Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
HijackThis - alexxx21a
Last Updated: Sep 20 2010 13:10, Started by
alexxx21a
, Aug 16 2010 15:23
·
0
#1
Posted 16 August 2010 - 15:23
Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 4:19:59 PM, on 8/16/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\windows\system32\wuaucldt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ol.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\v2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\ale---xxx\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Mkey.exe] C:\Program Files\MKey\Mkey.exe O4 - HKLM\..\Run: [cimiptyns] C:\WINDOWS\System32\cimiptyns.exe O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [cimiptyns] C:\Documents and Settings\ale---xxx\cimiptyns.exe O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\ale---xxx\wuaucldt.exe O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe O4 - HKCU\..\Run: [ol] C:\WINDOWS\ol.exe O4 - HKCU\..\Run: [Apudakaxodemad] rundll32.exe "C:\WINDOWS\copdsr1.dll",Startup O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1277885129671 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1277885122609 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7924 bytes Attached FilesEdited by alexxx21a, 16 August 2010 - 15:29. |
#2
Posted 16 August 2010 - 15:40
Bifeaza si apasa Fix Checked pentru liniile:
alexxx21a, on 16th August 2010, 16:23, said: O4 - HKLM\..\Run: [cimiptyns] C:\WINDOWS\System32\cimiptyns.exe O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [cimiptyns] C:\Documents and Settings\ale---xxx\cimiptyns.exe O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\ale---xxx\wuaucldt.exe O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe O4 - HKCU\..\Run: [ol] C:\WINDOWS\ol.exe O4 - HKCU\..\Run: [Apudakaxodemad] rundll32.exe "C:\WINDOWS\copdsr1.dll",Startup Sa nu uiti niciuna! Apoi descarca: ComboFix si salveaza-l pe Desktop. Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat: Quote File:: c:\documents and settings\ale---xxx\wuaucldt.exe C:\windows\system32\wuaucldt.exe C:\WINDOWS\ol.exe C:\DOCUME~1\ale---xxx\LOCAL Settings\Temp\lsass.exe C:\DOCUME~1\ale---xxx\LOCAL Settings\Temp\v2.exe C:\Documents and Settings\ale---xxx\cimiptyns.exe C:\WINDOWS\System32\cimiptyns.exe C:\WINDOWS\copdsr1.dll C:\WINDOWS\system32\regedit.exe Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos. [ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ] Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. Edited by Official, 16 August 2010 - 15:45. |
#3
Posted 16 August 2010 - 16:31
Gata am facut ce mi-ai spus , a inceput programul sa ruleze dupa care a dat o fereastra micuta pe care scria ERROR am dat ok la ea si s`a restartat calculatorul , dupa care a repornit si a facut toata treaba .
Uite aici si rezultatul : Quote ComboFix 10-08-15.04 - ale---xxx 08/16/2010 17:16:26.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.732 [GMT 3:00] Running from: c:\documents and settings\ale---xxx\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\ale---xxx\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active FILE :: "c:\docume~1\ale---xxx\LOCAL Settings\Temp\lsass.exe" "c:\docume~1\ale---xxx\LOCAL Settings\Temp\v2.exe" "c:\documents and settings\ale---xxx\cimiptyns.exe" "c:\documents and settings\ale---xxx\wuaucldt.exe" "c:\windows\copdsr1.dll" "c:\windows\ol.exe" "c:\windows\System32\cimiptyns.exe" "c:\windows\system32\regedit.exe" "c:\windows\system32\wuaucldt.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\ALE---~1\LOCALS~1\Temp\lsass.exe c:\docume~1\ale---xxx\LOCAL Settings\Temp\lsass.exe c:\docume~1\ale---xxx\LOCAL Settings\Temp\v2.exe c:\documents and settings\ale---xxx\Application Data\chrtmp c:\documents and settings\ale---xxx\Application Data\gnja.exe c:\documents and settings\ale---xxx\Application Data\inst.exe c:\documents and settings\ale---xxx\cimiptyns.exe c:\documents and settings\ale---xxx\msgvn.exe c:\documents and settings\ale---xxx\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\ale---xxx\wuaucldt.exe c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\recycler\S-1-5-21-3071634982-0830670934-050293930-9477\nissan.exe c:\windows\copdsr1.dll c:\windows\ol.exe c:\windows\System32\cimiptyns.exe c:\windows\system32\wuaucldt.exe ----- BITS: Possible infected sites ----- hxxp://downlj+|Cv+@J:NGD_DQ{zcxLJS@(M(O.O?{= Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - c:\system volume information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048408.sys . ((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 ))))))))))))))))))))))))))))))) . 2010-08-16 12:43 . 2010-08-16 12:43 -------- d-----w- c:\program files\ESET 2010-08-16 12:11 . 2010-08-16 12:11 76288 ----a-w- c:\windows\bhat.exe 2010-08-16 12:10 . 2010-08-16 12:10 40960 ----a-w- c:\windows\as36.exe 2010-08-16 11:39 . 2010-08-16 11:39 90112 ----a-w- c:\windows\system32\YmsgCrypt.dll 2010-08-16 11:39 . 2010-08-16 11:39 139264 ----a-w- c:\windows\system32\DartCertificate.dll 2010-08-16 11:39 . 2010-08-16 11:39 147456 ----a-w- c:\windows\system32\DartSecure2.dll 2010-08-16 11:39 . 2010-08-16 11:39 212992 ----a-w- c:\windows\system32\DartSock.dll 2010-08-16 09:37 . 2010-08-16 09:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-08-12 15:59 . 2010-08-12 15:59 -------- d-----w- c:\program files\Conduit 2010-08-07 05:55 . 2010-08-07 05:55 61440 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f88d24c-n\decora-sse.dll 2010-08-07 05:55 . 2010-08-07 05:55 503808 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\msvcp71.dll 2010-08-07 05:55 . 2010-08-07 05:55 499712 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\jmc.dll 2010-08-07 05:55 . 2010-08-07 05:55 12800 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f88d24c-n\decora-d3d.dll 2010-08-07 05:55 . 2010-08-07 05:55 348160 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\msvcr71.dll 2010-07-29 15:42 . 2010-07-29 15:42 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\vlc 2010-07-23 08:45 . 2010-07-23 08:45 -------- d-----w- c:\program files\Alcohol Soft 2010-07-22 13:58 . 2003-10-27 11:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2010-07-22 13:58 . 2003-10-27 11:06 69632 ----a-w- c:\windows\system32\xmltok.dll 2010-07-22 13:58 . 2003-10-27 11:06 36864 ----a-w- c:\windows\system32\xmlparse.dll 2010-07-22 13:58 . 2003-10-27 11:06 26096 ----a-w- c:\windows\system32\xmlinst.exe 2010-07-22 13:58 . 2003-10-27 11:06 24576 ----a-w- c:\windows\system32\msxml3a.dll 2010-07-22 13:58 . 2010-07-22 13:58 -------- d-----w- c:\program files\Ubisoft 2010-07-22 13:35 . 2010-07-22 13:35 -------- d-----w- c:\program files\7-Zip 2010-07-19 11:28 . 2010-07-19 11:28 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Media Player Classic . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-16 09:57 . 2010-04-26 16:57 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\uTorrent 2010-08-11 17:17 . 2010-04-26 20:44 -------- d-----w- c:\program files\Garena 2010-08-03 10:38 . 2010-04-26 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2010-07-29 11:55 . 2010-04-26 03:33 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-29 11:55 . 2010-04-26 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-26 22:47 . 2010-04-26 16:53 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Skype 2010-07-26 22:44 . 2010-04-26 16:54 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\skypePM 2010-07-23 08:43 . 2010-04-26 16:58 697328 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-07-13 07:04 . 2010-04-26 03:40 44528 ----a-w- c:\documents and settings\ale---xxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-07-13 06:48 . 2010-04-26 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-07 16:15 . 2010-07-07 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-07-07 15:21 . 2010-07-07 15:21 2568656 ----a-w- c:\documents and settings\ale---xxx\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-07-02 14:22 . 2010-07-02 00:52 -------- d-----w- c:\program files\nLite 2010-06-30 08:28 . 2010-04-26 17:17 -------- d-----w- c:\program files\Microsoft Works 2010-06-25 18:04 . 2010-06-25 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk 2010-06-25 15:34 . 2010-06-25 15:33 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Vso 2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\documents and settings\ale---xxx\Application Data\pcouffin.sys 2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\documents and settings\ale---xxx\Application Data\pcouffin.sys 2010-06-25 15:33 . 2010-06-25 15:33 -------- d-----w- c:\program files\VSO 2010-05-28 22:55 . 2010-05-28 22:55 503808 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\msvcp71.dll 2010-05-28 22:55 . 2010-05-28 22:55 61440 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4fa0f48e-n\decora-sse.dll 2010-05-28 22:55 . 2010-05-28 22:55 499712 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\jmc.dll 2010-05-28 22:55 . 2010-05-28 22:55 348160 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\msvcr71.dll 2010-05-28 22:55 . 2010-05-28 22:55 12800 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4fa0f48e-n\decora-d3d.dll 2010-05-20 07:46 . 2010-05-20 07:25 52224 ----a-w- c:\windows\ipuninst.exe 2004-10-01 12:00 . 2010-04-26 17:02 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ------- Sigcheck ------- [-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "IE8"="advpack.dll" [2009-11-05 128512] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^raid_tool.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\raid_tool.exe.lnk backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2005-06-28 18:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] 2002-07-12 08:33 1581056 ----a-r- c:\windows\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu] 2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2010-03-30 08:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-03-19 14:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Strong Dc++ 2.02\\StrongDC.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Garena\\Garena.exe"= "c:\\Program Files\\Tzopcast\\adv\\SopAdver.exe"= "c:\\Program Files\\Tzopcast\\Tzopcast.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "d:\\Jocuri\\MONOPOLY\\Monopoly.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Programe\\kituri\\NRPG RatioMaster.exe"= "d:\\Jocuri\\STEAM\\steamapps\\shade_alex\\counter-strike\\hl.exe"= R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [4/26/2010 6:36 AM 75904] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp --> c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/26/2010 7:58 PM 697328] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ro/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\ale---xxx\Application Data\Mozilla\Firefox\Profiles\1iziyp5k.default\ FF - prefs.js: browser.startup.homepage - www.google.ro FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll ---- Firefox POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-Mkey.exe - c:\program files\MKey\Mkey.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-16 17:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1784) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\SOUNDMAN.EXE c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-08-16 17:24:34 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-16 14:24 Pre-Run: 6,254,882,816 bytes free Post-Run: 6,289,113,088 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 8617B1B6C59B5F54AE10CD6F6F0B0D36 |
#4
Posted 16 August 2010 - 16:36
Pune urmatorul folder intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza.
Quote C:\Qoobox NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM ! Descarca Malwarebytes Anti-Malware 1.46 si salveaza-l pe Desktop. Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish. Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele. Database version: 4XXX Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan. La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected. La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici. Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.) Edited by crysty2k5, 16 August 2010 - 16:37. |
#5
Posted 16 August 2010 - 17:44
Uite aici rezultatul la ultima scanare :
Quote Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4436 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/16/2010 6:42:16 PM mbam-log-2010-08-16 (18-42-16).txt Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|) Objects scanned: 198865 Time elapsed: 37 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 15 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\Documents and Settings\ale---xxx\msgvn.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-3071634982-0830670934-050293930-9477\nissan.exe.vir (Worm.Autorun. -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048697.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048698.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048715.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048716.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049947.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049941.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049942.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049943.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049948.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP96\A0046210.Exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048564.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048565.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. D:\Programe\kituri\BaDBoYv4.2\BaDBoYv4.2.exe (Trojan.Armin) -> Quarantined and deleted successfully. Scuze pt ultimul virus, ce bine ca l-a detectat si l-a sters , erau coade de cs uitate demult prin calculator Edited by alexxx21a, 16 August 2010 - 17:45. |
#7
Posted 16 August 2010 - 17:54
Daca nu mai ai probleme, scoate Nod32 (s-a vazut ca e inutil) si pune Avira sau Avast (ambele sunt gratuite).
