venelinveni Публикувано Януари 22, 2008 Report Share Публикувано Януари 22, 2008 Здравеите!!!От вчера имам следния проблем с компа.Лепнал съм нещо и незная как да го премахна.Долу в дясно на лентата излиза една иконка кръгла дето си сменя надписа ту като Х ту като ? и периодично ми излиза надпис SYSTEM ALERT . Като кликна върху нея ме препраща на http://www.virprotect.com/?aff=1012 Дайте съвет това реален вирус ли е и как да го премахна без 50$ Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 22, 2008 Report Share Публикувано Януари 22, 2008 Като за начало изтегли Rogue Remover, инсталирай я, обнови я и сканирай с нея (става за секунди сканирането). После изтегли HijackThis 1.99.1 (213KB), която съм преименувал нарочно, стартирай я и кликни Do a system scan and save a logfile. Това ще създаде текстов файл в същата папка. Копирай съдържанието му тук или прикачи файла към темата, както ти е по-удобно. Цитирай Link to comment Сподели другаде More sharing options...
venelinveni Публикувано Януари 23, 2008 Author Report Share Публикувано Януари 23, 2008 Logfile of HijackThis v1.99.1Scan saved at 19:05:50, on 22.1.2008 г.Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\PnkBstrA.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Datecs\FlexType 2K\FType2K.exeC:\Program Files\BitComet\BitComet.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeD:\Games\MeGa\Counter-Strike 1.6\hlds.exeC:\Program Files\Mozilla Firefox\firefox.exeE:\Program Files\alabala.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dllO1 - Hosts: 66.98.148.65 auto.search.msn.comO1 - Hosts: 66.98.148.65 auto.search.msn.esO2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dllO3 - Toolbar: (no name) - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - (no file)O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dllO9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0FA091D3-6CF2-4DD4-83AB-DD2F59979F0E}: NameServer = 213.240.244.3 213.240.244.2O17 - HKLM\System\CCS\Services\Tcpip\..\{282EA9D6-E7EA-4802-BB6D-C454B8B12915}: NameServer = 213.240.244.3,213.240.244.234O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA091D3-6CF2-4DD4-83AB-DD2F59979F0E}: NameServer = 213.240.244.3 213.240.244.2O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\System32\skype4com.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Цитирай Link to comment Сподели другаде More sharing options...
Slammer Публикувано Януари 23, 2008 Report Share Публикувано Януари 23, 2008 Тези елемента ми се струват съмнителни и е хубаво да ги фикс-неш (изтриеш) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com/...O1 - Hosts: 66.98.148.65 auto.search.msn.comO1 - Hosts: 66.98.148.65 auto.search.msn.es Намери файла: hosts (намира се в папката: C:\WINDOWS\system32\drivers\etc ), отвори го с Notepad и виж дали имаш добавени IP-адреси.Оригиналния файл изглежда по този начин: # Copyright © 1993-1999 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost [скриване на текста]");document.close(); Цитирай Link to comment Сподели другаде More sharing options...
venelinveni Публикувано Януари 23, 2008 Author Report Share Публикувано Януари 23, 2008 Ами изтрих четирите елемента,и отворих файла hosts и вътре остана само това: 127.0.0.1 localhost Рестартирах компа ,но ............няма промяна. Все пак ще Ви пратя новия текстов файл от hijackthis дано свърши работа Logfile of HijackThis v1.99.1Scan saved at 11:29:26, on 23.1.2008 г.Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\PnkBstrA.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Datecs\FlexType 2K\FType2K.exeD:\Games\MeGa\Counter-Strike 1.6\hlds.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Total Commander\Totalcmd.exeE:\Program Files\alabala.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dllO2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dllO3 - Toolbar: (no name) - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - (no file)O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dllO9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0FA091D3-6CF2-4DD4-83AB-DD2F59979F0E}: NameServer = 213.240.244.3 213.240.244.2O17 - HKLM\System\CCS\Services\Tcpip\..\{282EA9D6-E7EA-4802-BB6D-C454B8B12915}: NameServer = 213.240.244.3,213.240.244.234O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA091D3-6CF2-4DD4-83AB-DD2F59979F0E}: NameServer = 213.240.244.3 213.240.244.2O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\System32\skype4com.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Цитирай Link to comment Сподели другаде More sharing options...
