Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Info Coronavirus/Vaccinare vs Fake News

Ce becuri H7 sa iau?

Tabel excel din sursa externa

e valida o carte de identitate pr...
 Aparat gravat CNC 3020 - port ope...

Programatori, va cauta firmele de...

Telefon cumparat de la un amanet/...

Cum incetinim degraderea - descom...
 Mai exista democratie in SUA ?

Comedia religiei

Cum obtin numarul unui obiect din...

Bios corupt, Dell 5558
 Noul PlayStation PLUS - Essential...

Inmatricularea unui vehicul cu in...

Huawei P50 pro vs Samsung S21 FE ...

Dilema cu distributia la Citroen ...
 

Problema strong dc - virusi?

- - - - -
  • Please log in to reply
31 replies to this topic

#1
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Acum 2 zile am instalat patch-ul pt Call of duty 2 sa joc online si de atunci a inceput sa nu-mi mai mearga strong dc-ul ''Runtime Error! R6002 -floating point not loaded''.Apoi nu-mi mai mergea comanda Ctrl+Alt+Delete ''Task manager has been disabled by your administrator'' si nici in Start=>Run=>regedit nu mai mergea .Am incercat ce au recomandat unii de pe acest forum si task managerul respectiv regedit si-au revenit dar daca poate cineva sa-mi spuna din ce cauza numai merge Strong Dc-ul si ce ar trebui sa fac sa remediez problema i-as fi recunoscator.Multumesc

#2
SLICK25

SLICK25

    Junior Member

  • Grup: Members
  • Posts: 101
  • Înscris: 25.08.2004

View Postkriss_kringle, on Nov 15 2008, 18:25, said:

Acum 2 zile am instalat patch-ul pt Call of duty 2 sa joc online si de atunci a inceput sa nu-mi mai mearga strong dc-ul ''Runtime Error! R6002 -floating point not loaded''.Apoi nu-mi mai mergea comanda Ctrl+Alt+Delete ''Task manager has been disabled by your administrator'' si nici in Start=>Run=>regedit nu mai mergea .Am incercat ce au recomandat unii de pe acest forum si task managerul respectiv regedit si-au revenit dar daca poate cineva sa-mi spuna din ce cauza numai merge Strong Dc-ul si ce ar trebui sa fac sa remediez problema i-as fi recunoscator.Multumesc


"Reinstaleaza" strong dc-ul de pe site-ul lor sau copiezi doar executabilul (strong dc++.exe) peste cel care il ai ca sa iti pastrezi setarile.
Bafta  B)

#3
ady_chesnoiu

ady_chesnoiu

    Supercharged

  • Grup: Senior Members
  • Posts: 4,605
  • Înscris: 27.05.2007

View Postkriss_kringle, on Nov 15 2008, 17:25, said:

Acum 2 zile am instalat patch-ul pt Call of duty 2 sa joc online si de atunci a inceput sa nu-mi mai mearga strong dc-ul ''Runtime Error! R6002 -floating point not loaded''.Apoi nu-mi mai mergea comanda Ctrl+Alt+Delete ''Task manager has been disabled by your administrator'' si nici in Start=>Run=>regedit nu mai mergea .Am incercat ce au recomandat unii de pe acest forum si task managerul respectiv regedit si-au revenit dar daca poate cineva sa-mi spuna din ce cauza numai merge Strong Dc-ul si ce ar trebui sa fac sa remediez problema i-as fi recunoscator.Multumesc
Ai luat virusi de la acel patch . Nu ne intreba de ce nu e bun patch-ul , nu incurajam warez .\


Later: Repede ai mai imbinat topic-urile :)

Edited by ady_chesnoiu, 15 November 2008 - 21:16.


#4
pykko

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,129
  • Înscris: 10.02.2006
Posteaza aici un log HiJackThis te rog.

#5
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Am ''reinstalat'' Strong-ul de nush cate ori dar dupa ce il inchid si dupa cateva minute incerc sa-l redeschid iar imi da eroarea,mai nou daca incerc sa dau play la o melodie sau un film prin Media Player Classic imi da aceeasi eroare R6002-floating point support not loaded.

#6
SLICK25

SLICK25

    Junior Member

  • Grup: Members
  • Posts: 101
  • Înscris: 25.08.2004

View Postkriss_kringle, on Nov 16 2008, 01:48, said:

Am ''reinstalat'' Strong-ul de nush cate ori dar dupa ce il inchid si dupa cateva minute incerc sa-l redeschid iar imi da eroarea,mai nou daca incerc sa dau play la o melodie sau un film prin Media Player Classic imi da aceeasi eroare R6002-floating point support not loaded.


Ai un virus - win32/Sality.NAU - care iti strica executabilele (.exe) nu te lasa sa faci update sau sa scanezi cu antivirusul instalat. Nici in Safe Mode nu vei putea intra.

1 Scanezi online cu nod32
2 Instalezi nod32 cu update la zi si mai scanezi odata, dar cu cablul de net scos
3 Reinstalezi Strong Dc, Nero, Winamp....

Vezi si discutia asta  http://forum.softped...howtopic=456389

Edited by SLICK25, 16 November 2008 - 11:10.


#7
pykko

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,129
  • Înscris: 10.02.2006

View Postkriss_kringle, on Nov 16 2008, 00:48, said:

Am ''reinstalat'' Strong-ul de nush cate ori dar dupa ce il inchid si dupa cateva minute incerc sa-l redeschid iar imi da eroarea,mai nou daca incerc sa dau play la o melodie sau un film prin Media Player Classic imi da aceeasi eroare R6002-floating point support not loaded.
O metoda mai simpla ar fi sa scanezi cu Avira RescueCD pe care-l descarci de aici: http://dlpro.antivir...cd/rescuecd.iso
Pui imaginea pe un disc, bootezi de pe el, apoi alegi limba engleza (apesi sageata, bifezi folosind tasta Space si confirmi cu Enter), apoi alegi sa faci o scanare completa a Pc-ului redenumind fisierele infectate.

Daca ecranul devine negru in timpul scanarii poti apasa tasta Esc pentru a reveni la scanare.

#8
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Iese din discutie sa pun pe un disc antivirusul pt ca dvd-rom-ul nu-mi mai citeste dvd-uri si cd-uri.Mai nou si cand vreau sa deschid un film sau o melodie prin Media Player Classic imi da aceeasi eroare ca si cu Strong-ul. :wacko:

Edited by kriss_kringle, 16 November 2008 - 15:41.


#9
pykko

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,129
  • Înscris: 10.02.2006
Atunci incearca o scanare online nod32 sau bitdefender.

#10
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Am intrat pe http://www.malwareci...m/scan8/ie.html de vreo 30 de minute si tot imi zice Please wait while the scanner is loading...    Could not load the Online Scanner!    


»  Click here for other possible fixes.  

--------------------------------------------------------------------------------
Stie cineva alt antivirus online pe care l-as putea folosi?

Acum am intrat pe linkul http://www.eset.com/....php?i_agree=14 am dat Start si mi-a aparut casuta cu install apoi mi-a aparut asa Norton Antivirus 2005 does not support the Repair feature,please uninstall and reinstall.Norton e antivirusul care il am de cand am primit laptop-ul,era pe cd-ul cu drivere.

#11
SLICK25

SLICK25

    Junior Member

  • Grup: Members
  • Posts: 101
  • Înscris: 25.08.2004

View Postkriss_kringle, on Nov 16 2008, 17:39, said:

Am intrat pe http://www.malwareci...m/scan8/ie.html de vreo 30 de minute si tot imi zice Please wait while the scanner is loading...    Could not load the Online Scanner!    


»  Click here for other possible fixes.  

--------------------------------------------------------------------------------
Stie cineva alt antivirus online pe care l-as putea folosi?

Acum am intrat pe linkul http://www.eset.com/....php?i_agree=14 am dat Start si mi-a aparut casuta cu install apoi mi-a aparut asa Norton Antivirus 2005 does not support the Repair feature,please uninstall and reinstall.Norton e antivirusul care il am de cand am primit laptop-ul,era pe cd-ul cu drivere.


Dezinstaleaza Nortonul si fa odata scanarea aia online cu nod32

#12
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Nu mi se incarca in totalitate pagina sa pot face scanarea online si acum mi-a afectat si Windows Media Player.Am incercat sa folosesc mai multe antivirusuri online din lista de pe forum dar nu mi se incarca nici unul in totalitate.

Nici pe messenger nu-mi mai apare ce scriu eu inclusiv ce-mi scriu altii. La media player cand vreau sa-l deschid imi zice An internal error has occured.

#13
cristian0007

cristian0007

    Be a real Viber !

  • Grup: Senior Members
  • Posts: 4,304
  • Înscris: 01.01.2007
Folosesti rescue CD de la Bitdefender.
Descarci acest ISO de la:

http://download.bitd..._07_08_2008.iso

Il pui pe un CD (il faci bootabil)si bootezi de pe el.

Spor.

Edited by cristian0007, 16 November 2008 - 18:15.


#14
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Am postat mai sus ca nu-mi mai citeste dvd-rom-ul cd-urile si dvd-urile de ceva vreme.Deci nu am cum sa fac chestia asta.

#15
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 7:32:50 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\winyrixx.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\winsuygg.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\winrcxdw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co...sreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F51DFD2-F06A-4BDD-8391-582E5E040C3F}: NameServer = 193.231.252.1 213.154.124.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

#16
pykko

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,129
  • Înscris: 10.02.2006
kriss, procedeaza asa:

1. Descarca ATF-Cleaner (atasat), ruleaza atf-cleaner.exe, bifeaza toate casutele si apasa butonul Empty selected.
2. Descarca Repara.zip, extrage Repara.inf pe Desktop, click dreapta pe el si alege Install. Restarteaza apoi PC-ul.
3. Descarca ComboFix de aici: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Apoi asigura-te ca ai inchis toate programele care ruleaza (yahoo messenger, Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa curatirea. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul aici impreuna cu un nou log HiJackThis.

Attached Files



#17
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Am facut tot ce mi-ai spus.Repara dupa ce l-am dezarhivat mi-a aparut un fel de text,i-am dat install apoi restart si nu a mai aparut nimic.Presupun ca asa si trebuie.Acesta este log-ul de la Combo fix :
ComboFix 08-11-16.01 - Andrei 2008-11-17  0:15:56.1 - NTFSx86
Running from: c:\documents and settings\Andrei\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\MSINET.oca

.
(((((((((((((((((((((((((   Files Created from 2008-10-16 to 2008-11-16  )))))))))))))))))))))))))))))))
.