http://www.softpedia...e-Edition.shtml http://www.softpedia...l-Edition.shtml
Edited by crysty2k5, 16 August 2010 - 17:59.
|
#8
Posted 16 August 2010 - 18:00
Mi se pare ca merge bine acuma, nu mai am probleme , am intrat si pe Steam si ruleaza perfect .
Mai trebuie sa astept vreun raspuns analiza folderului Qoobox ? Si pentru celalalt amic care are problema similara cu a mea ( atasez inca odata aici poza sa vezi ) pot urma aceeasi pasi de pe acel sistem ? Ca el nu se prea stie cu forumurile sa isi faca el cont si il ajut eu . Merg deseara pe la el si pot urma pasii ca si aici sau cum imi sugerez sa fac si sa postez rezultatele tot in acest topic . Lui ii apar la fel 2 erori cand porneste windowsul si ii merge calculatorul cam lent . ( are windowsul doar de vreo 2-3 saptamani instalat , acelasi ca si al meu din cate tin eu minte ) . Multumesc foarte mult pentru ajutor !!!! M-ai scutit de o formatare aiurea . Attached Files |
#9
Posted 16 August 2010 - 18:03
Poti urma aceiasi pasi dar, daca poti, pune logurile aici sa vedem daca mai sunt si alte intrari malitioase.
Edited by Official, 16 August 2010 - 18:04. |
#10
Posted 16 August 2010 - 23:24
Gata incep acum sa postez tot in acest topic logurile de pe sistemul amicului meu :
Quote Logfile of Trend Micro HiJackThis v2.0.4 Scan saved at 12:23:20 AM, on 8/17/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\WebCam\M1000\M1000Mnt.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\v2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\iste10.exe C:\Documents and Settings\Florynaaa\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ccmiptyns] C:\WINDOWS\System32\ccmiptyns.exe O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ccmiptyns] C:\Documents and Settings\Florynaaa\ccmiptyns.exe O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{661491D6-829A-46D0-A3EB-C319312F5A82}: NameServer = 213.154.124.1 193.231.252.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7658 bytes Va rog mult de tot daca puteti sa imi dati si aici la fel ca si data trecuta , ce trebuie sa selectez sa stearga la fel ca si mai sus. Multumesc frumos Edited by alexxx21a, 16 August 2010 - 23:27. |
|
#11
Posted 17 August 2010 - 05:59
Bifeaza si apasa Fix Checked pentru:
Quote O4 - HKLM\..\Run: [ccmiptyns] C:\WINDOWS\System32\ccmiptyns.exe O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe O4 - HKCU\..\Run: [ccmiptyns] C:\Documents and Settings\Florynaaa\ccmiptyns.exe O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe Descarca: ComboFix si salveaza-l pe Desktop. Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat: Quote File:: C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\lsass.exe C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\v2.exe C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\iste10.exe C:\Documents and Settings\Florynaaa\ccmiptyns.exe Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos. [ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ] Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. |
#12
Posted 17 August 2010 - 14:55
Gata si acest pas :
Quote ComboFix 10-08-16.04 - Florynaaa 08/17/2010 15:44:25.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.292 [GMT 3:00] Running from: c:\documents and settings\Florynaaa\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Florynaaa\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point * Resident AV is active FILE :: "c:\documents and settings\Florynaaa\ccmiptyns.exe" "c:\documents and settings\Florynaaa\LOCAL Settings\Temp\iste10.exe" "c:\documents and settings\Florynaaa\LOCAL Settings\Temp\lsass.exe" "c:\documents and settings\Florynaaa\LOCAL Settings\Temp\v2.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\FLORYN~1\LOCALS~1\Temp\lsass.exe c:\documents and settings\Florynaaa\Application Data\chrtmp c:\documents and settings\Florynaaa\ccmiptyns.exe c:\documents and settings\Florynaaa\LOCAL Settings\Temp\iste10.exe c:\documents and settings\Florynaaa\LOCAL Settings\Temp\lsass.exe c:\documents and settings\Florynaaa\LOCAL Settings\Temp\v2.exe c:\documents and settings\Florynaaa\msgvn.exe c:\windows\system32\msssc.dll Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - c:\system volume information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0009530.sys . ((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 ))))))))))))))))))))))))))))))) . 