merci pentru arhiva. Mai sunt probleme ?

#29
silvius_tec07

Posted 28 May 2010 - 14:54

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

crysty2k5, on 28th May 2010, 15:20, said:

Merci pentru arhiva. Mai sunt probleme ?

Ar mai fi ceva, dar nu stiu daca e din cauza virusilor:[ http://img40.imageshack.us/img40/9025/oproblemamica.jpg - Pentru incarcare in pagina (embed) Click aici ]
Daemon Toolsul imi da de asemenea invalid device (versiunile vechi), iar la versiunea LITE cand creez imagini virtuale imi spune ca licenta nu e buna!

Edited by silvius_tec07, 28 May 2010 - 15:07.

#30
rootkit

Posted 28 May 2010 - 16:53

Awake. Security DNA

Grup: Senior Members
Posts: 34,883
Înscris: 07.02.2007

http://www.superanti...TTODAY.EXE.html

Descarca

SUPERAntiSpyware 4.38.1004

si salveaza-l pe Desktop.

Instaleaza-l, apoi deschide fereasta principala si apasa Check for Updates...

Definition Database Version

Core: 4XXX

Posted Image

Dupa update, apasa Scan your Computer...

Asigura-te ca e bifat Perform Complete Scan si apasa Next.

Posted Image

Dupa scanare si afisarea rezultatelor, apasa Next.

Posted Image

Apoi Yes.

Posted Image

Posteaza apoi aici rezultatele scanarii.

Edited by crysty2k5, 28 May 2010 - 16:55.

#31
silvius_tec07

Posted 28 May 2010 - 18:50

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

AntySpaware-ul tau mi se blocheaza. Da de un fisier din C numit bu8 si pur si simplu nu mai vrea sa meraga. Plus ca se pare ca imi ingreuneaza si traficul pe internet. L-am updatat cum ai zis, dar nimic!

Edited by crysty2k5, 28 May 2010 - 19:20.
fara quote

#32
rootkit

Posted 28 May 2010 - 19:19

Awake. Security DNA

Grup: Senior Members
Posts: 34,883
Înscris: 07.02.2007

Scaneaza in Safe Mode.

#33
silvius_tec07

Posted 29 May 2010 - 10:01

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

crysty2k5, on 28th May 2010, 20:19, said:

Scaneaza in Safe Mode.

Safe Mode in windows; daca da, cum intru? Stiam, dar am uitat!

Edited by silvius_tec07, 29 May 2010 - 10:01.

#34
rootkit

Posted 29 May 2010 - 12:21

Awake. Security DNA

Grup: Senior Members
Posts: 34,883
Înscris: 07.02.2007

http://forum.softped...howtopic=363509

#35
silvius_tec07

Posted 29 May 2010 - 15:39

Junior Member

Grup: Members
Posts: 56
Înscris: 15.03.2010

crysty2k5, on 29th May 2010, 13:21, said:

http://forum.softped...howtopic=363509

Frate am scanat de 2X in Safe Mode, dar pur si simplu mi se inchide. Nu pot sa-ti dau ID-ul meu de mess prin PM sa te uiti putin la mine in sistem prin Team Viewer??

#36
rootkit

Posted 29 May 2010 - 15:50

Awake. Security DNA

Grup: Senior Members
Posts: 34,883
Înscris: 07.02.2007

Daca ala nu merge, incercam cu altceva...

Descarca a-squared Free si salveaza-l pe Desktop.

Instaleaza-l, ruleaza-l, apasa Online Update sa aduci definitiile la zi. Apoi in stanga apasa pe Scan PC si alegi apoi in dreapta Deep Scan.

La sfarsitul scanarii bifeaza tot, click pe Delete selected objects si click Save Report. Posteaza reportul AICI.

Anunturi

Chirurgia endoscopică a hipofizei

"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală.

Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale.

www.neurohope.ro

Back to Devirusare & raportare virusi/malware

▶ 0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

© 2001-2024 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.

hijack this - silvius_tec07

#19 silvius_tec07 Posted 05 April 2010 - 16:15

#20 rootkit Posted 05 April 2010 - 16:24

#21 silvius_tec07 Posted 27 May 2010 - 20:58

#22 rootkit Posted 27 May 2010 - 22:02

#23 silvius_tec07 Posted 28 May 2010 - 11:09

#24 silvius_tec07 Posted 28 May 2010 - 11:53

#25 rootkit Posted 28 May 2010 - 12:45

#26 silvius_tec07 Posted 28 May 2010 - 12:54

#27 silvius_tec07 Posted 28 May 2010 - 14:12

#28 rootkit Posted 28 May 2010 - 14:20

#29 silvius_tec07 Posted 28 May 2010 - 14:54

#30 rootkit Posted 28 May 2010 - 16:53

#31 silvius_tec07 Posted 28 May 2010 - 18:50

#32 rootkit Posted 28 May 2010 - 19:19

#33 silvius_tec07 Posted 29 May 2010 - 10:01

#34 rootkit Posted 29 May 2010 - 12:21

#35 silvius_tec07 Posted 29 May 2010 - 15:39

#36 rootkit Posted 29 May 2010 - 15:50

Anunturi

▶ 0 user(s) are reading this topic

Sign In

#19
silvius_tec07

Posted 05 April 2010 - 16:15

#20
rootkit

Posted 05 April 2010 - 16:24

#21
silvius_tec07

Posted 27 May 2010 - 20:58

#22
rootkit

Posted 27 May 2010 - 22:02

#23
silvius_tec07

Posted 28 May 2010 - 11:09

#24
silvius_tec07

Posted 28 May 2010 - 11:53

#25
rootkit

Posted 28 May 2010 - 12:45

#26
silvius_tec07

Posted 28 May 2010 - 12:54

#27
silvius_tec07

Posted 28 May 2010 - 14:12

#28
rootkit

Posted 28 May 2010 - 14:20

#29
silvius_tec07

Posted 28 May 2010 - 14:54

#30
rootkit

Posted 28 May 2010 - 16:53

#31
silvius_tec07

Posted 28 May 2010 - 18:50

#32
rootkit

Posted 28 May 2010 - 19:19

#33
silvius_tec07

Posted 29 May 2010 - 10:01

#34
rootkit

Posted 29 May 2010 - 12:21

#35
silvius_tec07

Posted 29 May 2010 - 15:39

#36
rootkit

Posted 29 May 2010 - 15:50