aleksoft Публикувано Януари 2, 2010 Report Share Публикувано Януари 2, 2010 Здравейте. Имам надявам се малък проблем.Процесора все си работи на над50% и не мога да разбера защо.Изчистих всички грешки в регистрите и т.н.Направих .log файл от HijackThis, след което HijackReader отбеляза някой процеси като опасни и ги изтрих, но проблема си остана.Затова ако можете помогнете.Logfile of HijackThis v1.99.1Scan saved at 00:32:24, on 03.01.2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\LClock\LClock.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\VM_STI.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeD:\Program files\Acronis\TrueImageHome\TrueImageMonitor.exeD:\Program files\Acronis\TrueImageHome\TimounterMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\ALCMTR.EXEC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgfws9.exeC:\Program Files\DAEMON Tools Lite\DTLite.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Documents and Settings\All Users.WINDOWS\Application Data\U3\U3Launcher\LaunchU3.exeC:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exeC:\Program Files\PowerMenu_1_5_1\PowerMenu.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Java\jre6\bin\jqs.exeD:\Program files\Microsoft Private Folder\PrfldSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\WINDOWS\System32\alg.exeC:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exeC:\Program Files\RunMe\RunMe.exeC:\Documents and Settings\Aleksoft\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Aleksoft\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Aleksoft\Local Settings\Application Data\Google\Chrome\Application\chrome.exeD:\Program files\block\HijackThis 1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: tom for ie - {8AA217B9-D729-4ee0-AED7-E93D695E94A2} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dllO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -HO4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC CameraO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program files\Acronis\TrueImageHome\TrueImageMonitor.exeO4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program files\Acronis\TrueImageHome\TimounterMonitor.exeO4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM10.tmpO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKCU\..\Run: [PC Suite Tray] "D:\Program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytrayO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO4 - Startup: Shortcut to PowerMenu.lnk = C:\Program Files\PowerMenu_1_5_1\PowerMenu.exeO4 - Startup: siszyd32.exeO4 - Global Startup: LaunchU3.exe.lnk = ?O4 - Global Startup: TrayMin200.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dllO9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dllO9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htmO9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htmO9 - Extra button: Публикуване на това в блог - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Публикуване на това в блог в Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program files\ICQ6\ICQ6.5\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program files\ICQ6\ICQ6.5\ICQ.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{F0F92DA7-A05C-48A3-A5EF-CA463B9E8847}: NameServer = 212.39.90.42,212.39.90.43O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dllO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate1c96744dee20a04) (gupdate1c96744dee20a04) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Program files\Microsoft Private Folder\PrfldSvc.exeO23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe Цитирай Link to comment Сподели другаде More sharing options...
avalon72 Публикувано Януари 2, 2010 Report Share Публикувано Януари 2, 2010 В таск-мениджъра не пише ли кой точно процес използва толкова много процесора? Той какъв е все пак? И защо стоиш още със Service Pack 2 и Internet Explorer 6? От гледна точка на сигурността това е недопустимо вече. Сканирай също така с МВАМ и SUPERAntiSpyware. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 2, 2010 Report Share Публикувано Януари 2, 2010 Моля, следващия път първо преименувай изпълнимия файл на HijackThis на нещо друго, преди да го стартираш. Изведи Task Manager (Start -> Run -> taskmgr -> OK), иди на подпрозорец Processes, кликни с десния бутон върху процес RunMe.exe, избери End Process и потвърди с Yes. В HijackThis постави отметки на следните обекти:O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM10.tmpO4 - Startup: siszyd32.exeЗатоври всички прозорци на Windows Explorer и Internet Explorer и кликни бутон Fix checked в HijackThis. Потвърди премахването. Рестартирай системата и дай пресен лог. Цитирай Link to comment Сподели другаде More sharing options...
aleksoft Публикувано Януари 3, 2010 Author Report Share Публикувано Януари 3, 2010 Преименувах HijackThis на Processes. Logfile of HijackThis v1.99.1Scan saved at 12:02:42, on 03.01.2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\LClock\LClock.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\VM_STI.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeD:\Program files\Acronis\TrueImageHome\TrueImageMonitor.exeD:\Program files\Acronis\TrueImageHome\TimounterMonitor.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ALCMTR.EXEC:\PROGRA~1\AVG\AVG9\avgtray.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\DAEMON Tools Lite\DTLite.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\AVG\AVG9\avgfws9.exeC:\Documents and Settings\All Users.WINDOWS\Application Data\U3\U3Launcher\LaunchU3.exeC:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exeC:\Program Files\PowerMenu_1_5_1\PowerMenu.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgam.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Java\jre6\bin\jqs.exeD:\Program files\Microsoft Private Folder\PrfldSvc.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\System32\alg.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\RunMe\RunMe.exeC:\Program Files\Opera\Opera.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\WINDOWS\system32\SearchFilterHost.exeD:\Program files\block\HijackThis 1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: tom for ie - {8AA217B9-D729-4ee0-AED7-E93D695E94A2} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dllO3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dllO3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -HO4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC CameraO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Program files\Acronis\TrueImageHome\TrueImageMonitor.exeO4 - HKLM\..\Run: [AcronisTimounterMonitor] D:\Program files\Acronis\TrueImageHome\TimounterMonitor.exeO4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO4 - Startup: Shortcut to PowerMenu.lnk = C:\Program Files\PowerMenu_1_5_1\PowerMenu.exeO4 - Startup: siszyd32.exeO4 - Global Startup: LaunchU3.exe.lnk = ?O4 - Global Startup: TrayMin200.exe.lnk = C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dllO9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dllO9 - Extra button: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htmO9 - Extra 'Tools' menuitem: StylishProfile - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\Stylish Profile\ct.htmO9 - Extra button: Публикуване на това в блог - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Публикуване на това в блог в Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program files\PokerStars\PokerStarsUpdate.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program files\ICQ6\ICQ6.5\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program files\ICQ6\ICQ6.5\ICQ.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{F0F92DA7-A05C-48A3-A5EF-CA463B9E8847}: NameServer = 212.39.90.42,212.39.90.43O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dllO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate1c96744dee20a04) (gupdate1c96744dee20a04) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Private Folder Service (prfldsvc) - Unknown owner - D:\Program files\Microsoft Private Folder\PrfldSvc.exeO23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe RunMe e изкачащо меню за стартиране на програми, знам че много граби от процесора, но не е от него проблема.Както и да е спрях го него.Затворих всички прозорци на Windows Explorer.Internet Explorer не ползвам, но след като забелязах на колко ми работи процесора лисицата ми спря да работи!Успешно се премахна O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM10.tmp, но този процес O4 - Startup: siszyd32.exe от къде ли не се опитах, но не мога да го премахна.В HijackThis ми изписа това:http://i48.tinypic.com/1552s1w.jpgПроследих му пътя, но там пък го няма. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 3, 2010 Report Share Публикувано Януари 3, 2010 Да пробваме по лесния начин... Сканирай с Malwarebytes' Anti-Malware и SUPERAntiSpyware Free. Ако вече имаш програмите, провери дали имаш последните версии и ако нямаш, премахни твоите и инсталирай най-новите. Ако тепърва инсталираш програмите, след инсталацията те ще предложат да се обновят автоматично, съгласи се. В противен случай обнови дефинициите им ръчно. За Malwarebytes' Anti-Malware:- стартирай програмата;- избери Perform quick scan (Бързо сканиране) и кликни бутон Scan (Сканирай);- като приключи сканирането кликни бутон OK и после Show results (Покажи резултатите);- кликни бутон Remove Selected (Премахни избраните);- ще се появи текстов файл (лог), копирай съдържанието му тук. За SUPERAntiSpyware:- стартирай програмата;- кликни бутон Scan your Computer (Сканиране на компютъра);- вляво избери само дял C:, а вдясно избери Perform Complete Scan (Извърши пълно сканиране);- кликни Next и изчакай програмата да сканира;- ако има засечени заплахи, кликни OK на съобщението;- кликни Next, за да се премахнат гадинките, OK на потвърждението и накрая Finish;- кликни бутон Preferences... (Настройки) и иди на подпрозорец Statistics/Logs (Дневници), маркирай последния лог по дата и кликни бутон View Log... (Покажи дневника);- копирай съдържанието му тук. Ако е нужен рестарт при някое от сканиранията, се съгласи и рестартирай веднага. Цитирай Link to comment Сподели другаде More sharing options...
aleksoft Публикувано Януари 3, 2010 Author Report Share Публикувано Януари 3, 2010 Процесора най-накрая се успокои. За което ти благодаря. Ето и .log файловете от двете програми:SUPERAntiSpyware Scan Loghttp://www.superantispyware.com Generated 01/03/2010 at 02:55 PM Application Version : 4.32.1000 Core Rules Database Version : 4441Trace Rules Database Version: 2265 Scan type : Complete ScanTotal Scan Time : 01:05:33 Memory items scanned : 504Memory threats detected : 0Registry items scanned : 7439Registry threats detected : 0File items scanned : 33221File threats detected : 35 Adware.Tracking Cookie C:\Documents and Settings\Aleksoft\Cookies\aleksoft@xxxblackbook[1].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@atwola[2].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@server.iad.liveperson[2].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@tacoda[1].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@61826376[2].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@list[3].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@rambler[2].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@eaeacom.112.2o7[1].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@questionmarket[2].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@msnportal.112.2o7[1].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@ads.neg[1].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@audio.rambler[1].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@realmedia[2].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@at.atwola[2].txt C:\Documents and Settings\-\Cookies\-@ad12.bannerbank[1].txt C:\Documents and Settings\-\Cookies\-@ad4.bannerbank[1].txt C:\Documents and Settings\-\Cookies\-@ad6.bannerbank[1].txt C:\Documents and Settings\-\Cookies\-@ad8.bannerbank[2].txt C:\Documents and Settings\-\Cookies\-@ad9.bannerbank[2].txt C:\Documents and Settings\-\Cookies\-@ads.adbrite[1].txt C:\Documents and Settings\-\Cookies\-@ads.pointroll[2].txt C:\Documents and Settings\-\Cookies\-@atwola[1].txt C:\Documents and Settings\-\Cookies\-@count.rbc[1].txt C:\Documents and Settings\-\Cookies\-@debug.bannerbank[2].txt C:\Documents and Settings\-\Cookies\-@media.dir[1].txt C:\Documents and Settings\-\Cookies\-@media.exchange[1].txt C:\Documents and Settings\-\Cookies\-@sexsize[2].txt C:\Documents and Settings\-\Cookies\-@xiti[2].txt C:\Documents and Settings\Aleksoft\Cookies\aleksoft@network.realmedia[1].txt Keylogger.Actual Spy C:\WINDOWS\system\actualspystart.lnk Trojan.Agent/Gen-Nullo[short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{4204BA67-2129-4213-986C-374070F190D0}\RP1135\A0372063.EXE Adware.MyWebSearch/FunWebProducts C:\SYSTEM VOLUME INFORMATION\_RESTORE{8157E42C-5C6C-4945-8939-CEFAFC73E59B}\RP584\A0159665.SCR C:\SYSTEM VOLUME INFORMATION\_RESTORE{8157E42C-5C6C-4945-8939-CEFAFC73E59B}\RP584\A0159691.SCR Adware.MyWebSearch C:\SYSTEM VOLUME INFORMATION\_RESTORE{8157E42C-5C6C-4945-8939-CEFAFC73E59B}\RP584\A0159671.EXE Trojan.Agent/Gen-PEC C:\WINDOWS\PEV.EXE Malwarebytes' Anti-Malware 1.43Версия на базата от данни: 3486Windows 5.1.2600 Service Pack 2Internet Explorer 6.0.2900.2180 03.01.2010 13:28:29mbam-log-2010-01-03 (13-28-29).txt Тип сканиране: Бързо сканиранеСканирани обекти: 210263Изминало време: 22 minute(s), 30 second(s) Заразени процеси в паметта: 0Заразени модули в паметта: 0Заразени ключове в регистратурата: 0Заразени стойности в регистратурата: 2Заразени информационни обекти в регистратурата: 0Заразени папки: 0Заразени файлове: 8 Заразени процеси в паметта:(Не бяха открити заплахи) Заразени модули в паметта:(Не бяха открити заплахи) Заразени ключове в регистратурата:(Не бяха открити заплахи) Заразени стойности в регистратурата:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully. Заразени информационни обекти в регистратурата:(Не бяха открити заплахи) Заразени папки:(Не бяха открити заплахи) Заразени файлове:C:\WINDOWS\system32\drivers\wdpma.sys (Rootkit.Agent) -> Delete on reboot.C:\WINDOWS\Temp\~TM2DF.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\~TM2E0.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.C:\Documents and Settings\Aleksoft\Start Menu\Programs\Startup\siszyd32.exe (Trojan.Agent) -> Delete on reboot.C:\WINDOWS\Temp\cd1b616a-6ef9-4a70-a349-0576eb22e6d2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\Temp\cd1ed9cf-ec49-448d-b330-5ca2deb29209.tmp (Trojan.Agent) -> Quarantined and deleted successfully.C:\Documents and Settings\Aleksoft\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully. Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.