2010-08-16 10:29 . 2010-08-16 10:29 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\ESET 2010-08-16 10:29 . 2010-08-16 10:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-08-14 19:02 . 2010-08-15 16:27 33792 ----a-w- c:\windows\system32\ccmiptyns.exe 2010-08-13 15:20 . 2008-04-13 20:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-08-13 15:20 . 2001-08-17 09:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys 2010-08-13 15:20 . 2001-08-17 09:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS 2010-08-13 09:57 . 2010-08-16 16:12 10 ----a-w- c:\windows\popcinfo.dat 2010-08-13 09:57 . 2010-08-13 09:57 -------- d-----w- c:\program files\PopCap Games 2010-08-03 20:30 . 2008-04-13 20:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys 2010-08-03 20:30 . 2008-04-13 20:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys 2010-08-03 20:29 . 2008-04-13 20:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys 2010-08-03 20:29 . 2008-04-13 20:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys 2010-08-03 20:29 . 2008-04-14 01:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe 2010-08-03 20:29 . 2008-04-14 01:42 151552 ----a-w- c:\windows\system32\irftp.exe 2010-08-03 20:29 . 2008-04-14 01:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2010-08-03 20:29 . 2008-04-14 01:42 8192 ----a-w- c:\windows\system32\wshirda.dll 2010-08-03 20:29 . 2008-04-14 01:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll 2010-08-03 20:29 . 2008-04-14 01:41 28160 ----a-w- c:\windows\system32\irmon.dll 2010-08-03 20:29 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\bthenum.sys 2010-08-03 20:29 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys 2010-08-03 20:29 . 2008-04-13 20:16 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys 2010-08-03 20:29 . 2008-04-13 20:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2010-08-03 20:28 . 2010-08-03 20:28 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\IsolatedStorage 2010-08-03 20:28 . 2010-08-03 20:28 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\HP 2010-08-03 20:28 . 2010-08-03 20:28 132 ----a-w- c:\documents and settings\Florynaaa\Local Settings\Application Data\fusioncache.dat 2010-08-03 20:27 . 2010-08-17 12:50 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\ApplicationHistory 2010-08-03 20:19 . 2010-08-03 20:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-08-03 20:19 . 2010-08-03 20:19 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\skypePM 2010-08-03 18:56 . 2010-08-03 18:56 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\Yahoo 2010-08-03 18:56 . 2010-08-03 18:56 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Yahoo! 2010-08-03 16:19 . 2008-04-13 20:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys 2010-08-03 16:19 . 2008-04-13 20:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2010-08-03 16:19 . 2008-04-13 20:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys 2010-08-03 16:19 . 2008-04-13 20:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2010-08-03 16:19 . 2008-04-13 20:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys 2010-08-03 16:19 . 2008-04-13 20:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2010-08-03 16:18 . 2008-04-13 20:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys 2010-08-03 16:18 . 2008-04-13 20:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2010-08-03 16:18 . 2008-04-13 20:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys 2010-08-03 16:18 . 2008-04-13 20:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2010-08-03 16:18 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys 2010-08-03 16:18 . 2008-04-13 20:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2010-08-03 16:18 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys 2010-08-03 16:18 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2010-08-03 16:18 . 2008-04-14 01:42 53760 ----a-w- c:\windows\vfwwdm32.dll 2010-08-03 15:57 . 2010-08-03 15:57 -------- d-----w- c:\program files\Common Files\HP 2010-08-03 15:55 . 2010-08-03 15:55 -------- d-----w- c:\program files\Hewlett-Packard 2010-08-03 15:55 . 2010-08-03 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2010-08-03 15:55 . 2004-05-11 07:53 82432 ----a-r- c:\windows\system32\MSXML4r.dll 2010-08-03 15:55 . 2004-05-11 07:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll 2010-08-03 15:55 . 2004-05-11 07:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll 2010-08-03 15:55 . 2004-05-11 07:53 44544 ----a-r- c:\windows\system32\MSXML4a.dll 2010-08-03 15:55 . 2004-05-11 07:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll 2010-08-03 15:55 . 2004-05-11 07:53 1230336 ----a-r- c:\windows\system32\MSXML4.dll 2010-08-03 15:54 . 2010-08-03 15:54 45056 ----a-r- c:\documents and settings\Florynaaa\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe 2010-08-03 15:53 . 2010-08-03 15:53 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-08-03 15:52 . 2010-08-03 15:52 -------- d-----w- c:\windows\system32\URTTEMP 2010-08-03 15:50 . 2004-06-21 20:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2010-08-03 15:50 . 2004-06-21 20:02 51088 ----a-r- c:\windows\system32\drivers\hpzid412.sys 2010-08-03 15:50 . 2004-06-21 20:02 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2010-08-03 15:49 . 2008-04-13 20:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2010-08-03 15:49 . 2008-04-13 20:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2010-08-03 15:49 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2010-08-03 15:49 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2010-08-03 15:49 . 2008-04-13 20:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2010-08-03 15:49 . 2008-04-13 20:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2010-08-03 15:48 . 2004-03-18 13:55 65536 ----a-w- c:\windows\system32\HPZipm12.exe 2010-08-03 15:48 . 2004-03-18 13:39 57344 ----a-w- c:\windows\system32\HPZisn12.dll 2010-08-03 15:48 . 2004-03-18 13:39 94208 ----a-w- c:\windows\system32\HPZipt12.dll 2010-08-03 15:48 . 2004-03-18 13:38 61440 ----a-w- c:\windows\system32\HPZinw12.exe 2010-08-03 15:48 . 2004-03-18 13:56 204800 ----a-w- c:\windows\system32\HPZipr12.dll 2010-08-03 15:48 . 2004-03-18 13:53 278584 ----a-w- c:\windows\system32\HPZidr12.dll 2010-08-03 15:47 . 2010-08-03 15:59 -------- d-----w- c:\program files\HP 2010-08-03 15:44 . 2010-08-03 16:04 104257 ----a-w- c:\windows\hpoins04.dat 2010-08-03 15:44 . 2004-06-21 20:02 17176 ------w- c:\windows\hpomdl04.dat 2010-08-03 15:32 . 2010-08-03 15:33 -------- d-----w- c:\program files\Java 2010-08-03 15:32 . 2010-08-03 15:32 -------- d-----w- c:\program files\Common Files\Java 2010-08-03 15:30 . 2010-08-03 20:20 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Skype 2010-08-03 15:29 . 2010-08-03 15:29 -------- d-----w- c:\program files\Common Files\Skype 2010-08-03 15:29 . 2010-08-03 15:30 -------- d-----r- c:\program files\Skype 2010-08-03 15:29 . 2010-08-03 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-08-03 15:27 . 2010-08-03 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2010-08-03 15:27 . 2010-04-20 13:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2010-08-03 15:26 . 2010-08-03 15:27 -------- d-----w- c:\program files\Yahoo! 2010-08-03 15:25 . 2010-08-03 15:26 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Hamachi 2010-08-03 15:25 . 2010-08-03 15:25 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2010-08-03 15:25 . 2010-08-03 15:25 -------- d-----w- c:\program files\Hamachi 2010-08-03 15:22 . 2010-08-03 15:22 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-08-03 15:18 . 2010-08-03 15:18 -------- d-----w- c:\program files\StrongDC++ 2010-08-03 15:16 . 2010-08-03 15:23 -------- d-----w- C:\Temp 2010-08-03 15:16 . 2010-08-03 15:16 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Syntrillium 2010-08-03 15:16 . 2001-10-19 11:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll 2010-08-03 15:16 . 2001-10-19 11:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll 2010-08-03 15:16 . 2001-10-19 11:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll 2010-08-03 15:16 . 2001-10-19 11:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll 2010-08-03 15:15 . 2010-08-03 15:17 -------- d-----w- c:\program files\coolpro2 2010-08-03 15:03 . 2001-08-17 12:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2010-08-03 15:03 . 2008-04-13 23:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2010-08-03 15:01 . 2010-08-03 16:00 -------- d-sh--w- c:\windows\Installer 2010-08-03 15:01 . 