2008-11-16 19:32 . 2008-11-16 19:32 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 20:03 . 2008-11-15 20:03 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-11-15 19:58 . 2008-11-15 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-15 19:53 . 2008-11-15 20:16 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-15 19:53 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-15 19:53 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-15 19:53 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-15 19:53 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-15 19:53 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-15 19:53 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-15 19:53 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-15 19:48 . 2008-11-15 19:48 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-15 19:31 . 2008-02-28 13:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-11-15 19:31 . 2008-02-28 13:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-11-15 19:22 . 2008-11-15 19:22 <DIR> d-------- c:\program files\Common Files\Scanner
2008-11-15 14:45 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-15 14:45 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-15 14:45 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-15 14:45 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-15 14:45 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-15 14:45 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-15 14:45 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-14 21:34 . 2008-11-14 21:46 138,376 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-14 21:33 . 2008-11-14 21:45 182,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-14 21:33 . 2008-11-14 21:33 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-10 18:39 . 2008-11-10 18:39 <DIR> d--hs---- c:\windows\ftpcache
2008-10-30 23:28 . 2008-11-15 19:31 <DIR> d-------- c:\program files\Common Files\Nero
2008-10-24 13:57 . 2008-10-24 13:57 <DIR> d-------- c:\windows\lhsp
2008-10-24 13:56 . 2008-10-24 13:56 <DIR> d-------- c:\windows\speech
2008-10-24 13:56 . 1999-04-12 23:00 1,046,288 --a------ c:\windows\system32\MSJET35.DLL
2008-10-24 13:56 . 1996-10-23 23:00 803,680 --a------ c:\windows\system32\AXDIST.EXE
2008-10-24 13:56 . 1999-04-12 23:00 415,504 --a------ c:\windows\system32\MSREPL35.DLL
2008-10-24 13:56 . 1998-04-23 23:00 252,176 --a------ c:\windows\system32\MSRD2X35.DLL
2008-10-24 13:56 . 1998-04-23 23:00 123,664 --a------ c:\windows\system32\MSJINT35.DLL
2008-10-24 13:56 . 1998-04-23 23:00 24,848 --a------ c:\windows\system32\MSJTER35.DLL
2008-10-24 13:55 . 2008-10-24 13:55 <DIR> d-------- c:\program files\QFIT
2008-10-24 13:54 . 1998-10-01 14:22 373,248 --a------ c:\windows\uninst.exe
2008-10-24 00:37 . 2008-10-24 00:40 37 --a------ c:\windows\entpack.ini
2008-10-24 00:36 . 2008-10-24 00:36 <DIR> d-------- c:\documents and settings\Andrei\WINDOWS
2008-10-24 00:36 . 1991-09-11 23:00 271,264 --a------ c:\windows\VBRUN100.DLL
2008-10-24 00:36 . 1991-09-11 23:00 19,200 --a------ c:\windows\WEPUTIL.DLL
2008-10-24 00:23 . 2008-10-24 00:31 <DIR> d-------- c:\program files\Beat the House!
2008-10-22 16:11 . 2008-10-22 16:11 <DIR> d-------- c:\program files\EA SPORTS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 15:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-16 15:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-16 02:35 --------- d-----w c:\documents and settings\Andrei\Application Data\uTorrent
2008-11-15 17:21 --------- d-----w c:\program files\Yahoo!
2008-11-14 18:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 12:27 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-12 18:48 --------- d-----w c:\program files\RegCure
2008-10-11 19:10 --------- d-----w c:\program files\4U Computing
2008-10-08 20:07 --------- d-----w c:\program files\Winamp
2008-10-01 21:02 --------- d-----w c:\documents and settings\Andrei\Application Data\temp
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 14:14 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-15 14:52 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 18:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4748528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 391296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-15 729178]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 315454]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 128568 c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-05-04 09:59 864256 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 210320 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 391296 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe"=
"c:\\Program Files\\RegCure\\RegCure.exe"=
"c:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\system32\\CF7780.exe"=

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-10-12 20:39]

2008-11-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-10-12 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: {0F51DFD2-F06A-4BDD-8391-582E5E040C3F} = 193.231.252.1 213.154.124.1

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 00:17:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?0?5?8??????? ???B?????????????hLC? ??????
  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)[email protected]??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-17  0:19:28
ComboFix-quarantined-files.txt  2008-11-16 22:19:21

Pre-Run: 2,074,456,064 bytes free
Post-Run: 3,129,520,128 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

188 --- E O F --- 2008-11-16 17:58:38

Acum cand incerc sa intru in HiJackThis imi da eroare cu Don't send.O sa-l dezinstalez si o sa-l descarc iar de pe site sa vad poate merge.

Nu merge sa dezinstalez HiJackThis :deadtongue:

Pana la urma am reusit sa il fac iar sa imi scaneze.Acesta este log-ul :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:45 AM, on 11/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\bbqqhr.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\winishinb.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\qjpnin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co...sreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F51DFD2-F06A-4BDD-8391-582E5E040C3F}: NameServer = 193.231.252.1 213.154.124.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6223 bytes

#18
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Dupa ce am folosit programele respective mi-a mers pana la urma sa dau scan si cu Nod32 online.Mi-a gasit 222 de threats.

Attached Files

  • Attached File  scan.JPG   129.85K   48 downloads


Anunturi

Bun venit pe Forumul Softpedia!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate