Hijakthis - ancasd

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 8:11:10 PM, on 12/29/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Emotum\Stay Connected\TelenorSEMobile.exe
C:\Program Files\RegClean Pro\RegCleanPro.exe
C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Emotum\Stay Connected\Service.exe
C:\Program Files\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Join Air\AssistantServices.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MPQHXPYM\HiJackThis[1].exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Telenor Stay Connected] "C:\Program Files\Emotum\Stay Connected\TelenorSEMobile.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Launcher.lnk = C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll c:\progra~1\browse~1\sprote~1.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: ALDITALKVerbindungsassistent_Service - Unknown owner - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Emotum Stay Connected Service (ESCSvc) - Unknown owner - C:\Program Files\Emotum\Stay Connected\Service.exe
O23 - Service: Telenor Sweden Software Update Service (ESUSClient_B2) - Unknown owner - C:\Program Files\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe
O23 - Service: Manager Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6633 bytes



Nu mai pot accesa nici un browser,singurul  pe care il pot accesa fiind Messengerul...lucrul acesta s.a intamplat dupa ce am descarcat o melodie de pe net, moment in care mi sa cerut sa descarc un anume program in laptop...programul respectiv impreuna cu melodia descarcata le.am sters, in schimb  in continuare , nu mi se mai deschide nici un browser...ce pot face? multumesc anticipat

Urmeaza pasi de aici:
http://forum.softped.../#entry10021155

Am urmat pasii din instructiunile de mai sus...iar asta este ceea ce am primit in Notepad...cu indicatia de  a da copy /paste si a posta in topicul deja deschis...presupun ca aici trebuie sa postez...
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.11

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Administrator :: ALEXANDRU [administrator]

Protection: Enabled

12/29/2012 11:33:29 PM
mbam-log-2012-12-29 (23-33-29).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347138
Time elapsed: 1 hour(s), 48 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.
HKCU\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Documents and Settings\Administrator\Application Data\SwvUpdater (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\GamezJoint Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\GamezJoint Toolbar\2.6.1.11950 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\GamezJoint Toolbar\2.6.1.11950\bin (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.

Files Detected: 37
C:\Documents and Settings\Administrator\Application Data\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\comver.dll (Adware.GameSpyArcade) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\{355A2D17-BB7F-4F3A-ADD1-F35DEEB90FE1}\Addons\browser_coupon_setup.exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.dat (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\reset.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\pey92.tmp (Backdoor.ProRat) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\CurrentVersion.xml (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\tdf.zip (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Data\ProductInfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_Smiley_TellAFriend.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_01.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_02.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_03.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_04.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_05.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_06.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\Module_WebDropdown_07.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Data\ToolbarLayout.mx (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_01.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_01.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_02.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_02.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_03.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_03.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_04.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_04.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_05.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_05.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_06.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_06.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_07.mg (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\New_tdf\Icons\Module_WebDropdown_07.png (Adware.DoubleD.Gen) -> Quarantined and deleted successfully.

(end)

vreau sa stiu daca mai urmeaza si alti pasi dupa asta...pentru ca situatia cu browserele este neschimbate...niciunul nu poate fi accesat. multumesc pt ajutor si daca este posibil astept un nou raspuns..

mentionez faptul ca mai exista 2 notepad.uri cu urmatoarele indicatii:





2012/12/29 23:29:56 +0100 ALEXANDRU Administrator MESSAGE Starting protection
2012/12/29 23:29:57 +0100 ALEXANDRU Administrator MESSAGE Protection started successfully
2012/12/29 23:29:57 +0100 ALEXANDRU Administrator MESSAGE Starting IP protection
2012/12/29 23:30:20 +0100 ALEXANDRU Administrator MESSAGE IP Protection started successfully
2012/12/29 23:31:48 +0100 ALEXANDRU Administrator MESSAGE Starting database refresh
2012/12/29 23:31:48 +0100 ALEXANDRU Administrator MESSAGE Stopping IP protection
2012/12/29 23:31:48 +0100 ALEXANDRU Administrator MESSAGE IP Protection stopped successfully
2012/12/29 23:32:07 +0100 ALEXANDRU Administrator MESSAGE Database refreshed successfully
2012/12/29 23:32:07 +0100 ALEXANDRU Administrator MESSAGE Starting IP protection
2012/12/29 23:32:30 +0100 ALEXANDRU Administrator MESSAGE IP Protection started successfully
2012/12/29 23:40:32 +0100 ALEXANDRU Administrator MESSAGE Executing scheduled update:  Daily
2012/12/29 23:40:45 +0100 ALEXANDRU Administrator MESSAGE Database already up-to-date



2012/12/30 01:25:49 +0100 ALEXANDRU MESSAGE Starting protection
2012/12/30 01:25:49 +0100 ALEXANDRU MESSAGE Protection started successfully
2012/12/30 01:25:49 +0100 ALEXANDRU MESSAGE Starting IP protection
2012/12/30 01:26:05 +0100 ALEXANDRU Administrator MESSAGE IP Protection started successfully

Descarca AdwCleaner by Xplode pe Desktop.
Dublu click pe Adwcleaner.exe pentru al rula.
Click pe Delete.
Un fisier log se va deschide dupa ce va termina de scanat.
Posteaza continutul lui aici.
Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar).

Edited by MhG_40, 30 December 2012 - 09:37.

ancasd, on 29 decembrie 2012 - 22:05, said:

Nu se deschide browser-ul, sau se deschide, dar nu poti naviga pe web?
Vad ca ai ESET NOD32 Antivirus, scaneaza cu el si pune cele doua loguri aici.
Logul de la Adwcleaner, plus logul de la ESET.
Foloseste functia Code de pe forum.

[ http://s8.postimage.org/qam20weat/image.jpg - Pentru incarcare in pagina (embed) Click aici ]

Edited by MhG_40, 30 December 2012 - 10:53.

Brawserul nu se deschide deloc...am sa incerc ceea ce mi.ai indicat mai sus. Multumesc

# Adwcleaner v2.104 - Logfile created 12/31/2012 at 19:16:58
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Administrator - ALEXANDRU
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EKF3JGPO\adwcleaner[2].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Zynga
Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmanpbfjipmicnlbchaifoomleljpal
Deleted on reboot : C:\Program Files\SweetIM
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\searchplugins\SweetIm.xml
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Trymedia

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbmanpbfjipmicnlbchaifoomleljpal
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2086743
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2189203
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbmanpbfjipmicnlbchaifoomleljpal
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\SweetIM
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.28 (ro)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Deleted : user_pref("browser.search.selectedEngine", "SweetIM Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 27);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "RO");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "FE4585A8A81A88649D3369B6C9768917");
Deleted : user_pref("extensions.BabylonToolbar.id", "244a8fda00594daf9a7bdd11de858a95");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15434");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "28");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 27);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 95174746);
Deleted : user_pref("extensions.BabylonToolbar.sid", "244a8fda00594daf9a7bdd11de858a95");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.1.9,{EEE6C361-6118-11DC-9C72-001320C798[...]
Deleted : user_pref("extensions.facemoods.aflt", "_#bf2");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "28");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=88173bca000000000000001a73b[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Facemoods Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.yahoo.com/search?fr=f[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Facemoods Search");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://start.facemoods.com/?a=bf2");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://mystart.incredimail.com/?loc=ff_address_ba[...]
Deleted : user_pref("sweetim.toolbar.search.external", "

Am pus aici cele 2 loguri... insa spre rusinea mea,n.am prea inteles de unde pot gasi pentru a folosi funcia Code  de pe forum...

E bine si asa. Ai dat restart?
Dupa restart incearca Internet Explorer daca merge.
Daca nu merge descarca asta. Salveaza pe Desktop, dezarhiveaza si ruleaza (RunThis.bat).
Restart si dupa ce rulezi fisierul.
Verifica daca functioneaza Internet Explorer.

