Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Pareri despre eceasuri.ro: cumpar...

Mama Miresii (2024)

Estimare reparatie

Sterilizare UV apa
 Folii heliomate faruri - merita?

Cabina Dus mai mare cu 10cm decat...

Rezultate firma

Facultatea de Medicina - a doua f...
 Fortat sa imi dau demisia

Nivelare placa + Fisuri

Premierul Slovaciei a fost impuscat

RIP imgflip meme generator
 V-ati facut sau va veti face Colo...

Imagini generate de Inteligenta A...

Typo3 - tabel cu HTML

Amorsa inainte de adeziv
 

Smitfraud

- - - - -
Last Updated: Feb 02 2007 08:42, Started by voodooeye_69 , Feb 01 2007 23:19  
  ·  
  • Please log in to reply
2 replies to this topic

#1
voodooeye_69
Posted 01 February 2007 - 23:19

voodooeye_69

    Member

  • Grup: Members
  • Posts: 977
  • Înscris: 15.06.2005
Am si eu aceeasi problema dar cind vreau sa dau paste from clipboard nu imi baga linile spuse de tine.Sau poate ar trebuii scris alt ceva? Cum rezolv asta.
Logul dat de Hijack este:
Logfile of HiJackThis v1.99.1
Scan saved at 11:14:54 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\scvhost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Calin Andra\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.incredimail.com/english
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Netlimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Multumesc mult celor care ma pot ajuta, eu sunt cam pe linga subiectul acesta.

Edited by voodooeye_69, 01 February 2007 - 23:29.

#2
voodooeye_69
Posted 01 February 2007 - 23:52

voodooeye_69

    Member

  • Grup: Members
  • Posts: 977
  • Înscris: 15.06.2005
In continuare pun si raportul facut de Spyboat S&D
--- Search result list ---
Smitfraud-C.Keylogger:  Text file (File, nothing done)
  C:\WINDOWS\offlog.txt

Smitfraud-C.Keylogger: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\

Smitfraud-C.Keylogger: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\AntiVir

Smitfraud-C.Keylogger: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\icq lite

Smitfraud-C.Keylogger: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\msconfig

Smitfraud-C.Keylogger: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\Update Checker

Smitfraud-C.Keylogger: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\Windows Update

Smitfraud-C.: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell=...scvhost.exe...

Smitfraud-C.: Settings (Registry value, nothing done)
  HKEY_USERS\S-1-5-21-436374069-1606980848-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run=...C:\WINDOWS\scvhost.exe...

Smitfraud-C.: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\AntiVir

Smitfraud-C.: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\icq lite

Smitfraud-C.: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\msconfig

Smitfraud-C.: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Update Checker

Smitfraud-C.: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Windows Update

Smitfraud-C.: Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\=...C:\WINDOWS\scvhost.exe...

#3
Daisuke
Posted 02 February 2007 - 08:42

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Download ATF Cleaner si salveaza-l pe desktop. Nu il folosi inca.

Asigura-te ca poti vedea hidden files & folders:
A. In meniulTools din Windows Explorer, click Folder Options.
B. Click tab-ul View tab.
C. La Hidden files and folders, click Show hidden files and folders.
D. Debifeaza Hide extensions for known filetypes si Hide protected operating system files.
Detalii aici

Este o idee buna sa printezi sau sa copiezi aceste instructiuni pentru ca nu ai acces la net in SafeMode.

REBOOT in SafeMode, apasa tasta F8 de mai multe ori la bootup: Cum pornesc calculatorul in SafeMode ?

Executa HiJackThis si bifeaza cele de mai jos:

F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe

O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [AntiVir] C:\WINDOWS\scvhost.exe

Foarte important: Inchide toate celelalte ferestre si browsere, in afara de HijackThis, si apasa Fix Checked.

REBOOT in SafeMode si ramai aici pana termini de curatat.

Delete urmatoarele fisiere, daca mai sunt prezente:
C:\WINDOWS\scvhost.exe  <-- acest fisier

Cu toate ferestrele si browserele inchise.
Goleste temp si Temporary Internet Files.
Dublu-click ATF-Cleaner.exe pentru a porni programul.
In tab-ul Main alege: Select All
Apasa butonul Empty Selected.

REBOOT NORMAL.

Scaneaza computerul aici:
Kaspersky Online Scanner: http://www.kaspersky.com/virusscanner

Uninstall Java din Add\Remove Programs, Reboot, instaleaza ultima versiune. Ai o versiune vulnerabila.

Java Runtime Environment (JRE), pe la mijlocul paginii

Edited by Daisuke, 02 February 2007 - 08:45.

Anunturi

Chirurgia endoscopică a hipofizei Chirurgia endoscopică a hipofizei

"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală.

Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale.

www.neurohope.ro
Back to Devirusare & raportare virusi/malware

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Forumul Softpedia
  2. Soft Related / OS
  3. Antivirus & Security
  4. Devirusare & raportare virusi/malware
Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate