Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
O smecherie pe care nu o inteleg

Balcon parter fara acte

unde gasesc un speed bag in bucur...

Programe TV cu altfel de sporturi
 Laptop "bun la toate" max...

navigatie noua vw tiguan

ctfmon.exe - System Error (in Saf...

Ați prins vremurile cand 120 Volț...
 Whatsapp nu afișeaza numele ...

Medii admitere Politehnica Bucure...

Se extinde Baza de la Kogalniceanu

Politist mutilat de caine in curt...
 Trotineta- cat rezista?

Windows 11 si inregistrare de pe ...

Cont Facebook spart

Accesare Plex prin webstation
 

HiJackThis si FarbarRecoverScanToolbar (colombo2003)

- - - - -
  • Please log in to reply
12 replies to this topic

#1
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
Laptopul tatalui meu (ceva mai vechi, adica processor AMD Sempron 3500+ 1.8 Ghz, 1 GB RAM, cu Win7 SP1) care chiar ca nu are nimic deosebit instalat pe el (ca programe, si nici jocuri), sa zici ca macar e incarcat sau forjat...
Se deschide greu, si merge greu. Asa incat, am zis sa rulez niste "chestii"... ADW Cleaner si Junkware Removal Tool si CCleaner au gasit cate ceva si le-au sters.

Atasat, log FRST+Addition de la Farbar REcover Scan Toolbar, iar HiJackThis arata asa:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:56:14, on 24/04/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\vladi\Desktop\AV\7.HiJackThis2.0.4.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\vladi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-21-899879047-1647374893-48095013-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Google Update] "C:\Users\vladi\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-899879047-1647374893-48095013-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR (User '?')
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
--
End of file - 4697 bytes

Attached Files


Edited by colombo2003, 24 April 2015 - 23:45.


#2
MhG_51

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,319
  • Înscris: 04.05.2009
1. Descarca si salveaza fixlist.txt.   => Attached File  fixlist.txt   5.56K   2 downloads

Atentie,fixlist.txt, trebuie salvat in aceiasi locatie cu FRST.exe

2. Ruleaza din nou Farbar Recovery Scan Tool.

Dublu click pe FRST.exe pentru al rula.[ http://s4.postimg.org/b7b2g838p/Frst1.png - Pentru incarcare in pagina (embed) Click aici ]
Pentru Windows Vista sau Windows7,Windows8
click dreapta, selecteaza Run as administrator.

Click pe Yes.

[ http://s27.postimg.org/yzw6sw783/FRST2.png - Pentru incarcare in pagina (embed) Click aici ]

Click pe Fix.

[ http://s22.postimg.org/bzzjtg0ap/FRST4.jpg - Pentru incarcare in pagina (embed) Click aici ]

Ataseaza logul in urmatorul raspuns.


3. Ruleaza din nou HijackThis.
Daca mai sunt prezente, bifeaza si da fix la:

Quote

O4 - HKLM\..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime
O4 - HKCU\..\Run: [Google Update] C:\Users\vladi\AppData\Local\Google\Update\GoogleUpdate.exe /c
O4 - HKUS\S-1-5-21-899879047-1647374893-48095013-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Google Update] C:\Users\vladi\AppData\Local\Google\Update\GoogleUpdate.exe /c (User '?')
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe


[ http://s13.postimg.org/jxg8digqv/HJ1.jpg - Pentru incarcare in pagina (embed) Click aici ]

#3
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
Hmm, voi posta imediat si Fix-ul, insa, la HiJackThis, am fixat intrarea O4 (Google Update) si nu a mai reaparut, INSA, cele trei intrari O23 apar si dupa Fix!!! Si am facut operatia de fixare de doua ori. De ce? Cat sunt de periculoase?

Si inca ceva: apare acest mesaj: HijackThis (ca titlu) si semn de exclamare in triunghi galben:
"For some reason your system denied write access to the Host file. If any hijacked domaine are in this file, HiJackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type: Notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) Hijack This reports abd delete them. Save the file as 'hosts.' (with quotes), and reboot.

For Vista: simply, exit HiJackThis, right click on the HiJackThis icon, choose 'Run as administrator'. " si buton de OK

Attached Files


Edited by colombo2003, 25 April 2015 - 15:53.


#4
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
Ca alte simptome:
1) Imi mai apare o fereastra de Network Error (care pana acum nu aparea): Windows has detected an IP address  conflict
"Another computer on this network has same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log."

2) imi dispare din tray, iconita de Avira


Postez si un log de herdProtect (imi zice ca inconclusive detection pe junkwareremovaltool.exe, ca fiind not signed).

Si, mai postez si logul RogueKiller (ca observatie, versiunea pe care o aveam, din topicul precedent, 10.5.9, e deja invechita; si m-a pus sa fac update (de pe adlice), la versiunea 10.6, INSA, si-a facut shortcut pe ecran si l-am lansat ca atare, FARA sa ii mai dau click dreapta si Run as administrator; oricum tata are cont cu drept de admin)).

Attached Files



#5
MhG_51

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,319
  • Înscris: 04.05.2009

Quote

Another computer on this network has same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log.
In retea sunt doua ¨calculatoare¨ cu acelasi IP.

