Jump to content

Само профилактика - лог от HijackThis


Препоръчан пост

при стартиране уиндоуса много бавно зарежда,ако има излишни автоматични стартирани програми моля кажете кои са излишни <br />предварително благодаря

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:10:50, on 02.10.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

E:\AnVir Task Manager Free\AnVir.exe

C:\Kaldata.exe\Kaldata.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

 

http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Java Plug-In 2 SSV Helper -

 

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

 

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

 

- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA

 

Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

 

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

 

C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate

 

Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32

 

Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall

 

Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program

 

Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Mamutu Guard] "C:\PROGRAM FILES\MAMUTU\mamutu.exe"

 

/silent

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program

 

Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

 

(User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

 

(User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

 

(User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

 

(User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Program

 

Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program

 

Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit -

 

res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program

 

Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

 

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

 

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

 

Diagnostic\xpnetdiag.exe

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner

 

Launcher) -

 

http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX

 

Scan Agent 6.6) -

 

http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/a

 

ctivex/hcImpl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0

 

Installer Class) -

 

http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

 

http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.

 

cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

 

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuwe

 

b_site.cab?1253382744000

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

 

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/mu

 

web_site.cab?1253383763421

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

 

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) -

 

http://cainternetsecurity.net/scanner/cascanner.cab

O17 -

 

HKLM\System\CCS\Services\Tcpip\..\{E79850FD-93DC-4173-AEEA-A8A9B7EC131F}:

 

NameServer = 213.16.56.1 213.16.56.9

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

 

C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

 

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program

 

Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH -

 

C:\Program Files\a-squared Free\a2service.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program

 

Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET

 

NOD32 Antivirus\ekrn.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit

 

Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

 

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - C:\Program

 

Files\Mamutu\a2service.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program

 

Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation

 

- C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools -

 

C:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp

 

Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

--

End of file - 6717 bytes

Link to comment
Сподели другаде

Още някоя програма в защита да сложиш,тези са много малко?

И после,мудно зареждал уина,ти какво очакваш?Взе ми и поразчисти малко:

Моето мнение:

1.Антивирусна,оставаш NOD32

2.Anti-spyware - NOD32

3.Защитна стена+Hips ,оставаш PC Tools Firewall Plus

4.За контролно сканиране от време не време,оставаш: SUPERAntiSpyware и Malwarebytes' Anti-Malware,безплатните версии без модул в реално време.

 

За какво ти е Mamutu при положение,че имаш добър Hips от страна на PC Tools Firewall ? Всичко останало в защита го деинсталираш.След което почистваш и оптимизираш с програма,като CCleaner и после виж как ти зарежда уина!

Link to comment
Сподели другаде

До вчера бях с a-squared Anti –Malware и NOD32 и PC Tools Firewall ,но след като

 

деинсталирах a-squared по инерция си сложих старите програми с които бях преди да си

 

сложа PC Tools Firewall

 

а относно бавното стартиране уиндоуса така е още от преинсталирането му от тогава е и постоянното

 

спиране на нета има ли нещо в Logfile of Trend Micro HijackThis?

Link to comment
Сподели другаде

До вчера бях с a-squared Anti –Malware и NOD32 и PC Tools Firewall ,но след като

 

деинсталирах a-squared по инерция си сложих старите програми с които бях преди да си

 

сложа PC Tools Firewall

 

а относно бавното стартиране уиндоуса така е още от преинсталирането му от тогава е и постоянното

 

спиране на нета има ли нещо в Logfile of Trend Micro HijackThis?

Дай нов лог.

Link to comment
Сподели другаде

Преди да стартираш HijakThis, преименувай exe-то (а не иконата на десктопа) на каквото ти си решиш (т.е., да не се казва HijakThis). След това го стартирай и качи лога тук.
Link to comment
Сподели другаде

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:08:31, on 02.10.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\a-squared Free\a2service.exe

C:\WINDOWS\ATKKBService.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\PROGRA~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\programa.exe\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{ADAC51B0-4A76-4EA7-B152-BDAF5516DD06}: NameServer = 10.56.0.1

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe

 

--

End of file - 5381 bytes

 

Какво по-точно се гледа в този лог,че не разбирам

Link to comment
Сподели другаде

..... набързо прегледах лога и мисля че съм чист.

Само да вметна,че новите заплахи HijackThis няма как да ги локализира,така че лога само не е достатъчен за подобен вид проверка на зловреден код!

Можеш да фиксираш следното,понеже е уязвимост :

O20 - AppInit_DLLs:

Link to comment
Сподели другаде

Дай нов лог.

 

нямаше ме 2 дни и съжалявам за закъснението на лога

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:43:05, on 04.10.2009 г.

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

E:\AnVir Task Manager Free\AnVir.exe

C:\Program Files\Defraggler\Defraggler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Kaldata.exe\Kaldata.exe.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f.../fslauncher.cab

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1253382744000

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1253383763421

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsec...r/cascanner.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E79850FD-93DC-4173-AEEA-A8A9B7EC131F}: NameServer = 213.16.56.1 213.16.56.9

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

--

End of file - 6655 bytes

Link to comment
Сподели другаде

@stonit

Отвори HiJackThis, избери Do a system scan only и сложи отметки на следните редове,накрая затвори браузъра и избери Fix Checked.

 

O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f.../fslauncher.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1253382744000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1253383763421
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsec...r/cascanner.cab

 

 

==========================================================================================

Сега, изтегли ATF Cleaner

Запазете го на вашия десктоп.

 

  • Кликнете два пъти върху ATF-Cleaner.exe , за да стартирате програмата.
  • Кликнете на Select All, който се намира в най-долната част на списъка.
  • Кликнете на бутона Empty Selected.

Ако използвате браузъра Mozilla Firefox, направете следното:

  • Кликнете върху Firefox, който се намира в началото и изберете Select All от списъка.
  • Кликнете на бутона Empty Selected.
  • Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.

Ако използвате браузъра Opera, направете следното:

  • Кликнете върху Opera който се намира в началото и изберете Select All от списъка.
  • Кликнете на бутона Empty Selected.
  • Бележка: Ако искате да съхраните запазените пароли, моля кликнете на No от новопоявилия се прозорец.

Кликнете на бутона Exit, който се намира в главното меню, за да затворите програмата.

 

=================================================================================================================

Изтегли JavaRa и го разархивирайте на вашия десктоп.

***! Моля, преди да започнете с процедурата, затворете Internet Explorer !***

 

Кликнете два пъти върху JavaRa.exe, за да стартирате програмата

От падащото меню, изберете English ...и изберете Select.

JavaRa ще се стартира; Изберете Remove Older Versions, за да премахнете по-старата версия от вашия компютър.

Посочете Yes, когато бъдете попитани. Когато JavaRa приключи успешно премахването на старата версия, ще получите съобщение, че лог файла от извършената процедура е създаден. Изберете OK.

Лог файлът ще изскочи. Моля, запазете го на вашия десктоп.

Копирайте и поставете лог файла от JavaRa в следващия Ви пост в тази тема.

====================================================================

Link to comment
Сподели другаде

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Mon Oct 05 08:41:05 2009

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

 

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

 

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

 

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

 

------------------------------------

 

Finished reporting.

Link to comment
Сподели другаде

Някои неща от лога не са ми ясни. По точно 4-те HKUS\5-1-5-19\..\RUN ONCE, HKUS\5-1-5-20\..\RUN ONCE , HKUS\5-1-5-18\..\RUN ONCE и HKUS\DEFAULT\..\RUN ONCE . Само те са ми съмнителни. Поне на шота друго съмнително не виждам. Ако може малко разяснение за въпросните процеси. Няма някакъв проблем, просто профилактика.

post-8656-12547252936492_thumb.jpg

Link to comment
Сподели другаде

До този момент не знам точно откъде идват въпросните ShowDeskFix обекти. Почти сигурен съм, че са безвредни, но как точно никнат не знам.

И тук пуснах лога http://www.hijackthis.de/#anl , но нищо ново като инфо, освен за по-незапознати от мен. Потърсих още инфо из нета, и ми направи впечатление, че и при други потребители присъстват тези процеси, но към нито един от тях препоръката не беше да се ''фикснат'' , което ме кара да мисля , че не са зловредни. Но туй мое пусто любопитство....Благодаря все пак. :)

Link to comment
Сподели другаде

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Гост
Отговори на тази тема

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   Не можете да качите директно снимка. Качете или добавете изображението от линк (URL)

Loading...
×
×
  • Създай ново...