Hijakthis - ancasd

Am revenit...stiu ca am spus ca revin de ieri,insa nu am putut ...daca mai esti dispus sa ma ajuti...astept sa imi spui ceea ce trebuie sa fac

Buna .
Am revenit.
Doua trei ore sunt pe aici!

Sunt prezenta si eu acum

Explica-mi, te rog cum se manifesta acum.
Ai spus ca se comporta ciudat.

Mai ai Adwcleaner pe Desktop?

Vad ca nu s.a mai blocat ...insa gandeste putin cam  greu...da mai am AdwCleaner

Ruleazal din nou:

Quote

# Adwcleaner v2.104 - Logfile created 01/05/2013 at 17:03:22
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Administrator - ALEXANDRU
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****
File Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Uninstall.exe
***** [Registry] *****
Key Found : HKCU\Software\Conduit
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.2180
[OK] Registry is clean.
-\\ Mozilla Firefox v3.6.28 (ro)
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1020 octets] - [05/01/2013 17:03:22]
AdwCleaner[S1].txt - [11844 octets] - [31/12/2012 19:16:58]
########## EOF - C:\AdwCleaner[R1].txt - [1141 octets] ##########



Asta este fisierul ce s a deschis..insa s.a deschis foarte repede dupa ce am dat Search..este normal?

Da e bine.
Ruleaza din nou Adwcleaner.

Quote

Descarca si SALVEAZA pe Desktop RogueKiller.
Inchide toate programele care ruleaza.
Scoate tot din porturile USB.
Daca ai internet mobil asta poate sa ramana.
Dublu click pe Desktop RogueKiller pentru a rula.
Asteapta pana termina Prescan-ul. (Nu dureaza mult)
Click pe butonul "Scan".
Cand apare "Scan Finished"
Click pe "Report" si fa un copy/paste aici.

Posteaza cele doua loguri aici.

reportul de la RogueKiller

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 01/05/2013 17:35:43
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1    localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2120BH +++++
--- User ---
[MBR] ab3c84bb846a6b8c3e9edccfe8f96c08
[BSP] 4bc0866048c48b5f77a90d7235161f0e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01052013_02d1735.txt >>
RKreport[1]_S_01052013_02d1735.txt

# Adwcleaner v2.104 - Logfile created 01/05/2013 at 17:39:42
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Administrator - ALEXANDRU
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Zynga
***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.2180
[OK] Registry is clean.
-\\ Mozilla Firefox v3.6.28 (ro)
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1210 octets] - [05/01/2013 17:03:22]
AdwCleaner[R2].txt - [1270 octets] - [05/01/2013 17:21:17]
AdwCleaner[S1].txt - [11844 octets] - [31/12/2012 19:16:58]
AdwCleaner[S3].txt - [1331 octets] - [05/01/2013 17:28:27]
AdwCleaner[S5].txt - [1225 octets] - [05/01/2013 17:39:42]
########## EOF - C:\AdwCleaner[S5].txt - [1285 octets] ##########

notepadul dupa ce am dat Delete in AdwCleaner

E bine.
Ne apropiem de final, incet dar sigur.
Ruleaza RogueKiller.
Dupa  ce ternina"Prescan" apasa "Scan".
Dupa apasa butonul "Delete". E in partea dreapta.

Cu Internet Explorer mergi aici.
Accepta termeni si conditiile,(I accept the Terms of Use.)
Click pe Start.
Debifeaza "Remove found threats" si bifeaza "Scan unwanted applications".
Click Scan.
Asteapta sa termine de scanat.
Logul e aici:
C:\Program Files\EsetOnlineScanner\log.txt.
Posteazal te rog aici.

Am o problema...cand dau click pe iconita de la Internet Explorer..mi se deschide Chromul... iar Internet Explorerul nu l gasesc in programe..nu stiu daca am facut eu ceva sau nu

Atunci mergi aici, cu chrome sau Firefox.
Dupa ce scaneaza click pe vezi log si fa copy/paste aici.
Nu mai stiu exact dar ceva in genul view log apare.
Sper sa nu gresesc.

Ammmmm...am deschis cu Chrome...mi.a deschis un program numit Bitdefender Quickscan..care mi.a cerut permisiunea sa acceseze fisierele din pc...dupa ce am dat sa scaneze (scanarea mi.a aratat.o direct pe pagina care s.a deschis online) mi.a aparut scris acolo...ca nu s.au gasit infectii active in calculatorul meu.  Asa ar fi trebuit sa apara?

precizez ca nu mi.a aparut nimic de genul...~vezi log~

Edited by ancasd, 05 January 2013 - 19:21.

Nu e bine, e chiar foarte bine!

Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix.
Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data.
Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii.
Salveaza acel fisier si posteaza continutul AICI.

ComboFix 13-01-05.01 - Administrator 01/05/2013  18:41:14.1.1 - x86
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
* Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Recent\Thumbs.db
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\Cache
c:\windows\system32\sqlite3.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-12-05 to 2013-01-05  )))))))))))))))))))))))))))))))
.
.
2013-01-05 17:13 . 2013-01-05 17:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2012-12-29 22:29 . 2012-12-29 22:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-12-29 22:29 . 2012-12-29 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-12-28 12:34 . 2012-12-28 12:34 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2012-12-28 00:30 . 2012-12-28 00:30 -------- d-----w- c:\program files\BrowseToSave
2012-12-28 00:30 . 2012-12-28 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Browse2save
2012-12-20 21:48 . 2013-01-05 17:58 -------- d-----w- c:\program files\Steam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 20:42 . 2011-01-09 20:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-27 138096]
"Steam"="c:\program files\Steam\Steam.exe" [2012-12-22 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2012-8-25 510960]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ    msv1_0 nwprovau
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2011-01-13 10:29 840000 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2011-01-09 20:41 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-24 09:27 166424 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-05-11 10:21 472632 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-24 09:27 141848 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 22:06 1667584 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-24 09:27 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-02-26 05:36 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-04-16 10:36 24264488 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 04:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 13:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-01-18 08:04 1028096 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2009-10-10 09:56 132096 ----a-w- c:\program files\Join Air\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\system32\\sopocx.ocx"=
"%windir%\\system32\\tvu49.ocx"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\Sid Meier's Civilization V\\Launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57259:TCP"= 57259:TCP:Pando Media Booster
"57259:UDP"= 57259:UDP:Pando Media Booster
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 1:23 PM 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 1:24 PM 104160]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [3/2/2011 10:43 PM 218688]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [8/25/2012 9:22 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [8/25/2012 9:22 PM 117504]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [8/25/2012 9:22 PM 72576]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-725345543-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-09 10:40]
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-220523388-725345543-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-02-09 10:40]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 16:15]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-28 16:15]
.
2013-01-02 c:\windows\Tasks\RegClean Prosch.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-07-16 09:25]
.
2013-01-04 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-07-16 09:25]
.
2013-01-02 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-07-16 09:25]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\udzcu9xb.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-Google Quick Search Box - c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
MSConfigStartUp-Google Update - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME\TomTomHOME.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-{DCFF7DFC-64F4-D193-3378-2CD6071C5F0A} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{DCFF7~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-05 19:00
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2320)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Telenor Sweden\ESUS_TNS\ESUS_TNS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Join Air\AssistantServices.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2013-01-05  19:03:57 - machine was rebooted
ComboFix-quarantined-files.txt  2013-01-05 18:03
.
Pre-Run: 5,168,320,512 bytes free
Post-Run: 27,348,959,232 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D2DC29617FA0A005C55B33AC05D8EFFE

asta este notepadul care mi.a aparut dupa ce programul si.a facut de cap...

Quote

Si-a facut doar datoria.

1 Verifica ce functioneaza in PC
2 Fa un scan rapid "Quick Scan" cu Malwarebytes AntiMalware.
   Posteaza logul aici.
3 Descarca Security Check by screen317 pe Desktop.
    Dublu click pe SecurityCheck.exe si urmeaza instructiunile.
    In Notepad apare automat checkup.txt,
    posteaza continutul aici.

In functie de astea cred ca am terminat cu devirusarea.
Urmeaza un pic de curatanie(plus update) si cam atat.

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.05.06
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Administrator :: ALEXANDRU [administrator]
Protection: Disabled
1/5/2013 7:28:30 PM
mbam-log-2013-01-05 (19-28-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212501
Time elapsed: 7 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 2 x86  
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC compiles updated MOF files.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
E
S
E
T
ECHO is off.
N
O
D
3
2
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
5
.
2
ECHO is off.
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player  10.2.153.1 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.28) Firefox out of Date!
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Asta este ceea ce mi.a aparut...casuta de la Security Check in  care scrie "results have been copied to checkup.txt ,wich should open now! "  mi.a ramas deschisa pe Desktop. Presupun ca o pot inchide ,nu?

Oficial nu mai ai virusi!
Acum sa facem curat.

1 Dublu click pe Adwcleaner.exe
    Click pe Uninstall.
    Confirma cu Yes.
2 Click Start>Run si fa copy/paste la asta:
    ComboFix /uninstall   >   click OK
3 Verifica daca a ramas RogueKiller pe desktop.
Sterge tot ce a ramas(loguri etc).
Dupa ce ai facut astea refa scanul cu HiJackThis si pune logul aici.