Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
That feeling cand deschizi forum-...

Fir neon el wire

Parola schimbata router

BRICHETA anti-vant
 Primul SSD

Microsoft excel?

Android device

Nokia Lumia 925 vs 930
 Sistem Genius 5.1 (muzica nu se a...

Problema Euro Truck Simulator

Toshiba L755-128 Încarcare ș...

Mi-a murit sufletul!
 gasesc suport pt bidonas apa in ...

Jocuri PS4 second hand

Cum calculez consumul de curent l...

LG G2 vs LENOVO s860
 

Forumul Softpedia folosește "cookies" pentru a oferi utilizatorilor o experiență completă. Vezi detalii sau închide mesaj (x)

Documents and settings disparut!

  • Please log in to reply
12 replies to this topic

#1
Paullik

Paullik

    Active Member

  • Grup: Members
  • Posts: 1,694
  • Înscris: 05.07.2008
  • ID membru: 344,754

Salut, stiu ca va pricepeti la devirusat deci va rog sa ma ajutati!
De 5 minute tot caut folderul Documents and settings si nu-l gasesc(vroiam sa pun un plugin pt XChat), am incercat din bara de adresa, din run, din cmd, NIMIC!
Folosesc Win XP Sp2, Avira Personal ed., Comodo Fwall!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:35 PM, on 21/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WLAN\ACU.exe
C:\WINDOWS\Domino.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Steam\Steam.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\xchat\xchat.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA4CBF42-FB46-4680-9300-5A5EE1856E90}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6E0FAEE-7393-4D99-BB1A-83738A0281F3}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{F89431E4-BDA9-41B9-9EA2-AE047ACE71AE}: NameServer = 156.154.70.22 156.154.71.22
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7491 bytes
daca aveti nevoie de informatii suplimentare sunt in preajma!

Edited by Paullik, 21 November 2009 - 22:40.


#2
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
  • ID membru: 139,332
  • Locație: AntiMalware HQ
Se vad niste urme de adware doar...dar sa vedem.

Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop.
Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.
Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan.
La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected.
La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

#3
Paullik

Paullik

    Active Member

  • Grup: Members
  • Posts: 1,694
  • Înscris: 05.07.2008
  • ID membru: 344,754
Malwarebytes' Anti-Malware 1.41
Database version: 3210
Windows 5.1.2600 Service Pack 3

24/11/2009 6:29:53 PM
mbam-log-2009-11-24 (18-29-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 200447
Time elapsed: 40 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{CBBB1081-6DF2-4A8C-8D06-43D0CE0FEE9D}\RP78\A0064928.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{CBBB1081-6DF2-4A8C-8D06-43D0CE0FEE9D}\RP78\A0064931.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{CBBB1081-6DF2-4A8C-8D06-43D0CE0FEE9D}\RP78\A0064934.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
D:\Programe\YM detector\ym_detector\ymdetector.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Administrator\Local Settings\Temporary Internet Files\udRemove.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Scuzati intarzaierea, asta e logul!
Altceva?

PS:
Acum scanez cu Super antispyware, mai tarziu cu avira!

Deocamdata am asa:
Super antispyware, Avira, Comodo Fwall, ATFCleaner, CCleaner, Malwarebytes antimalware!
Ce-mi mai recomandati pt. mentinere sistem/curatare/etc.???

PPS:
Docs & Settings tot nu a aparut!

Edited by Paullik, 24 November 2009 - 18:44.


#4
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
  • ID membru: 139,332
  • Locație: AntiMalware HQ
Introdu cd-ul de Windows in unitatea cd-rom, apoi du-te la Start-> Run si scrie: sfc /scannow si apasa Enter. Asteapta sa termine acel proces.

#5
Paullik

Paullik

    Active Member

  • Grup: Members
  • Posts: 1,694
  • Înscris: 05.07.2008
  • ID membru: 344,754
Bag cd-ul dau comanda in run, imi apare o fereastra de cmd, pt. mai putin de o secunda, indeajuns cat sa vad ca e cmd si indeajuns de repede dispare cat sa nu vad ce scrie sau daca scrie ceva!
Tot nu a aparut Docs & Settings!

Edited by Paullik, 25 November 2009 - 17:56.




#6
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
  • ID membru: 139,332
  • Locație: AntiMalware HQ
Ai incercat sa creezi folderul manual ?

#7
Paullik

Paullik

    Active Member

  • Grup: Members
  • Posts: 1,694
  • Înscris: 05.07.2008
  • ID membru: 344,754

View Postcrysty2k5, on 25th November 2009, 19:00, said:

Ai incercat sa creezi folderul manual ?
Mda, merge creat manual...

Multumesc, totusi care era problema, ca de scanat am scanat si am sters tot, cu toate aplicatiile alea pt. securitate, ma-ndoiesc sa mai fie ceva...

#8
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
  • ID membru: 139,332
  • Locație: AntiMalware HQ
Cred ca a fost sters din greseala :)

#9
654321

654321

    Active Member

  • Grup: Senior Members
  • Posts: 3,312
  • Înscris: 12.03.2007
  • ID membru: 153,644
  • Locație: inside the mind of a machine

View PostPaullik, on 25th November 2009, 22:20, said:

Multumesc, totusi care era problema...
Du-te in Start>Run, tasteaza acolo %userprofile% apasa Enter si in fereastra care care apare la adresa o sa vezi calea catre profilul curent care probabil este C:\Users...

View Postcrysty2k5, on 25th November 2009, 22:34, said:

Cred ca a fost sters din greseala :)
Io cred ca  a fost redenumit :)

#10
Paullik

Paullik

    Active Member

  • Grup: Members
  • Posts: 1,694
  • Înscris: 05.07.2008
  • ID membru: 344,754

C:\Users\Administrator
654321 a avut dreptate!
Dar eu n-am redenumit nimic, cum e posibil?

#11
654321

654321

    Active Member

  • Grup: Senior Members
  • Posts: 3,312
  • Înscris: 12.03.2007
  • ID membru: 153,644
  • Locație: inside the mind of a machine

View PostPaullik, on 26th November 2009, 21:03, said:

Dar eu n-am redenumit nimic, cum e posibil?
...poate ai instalat vreun pack de transformare din XP in Vista sau W7 care a facut schimbarea, poate vreo aplicatie sau vreun virus a facut asta...

#12
Paullik

Paullik

    Active Member

  • Grup: Members
  • Posts: 1,694
  • Înscris: 05.07.2008
  • ID membru: 344,754

View Post654321, on 26th November 2009, 22:33, said:

...poate ai instalat vreun pack de transformare din XP in Vista sau W7 care a facut schimbarea, poate vreo aplicatie sau vreun virus a facut asta...
Nu instalez asemenea porcarii(pack-uri de transformare)!
In fine, va multumesc amandurora!

#13
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
  • ID membru: 139,332
  • Locație: AntiMalware HQ
Cu placere. Daca mai e ceva, revino :)

Reclamă

Bun venit pe Forumul Softpedia!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users