Salt la conținut

SUBIECTE NOI
« 1 / 5 »
RSS
Placa video compatibila?

Șeful Pro TV., Alexandras Ce...

Overclock Intel Core 2 Quad q8200

Achizitie laptop 2700 ron max
 Ouale vopsite

terapie bawtech

Drivere Abit AA8XE pt Xp ?

PROBLEMA INTERNET
 Înlocuire telefon -orange

Lene & Valoare Cafe :3

Top filme horror/thriller

Cine a facut un curs de la eurocor?
 Teava scurgere infundata serios

Raid spiritual

De ce securistilor li se spune &#...

Ansamblul Rezidential Apartamente...
 
 
 

Forumul Softpedia folosește "cookies" pentru a oferi utilizatorilor o experiență completă. Vezi detalii sau închide mesaj (x)

Documents and settings disparut!

  • Vă rugăm să vă autentificați pentru a răspunde
12 răspunsuri în acest subiect

#1
Paullik

Paullik

    Active Member

  • Grup: Members
  • Mesaje: 1.693
  • Înscris: 05.07.2008
  • ID membru: 344.754

Salut, stiu ca va pricepeti la devirusat deci va rog sa ma ajutati!
De 5 minute tot caut folderul Documents and settings si nu-l gasesc(vroiam sa pun un plugin pt XChat), am incercat din bara de adresa, din run, din cmd, NIMIC!
Folosesc Win XP Sp2, Avira Personal ed., Comodo Fwall!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:35 PM, on 21/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WLAN\ACU.exe
C:\WINDOWS\Domino.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Steam\Steam.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\xchat\xchat.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\WINDOWS\VMSnap23.exe
O4 - HKLM\..\Run: [BigDogPath323Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA4CBF42-FB46-4680-9300-5A5EE1856E90}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6E0FAEE-7393-4D99-BB1A-83738A0281F3}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{F89431E4-BDA9-41B9-9EA2-AE047ACE71AE}: NameServer = 156.154.70.22 156.154.71.22
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7491 bytes
daca aveti nevoie de informatii suplimentare sunt in preajma!

Editat de Paullik, 21 noiembrie 2009 - 22:40.


#2
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Mesaje: 34.883
  • Înscris: 07.02.2007
  • ID membru: 139.332
  • Locație: AntiMalware HQ
Se vad niste urme de adware doar...dar sa vedem.

Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop.
Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.
Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan.
La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected.
La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

#3
Paullik

Paullik

    Active Member

  • Grup: Members
  • Mesaje: 1.693
  • Înscris: 05.07.2008
  • ID membru: 344.754
Malwarebytes' Anti-Malware 1.41
Database version: 3210
Windows 5.1.2600 Service Pack 3

24/11/2009 6:29:53 PM
mbam-log-2009-11-24 (18-29-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 200447
Time elapsed: 40 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\System Volume Information\_restore{CBBB1081-6DF2-4A8C-8D06-43D0CE0FEE9D}\RP78\A0064928.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{CBBB1081-6DF2-4A8C-8D06-43D0CE0FEE9D}\RP78\A0064931.exe (Malware.Packer.T) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{CBBB1081-6DF2-4A8C-8D06-43D0CE0FEE9D}\RP78\A0064934.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
D:\Programe\YM detector\ym_detector\ymdetector.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Administrator\Local Settings\Temporary Internet Files\udRemove.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Scuzati intarzaierea, asta e logul!
Altceva?

PS:
Acum scanez cu Super antispyware, mai tarziu cu avira!

Deocamdata am asa:
Super antispyware, Avira, Comodo Fwall, ATFCleaner, CCleaner, Malwarebytes antimalware!
Ce-mi mai recomandati pt. mentinere sistem/curatare/etc.???

PPS:
Docs & Settings tot nu a aparut!

Editat de Paullik, 24 noiembrie 2009 - 18:44.