2008-04-14 11:00 61440 -c--a-w- c:\windows\system32\dllcache\spcplui.dll 2010-08-03 15:01 . 2008-04-14 11:00 77824 -c--a-w- c:\windows\system32\dllcache\spcommon.dll 2010-08-03 15:01 . 2008-04-14 11:00 774144 -c--a-w- c:\windows\system32\dllcache\spttseng.dll 2010-08-03 15:01 . 2008-04-14 11:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-16 19:57 . 2010-08-03 13:51 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\uTorrent 2010-08-05 15:32 . 2010-08-03 12:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-08-03 18:00 . 2010-08-03 13:39 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\BSplayer 2010-08-03 15:23 . 2010-08-03 13:30 68456 ----a-w- c:\documents and settings\Florynaaa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-03 15:21 . 2010-08-03 13:38 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-08-03 15:07 . 2010-08-03 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-03 14:59 . 2010-08-03 14:59 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\vlc 2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\program files\Genius 2010-08-03 14:54 . 2010-08-03 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-03 14:53 . 2010-08-03 12:33 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-03 14:50 . 2010-08-03 14:46 -------- d-----w- c:\program files\Common Files\LightScribe 2010-08-03 14:45 . 2010-08-03 14:41 -------- d-----w- c:\program files\Ahead 2010-08-03 14:41 . 2010-08-03 14:41 -------- d-----w- c:\program files\Common Files\Ahead 2010-08-03 14:40 . 2010-08-03 14:40 -------- d-----w- c:\program files\CyberLink 2010-08-03 14:40 . 2010-08-03 14:40 -------- d-----w- c:\program files\CyberLink DVD Solution 2010-08-03 14:32 . 2010-08-03 14:32 -------- d-----w- c:\program files\Microsoft ActiveSync 2010-08-03 14:08 . 2010-08-03 14:08 -------- d-----w- c:\program files\Microsoft Works 2010-08-03 14:08 . 2010-08-03 14:08 -------- d-----w- c:\program files\MSBuild 2010-08-03 14:07 . 2010-08-03 14:07 -------- d-----w- c:\program files\Microsoft.NET 2010-08-03 14:06 . 2010-08-03 14:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-08-03 13:57 . 2010-08-03 13:56 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Winamp 2010-08-03 13:56 . 2010-08-03 13:56 -------- d-----w- c:\program files\Winamp 2010-08-03 13:55 . 2010-08-03 13:55 0 ----a-w- c:\windows\nsreg.dat 2010-08-03 13:54 . 2010-08-03 13:54 -------- d-----w- c:\program files\Switch Off 2010-08-03 13:53 . 2010-08-03 13:53 -------- d-----w- c:\program files\ESET 2010-08-03 13:53 . 2010-08-03 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\program files\uTorrent 2010-08-03 13:51 . 2010-08-03 13:51 -------- d-----w- c:\program files\WhereIsIt 2010-08-03 13:51 . 2010-08-03 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WhereIsIt 2010-08-03 13:42 . 2010-08-03 13:42 -------- d-----w- c:\program files\VideoLAN 2010-08-03 13:40 . 2010-08-03 13:40 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-08-03 13:39 . 2010-08-03 13:39 -------- d-----w- c:\program files\Webteh 2010-08-03 13:39 . 2010-08-03 13:39 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\BSplayer Pro 2010-08-03 13:36 . 2010-08-03 13:36 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-08-03 13:36 . 2010-08-03 13:36 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\DAEMON Tools 2010-08-03 13:30 . 2010-08-03 13:30 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\ATI 2010-08-03 13:28 . 2010-08-03 12:53 -------- d-----w- c:\program files\ATI Technologies 2010-08-03 13:12 . 2010-08-03 13:12 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-08-03 13:12 . 2010-08-03 13:11 -------- d-----w- c:\program files\Common Files\Adobe 2010-08-03 13:07 . 2010-08-03 13:07 -------- d-----w- c:\program files\ASUS 2010-08-03 12:42 . 2010-08-03 12:42 -------- d-----w- c:\program files\Analog Devices 2010-08-03 12:34 . 2010-08-03 12:34 -------- d-----w- c:\program files\Intel 2010-08-03 12:25 . 2010-08-03 12:25 -------- d-----w- c:\program files\microsoft frontpage 2010-08-03 12:21 . 2010-08-03 12:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-08-03 12:20 . 2010-08-03 12:20 -------- d-----w- c:\program files\Windows Media Connect 2 2004-10-01 12:00 . 2010-08-03 14:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe . ------- Sigcheck ------- [-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "IE8"="advpack.dll" [2009-11-05 128512] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\StrongDC++\\StrongDC.