Edited by MhG_40, 01 January 2013 - 21:56.

Am trimis un mesaj ,dar vad ca nu a aparut. Am facut ceea ce mi.ai spus...Internet Exlporer a pornit, apoi am incercat si Google Chrome ul...deasemenea a pornit...Multumesc mult pentru ajutor..Insa  dimineata cand am pornit laptopul, a functionat destul de ciudat...nu vroia sa mai ia nici o comanda..l.am inchis fortat de cateva ori, se tot bloca si gandea incontiuu...in momentul de fata nu mai am laptopul ,pana sambata...in mesajul trimis ,cum ca ”pc ul meu e un zombie...” avea legatura cu ceea ce mi sa intamplat? Multumesc....app...iar vis a vis de functia Code..abea acum vad despre ceea ce vorbeai...pe pc ul cu problema, nu imi arata bara de sus, pe care mi.o arata cel de pe care intru acum...

Cam asta am gasit pana acum.
Cine stie ce mai misuna prin el.

C:\WINDOWS\reset.exe (Trojan.Agent.CK)
C:\Documents and Settings\Administrator\Local Settings\Temp\pey92.tmp (Backdoor.ProRat)

In the case of Trojan Agent, the purpose of the program is to allow hackers
to get you to download or purchase an unneeded anti-spyware program.
In other cases, Trojan Agent is used to re-direct internet traffic through your computer or steal information
from your computer, according to Spyware Techie.
Rogue programs like Trojan Agent are used to scare people into buying unneeded programs because they claim your computer is at risk,
or give falsified scan results and put their own malware in your system

Backdoor:Win32/Prorat is a trojan that opens random ports that allow remote access from an attacker to the affected computer.
This backdoor may download and execute other malware from predefined Web sites and may terminate several security applications or services.
This trojan may open random TCP ports such as TCP ports 5110, 5112, 51100, 4110, 4112 and so on.
The trojan may communicate with a remote server to send connection information such as which ports are open on the affected computer.
A remote attacker could connect to the affected machine and send command instructions that could include the following:

play audible sounds
change the printer properties
download and execute arbitrary programs or malware

Trymedia is an adware that infects your computer through peer-to-peer networks,
shareware programs and some websites.
It monitors your surfing activity, especially your shopping and banking habits, collects this information and sends it to the Trymedia server.
Based on this information your computer is bombarded with ad pop-ups.
This adware also slows down your computer and Internet connection. 

Edited by MhG_40, 02 January 2013 - 13:45.

Ce as putea face in privinta asta...?

Trebuia terminata dezinfectia.
Cu cat astepti mai mult cu atat se acutizeaza.

Le: Pentru a vedea in timp real mesajele, apasa (F5), sau refresh la pagina.

Edited by MhG_40, 02 January 2013 - 14:07.

Am inteles...in legatura cu dezinfectia...ma poti ajuta tu in continuare?...si vroiam sa stiu daca e prea tarziu sa continui cu dezinfectia incepand de vineri dupa masa..abea atunci o sa il am din nou acasa...

Te ajut eu.
Problema e ca nu stiu cat de afectat e sistemul de operare in momentul asta.
Dar incercam.
Sper sa fiu prezent vineri.
Numai bine.

Multumesc mult de tot...o zi placuta in continuare

Numai bine si tie!

Le: Vezi ca se poate comunica in timp real?!

Edited by MhG_40, 02 January 2013 - 14:17.

Multumita tie...deobicei , cand vine vorba de tot ceea ce tine de internet, pc , etc...sunt buna doar sa stric tot ce ating... un bun exemplu e pc ul pentru care acum tre” sa stresez alte persoane pentru a ma ajuta... macar de il stricam pe al meu personal...

Dar-ar naiba in ele de emoticoane de la sweetim !