#4
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Mesaje: 34.883
  • Înscris: 07.02.2007
  • ID membru: 139.332
  • Locație: AntiMalware HQ
Introdu cd-ul de Windows in unitatea cd-rom, apoi du-te la Start-> Run si scrie: sfc /scannow si apasa Enter. Asteapta sa termine acel proces.

#5
Paullik

Paullik

    Active Member

  • Grup: Members
  • Mesaje: 1.693
  • Înscris: 05.07.2008
  • ID membru: 344.754
Bag cd-ul dau comanda in run, imi apare o fereastra de cmd, pt. mai putin de o secunda, indeajuns cat sa vad ca e cmd si indeajuns de repede dispare cat sa nu vad ce scrie sau daca scrie ceva!
Tot nu a aparut Docs & Settings!

Editat de Paullik, 25 noiembrie 2009 - 17:56.




#6
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Mesaje: 34.883
  • Înscris: 07.02.2007
  • ID membru: 139.332
  • Locație: AntiMalware HQ
Ai incercat sa creezi folderul manual ?

#7
Paullik

Paullik

    Active Member

  • Grup: Members
  • Mesaje: 1.693
  • Înscris: 05.07.2008
  • ID membru: 344.754

Vizualizare mesajcrysty2k5, pe 25th November 2009, 19:00, a scris:

Ai incercat sa creezi folderul manual ?
Mda, merge creat manual...

Multumesc, totusi care era problema, ca de scanat am scanat si am sters tot, cu toate aplicatiile alea pt. securitate, ma-ndoiesc sa mai fie ceva...

#8
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Mesaje: 34.883
  • Înscris: 07.02.2007
  • ID membru: 139.332
  • Locație: AntiMalware HQ
Cred ca a fost sters din greseala :)

#9
654321

654321

    Active Member

  • Grup: Senior Members
  • Mesaje: 3.116
  • Înscris: 12.03.2007
  • ID membru: 153.644
  • Locație: inside the mind of a machine

Vizualizare mesajPaullik, pe 25th November 2009, 22:20, a scris:

Multumesc, totusi care era problema...
Du-te in Start>Run, tasteaza acolo %userprofile% apasa Enter si in fereastra care care apare la adresa o sa vezi calea catre profilul curent care probabil este C:\Users...

Vizualizare mesajcrysty2k5, pe 25th November 2009, 22:34, a scris:

Cred ca a fost sters din greseala :)
Io cred ca  a fost redenumit :)

#10
Paullik

Paullik

    Active Member

  • Grup: Members
  • Mesaje: 1.693
  • Înscris: 05.07.2008
  • ID membru: 344.754

C:\Users\Administrator
654321 a avut dreptate!
Dar eu n-am redenumit nimic, cum e posibil?

#11
654321

654321

    Active Member

  • Grup: Senior Members
  • Mesaje: 3.116
  • Înscris: 12.03.2007
  • ID membru: 153.644
  • Locație: inside the mind of a machine

Vizualizare mesajPaullik, pe 26th November 2009, 21:03, a scris:

Dar eu n-am redenumit nimic, cum e posibil?
...poate ai instalat vreun pack de transformare din XP in Vista sau W7 care a facut schimbarea, poate vreo aplicatie sau vreun virus a facut asta...

#12
Paullik

Paullik

    Active Member

  • Grup: Members
  • Mesaje: 1.693
  • Înscris: 05.07.2008
  • ID membru: 344.754

Vizualizare mesaj654321, pe 26th November 2009, 22:33, a scris:

...poate ai instalat vreun pack de transformare din XP in Vista sau W7 care a facut schimbarea, poate vreo aplicatie sau vreun virus a facut asta...
Nu instalez asemenea porcarii(pack-uri de transformare)!
In fine, va multumesc amandurora!

#13
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Mesaje: 34.883
  • Înscris: 07.02.2007
  • ID membru: 139.332
  • Locație: AntiMalware HQ
Cu placere. Daca mai e ceva, revino :)

Reclamă

Bun venit pe Forumul Softpedia!





Utilizatori activi: 0

0 membri, 0 vizitatori, 0 utilizatori anonimi