vladpuscasu[split]

Pentru Radu .....  log-ul Hijak This de la Xtreme


Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 5:55:47 PM, on 2/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\DOCUME~1\Xtreme\LOCALS~1\Temp\220.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Windows Service help] C:\RECYCLER\S-1-5-21-0082153780-7045979475-294765309-8093\winservices.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{08BC8D34-320D-4643-9F3A-DCEF389FAF6C}: NameServer = 172.22.25.25,172.22.160.160
O17 - HKLM\System\CS1\Services\Tcpip\..\{08BC8D34-320D-4643-9F3A-DCEF389FAF6C}: NameServer = 172.22.25.25,172.22.160.160
O17 - HKLM\System\CS2\Services\Tcpip\..\{08BC8D34-320D-4643-9F3A-DCEF389FAF6C}: NameServer = 172.22.25.25,172.22.160.160
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3874 bytes

Descarca: ComboFix si salveaza-l pe Desktop.

Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat:

Quote

Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos.

[ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ]
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI impreuna cu un nou log HiJackThis.

inainte de a posta logurile vreau sa specific: am Avira antivir instalat si in timp ce rula ComboFix avira mi-a detectat virusi la care le-am dat delete... pe urma combi fix m-a atentionat ca el este intr-un fel de procesare cu avira si s-ar putea ca log-ul sa nu fie in regula...

log combo fix:

ComboFix 09-02-07.01 - Xtreme 2009-02-08 18:25:06.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.3582.3061 [GMT 2:00]
Running from: c:\documents and settings\Xtreme\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xtreme\Desktop\CFScript.txt.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\Xtreme\Local Settings\Temp\220.exe
c:\recycler\S-1-5-21-0082153780-7045979475-294765309-8093\winservices.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\Xtreme\Local Settings\Temp\220.exe
c:\recycler\S-1-5-21-0082153780-7045979475-294765309-8093\winservices.exe
D:\Autorun.inf

c:\windows\system32\winlogon.exe . . . is infected!!

.
(((((((((((((((((((((((((   Files Created from 2009-01-08 to 2009-02-08  )))))))))))))))))))))))))))))))
.

2009-02-08 16:29 . 2009-02-08 16:29 <DIR> d-------- c:\documents and settings\Xtreme\Application Data\InstallShield

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 16:25 16,608 ----a-w c:\windows\gdrv.sys
2009-02-08 15:55 --------- d-----w c:\program files\Trend Micro
2009-02-08 14:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 14:42 102,492 ----a-w c:\windows\system32\msvcrt2.dll
2009-02-08 14:29 --------- d-----w c:\program files\Realtek
2009-02-08 14:25 315,392 ----a-w c:\windows\HideWin.exe
2009-02-08 14:15 --------- d-----w c:\program files\Intel
2009-02-08 14:14 --------- d-----w c:\program files\GIGABYTE
2009-02-08 14:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-08 14:02 --------- d-----w c:\program files\Avira
2009-02-08 14:02 --------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-02-08 13:42 --------- d-----w c:\program files\Microsoft IntelliType Pro
2009-02-08 13:42 --------- d-----w c:\program files\Microsoft IntelliPoint
2009-02-08 13:33 --------- d-----w c:\program files\microsoft frontpage
2009-02-08 13:28 --------- d-----w c:\program files\Windows Plus
2009-02-08 10:40 226,304 --sh--r C:\vshost.exe
2007-03-12 09:01 66,672 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-03-12 09:01 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-03-12 09:01 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-03-12 09:01 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-03-12 09:01 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