Cheers Публикувано Януари 23, 2008 Report Share Публикувано Януари 23, 2008 Пробвай с Spybot-S&D: ЦъкСпомням си, че Spybot-S&D оправяше този проблем. За всеки случай може да изключиш System Restore преди сканиране или да пробваш в Safe mode. Ако не стане с Spybot-S&D, виж това: Цък или това: Цък. Цитирай Link to comment Сподели другаде More sharing options...
Aquarius Публикувано Януари 23, 2008 Report Share Публикувано Януари 23, 2008 От лог-файла на HijackThis се вижда, че използваш Windows XP SP1, което в момента е ~стара и несигурна платформа. Добре е да помислиш за преминаване към SP2. Ако решиш да останеш със SP1, добре е да активираш защитната стена (ICF) на Windows или да инсталираш third-party такава.Виждат се следи от anti-threat продукт на Symantec - добра идея е да обновиш програмата и да направиш пълно сканиране, най-добре в режим Safe Mode на Windows. След това може да инсталираш, обновиш (update) и сканираш* със съсредоточена програма срещу spyware / adware като SpyBot SD или AVG Anti-Spyware.*най-добре в режим Safe Mode.Лог-файла показва и наличие на стара версия на Sun Java Virtual Machine, което също не е добре за сигурността. За update на Sun JVM може да използваш тази страница.По-желание може да поправиш / премахнеш и следните неща, които не са заплахи, но не е нужно да са там.O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8685CC} - (no file)O3 - Toolbar: (no name) - {C4DFA6F3-1245-41E5-8E60-7D31427F01B3} - (no file)O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)O17 - HKLM\System\CCS\Services\Tcpip\..\{0FA091D3-6CF2-4DD4-83AB-DD2F59979F0E}: NameServer = 213.240.244.3 213.240.244.2O17 - HKLM\System\CCS\Services\Tcpip\..\{282EA9D6-E7EA-4802-BB6D-C454B8B12915}: NameServer = 213.240.244.3,213.240.244.234O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA091D3-6CF2-4DD4-83AB-DD2F59979F0E}: NameServer = 213.240.244.3 213.240.244.2Има и няколко услуги на Symantec (тези с file missing), които също може да махнеш по-желание.Пусни също така и един лог-файл от AutoRuns. Стартирай файла Autoruns.exe и направи следното:1. Избери Options -> Hide Microsoft Entries. 2. Избери File -> Refresh. 3. Избери File -> Save as. Запази файла някъде и след това копирай съдържанието му в темата. Цитирай Link to comment Сподели другаде More sharing options...
Topper Публикувано Януари 23, 2008 Report Share Публикувано Януари 23, 2008 Аз бих посъветвал потребителя първо да изчисти всички missing и no-file редове, защото така или иначе ги няма библиотеките/файловете.Нортъна е безвъзвратно осакатен, първо clean uninstall пък после ако му трябва...След това да пусне пак HiJack но без да е пуснал още 100 програми, за да е по-прегледен лога.И м/у другото мисля, че това нещо не е редно O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exeДа не говоря, че тази библиотека за комуникация със Скайп е отдавна спрян проект, не знам кой софтуер я ползваO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\System32\skype4com.dllИ накрая едно Run: cmd /k sfc /SCANNOW, за което ще трябва инсталационния диск и когато иска да възстанови файл - му потвърди. Цитирай Link to comment Сподели другаде More sharing options...
Night_Raven Публикувано Януари 23, 2008 Report Share Публикувано Януари 23, 2008 "O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe" не е нередно. Инсталира се редом с някои игри и е нужно най-вече за онлайн игра. Цитирай Link to comment Сподели другаде More sharing options...
Topper Публикувано Януари 23, 2008 Report Share Публикувано Януари 23, 2008 С непознат собственик и в %windir%\system32 ?? Ако наистина е легален софт, трябва да ги бият през ръцете тези програмисти Поне е сървиз, да го спре за да види какво става. А и лога от Autoruns би бил полезен да го видим Цитирай Link to comment Сподели другаде More sharing options...
venelinveni Публикувано Януари 23, 2008 Author Report Share Публикувано Януари 23, 2008 SYSINTERNALS SOFTWARE LICENSE TERMS These license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Systinternals.com, which includes the media on which you received it, if any. The terms also apply to any Sysinternals * updates,* supplements,* Internet-based services, and * support services for this software, unless other terms accompany those items. If so, those terms apply. BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE. If you comply with these license terms, you have the rights below. 1. INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices. 2. SCOPE OF LICENSE. The software is licensed, not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the software only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may not: * work around any technical limitations in the binary versions of the software;* reverse engineer, decompile or disassemble the binary versions of the software, except and only to the extent that applicable law expressly permits, despite this limitation;* make more copies of the software than specified in this agreement or allowed by applicable law, despite this limitation;* publish the software for others to copy;* rent, lease or lend the software;* transfer the software or this agreement to any third party; or* use the software for commercial software hosting services. 3. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal, reference purposes. 4. EXPORT RESTRICTIONS. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting. 5. SUPPORT SERVICES. Because this software is “as is,” we may not provide support services for it. 6. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates, Internet-based services and support services that you use, are the entire agreement for the software and support services. 7. APPLICABLE LAW.a. United States. If you acquired the software in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.b. Outside the United States. If you acquired the software in any other country, the laws of that country apply. 8. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the software. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so. 9. DISCLAIMER OF WARRANTY. THE SOFTWARE IS LICENSED “AS-IS.” YOU BEAR THE RISK OF USING IT. SYSINTERNALS GIVES NO EXPRESS WARRANTIES, GUARANTEES OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, SYSINTERNALS EXCLUDES THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. 10. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM SYSINTERNALS AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES. This limitation applies to* anything related to the software, services, content (including code) on third party Internet sites, or third party programs; and* claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.It also applies even if Sysinternals knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages. Please note: As this software is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French. Remarque : Ce logiciel йtant distribuй au Quйbec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en franзais. EXONЙRATION DE GARANTIE. Le logiciel visй par une licence est offert « tel quel ». Toute utilisation de ce logiciel est а votre seule risque et pйril. Sysinternals n’accorde aucune autre garantie expresse. Vous pouvez bйnйficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualitй marchande, d’adйquation а un usage particulier et d’absence de contrefaзon sont exclues. LIMITATION DES DOMMAGES-INTЙRКTS ET EXCLUSION DE RESPONSABILITЙ POUR LES DOMMAGES. Vous pouvez obtenir de Sysinternals et de ses fournisseurs une indemnisation en cas de dommages directs uniquement а hauteur de 5,00 $ US. Vous ne pouvez prйtendre а aucune indemnisation pour les autres dommages, y compris les dommages spйciaux, indirects ou accessoires et pertes de bйnйfices.Cette limitation concerne :* tout ce qui est reliй au logiciel, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers ; et* les rйclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilitй stricte, de nйgligence ou d’une autre faute dans la limite autorisйe par la loi en vigueur.Elle s’applique йgalement, mкme si Sysinternals connaissait ou devrait connaоtre l’йventualitй d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilitй pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas а votre йgard. EFFET JURIDIQUE. Le prйsent contrat dйcrit certains droits juridiques. Vous pourriez avoir d’autres droits prйvus par les lois de votre pays. Le prйsent contrat ne modifie pas les droits que vous confиrent les lois de votre pays si celles-ci ne le permettent pas. Цитирай Link to comment Сподели другаде More sharing options...
Topper Публикувано Януари 23, 2008 Report Share Публикувано Януари 23, 2008 EULA-а е добре, но запиши резултатите при сканиране и ги дай тук Цитирай Link to comment Сподели другаде More sharing options...
venelinveni Публикувано Януари 23, 2008 Author Report Share Публикувано Януари 23, 2008 А това е файла от hijackthis с възможно най-малко стартирани програми. Просто незнам какво да махна освен един запис 018 Logfile of HijackThis v1.99.1Scan saved at 17:06:27, on 23.1.2008 г.Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\System32\PnkBstrA.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Datecs\FlexType 2K\FType2K.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Mozilla Firefox\firefox.exeE:\Program Files\alabala.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dllO2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dllO2 - BHO: (no name) - {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZRxdm185YYBGO8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dllO9 - Extra button: Преведи - {60237576-b24c-4ba9-9740-c9f3ec9db557} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exeO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0FA091D3-6CF2-4DD4-83AB-DD2F59979F0E}: NameServer = 213.240.244.3 213.240.244.2O17 - HKLM\System\CS1\Services\Tcpip\..\{0FA091D3-6CF2-4DD4-83AB-DD2F59979F0E}: NameServer = 213.240.244.3 213.240.244.2O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Цитирай Link to comment Сподели другаде More sharing options...
Topper Публикувано Януари 23, 2008 Report Share Публикувано Януари 23, 2008 Ти хубаво не знаеш, но тук ти дадоха няколко съвета - изпълни ги, пък тогава пак, а? И лога на Autoruns Цитирай Link to comment Сподели другаде More sharing options...
venelinveni Публикувано Януари 23, 2008 Author Report Share Публикувано Януари 23, 2008 Това са резултатите от сканирането HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. c:\program files\ati technologies\ati control panel\atiptaxx.exe+ ccApp Symantec User Session Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe+ osCheck osCheck Symantec Corporation c:\program files\norton internet security\oscheck.exe+ SunJavaUpdateSched Java 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\jusched.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup + FlexType 2K.lnk c:\program files\datecs\flextype 2k\ftype2k.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler + ablator c:\windows\system32\axdpfl.dllHKLM\Software\Classes\*\ShellEx\ContextMenuHandlers + Symantec.Norton.Antivirus.IEContextMenu Norton AntiVirus Shell Extension Module Symantec Corporation c:\program files\norton internet security\norton antivirus\navshext.dll+ TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software GmbH c:\program files\tuneup utilities 2007\sdshelex-win32.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers + Symantec.Norton.Antivirus.IEContextMenu Norton AntiVirus Shell Extension Module Symantec Corporation c:\program files\norton internet security\norton antivirus\navshext.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers + TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software GmbH c:\program files\tuneup utilities 2007\sdshelex-win32.dll+ WinRAR c:\program files\winrar\rarext.dllHKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers + ACE ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\atiacmxx.dll+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll+ Sony Ericsson File Manager Explorer browser application for mobile devices. Popwire AB c:\program files\sony ericsson\mobile2\file manager\fm.dll+ Sony Ericsson File Manager Explorer browser application for mobile devices. Popwire AB c:\program files\sony ericsson\mobile2\file manager\fm.dll+ TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software GmbH c:\program files\tuneup utilities 2007\sdshelex-win32.dll+ TuneUp Theme Extension TuneUp Theme Extension TuneUp Software GmbH c:\windows\system32\uxtuneup.dll+ WinRAR shell extension c:\program files\winrar\rarext.dllHKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + BitComet Helper BitCometBHO BitComet c:\program files\bitcomet\tools\bitcometbho_1.1.9.24.dll+ Spybot-S&D IE Protection SBSD IE Protection Safer Networking Limited c:\program files\spybot - search & destroy\sdhelper.dll+ SSVHelper Class Java 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\ssv.dll+ XTTBPos00 Class IE Toolbar IE Toolbar c:\program files\icqtoolbar\toolbaru.dll+ {1E8A6170-7264-4D0F-BEAE-D42A53123C75} NcoBHO Symantec Corporation c:\program files\common files\symantec shared\coshared\browser\1.0\nppbho.dll+ {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} File not found: C:\Program Files\Video Add-on\isfmdl.dllHKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks + ICQ Toolbar IE Toolbar IE Toolbar c:\program files\icqtoolbar\toolbaru.dllHKLM\Software\Microsoft\Internet Explorer\Toolbar + FlashGet Bar FlashGet IE Bar Amaze Soft c:\program files\flashget\fgiebar.dll+ NCO Toolbar UIBhoImpl Symantec Corporation c:\program files\common files\symantec shared\coshared\browser\1.0\uibho.dllHKLM\Software\Microsoft\Internet Explorer\Extensions + &FlashGet FlashGet Amaze Soft c:\program files\flashget\flashget.exe+ ICQ6 ICQ Library ICQ, Inc. c:\program files\icq6\icq.exeTask Scheduler + 1-Click Maintenance.job TuneUp System Optimizer TuneUp Software GmbH c:\program files\tuneup utilities 2007\systemoptimizer.exe+ Norton Internet Security - Run Full System Scan - user.job Norton AntiVirus Scanner Module Symantec Corporation c:\program files\norton internet security\norton antivirus\navw32.exeHKLM\System\CurrentControlSet\Services + Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe+ ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe+ Automatic LiveUpdate Scheduler Manages the scheduling of Automatic LiveUpdate sessions Symantec Corporation c:\program files\symantec\liveupdate\aluschedulersvc.exe+ BlueSoleil Hid Service c:\program files\ivt corporation\bluesoleil\btntservice.exe+ ccEvtMgr Event propagation and logging service Symantec Corporation c:\program files\common files\symantec shared\ccsvchst.exe+ ccSetMgr Settings storage and management service Symantec Corporation c:\program files\common files\symantec shared\ccsvchst.exe+ CLTNetCnService Symantec Lic NetConnect Service Symantec Corporation c:\program files\common files\symantec shared\ccsvchst.exe+ gusvc gusvc Google c:\program files\google\common\google updater\googleupdaterservice.exe+ LiveUpdate Notice Ex Manages Norton product notices. Symantec Corporation c:\program files\common files\symantec shared\ccsvchst.exe+ LiveUpdate Notice Service Manages Norton product notices Symantec Corporation c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe+ PnkBstrA PunkBuster Service Component [v1029] http://www.evenbalance.com c:\windows\system32\pnkbstra.exe+ SymAppCore Symantec Application Service Symantec Corporation c:\program files\common files\symantec shared\appcore\appsvc32.exe+ UxTuneUp Allows to use visual styles without Microsoft signature. TuneUp Software GmbH c:\windows\system32\uxtuneup.dllHKLM\System\CurrentControlSet\Services + a347bus Plug and Play BIOS Extension c:\windows\system32\drivers\a347bus.sys+ a347scsi SCSI miniport c:\windows\system32\drivers\a347scsi.sys+ akzdes23 File not found: C:\WINDOWS\System32\Drivers\akzdes23.sys+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys+ AmdK8 AMD Processor Driver Advanced Micro Devices c:\windows\system32\drivers\amdk8.sys+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys+ atksgt c:\windows\system32\drivers\atksgt.sys+ BlueletAudio Bluelet Audio Driver IVT Corporation c:\windows\system32\drivers\blueletaudio.sys+ BT Bluetooth PAN Network Adapter Driver IVT Corporation c:\windows\system32\drivers\btnetdrv.sys+ Btcsrusb Bluetooth USB Device Driver IVT Corporation c:\windows\system32\drivers\btcusb.sys+ BTHidEnum c:\windows\system32\drivers\vbtenum.sys+ BTHidMgr Bluetooth HID Manager driver IVT Corporation c:\windows\system32\drivers\bthidmgr.sys+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys+ d347bus PnP BIOS Extension c:\windows\system32\drivers\d347bus.sys+ d347prt SCSI miniport c:\windows\system32\drivers\d347prt.sys+ dtscsi File not found: C:\WINDOWS\System32\Drivers\dtscsi.sys+ eeCtrl Symantec Eraser Control Driver Symantec Corporation c:\program files\common files\symantec shared\eengine\eectrl.sys+ ENTECH PowerStrip support NT kernel-mode driver EnTech Taiwan c:\windows\system32\drivers\entech.sys+ EraserUtilRebootDrv Symantec Eraser Utility Driver Symantec