Second Opinion
Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale. Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit. www.neurohope.ro |
HiJackThis si FarbarRecoverScanToolbar (colombo2003)
Last Updated: May 10 2015 12:48, Started by
colombo2003
, Apr 24 2015 23:21
·
0
#1
Posted 24 April 2015 - 23:21
Laptopul tatalui meu (ceva mai vechi, adica processor AMD Sempron 3500+ 1.8 Ghz, 1 GB RAM, cu Win7 SP1) care chiar ca nu are nimic deosebit instalat pe el (ca programe, si nici jocuri), sa zici ca macar e incarcat sau forjat...
Se deschide greu, si merge greu. Asa incat, am zis sa rulez niste "chestii"... ADW Cleaner si Junkware Removal Tool si CCleaner au gasit cate ceva si le-au sters. Atasat, log FRST+Addition de la Farbar REcover Scan Toolbar, iar HiJackThis arata asa: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:56:14, on 24/04/2015 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Users\vladi\Desktop\AV\7.HiJackThis2.0.4.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\vladi\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-21-899879047-1647374893-48095013-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Google Update] "C:\Users\vladi\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?') O4 - HKUS\S-1-5-21-899879047-1647374893-48095013-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR (User '?') O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe -- End of file - 4697 bytes Attached FilesEdited by colombo2003, 24 April 2015 - 23:45. |
#2
Posted 25 April 2015 - 04:54
1. Descarca si salveaza fixlist.txt. =>
fixlist.txt 5.56K
2 downloads
Atentie,fixlist.txt, trebuie salvat in aceiasi locatie cu FRST.exe 2. Ruleaza din nou Farbar Recovery Scan Tool. Dublu click pe FRST.exe pentru al rula.[ http://s4.postimg.org/b7b2g838p/Frst1.png - Pentru incarcare in pagina (embed) Click aici ] Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Yes. [ http://s27.postimg.org/yzw6sw783/FRST2.png - Pentru incarcare in pagina (embed) Click aici ] Click pe Fix. [ http://s22.postimg.org/bzzjtg0ap/FRST4.jpg - Pentru incarcare in pagina (embed) Click aici ] Ataseaza logul in urmatorul raspuns. 3. Ruleaza din nou HijackThis. Daca mai sunt prezente, bifeaza si da fix la: Quote O4 - HKLM\..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime O4 - HKCU\..\Run: [Google Update] C:\Users\vladi\AppData\Local\Google\Update\GoogleUpdate.exe /c O4 - HKUS\S-1-5-21-899879047-1647374893-48095013-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Google Update] C:\Users\vladi\AppData\Local\Google\Update\GoogleUpdate.exe /c (User '?') O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe [ http://s13.postimg.org/jxg8digqv/HJ1.jpg - Pentru incarcare in pagina (embed) Click aici ] |
#3
Posted 25 April 2015 - 15:51
Hmm, voi posta imediat si Fix-ul, insa, la HiJackThis, am fixat intrarea O4 (Google Update) si nu a mai reaparut, INSA, cele trei intrari O23 apar si dupa Fix!!! Si am facut operatia de fixare de doua ori. De ce? Cat sunt de periculoase?
Si inca ceva: apare acest mesaj: HijackThis (ca titlu) si semn de exclamare in triunghi galben: "For some reason your system denied write access to the Host file. If any hijacked domaine are in this file, HiJackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click Start, Run and type: Notepad C:\Windows\System32\drivers\etc\hosts and press Enter. Find the line(s) Hijack This reports abd delete them. Save the file as 'hosts.' (with quotes), and reboot. For Vista: simply, exit HiJackThis, right click on the HiJackThis icon, choose 'Run as administrator'. " si buton de OK Attached FilesEdited by colombo2003, 25 April 2015 - 15:53. |
#4
Posted 25 April 2015 - 21:00
Ca alte simptome:
1) Imi mai apare o fereastra de Network Error (care pana acum nu aparea): Windows has detected an IP address conflict "Another computer on this network has same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log." 2) imi dispare din tray, iconita de Avira Postez si un log de herdProtect (imi zice ca inconclusive detection pe junkwareremovaltool.exe, ca fiind not signed). Si, mai postez si logul RogueKiller (ca observatie, versiunea pe care o aveam, din topicul precedent, 10.5.9, e deja invechita; si m-a pus sa fac update (de pe adlice), la versiunea 10.6, INSA, si-a facut shortcut pe ecran si l-am lansat ca atare, FARA sa ii mai dau click dreapta si Run as administrator; oricum tata are cont cu drept de admin)). Attached Files |
#5
Posted 27 April 2015 - 05:23
Quote Another computer on this network has same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log. Quote ...iconita de Avira HerdProtect, e bine, sunt(false positive). In RogueKiller: Verifica sa fie bifat ce e citat mai jos: Quote [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found Descarca si ruleaza OTL. Pentru Windows Vista sau Windows 7,Windows 8, click dreapta, selecteaza Run as administrator. Bifezi ca in imagine. [ http://s11.postimg.org/jaand9soj/otl1.jpg - Pentru incarcare in pagina (embed) Click aici ] La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt. Ataseaza OTL.txt si Extras.txt in urmatorul raspuns. |
#6
Posted 29 April 2015 - 12:11
1) Ce vrea acel mesaj (cu IP-ul), inteleg; ce nu inteleg insa este de ce?
Pentru ca in retea nu erau decat 2 laptopuri: cel al tatalui meu si al meu. Si mergeau ce mergeau, apoi, pe cel al tatalui meu, aparea acel mesaj (fara sa faca nimeni nimic, fara conectari sau deconectari ale altor echipamente). Ambele laptopuri erau conectate wireless la router (pe Orange). Asta mi se pare curios. 2) Si totusi, in continuare, desi setat este pe show icon and notification, iconita de la Avira nu apare (mereu) langa ceas... Si asta mi se pare curios... (cu toate ca Avira functioneaza) 3) Atunci cand incerc sa salvez OTL.exe, Avira "tipa" cum ca "... containing the virus or unwanted program 'HIDDENEXT/Crypted' was blocked..." |
#7
Posted 29 April 2015 - 13:12
Reatasez inca un log de RogueKiller, pentru ca, atunci cand am incercar sa fixez acea intrare, am zis sa dau inca un Scan. Si-mi zicea ca deja a aparut o noua versiune (10.6.0 -> 10.6.1); asa incat am instalat-o, scanat din nou si pus log.
Referitor la acea intrare, vad ca acum apar doua. Si le-am sters pe ambele!!! Apoi, am reusit sa-l "pacalesc", prin Team Viewer (AV de la birou nu-mi da alerta de virus). Atasesez cele doua loguri de OTL (ver 3.2.69.0). Attached Files |
#8
Posted 29 April 2015 - 21:13
Quote 1) Ce vrea acel mesaj (cu IP-ul), inteleg; ce nu inteleg insa este de ce? Apare si in OTL: Quote Error - 25/04/2015 13:56:28 | Computer Name = vladi-PC | Source = Tcpip | ID = 4199 Description = The system detected an address conflict for IP address :: with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result. Si Avira are probleme: Quote Error - 29/04/2015 05:29:30 | Computer Name = vladi-PC | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Avira Sa vedem, daca si cum, te pot ajuta. 1. Descarca: ComboFix si salveaza-l pe Desktop. Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. 2. Scaneaza cu TDSSKiller. http://support.kaspe...ion/5350#block1 |
#9
Posted 30 April 2015 - 13:49
Team Viewer-ul cum este considerat? Trebuie si acesta inchis?
Ca observatie, scanarea de ieri cu OTL (si impliciti si log-ul), a fost facuta tot remote (prin Team Viewer). Tata nu este asa priceput si cand este vorba de butonat, tot pe mine la pune si ma lasa. Si, de cele mai multe ori, asta se face remote, dat fiind ca nu suntem in aceeasi locatie (oras). PS. Inchiderea programelor nu se refera si la cele din tray (ex: Avira). |
#10
Posted 30 April 2015 - 15:18
N-am oprit si Avira si am primit acest mesaj, in urma caruia am fost fortat sa-l opresc:
" ComboFix has detected the following real time scanner(S) to be active: antivirus: Avira Antivirus antispyware: Avira Antivirus Antivirus and intrusion prevention programs are known to interfere with the ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking 'OK' " Atasat, logul ComobFix. Urmeaza scanarea cu TDSSK. PS. Reamintesc ca operatiunea s-a facut remote (via Team Viewer). Attached Files |
|
#11
Posted 04 May 2015 - 13:11
TDSSKiller:
- a terminat suspect de repede scanarea (aproape instant; adica in cateva minute, fata de alte scanari care au durat poate chiar si o ora!). - zice ca a scanat doar 400 si ceva de obiecte!!! (de ce doar atat?) - nu a gasit nimic! scanat in mod normal (nu Safe Mode) si rulat ca admin. |
#13
Posted 10 May 2015 - 12:48
Scuze, n-am avut timp sa raspund.
Cu TDSSKiller, e bine. Dezactiveaza de tot Windows Defender. http://www.sevenforu...tml#post1097935 http://www.howtogeek...ow-turn-it-off/ N-ai proble cauzate de ¨virusi¨. Probleme cu sistemul. Quote Name: Mass Storage Controller Description: Mass Storage Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users