Quote

...iconita de Avira
In Farbar Recovery Scan Tool(fixlist), n-am pus nimic legat de Avira.
HerdProtect, e bine, sunt(false positive).
In RogueKiller:
Verifica sa fie bifat  ce e citat mai jos:

Quote

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
Click pe "Delete".

Descarca si ruleaza OTL.
Pentru Windows Vista sau Windows 7,Windows 8,
click dreapta, selecteaza Run as administrator.

Bifezi ca in imagine.
[ http://s11.postimg.org/jaand9soj/otl1.jpg - Pentru incarcare in pagina (embed) Click aici ]

La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt.
Ataseaza OTL.txt si Extras.txt in urmatorul raspuns.

#6
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
1) Ce vrea acel mesaj (cu IP-ul), inteleg; ce nu inteleg insa este de ce?
Pentru ca in retea nu erau decat 2 laptopuri: cel al tatalui meu si al meu. Si mergeau ce mergeau, apoi, pe cel al tatalui meu, aparea acel mesaj (fara sa faca nimeni nimic, fara conectari sau deconectari ale altor echipamente). Ambele laptopuri erau conectate wireless la router (pe Orange). Asta mi se pare curios.

2) Si totusi, in continuare, desi setat este pe show icon and notification, iconita de la Avira nu apare (mereu) langa ceas... Si asta mi se pare curios...
(cu toate ca Avira functioneaza)

3) Atunci cand incerc sa salvez OTL.exe, Avira "tipa" cum ca "... containing the virus or unwanted program 'HIDDENEXT/Crypted' was blocked..."

#7
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
Reatasez inca un log de RogueKiller, pentru ca, atunci cand am incercar sa fixez acea intrare, am zis sa dau inca un Scan. Si-mi zicea ca deja a aparut o noua versiune (10.6.0 -> 10.6.1); asa incat am instalat-o, scanat din nou si pus log.
Referitor la acea intrare, vad ca acum apar doua. Si le-am sters pe ambele!!!

Apoi, am reusit sa-l "pacalesc", prin Team Viewer (AV de la birou nu-mi da alerta de virus).
Atasesez cele doua loguri de OTL (ver 3.2.69.0).

Attached Files



#8
MhG_51

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,319
  • Înscris: 04.05.2009

Quote

1) Ce vrea acel mesaj (cu IP-ul), inteleg; ce nu inteleg insa este de ce?

Apare si in OTL:

Quote

Error - 25/04/2015 13:56:28 | Computer Name = vladi-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address :: with the
system having network hardware address 00-00-00-00-00-00. Network operations on
this system may be disrupted as a result.

Si Avira are probleme:

Quote

Error - 29/04/2015 05:29:30 | Computer Name = vladi-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Avira

Sa vedem, daca si cum, te pot ajuta.

1. Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix.
Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data.
Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii.
Salveaza acel fisier si posteaza continutul AICI.


2. Scaneaza cu TDSSKiller.
http://support.kaspe...ion/5350#block1

#9
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
Team Viewer-ul cum este considerat? Trebuie si acesta inchis?

Ca observatie, scanarea de ieri cu OTL (si impliciti si log-ul), a fost facuta tot remote (prin Team Viewer). Tata nu este asa priceput si cand este vorba de butonat, tot pe mine la pune si ma lasa. Si, de cele mai multe ori, asta se face remote, dat fiind ca nu suntem in aceeasi locatie (oras).


PS. Inchiderea programelor nu se refera si la cele din tray (ex: Avira).

#10
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
N-am oprit si Avira si am primit acest mesaj, in urma caruia am fost fortat sa-l opresc:

" ComboFix has detected the following real time scanner(S) to be active:
   antivirus: Avira Antivirus
   antispyware: Avira Antivirus

Antivirus and intrusion prevention programs are known to interfere with the ComboFix's running. This may lead to unpredictable results or possible machine damage. Please disable these scanners before clicking 'OK' "

Atasat, logul ComobFix. Urmeaza scanarea cu TDSSK.


PS. Reamintesc ca operatiunea s-a facut remote (via Team Viewer).

Attached Files



#11
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
TDSSKiller:
-  a terminat suspect de repede scanarea (aproape instant; adica in cateva minute, fata de alte scanari care au durat poate chiar si o ora!).
- zice ca a scanat doar 400 si ceva de obiecte!!! (de ce doar atat?)
- nu a gasit nimic! scanat in mod normal (nu Safe Mode) si rulat ca admin.

#12
colombo2003

colombo2003

    Senior Member

  • Grup: Senior Members
  • Posts: 6,312
  • Înscris: 16.07.2008
Deci, cum e? De bine? Mai trebuie facut ceva?

#13
MhG_51

MhG_51

    :)

  • Grup: Moderators
  • Posts: 3,319
  • Înscris: 04.05.2009
Scuze, n-am avut timp sa raspund.

Cu TDSSKiller, e bine.
Dezactiveaza de tot Windows Defender.
http://www.sevenforu...tml#post1097935
http://www.howtogeek...ow-turn-it-off/

N-ai proble cauzate de ¨virusi¨.
Probleme cu sistemul.

Quote

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


Anunturi

Second Opinion Second Opinion

Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale.

Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate