Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
Virusi?
Last Updated: Jul 24 2014 20:36, Started by
marilenad
, Jul 23 2014 20:40
·
0
#1
Posted 23 July 2014 - 20:40
Salut. Va rog mult sa ma ajutati si pe mine sa imi rezolv o problema. Daca nu am postat unde trebuie, scuzati-ma.
Recunosc ca nu ma pricep foarte bine in ale calculatorului. De cateva zile, cand vreau sa inchid unele reclame, foarte enervante dealtfel si care, pana nu demult nu imi apareau, mi se tot deschid niste pagini (sau nu stiu cum sa le numesc) numite gogorithm.com, clkmon.com, inclkmon.com si inca cateva care imi si blocheaza calculatorul. Pana acum cateva zile de cand a inceput sa imi tot apara chestiile astea, mergea foarte bine calculatorul. Nu am avut probleme cu el deloc. Am gasit pe net Yac si am descarcat . Am crezut ca rezolv cu el dar degeaba. Mi-a dezinstalat si toolbarul de la Avira. Sa fie virusi sau ce? Va rog mult de tot daca puteti sa ma ajutati cu un sfat cum pot scapa de problema asta. Va multumesc. |
#2
Posted 23 July 2014 - 20:41
Buna.
1. Descarca AdwCleaner by Xplode pe Desktop. Dublu click pe AdwCleaner.exe pentru al rula. Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Scan. Asteapta sa termine de cautat, click pe Clean. Dupa ce termina de curatat, apasa pe Report. Posteaza continutul fisierului aici. Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar). [ http://s3.postimg.org/tfjxm09qr/Adw_C.png - Pentru incarcare in pagina (embed) Click aici ] 2. Descarca si salveaza pe Desktop Junkware Removal Tool. Inchide toate programele care ruleaza. Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Scaneaza cu el. Ai rabdare cu el, dureaza putin mai mult. Posteaza logul aici. [ http://s7.postimage.org/z2rwy800r/JRT.jpg - Pentru incarcare in pagina (embed) Click aici ] |
#3
Posted 23 July 2014 - 21:59
# Adwcleaner v3.216 - Report created 23/07/2014 at 22:50:40
# Updated 17/07/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : a - MA-4637E5C89EBF # Running from : C:\Documents and Settings\a\My Documents\Descarcari\adwcleaner_3.216.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : globalUpdatem [#] Service Deleted : iSafeNetFilter ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\iSafe Folder Deleted : C:\Program Files\MediaBuzzV1 Folder Deleted : C:\Program Files\VNT Folder Deleted : C:\Documents and Settings\a\Local Settings\application Data\VNT Folder Deleted : C:\Documents and Settings\a\application Data\eCyber Folder Deleted : C:\Documents and Settings\a\application Data\iSafe Folder Deleted : C:\Documents and Settings\a\application Data\Mozilla\Firefox\Profiles\1kuo3iek.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File Deleted : C:\Documents and Settings\a\application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk File Deleted : C:\Documents and Settings\a\application Data\Mozilla\Firefox\Profiles\1kuo3iek.default\invalidprefs.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup Key Deleted : HKCU\Software\96dc8be668b849 Key Deleted : HKLM\SOFTWARE\96dc8be668b849 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902240} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132290} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522332260} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135590} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555335560} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136690} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566336660} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134490} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544334460} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}] Key Deleted : HKCU\Software\BABSOLUTION Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\GlobalUpdate Key Deleted : HKLM\Software\installedbrowserextensions Key Deleted : HKLM\Software\iSafe Key Deleted : HKLM\Software\Vittalia Key Deleted : HKLM\Software\Wpm Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileParade bundle uninstaller Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SupTab\SEARCH~1.DLL ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v31.0 (x86 ro) [ File : C:\Documents and Settings\a\application Data\Mozilla\Firefox\Profiles\1kuo3iek.default\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ File : C:\Documents and Settings\a\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=MA1A49A64-5F93-4812-86C0-BE246AA85A17&SearchSource=58&CUI=&UM=6&UP=SPCD3929C1-568C-4AA2-A23F-31C29E455D2A&q={searchTerms}&SSPV= ************************* AdwCleaner[R0].txt - [4973 octets] - [23/07/2014 22:49:21] AdwCleaner[S0].txt - [5004 octets] - [23/07/2014 22:50:40] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5064 octets] ########## |
#4
Posted 23 July 2014 - 22:04
Dupa ce rulezi si JRT(Junkware Removal Tool), te rog sa spui si cum se comporta "pacientul".
|
#5
Posted 23 July 2014 - 22:19
La fel se comporta. Nu s-a schimbat nimic. Mi se deschid in continuare "chestiile" alea.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Microsoft Windows XP x86 Ran by a on Wed 07/23/2014 at 23:10:00.82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-746137067-2025429265-1606980848-1003\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311531182} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531182} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022} ~~~ Files Successfully deleted: [File] C:\WINDOWS\Tasks\rmschedule.job ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/23/2014 at 23:16:29.56 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Edited by marilenad, 23 July 2014 - 22:25. |
#6
Posted 24 July 2014 - 00:56
Descarca si salveaza pe Desktop, RogueKiller sau de aici.
Inchide toate programele care ruleaza. Scoate tot din porturile USB(Memory Stick, Hard Extern). Dublu click pe RogueKiller.exe, pentru a rula. Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Asteapta pana Prescan-ul a terminat. Click pe "Scan". Asteapta pana ce in Status box apare "Scan Finished". Click pe "Report" si copy/paste aici. Pe imaginea de mai jos ignora pasul 3! [ http://s9.postimage.org/q04cnvji7/image.jpg - Pentru incarcare in pagina (embed) Click aici ] |
#7
Posted 24 July 2014 - 19:23
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : a [Admin rights] Mode : Scan -- Date : 07/24/2014 20:20:50 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][SUSP PATH] HKCU\[...]\Run : BitTorrent ("C:\Documents and Settings\a\Application Data\BitTorrent\BitTorrent.exe" /MINIMIZED) [-] -> FOUND [RUN][SUSP PATH] HKUS\S-1-5-21-746137067-2025429265-1606980848-1003[...]\Run : BitTorrent ("C:\Documents and Settings\a\Application Data\BitTorrent\BitTorrent.exe" /MINIMIZED) [-] -> FOUND [TASK][SUSP PATH] At1.job : C:\DOCUME~1\a\APPLIC~1\DealPly\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{5F7318A8-5D93-44A5-A3D8-C491120E838A} : NameServer (89.39.72.23 89.39.72.10) -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[25] : NtClose @ 0x805BC55C -> HOOKED (Unknown @ 0xF7C7917C) SSDT[41] : NtCreateKey @ 0x80624120 -> HOOKED (Unknown @ 0xF7C79136) SSDT[50] : NtCreateSection @ 0x805AB3F4 -> HOOKED (Unknown @ 0xF7C79186) SSDT[53] : NtCreateThread @ 0x805D1048 -> HOOKED (Unknown @ 0xF7C7912C) SSDT[63] : NtDeleteKey @ 0x806245BC -> HOOKED (Unknown @ 0xF7C7913B) SSDT[65] : NtDeleteValueKey @ 0x8062478C -> HOOKED (Unknown @ 0xF7C79145) SSDT[68] : NtDuplicateObject @ 0x805BE034 -> HOOKED (Unknown @ 0xF7C79177) SSDT[98] : NtLoadKey @ 0x80626344 -> HOOKED (Unknown @ 0xF7C7914A) SSDT[128] : NtOpenThread @ 0x805CB6FC -> HOOKED (Unknown @ 0xF7C7911D) SSDT[177] : NtQueryValueKey @ 0x80622344 -> HOOKED (Unknown @ 0xF7C7919F) SSDT[193] : NtReplaceKey @ 0x806261F4 -> HOOKED (Unknown @ 0xF7C79154) SSDT[200] : NtRequestWaitReplyPort @ 0x805A2DA2 -> HOOKED (Unknown @ 0xF7C79190) SSDT[204] : NtRestoreKey @ 0x80625B00 -> HOOKED (Unknown @ 0xF7C7914F) SSDT[213] : NtSetContextThread @ 0x805D176A -> HOOKED (Unknown @ 0xF7C7918B) SSDT[237] : NtSetSecurityObject @ 0x805C065A -> HOOKED (Unknown @ 0xF7C79195) SSDT[247] : NtSetValueKey @ 0x80622692 -> HOOKED (Unknown @ 0xF7C79140) SSDT[255] : NtSystemDebugControl @ 0x806180EA -> HOOKED (Unknown @ 0xF7C7919A) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7C791AE) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7C791B3) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160815A +++++ --- User --- [MBR] c94297699e226e7d10db56cfa7712c7a [BSP] 23a8c30b2f7f77c89faeacfdb1e9a3aa : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 20041 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 41046075 | Size: 132583 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_07242014_02d2020.txt >> Edited by MhG_40, 24 July 2014 - 19:26. |
#8
Posted 24 July 2014 - 19:29
Vad ca l-ai rulat, de l-ai omorat.
In fine. Descarca: ComboFix si salveaza-l pe Desktop. Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. |
#9
Posted 24 July 2014 - 20:36
ComboFix 14-07-24.01 - a 07/24/2014 21:24:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.620 [GMT 3:00] Running from: c:\documents and settings\a\Desktop\ComboFix.exe AV: AVG AntiVirus 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2014-06-24 to 2014-07-24 ))))))))))))))))))))))))))))))) . . 2014-07-24 18:30 . 2014-07-24 18:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2014-07-23 20:31 . 2014-07-23 20:31 -------- d-----w- c:\program files\Opera 2014-07-23 20:09 . 2014-07-23 20:09 -------- d-----w- c:\windows\ERUNT 2014-07-23 19:50 . 2010-08-30 05:34 536576 ----a-w- c:\windows\system32\sqlite3.dll 2014-07-23 19:49 . 2014-07-23 19:51 -------- d-----w- C:\AdwCleaner 2014-07-21 17:36 . 2014-07-21 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Riot Games 2014-07-21 09:51 . 2014-07-21 09:51 -------- d-----w- c:\program files\Enigma Software Group 2014-07-21 09:51 . 2014-07-21 10:45 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP 2014-07-20 19:03 . 2014-07-20 19:03 -------- d-----w- c:\documents and settings\a\Application Data\computer software market 2014-07-20 18:54 . 2014-07-20 18:54 -------- d-----w- c:\windows\iskVolumeMinidump 2014-07-14 20:56 . 2014-07-14 20:56 -------- d-----w- c:\documents and settings\a\Application Data\PowerISO 2014-07-14 20:54 . 2014-07-14 20:54 -------- d-----w- c:\program files\PowerISO 2014-07-14 20:29 . 2014-07-14 20:36 -------- d-----w- c:\program files\Common Files\EasyInfo 2014-07-08 22:08 . 2014-07-08 22:08 -------- d-----w- c:\program files\Common Files\Skype 2014-07-08 20:25 . 2014-07-24 17:05 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-07-08 20:24 . 2014-07-08 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2014-07-08 20:24 . 2014-05-12 04:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-07-08 20:24 . 2014-05-12 04:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-07-08 10:10 . 2014-07-08 10:10 -------- d-----w- c:\documents and settings\a\Application Data\java 2014-06-27 06:59 . 2014-06-27 06:59 116320 ----a-w- c:\windows\system32\drivers\scdemu.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-07-08 21:42 . 2013-02-14 09:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-07-08 21:42 . 2008-04-14 11:00 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-07-03 14:33 . 2013-02-14 09:16 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-06-04 05:00 . 2013-02-14 09:16 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-05-08 11:34 . 2013-02-23 07:23 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-05-08 11:34 . 2013-02-23 07:23 145408 ----a-w- c:\windows\system32\javacpl.cpl . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-11-09 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928] "BitTorrent"="c:\documents and settings\a\Application Data\BitTorrent\BitTorrent.exe" [2013-05-19 882520] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696] "MKLOL"="c:\program files\MKJogo\MKLOL\MK.exe" [2014-06-19 1227976] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632] "SkyTel"="SkyTel.EXE" [2006-05-16 2879488] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888] "LogMeIn Hamachi Ui"="c:\program files\Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "PWRISOVM.EXE"="d:\poweriso\PWRISOVM.EXE" [2014-06-27 366904] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders schannel.dll, credssp.dll, digest.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Documents and Settings\\a\\Application Data\\BitTorrent\\BitTorrent.exe"= "d:\\FIFA 2007\\Fifa 2007 + Crack\\fifa07.exe"= "d:\\Deathrun GraficZone\\hlds.exe"= "d:\\Counter Strike\\Counter Strike Lant\\cstrike.exe"= "d:\\Counter Strike\\Counter Strike Lant\\hl.exe"= "d:\\Download\\VamosMT2 Client officiel 2014\\zvamos.exe"= "d:\\Counter Strike\\Counter Strike Lant\\hltv.exe"= "d:\\Counter Strike\\Counter Strike Lant\\hlds.exe"= "d:\\New Folder (12)\\[NEW]TDLClient[Martie-2013]\\[NEW]TDLClient[Martie-2013]\\metin2client.exe"= "d:\\Steam2014\\Steam\\Steam.exe"= "d:\\Counter Strike\\WarZone\\hl.exe"= "c:\\Program Files\\Java\\jre1.8.0_20\\bin\\javaw.exe"= "d:\\Program Files\\Origin Games\\Plants vs. Zombies\\PlantsVsZombies.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.2880\\Agent.exe"= "d:\\Metin2Tenerife\\Metin2 Tenerife V1.4\\Start Tenerife1.exe"= "d:\\Metin2Global\\Metin2GlobalV1.0.7\\Metin2Globalx32bit.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\GameForge\\GameforgeLive\\gfl_client.exe"= "d:\\Metin2Nou\\Metin2Virtual\\metin2client.exe"= "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [7/20/2013 2:50 AM 60216] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [7/20/2013 2:51 AM 246072] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/5/2013 2:43 AM 39224] R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [11/9/2011 4:22 PM 13616] R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [11/9/2011 4:22 PM 5632] R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [11/9/2011 4:22 PM 13616] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [7/20/2013 2:50 AM 208184] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 2:34 AM 22328] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/20/2013 2:50 AM 171320] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 4:08 AM 182072] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2/14/2013 12:16 PM 37352] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/31/2013 12:33 AM 243128] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/14/2013 12:16 PM 430160] R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2/14/2013 12:16 PM 1028688] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [12/10/2012 6:29 PM 1435568] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/6/2013 4:38 PM 794272] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 10:58 AM 3275136] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/8/2014 11:24 PM 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [7/8/2014 11:25 PM 110296] S2 appstoreService;appstoreService;c:\program files\iSafe\appstore\appstoreSvc.exe --> c:\program files\iSafe\appstore\appstoreSvc.exe [?] S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2013\avgidsagent.exe" --> c:\program files\AVG\AVG2013\avgidsagent.exe [?] S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG2013\avgwdsvc.exe" --> c:\program files\AVG\AVG2013\avgwdsvc.exe [?] S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes anti-malware\mbamscheduler.exe [7/8/2014 11:24 PM 1809720] S2 MBAMService;MBAMService;d:\malwarebytes anti-malware\mbamservice.exe [7/8/2014 11:24 PM 860472] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-07-20 09:10 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-14 21:42] . 2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-29 10:47] . 2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2014-04-29 10:47] . 2014-07-24 c:\windows\Tasks\Opera scheduled Autoupdate 1406147460.job - c:\program files\Opera\launcher.exe [2014-07-23 08:31] . 2014-07-24 c:\windows\Tasks\RMAutoUpdate.job - c:\program files\PC Tools Registry Mechanic\SULauncher.exe [2013-10-06 11:44] . 2014-07-24 c:\windows\Tasks\User_Feed_Synchronization-{2179E7DF-206F-4302-9E87-90EE639CC61C}.job - c:\windows\system32\msfeedssync.exe [2008-04-14 13:13] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\a\Application Data\Mozilla\Firefox\Profiles\1kuo3iek.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - Google.ro . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-07-24 21:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(912) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1440) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\RTHDCPL.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\ATKKBService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2014-07-24 21:35:53 - machine was rebooted ComboFix-quarantined-files.txt 2014-07-24 18:35 ComboFix2.txt 2014-07-24 18:00 . Pre-Run: 2,989,989,888 bytes free Post-Run: 2,986,655,744 bytes free . - - End Of File - - C647A1CC7E5845FAACD768374A2F66BF Edited by MhG_40, 24 July 2014 - 20:50. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users