2005-11-17 00:36  502272  6e8ca4fcb30282f216f5db9dd58a5f81 c:\windows\system32\winlogon.exe
2005-11-17 00:36  502272  6e8ca4fcb30282f216f5db9dd58a5f81 c:\windows\system32\dllcache\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-28 86016]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-02-28 c:\windows\system32\nwiz.exe]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2009-02-08 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;c:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [2009-02-08 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;c:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2009-02-08 41217]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2009-02-08 47624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vshost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vshost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{904a9956-f5ee-11dd-a01e-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vshost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{904a9957-f5ee-11dd-a01e-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vshost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd0d4de8-f5e5-11dd-9b60-00c0dff28d28}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vshost.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Windows Service help - c:\recycler\S-1-5-21-0082153780-7045979475-294765309-8093\winservices.exe


.
------- Supplementary Scan -------
.
LSP: avsda.dll
TCP: {08BC8D34-320D-4643-9F3A-DCEF389FAF6C} = 172.22.25.25,172.22.160.160
FF - ProfilePath - c:\documents and settings\Xtreme\Application Data\Mozilla\Firefox\Profiles\trpf70a6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 18:25:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\avsda.dll
.
Completion time: 2009-02-08 18:26:16
ComboFix-quarantined-files.txt  2009-02-08 16:26:14

Pre-Run: 100,569,427,968 bytes free
Post-Run: 100,560,515,072 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

119






log HijakThis :



Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 6:33:35 PM, on 2/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{08BC8D34-320D-4643-9F3A-DCEF389FAF6C}: NameServer = 172.22.25.25,172.22.160.160
O17 - HKLM\System\CS1\Services\Tcpip\..\{08BC8D34-320D-4643-9F3A-DCEF389FAF6C}: NameServer = 172.22.25.25,172.22.160.160
O17 - HKLM\System\CS2\Services\Tcpip\..\{08BC8D34-320D-4643-9F3A-DCEF389FAF6C}: NameServer = 172.22.25.25,172.22.160.160
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3995 bytes

Edited by vladpuscasu, 08 February 2009 - 18:39.

Bun...

Pune urmatorul folder intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza.

Quote

NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM !


Ruleaza un scan full cu Avira in Safe Mode...apoi...

Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop.
Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.
Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan.
La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected.
La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

acum fac urmatorul pas....

Ok. Multumesc pentru samples. Astept log aici

dureaza ceva pana scaneaza incerc sa ma misc repede

Nu e graba...

am scanat cu Avira in safe mode a gasit 1 virus.... acum astept sa termine de scanat Malwarebytes.... dupa care o sa postez continutul din report.... as vrea sa-mi dai un sfat pe viitor ca sa fiu protejat mai bine cum trebuie sa procedez? sa las tot avira antivir premium edition sau sa pun un alt antivirus.... inainte am avut avira simplu....

Edited by vladpuscasu, 08 February 2009 - 19:51.

Daca gaseste ceva, nu uita sa-i dai remove

ok... deocamdata afiseaza 0 la Object infected

vladpuscasu, Avira Premium este excelent, insa nici un antivirus nu e perfect.

Iti recomand, cum iti spusesem si pe blog, sa scanezi cu Dr. Web CureIt, in caz de probleme.

pykko, on Feb 8 2009, 17:57, said:

Merci pt. sfat pykko  



in sfarsit a terminat de scanat si Malwarebytes aici este log-ul

Malwarebytes' Anti-Malware 1.33
Database version: 1738
Windows 5.1.2600 Service Pack 2

2/8/2009 8:15:12 PM
mbam-log-2009-02-08 (20-15-12).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 76787
Time elapsed: 27 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\oDC\Downloads\Kituri\Kituri programe\Vegas ( movie editor )\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrt2.dll (Trojan.Agent) -> Quarantined and deleted successfully.


surprinzator ... avira nu a mai detectat absolut nici un virus .... nu am mai avut nici o eroare la pornirea calculatorului....  

Edited by vladpuscasu, 08 February 2009 - 20:22.

Quote

Imi pare rau ,dar aceasta intrare te-a dat de gol ca folosesti software piratat si asta este unul din motivele problemelor tale.

Nu se acorda asistenta pentru warez.

SOFTPEDIA NU INCURAJEAZA PIRATERIA !

http://forum.softped...howtopic=498342