Second Opinion
Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale. Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit. www.neurohope.ro |
Log HijackThis :)
Last Updated: Apr 26 2009 14:18, Started by
knutz0r
, Apr 09 2009 21:31
·
0
#1
Posted 09 April 2009 - 21:31
Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 22:24:39, on 09.04.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\FileZilla Server\FileZilla Server.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\VMSnap5.EXE C:\WINDOWS\Domino.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\bora\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ro/ O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Asistenta legaturi Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{13123971-2FB4-46E7-8ADE-3AFACBDCDA8F}: NameServer = 192.168.0.2 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Filezilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Google Cryptographic Service - Google - C:\WINDOWS\Fonts\GoogleToolbarcheck.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\Aspam.spam.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5265 bytes ------------------------------------------------------------------------------------------------------------------------ astept raspuns |
#2
Posted 09 April 2009 - 21:36
Pune urmatoarele fisiere intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza.
Quote C:\WINDOWS\Fonts\GoogleToolbarcheck.exe NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM ! Dupa ce ai facut asta si numai dupa ce faci asta... Descarca Dr. Web CureIt: ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe Scaneaza cu el full. |
#3
Posted 09 April 2009 - 23:01
crysty2k5, on Apr 9 2009, 21:36, said: Pune urmatoarele fisiere intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza. NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM ! Dupa ce ai facut asta si numai dupa ce faci asta... Descarca Dr. Web CureIt: ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe Scaneaza cu el full. din pacate nu mai am fisierul :| ... am scanat cu o utilitate de la BitDefender pt Conficker si a gasit 3 fisiere printre care si acela ... shi le-am dat delete ... asta a fost inainte ca tu sa-mi dai raspunsul ... acum ce pot face? |
#5
Posted 10 April 2009 - 09:34
#6
Posted 10 April 2009 - 09:38
Pai tu ce probleme ai?
Edited by xxvirusxx, 10 April 2009 - 09:42. |
#7
Posted 10 April 2009 - 09:40
Din cate zice a avut urme de Conficker.
Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop. Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish. Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan. La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected. La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici. Edited by crysty2k5, 12 April 2009 - 10:22. |
#8
Posted 12 April 2009 - 10:16
xxvirusxx, on Apr 10 2009, 09:38, said: Pai tu ce probleme ai? nu ma pot conecta la http://www.virustotal.com/ si nici http://www.kaspersky.com … |
#9
Posted 12 April 2009 - 10:24
#10
Posted 12 April 2009 - 11:01
Primul Log dupa scanare :
Malwarebytes' Anti-Malware 1.36 Database version: 1970 Windows 5.1.2600 Service Pack 2 12.04.2009 11:56:43 mbam-log-2009-04-12 (11-56-37).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 166222 Time elapsed: 49 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: C:\WINDOWS\tmpie (Backdoor.Bot) -> No action taken. Files Infected: C:\WINDOWS\tmpie\msado25.tlb (Backdoor.Bot) -> No action taken. C:\WINDOWS\tmpie\MSVBVM60.DLL (Backdoor.Bot) -> No action taken. C:\WINDOWS\tmpie\MSWINSCK.OCX (Backdoor.Bot) -> No action taken. C:\WINDOWS\tmpie\RICHTX32.OCX (Backdoor.Bot) -> No action taken. C:\WINDOWS\tmpie\SubclassingSink.tlb (Backdoor.Bot) -> No action taken. C:\WINDOWS\tmpie\urlmon.dll (Backdoor.Bot) -> No action taken. C:\WINDOWS\tmpie\wbemdisp.tlb (Backdoor.Bot) -> No action taken. C:\WINDOWS\tmpie\wininet.dll (Backdoor.Bot) -> No action taken. C:\WINDOWS\tmpie\ws2_32.dll (Backdoor.Bot) -> No action taken. C:\loadhdd.bat (Trojan.Agent) -> No action taken. C:\svchost.bat (Trojan.Agent) -> No action taken. C:\WINDOWS\Tasks\taskeng.exe (Spyware.OnlineGames) -> No action taken. C:\svchost.exe (Trojan.Agent) -> No action taken. Al doilea log dupa dezinfectare : Malwarebytes' Anti-Malware 1.36 Database version: 1970 Windows 5.1.2600 Service Pack 2 12.04.2009 11:56:52 mbam-log-2009-04-12 (11-56-52).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 166222 Time elapsed: 49 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\tmpie (Backdoor.Bot) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\tmpie\msado25.tlb (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\tmpie\MSVBVM60.DLL (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\tmpie\MSWINSCK.OCX (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\tmpie\RICHTX32.OCX (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\tmpie\SubclassingSink.tlb (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\tmpie\urlmon.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\tmpie\wbemdisp.tlb (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\tmpie\wininet.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\tmpie\ws2_32.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\loadhdd.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\svchost.bat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\taskeng.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. C:\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. Astept raspuns |
|
#11
Posted 12 April 2009 - 11:04
Bun bun...
Ai curatat tot ce era. Poti accesa site-urile acelea acum ?! Edited by crysty2k5, 13 April 2009 - 14:51. |
#12
Posted 12 April 2009 - 11:16
#14
Posted 13 April 2009 - 11:20
#15
Posted 15 April 2009 - 10:46
pykko, on Apr 13 2009, 12:20, said: Ce tip de conexiune ai? Daca nu ai wireless, incearca programul atasat. Il instalezi, apoi il rulezi si apesi cele doua butoane: "Reset TCP\IP" si "Reset Winsock". am bagat si asta ... mi-a stricat conexiunea la internet ... nu mai merge netul deloc ... tot nu pot accesa paginile |
|
#16
Posted 15 April 2009 - 19:32
Pai daca ai de facut setarila net, intreaba ISP-ul IP-ul, DNS, etc
Daca nu ai lasa-le pe auto. |
#17
Posted 21 April 2009 - 18:58
#18
Posted 22 April 2009 - 15:38
Descarca SUPERAntiSpyware si salveaza-l pe Desktop.
Instaleaza-l, apoi deschide fereasta principala si apasa Check for Updates... Dupa update, apasa Scan Computer...Asigura-te ca e bifat Perform Complete Scan si apasa Next. Posteaza apoi aici rezultatele scanarii. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users