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224] R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [8/3/2010 5:55 PM 276930] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/3/2010 4:36 PM 717296] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Florynaaa\Application Data\Mozilla\Firefox\Profiles\eyx5tynl.default\ FF - prefs.js: browser.startup.homepage - www.google.ro ---- Firefox POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-M1000Mnt - M1000Rmv.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-17 15:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(576) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2876) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\rundll32.exe c:\windows\WebCam\M1000\M1000Mnt.exe c:\program files\HP\Digital Imaging\bin\hpqgalry.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-08-17 15:53:19 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-17 12:53 Pre-Run: 13,017,628,672 bytes free Post-Run: 13,151,350,784 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 75BF038EC6A5D64ABBC12E67D93BECF5 |
#13
Posted 17 August 2010 - 15:23
Pune urmatorul folder intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza.
Quote C:\Qoobox NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM ! Descarca Malwarebytes Anti-Malware 1.46 si salveaza-l pe Desktop. Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish. Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele. Database version: 4XXX Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan. La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected. La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici. Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.) |
#14
Posted 17 August 2010 - 15:33
Am facut si pasul cu Malware . Iata si rezultatul :
Quote Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4439 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/17/2010 4:31:29 PM mbam-log-2010-08-17 (16-31-29).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 185493 Time elapsed: 28 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 17 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\Documents and Settings\Florynaaa\ccmiptyns.exe.vir (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\Florynaaa\msgvn.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir (Rootkit.Patched) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010526.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010527.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010537.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010538.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011540.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011541.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011582.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011583.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015839.sys (Rootkit.Patched) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015840.sys (Rootkit.Patched) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015841.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015842.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015883.sys (Trojan.Agent.Gen) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ccmiptyns.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Imediat iti trimit si folderul Qoobox. PS : Trebuie sa astept si eu ceva raspuns de la cei care analizeaza acel folder sau asta a fost tot ? Multumesc mult de ajutor Edited by alexxx21a, 17 August 2010 - 15:38. |
#15
Posted 17 August 2010 - 15:47
Multumesc pentru folder.
Nu e problema ta analiza. Tu spune daca mai sunt probleme ? Folderul ala o sa ajunga la toate companiile sa fie semnate fisierele ca pe viitor altii sa nu se mai infecteze. |
|
#16
Posted 17 August 2010 - 15:55
Ahaa nu stiam ce fel de analiza se face .
Merge bine acuma si acest calculator nu mai apar erorile si nu mai merge greu . Voi reveni zilele acestea credca si cu un al 3lea sistem ( un laptop ) dar acolo nu stiu care este exact problema .. nu da erori dar mi se pare ca merge cam greu . Multumesc foarte mult pentru ajutor !!! |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users