![]() |
Chirurgia cranio-cerebrală minim invazivă
Tehnicile minim invazive impun utilizarea unei tehnologii ultramoderne. Endoscoapele operatorii de diverse tipuri, microscopul operator dedicat, neuronavigația, neuroelectrofiziologia, tehnicile avansate de anestezie, chirurgia cu pacientul treaz reprezintă armamentarium fără de care neurochirurgia prin "gaura cheii" nu ar fi posibilă. Folosind tehnicile de mai sus, tratăm un spectru larg de patologii cranio-cerebrale. www.neurohope.ro |
Hijakthis - ancasd
Last Updated: Jan 07 2013 18:13, Started by
ancasd
, Dec 29 2012 22:05
·
0
![](https://forum.softpedia.com//public/style_images/classic/icon_users.png)
#1
Posted 29 December 2012 - 22:05
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 8:11:10 PM, on 12/29/2012 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Emotum\Stay Connected\TelenorSEMobile.exe C:\Program Files\RegClean Pro\RegCleanPro.exe C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Emotum\Stay Connected\Service.exe C:\Program Files\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Join Air\AssistantServices.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MPQHXPYM\HiJackThis[1].exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R3 - Default URLSearchHook is missing O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Telenor Stay Connected] "C:\Program Files\Emotum\Stay Connected\TelenorSEMobile.exe" -autorun O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - Global Startup: Launcher.lnk = C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\progra~1\browse~1\sprote~1.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: ALDITALKVerbindungsassistent_Service - Unknown owner - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Emotum Stay Connected Service (ESCSvc) - Unknown owner - C:\Program Files\Emotum\Stay Connected\Service.exe O23 - Service: Telenor Sweden Software Update Service (ESUSClient_B2) - Unknown owner - C:\Program Files\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe O23 - Service: Manager Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 6633 bytes Nu mai pot accesa nici un browser,singurul pe care il pot accesa fiind Messengerul...lucrul acesta s.a intamplat dupa ce am descarcat o melodie de pe net, moment in care mi sa cerut sa descarc un anume program in laptop...programul respectiv impreuna cu melodia descarcata le.am sters, in schimb in continuare , nu mi se mai deschide nici un browser...ce pot face? multumesc anticipat |
#2
Posted 29 December 2012 - 22:15
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
#3
Posted 30 December 2012 - 02:45
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Am urmat pasii din instructiunile de mai sus...iar asta este ceea ce am primit in Notepad...cu indicatia de a da copy /paste si a posta in topicul deja deschis...presupun ca aici trebuie sa postez...
Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.29.11 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 Administrator :: ALEXANDRU [administrator] Protection: Enabled 12/29/2012 11:33:29 PM mbam-log-2012-12-29 (23-33-29).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 347138 Time elapsed: 1 hour(s), 48 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 8 HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCU\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 9 C:\Documents and Settings\Administrator\Application Data\SwvUpdater (PUP.Software.Updater) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\GamezJoint Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\GamezJoint Toolbar\2.6.1.11950 (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Application Data\GamezJoint Toolbar\2.6.1.11950\bin (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. Files Detected: 37 C:\Documents and Settings\Administrator\Application Data\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\comver.dll (Adware.GameSpyArcade) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\{355A2D17-BB7F-4F3A-ADD1-F35DEEB90FE1}\Addons\browser_coupon_setup.exe (Adware.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.dat (Adware.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\reset.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temp\pey92.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.zip (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_01.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_02.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_03.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_04.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_05.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_06.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_07.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\ToolbarLayout.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_01.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_01.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_02.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_02.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_03.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_03.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_04.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_04.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_05.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_05.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_06.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_06.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_07.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_07.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully. (end) vreau sa stiu daca mai urmeaza si alti pasi dupa asta...pentru ca situatia cu browserele este neschimbate...niciunul nu poate fi accesat. multumesc pt ajutor si daca este posibil astept un nou raspuns.. mentionez faptul ca mai exista 2 notepad.uri cu urmatoarele indicatii: 2012/12/29 23:29:56 +0100 ALEXANDRU Administrator MESSAGE Starting protection 2012/12/29 23:29:57 +0100 ALEXANDRU Administrator MESSAGE Protection started successfully 2012/12/29 23:29:57 +0100 ALEXANDRU Administrator MESSAGE Starting IP protection 2012/12/29 23:30:20 +0100 ALEXANDRU Administrator MESSAGE IP Protection started successfully 2012/12/29 23:31:48 +0100 ALEXANDRU Administrator MESSAGE Starting database refresh 2012/12/29 23:31:48 +0100 ALEXANDRU Administrator MESSAGE Stopping IP protection 2012/12/29 23:31:48 +0100 ALEXANDRU Administrator MESSAGE IP Protection stopped successfully 2012/12/29 23:32:07 +0100 ALEXANDRU Administrator MESSAGE Database refreshed successfully 2012/12/29 23:32:07 +0100 ALEXANDRU Administrator MESSAGE Starting IP protection 2012/12/29 23:32:30 +0100 ALEXANDRU Administrator MESSAGE IP Protection started successfully 2012/12/29 23:40:32 +0100 ALEXANDRU Administrator MESSAGE Executing scheduled update: Daily 2012/12/29 23:40:45 +0100 ALEXANDRU Administrator MESSAGE Database already up-to-date 2012/12/30 01:25:49 +0100 ALEXANDRU MESSAGE Starting protection 2012/12/30 01:25:49 +0100 ALEXANDRU MESSAGE Protection started successfully 2012/12/30 01:25:49 +0100 ALEXANDRU MESSAGE Starting IP protection 2012/12/30 01:26:05 +0100 ALEXANDRU Administrator MESSAGE IP Protection started successfully |
#4
Posted 30 December 2012 - 09:36
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Descarca AdwCleaner by Xplode pe Desktop.
Dublu click pe Adwcleaner.exe pentru al rula. Click pe Delete. Un fisier log se va deschide dupa ce va termina de scanat. Posteaza continutul lui aici. Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar). Edited by MhG_40, 30 December 2012 - 09:37. |
#5
Posted 30 December 2012 - 10:51
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Nu mai pot accesa nici un browser.... Vad ca ai ESET NOD32 Antivirus, scaneaza cu el si pune cele doua loguri aici. Logul de la Adwcleaner, plus logul de la ESET. Foloseste functia Code de pe forum. [ http://s8.postimage.org/qam20weat/image.jpg - Pentru incarcare in pagina (embed) Click aici ] Edited by MhG_40, 30 December 2012 - 10:53. |
#6
Posted 31 December 2012 - 20:11
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Brawserul nu se deschide deloc...am sa incerc ceea ce mi.ai indicat mai sus. Multumesc
|
#7
Posted 01 January 2013 - 21:26
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
# Adwcleaner v2.104 - Logfile created 12/31/2012 at 19:16:58
# Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Administrator - ALEXANDRU # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EKF3JGPO\adwcleaner[2].exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Zynga Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmanpbfjipmicnlbchaifoomleljpal Deleted on reboot : C:\Program Files\SweetIM File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\searchplugins\MyStart Search.xml File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\searchplugins\SweetIm.xml File Deleted : C:\END File Deleted : C:\Program Files\Mozilla Firefox\.autoreg File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt File Deleted : C:\WINDOWS\system32\conduitEngine.tmp Folder Deleted : C:\Documents and Settings\Administrator\Application Data\BabylonToolbar Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\extensions\[email protected] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\extensions\[email protected] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\SweetIMToolbarData Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PriceGong Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Deleted : C:\Program Files\AskTBar Folder Deleted : C:\Program Files\Common Files\Software Update Utility Folder Deleted : C:\Program Files\Trymedia ***** [Registry] ***** Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbmanpbfjipmicnlbchaifoomleljpal Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKCU\Software\PriceGong Key Deleted : HKCU\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2086743 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2189203 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbmanpbfjipmicnlbchaifoomleljpal Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\Software\SweetIM Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM] ***** [Internet Browsers] ***** -\\ Internet Explorer v6.0.2900.2180 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com -\\ Mozilla Firefox v3.6.28 (ro) File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\prefs.js C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q="); Deleted : user_pref("browser.search.selectedEngine", "SweetIM Search"); Deleted : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com"); Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 27); Deleted : user_pref("extensions.BabylonToolbar.cntry", "RO"); Deleted : user_pref("extensions.BabylonToolbar.firstRun", false); Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "FE4585A8A81A88649D3369B6C9768917"); Deleted : user_pref("extensions.BabylonToolbar.id", "244a8fda00594daf9a7bdd11de858a95"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15434"); Deleted : user_pref("extensions.BabylonToolbar.lastActv", "28"); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 27); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 95174746); Deleted : user_pref("extensions.BabylonToolbar.sid", "244a8fda00594daf9a7bdd11de858a95"); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb"); Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.1.9,{EEE6C361-6118-11DC-9C72-001320C798[...] Deleted : user_pref("extensions.facemoods.aflt", "_#bf2"); Deleted : user_pref("extensions.facemoods.firstRun", false); Deleted : user_pref("extensions.facemoods.lastActv", "28"); Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=88173bca000000000000001a73b[...] Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Deleted : user_pref("sweetim.toolbar.mode.debug", "false"); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Facemoods Search"); Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.yahoo.com/search?fr=f[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Facemoods Search"); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://start.facemoods.com/?a=bf2"); Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://mystart.incredimail.com/?loc=ff_address_ba[...] Deleted : user_pref("sweetim.toolbar.search.external", " Am pus aici cele 2 loguri... insa spre rusinea mea,n.am prea inteles de unde pot gasi pentru a folosi funcia Code de pe forum... |
#8
Posted 01 January 2013 - 21:53
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
E bine si asa. Ai dat restart?
Dupa restart incearca Internet Explorer daca merge. Daca nu merge descarca asta. Salveaza pe Desktop, dezarhiveaza si ruleaza (RunThis.bat). Restart si dupa ce rulezi fisierul. Verifica daca functioneaza Internet Explorer. Edited by MhG_40, 01 January 2013 - 21:56. |
#9
Posted 02 January 2013 - 13:17
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Am trimis un mesaj ,dar vad ca nu a aparut. Am facut ceea ce mi.ai spus...Internet Exlporer a pornit, apoi am incercat si Google Chrome ul...deasemenea a pornit...Multumesc mult pentru ajutor..Insa dimineata cand am pornit laptopul, a functionat destul de ciudat...nu vroia sa mai ia nici o comanda..l.am inchis fortat de cateva ori, se tot bloca si gandea incontiuu...in momentul de fata nu mai am laptopul ,pana sambata...in mesajul trimis ,cum ca ”pc ul meu e un zombie...” avea legatura cu ceea ce mi sa intamplat? Multumesc....app...iar vis a vis de functia Code..abea acum vad despre ceea ce vorbeai...pe pc ul cu problema, nu imi arata bara de sus, pe care mi.o arata cel de pe care intru acum...
|
#10
Posted 02 January 2013 - 13:31
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Cam asta am gasit pana acum.
Cine stie ce mai misuna prin el. C:\WINDOWS\reset.exe (Trojan.Agent.CK) C:\Documents and Settings\Administrator\Local Settings\Temp\pey92.tmp (Backdoor.ProRat) In the case of Trojan Agent, the purpose of the program is to allow hackers to get you to download or purchase an unneeded anti-spyware program. In other cases, Trojan Agent is used to re-direct internet traffic through your computer or steal information from your computer, according to Spyware Techie. Rogue programs like Trojan Agent are used to scare people into buying unneeded programs because they claim your computer is at risk, or give falsified scan results and put their own malware in your system Backdoor:Win32/Prorat is a trojan that opens random ports that allow remote access from an attacker to the affected computer. This backdoor may download and execute other malware from predefined Web sites and may terminate several security applications or services. This trojan may open random TCP ports such as TCP ports 5110, 5112, 51100, 4110, 4112 and so on. The trojan may communicate with a remote server to send connection information such as which ports are open on the affected computer. A remote attacker could connect to the affected machine and send command instructions that could include the following: play audible sounds change the printer properties download and execute arbitrary programs or malware Trymedia is an adware that infects your computer through peer-to-peer networks, shareware programs and some websites. It monitors your surfing activity, especially your shopping and banking habits, collects this information and sends it to the Trymedia server. Based on this information your computer is bombarded with ad pop-ups. This adware also slows down your computer and Internet connection. Edited by MhG_40, 02 January 2013 - 13:45. |
|
#12
Posted 02 January 2013 - 14:02
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Trebuia terminata dezinfectia.
Cu cat astepti mai mult cu atat se acutizeaza. Le: Pentru a vedea in timp real mesajele, apasa (F5), sau refresh la pagina. Edited by MhG_40, 02 January 2013 - 14:07. |
#13
Posted 02 January 2013 - 14:08
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Am inteles...in legatura cu dezinfectia...ma poti ajuta tu in continuare?...si vroiam sa stiu daca e prea tarziu sa continui cu dezinfectia incepand de vineri dupa masa..abea atunci o sa il am din nou acasa...
|
#14
Posted 02 January 2013 - 14:11
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Te ajut eu.
Problema e ca nu stiu cat de afectat e sistemul de operare in momentul asta. Dar incercam. Sper sa fiu prezent vineri. Numai bine. |
#16
Posted 02 January 2013 - 14:16
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Numai bine si tie!
Le: Vezi ca se poate comunica in timp real?! Edited by MhG_40, 02 January 2013 - 14:17. |
#17
Posted 02 January 2013 - 14:47
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Multumita tie...deobicei , cand vine vorba de tot ceea ce tine de internet, pc , etc...sunt buna doar sa stric tot ce ating... un bun exemplu e pc ul pentru care acum tre” sa stresez alte persoane pentru a ma ajuta... macar de il stricam pe al meu personal...
![]() |
Anunturi
▶ 2 user(s) are reading this topic
0 members, 2 guests, 0 anonymous users