Corporation c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys+ Keseudasapg File not found: C:\WINDOWS\System32\Drivers\Keseudasapg.sys+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys+ lirsgt c:\windows\system32\drivers\lirsgt.sys+ MTsensor ATK0110 ACPI Utility c:\windows\system32\drivers\asacpi.sys+ NAVENG AV Engine Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20080122.056\naveng.sys+ NAVEX15 AV Engine Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20080122.056\navex15.sys+ nvatabus NVIDIA® nForce IDE Performance Driver NVIDIA Corporation c:\windows\system32\drivers\nvatabus.sys+ NVENETFD NVIDIA Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvenetfd.sys+ nvnetbus NVIDIA Networking Bus Driver. NVIDIA Corporation c:\windows\system32\drivers\nvnetbus.sys+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys+ Pcouffin File not found: System32\Drivers\Pcouffin.sys+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys+ prodrv06 StarForce Protection Environment Driver Protection Technology c:\windows\system32\drivers\prodrv06.sys+ prohlp02 StarForce Protection Helper Driver Protection Technology c:\windows\system32\drivers\prohlp02.sys+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys+ RMSPPPOE PPP over Ethernet Protocol NDIS Intermediate Driver Robert Schlabbach c:\windows\system32\drivers\rmspppoe.sys+ saruen File not found: D:\Emil Gargorov\Anti bann\anti\saruen.sys+ SE27bus Sony Ericsson Device 039 Driver Driver MCCI c:\windows\system32\drivers\se27bus.sys+ SE27mdfl Sony Ericsson Device 039 USB WMC Modem Filter MCCI c:\windows\system32\drivers\se27mdfl.sys+ SE27mdm Sony Ericsson Device 039 USB WMC Modem Driver MCCI c:\windows\system32\drivers\se27mdm.sys+ SE27mgmt Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) MCCI c:\windows\system32\drivers\se27mgmt.sys+ se27nd5 Sony Ericsson Device 039 USB Ethernet Emulation (NDIS 5 Miniport) MCCI c:\windows\system32\drivers\se27nd5.sys+ SE27obex Sony Ericsson Device 039 USB WMC OBEX Interface MCCI c:\windows\system32\drivers\se27obex.sys+ se27unic Sony Ericsson Device 039 USB Ethernet Emulation MCCI c:\windows\system32\drivers\se27unic.sys+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys+ sfhlp01 StarForce Protection Helper Driver Protection Technology c:\windows\system32\drivers\sfhlp01.sys+ SPBBCDrv SPBBC Driver Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys+ sptd c:\windows\system32\drivers\sptd.sys+ SRTSP Symantec AutoProtect Symantec Corporation c:\windows\system32\drivers\srtsp.sys+ SRTSPL Symantec AutoProtect Symantec Corporation c:\windows\system32\drivers\srtspl.sys+ SRTSPX Symantec AutoProtect Symantec Corporation c:\windows\system32\drivers\srtspx.sys+ SYMDNS DNS Filter Driver Symantec Corporation c:\windows\system32\drivers\symdns.sys+ SymEvent Symantec Event Library Symantec Corporation c:\windows\system32\drivers\symevent.sys+ SYMFW Firewall Filter Driver Symantec Corporation c:\windows\system32\drivers\symfw.sys+ SYMIDS IDS Filter Driver Symantec Corporation c:\windows\system32\drivers\symids.sys+ SYMIDSCO IDS Core Driver Symantec Corporation c:\program files\common files\symantec shared\symcdata\idsdefs\20080122.002\symidsco.sys+ SYMNDIS NDIS Filter Driver Symantec Corporation c:\windows\system32\drivers\symndis.sys+ SYMREDRV Redirector Filter Driver Symantec Corporation c:\windows\system32\drivers\symredrv.sys+ SYMTDI Network Dispatch Driver Symantec Corporation c:\windows\system32\drivers\symtdi.sys+ TSP File not found: C:\WINDOWS\system32\drivers\klif.sys+ vaxscsi SCSI miniport Alcohol Soft Co., Ltd. c:\windows\system32\drivers\vaxscsi.sys+ VComm Bluetooth Serial Port Driver IVT Corporation c:\windows\system32\drivers\vcomm.sys+ VcommMgr Bluetooth VcommMgr driver IVT Corporation c:\windows\system32\drivers\vcommmgr.sys+ VHidMinidrv Bluetooth HID Mini driver IVT Corporation c:\windows\system32\drivers\vhidmini.sys+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys+ zntport File not found: C:\WINDOWS\System32\zntport.sysHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll Цитирай Link to comment Сподели другаде More sharing options...
Препоръчан пост
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.