Ajutor curatare calculator de virusi
Last Updated: Apr 02 2009 22:01, Started by
nedelea91
, Mar 29 2009 21:05
·
0
#1
Posted 29 March 2009 - 21:05
Rog ajutor, cunostintele mele sunt foarte reduse in acest domeniu. Am scanat calculatorul cu Avira si am primit urmatorul raport:
Avira AntiVir Personal Report file date: Sunday, March 29, 2009 20:33 Scanning for 1328914 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: HOME Version information: BUILD.DAT : 8.2.0.347 16934 Bytes 3/16/2009 14:45:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 07:21:26 AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 06:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 11:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 06:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 10:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 18:50:10 ANTIVIR2.VDF : 7.1.2.199 1008640 Bytes 3/22/2009 15:36:04 ANTIVIR3.VDF : 7.1.2.228 257024 Bytes 3/27/2009 18:37:01 Engineversion : 8.2.0.129 AEVDF.DLL : 8.1.1.0 106868 Bytes 1/30/2009 17:05:32 AESCRIPT.DLL : 8.1.1.70 369019 Bytes 3/27/2009 18:37:08 AESCN.DLL : 8.1.1.8 127346 Bytes 3/7/2009 13:29:08 AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 12:58:38 AEPACK.DLL : 8.1.3.11 397687 Bytes 3/27/2009 18:37:07 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 13:19:13 AEHEUR.DLL : 8.1.0.111 1679736 Bytes 3/27/2009 18:37:05 AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 13:19:09 AEGEN.DLL : 8.1.1.31 340341 Bytes 3/27/2009 18:37:02 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 09:05:56 AECORE.DLL : 8.1.6.6 176501 Bytes 2/19/2009 18:51:26 AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 09:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 07:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 08:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 11:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 10:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 07:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 11:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 16:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 11:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 11:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 12:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 12:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: Sunday, March 29, 2009 20:33 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'opera.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sqlmangr.exe' - '1' Module(s) have been scanned Scan process 'MFIndexer.exe' - '1' Module(s) have been scanned Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned Scan process 'msmsgs.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '54' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\P1BHGYED\upgrade[1].cab [0] Archive type: CAB (Microsoft) --> upgrade.exe [1] Archive type: NSIS --> [UnknownDir]/seekeen.exe [DETECTION] Is the TR/BHO.OneStepSearch.56 Trojan [NOTE] The file was moved to '4a36b191.qua'! C:\Documents and Settings\user\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\CursorManiaSetup2.3.50.26.ZCman000.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> mwsSetup.CommonCodebase.exe [DETECTION] Contains recognition pattern of the DR/MyWebSearch.AU dropper [NOTE] The file was moved to '4a41b204.qua'! C:\Documents and Settings\user\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\vlc-0.9.8a-win32.exe [0] Archive type: NSIS --> ProgramFilesDir/libquicktime_plugin.dll [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Documents and Settings\user\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\X12-30196.exe [0] Archive type: CAB SFX (self extracting) --> README.HTM [WARNING] No further files can be extracted from this archive. The archive will be closed C:\System Volume Information\_restore{447D541C-204F-4385-B3F1-7144A4121CA5}\RP203\A0192300.exe [0] Archive type: RSRC --> Object [1] Archive type: CAB (Microsoft) --> mwsSetup.CommonCodebase.exe [DETECTION] Contains recognition pattern of the DR/MyWebSearch.AU dropper [NOTE] The file was moved to '4a00b5fe.qua'! C:\WINDOWS\Temp\SEE16F.tmp\upgrade.exe [0] Archive type: NSIS --> [UnknownDir]/seekeen.exe [DETECTION] Is the TR/BHO.OneStepSearch.56 Trojan [NOTE] The file was moved to '4a36b8ed.qua'! Begin scan in 'D:\' <Local Disk (D:)> Begin scan in 'E:\' <FILME/JOCURY/MUZIKA!!!> E:\jocury\pestisorul\pestisorul.ace [0] Archive type: ACE --> FeedingFrenzy.exe [WARNING] No further files can be extracted from this archive. The archive will be closed End of the scan: Sunday, March 29, 2009 21:22 Used time: 48:16 Minute(s) The scan has been done completely. 5141 Scanning directories 544458 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 544453 Files not concerned 8606 Archives were scanned 4 Warnings 4 Notes Ce trebue sa fac pentru devirusare?????? |
#2
Posted 29 March 2009 - 21:27
#3
Posted 30 March 2009 - 19:39
#4
Posted 30 March 2009 - 19:42
Bun. Curata alea.
Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop. Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish. Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan. La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected. La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici. |
#5
Posted 30 March 2009 - 20:45
crysty2k5, on Mar 30 2009, 18:42, said: Bun. Curata alea. Descarca Malwarebytes Anti-Malware si salveaza-l pe Desktop. Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish. Dupa lansarea programului, selecteaza Perform full scan si apoi apasa pe Scan. La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected. La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici. Malwarebytes' Anti-Malware 1.35 Database version: 1919 Windows 5.1.2600 Service Pack 2 30.03.2009 21:44:33 mbam-log-2009-03-30 (21-44-33).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 144556 Time elapsed: 28 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 11 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\MSWINSCK.OCX (Trojan.BHO) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MSWINSCK.OCX (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully. |
#6
Posted 30 March 2009 - 21:02
#7
Posted 30 March 2009 - 22:10
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users