Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Incalzire in pardoseala etapizata

Suprataxa card energie?!

Cum era nivelul de trai cam din a...

probleme cu ochelarii
 Impozite pe proprietati de anul v...

teava rezistenta panou apa calda

Acces in Curte din Drum National

Sub mobila de bucatarie si sub fr...
 Rezultat RMN

Numar circuite IPAT si prindere t...

Pareri brgimportchina.ro - teapa ...

Lucruri inaintea vremurilor lor
 Discuții despre TVR Sport HD.

Cost abonament clinica privata

Tremura toata, dar nu de la ro...

Renault Android
 

Problema strong dc - virusi?

- - - - -
  • Please log in to reply
31 replies to this topic

#1
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Acum 2 zile am instalat patch-ul pt Call of duty 2 sa joc online si de atunci a inceput sa nu-mi mai mearga strong dc-ul ''Runtime Error! R6002 -floating point not loaded''.Apoi nu-mi mai mergea comanda Ctrl+Alt+Delete ''Task manager has been disabled by your administrator'' si nici in Start=>Run=>regedit nu mai mergea .Am incercat ce au recomandat unii de pe acest forum si task managerul respectiv regedit si-au revenit dar daca poate cineva sa-mi spuna din ce cauza numai merge Strong Dc-ul si ce ar trebui sa fac sa remediez problema i-as fi recunoscator.Multumesc

#2
SLICK25

SLICK25

    Junior Member

  • Grup: Members
  • Posts: 101
  • Înscris: 25.08.2004

View Postkriss_kringle, on Nov 15 2008, 18:25, said:

Acum 2 zile am instalat patch-ul pt Call of duty 2 sa joc online si de atunci a inceput sa nu-mi mai mearga strong dc-ul ''Runtime Error! R6002 -floating point not loaded''.Apoi nu-mi mai mergea comanda Ctrl+Alt+Delete ''Task manager has been disabled by your administrator'' si nici in Start=>Run=>regedit nu mai mergea .Am incercat ce au recomandat unii de pe acest forum si task managerul respectiv regedit si-au revenit dar daca poate cineva sa-mi spuna din ce cauza numai merge Strong Dc-ul si ce ar trebui sa fac sa remediez problema i-as fi recunoscator.Multumesc


"Reinstaleaza" strong dc-ul de pe site-ul lor sau copiezi doar executabilul (strong dc++.exe) peste cel care il ai ca sa iti pastrezi setarile.
Bafta  B)

#3
ady_chesnoiu

ady_chesnoiu

    Supercharged

  • Grup: Senior Members
  • Posts: 4,605
  • Înscris: 27.05.2007

View Postkriss_kringle, on Nov 15 2008, 17:25, said:

Acum 2 zile am instalat patch-ul pt Call of duty 2 sa joc online si de atunci a inceput sa nu-mi mai mearga strong dc-ul ''Runtime Error! R6002 -floating point not loaded''.Apoi nu-mi mai mergea comanda Ctrl+Alt+Delete ''Task manager has been disabled by your administrator'' si nici in Start=>Run=>regedit nu mai mergea .Am incercat ce au recomandat unii de pe acest forum si task managerul respectiv regedit si-au revenit dar daca poate cineva sa-mi spuna din ce cauza numai merge Strong Dc-ul si ce ar trebui sa fac sa remediez problema i-as fi recunoscator.Multumesc
Ai luat virusi de la acel patch . Nu ne intreba de ce nu e bun patch-ul , nu incurajam warez .\


Later: Repede ai mai imbinat topic-urile :)

Edited by ady_chesnoiu, 15 November 2008 - 21:16.


#4
pykko

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,228
  • Înscris: 10.02.2006
Posteaza aici un log HiJackThis te rog.

#5
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Am ''reinstalat'' Strong-ul de nush cate ori dar dupa ce il inchid si dupa cateva minute incerc sa-l redeschid iar imi da eroarea,mai nou daca incerc sa dau play la o melodie sau un film prin Media Player Classic imi da aceeasi eroare R6002-floating point support not loaded.

#6
SLICK25

SLICK25

    Junior Member

  • Grup: Members
  • Posts: 101
  • Înscris: 25.08.2004

View Postkriss_kringle, on Nov 16 2008, 01:48, said:

Am ''reinstalat'' Strong-ul de nush cate ori dar dupa ce il inchid si dupa cateva minute incerc sa-l redeschid iar imi da eroarea,mai nou daca incerc sa dau play la o melodie sau un film prin Media Player Classic imi da aceeasi eroare R6002-floating point support not loaded.


Ai un virus - win32/Sality.NAU - care iti strica executabilele (.exe) nu te lasa sa faci update sau sa scanezi cu antivirusul instalat. Nici in Safe Mode nu vei putea intra.

1 Scanezi online cu nod32
2 Instalezi nod32 cu update la zi si mai scanezi odata, dar cu cablul de net scos
3 Reinstalezi Strong Dc, Nero, Winamp....

Vezi si discutia asta  http://forum.softped...howtopic=456389

Edited by SLICK25, 16 November 2008 - 11:10.


#7
pykko

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,228
  • Înscris: 10.02.2006

View Postkriss_kringle, on Nov 16 2008, 00:48, said:

Am ''reinstalat'' Strong-ul de nush cate ori dar dupa ce il inchid si dupa cateva minute incerc sa-l redeschid iar imi da eroarea,mai nou daca incerc sa dau play la o melodie sau un film prin Media Player Classic imi da aceeasi eroare R6002-floating point support not loaded.
O metoda mai simpla ar fi sa scanezi cu Avira RescueCD pe care-l descarci de aici: http://dlpro.antivir...cd/rescuecd.iso
Pui imaginea pe un disc, bootezi de pe el, apoi alegi limba engleza (apesi sageata, bifezi folosind tasta Space si confirmi cu Enter), apoi alegi sa faci o scanare completa a Pc-ului redenumind fisierele infectate.

Daca ecranul devine negru in timpul scanarii poti apasa tasta Esc pentru a reveni la scanare.

#8
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Iese din discutie sa pun pe un disc antivirusul pt ca dvd-rom-ul nu-mi mai citeste dvd-uri si cd-uri.Mai nou si cand vreau sa deschid un film sau o melodie prin Media Player Classic imi da aceeasi eroare ca si cu Strong-ul. :wacko:

Edited by kriss_kringle, 16 November 2008 - 15:41.


#9
pykko

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,228
  • Înscris: 10.02.2006
Atunci incearca o scanare online nod32 sau bitdefender.

#10
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Am intrat pe http://www.malwareci...m/scan8/ie.html de vreo 30 de minute si tot imi zice Please wait while the scanner is loading...    Could not load the Online Scanner!    


»  Click here for other possible fixes.  

--------------------------------------------------------------------------------
Stie cineva alt antivirus online pe care l-as putea folosi?

Acum am intrat pe linkul http://www.eset.com/....php?i_agree=14 am dat Start si mi-a aparut casuta cu install apoi mi-a aparut asa Norton Antivirus 2005 does not support the Repair feature,please uninstall and reinstall.Norton e antivirusul care il am de cand am primit laptop-ul,era pe cd-ul cu drivere.

#11
SLICK25

SLICK25

    Junior Member

  • Grup: Members
  • Posts: 101
  • Înscris: 25.08.2004

View Postkriss_kringle, on Nov 16 2008, 17:39, said:

Am intrat pe http://www.malwareci...m/scan8/ie.html de vreo 30 de minute si tot imi zice Please wait while the scanner is loading...    Could not load the Online Scanner!    


»  Click here for other possible fixes.  

--------------------------------------------------------------------------------
Stie cineva alt antivirus online pe care l-as putea folosi?

Acum am intrat pe linkul http://www.eset.com/....php?i_agree=14 am dat Start si mi-a aparut casuta cu install apoi mi-a aparut asa Norton Antivirus 2005 does not support the Repair feature,please uninstall and reinstall.Norton e antivirusul care il am de cand am primit laptop-ul,era pe cd-ul cu drivere.


Dezinstaleaza Nortonul si fa odata scanarea aia online cu nod32

#12
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Nu mi se incarca in totalitate pagina sa pot face scanarea online si acum mi-a afectat si Windows Media Player.Am incercat sa folosesc mai multe antivirusuri online din lista de pe forum dar nu mi se incarca nici unul in totalitate.

Nici pe messenger nu-mi mai apare ce scriu eu inclusiv ce-mi scriu altii. La media player cand vreau sa-l deschid imi zice An internal error has occured.

#13
cristian0007

cristian0007

    Be a real Viber !

  • Grup: Senior Members
  • Posts: 4,304
  • Înscris: 01.01.2007
Folosesti rescue CD de la Bitdefender.
Descarci acest ISO de la:

http://download.bitd..._07_08_2008.iso

Il pui pe un CD (il faci bootabil)si bootezi de pe el.

Spor.

Edited by cristian0007, 16 November 2008 - 18:15.


#14
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Am postat mai sus ca nu-mi mai citeste dvd-rom-ul cd-urile si dvd-urile de ceva vreme.Deci nu am cum sa fac chestia asta.

#15
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 7:32:50 PM, on 11/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\winyrixx.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\winsuygg.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\winrcxdw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co...sreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F51DFD2-F06A-4BDD-8391-582E5E040C3F}: NameServer = 193.231.252.1 213.154.124.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

#16
pykko

pykko

    I love, therefore I am

  • Grup: Senior Members
  • Posts: 7,228
  • Înscris: 10.02.2006
kriss, procedeaza asa:

1. Descarca ATF-Cleaner (atasat), ruleaza atf-cleaner.exe, bifeaza toate casutele si apasa butonul Empty selected.
2. Descarca Repara.zip, extrage Repara.inf pe Desktop, click dreapta pe el si alege Install. Restarteaza apoi PC-ul.
3. Descarca ComboFix de aici: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Apoi asigura-te ca ai inchis toate programele care ruleaza (yahoo messenger, Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa curatirea. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul aici impreuna cu un nou log HiJackThis.

Attached Files



#17
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Am facut tot ce mi-ai spus.Repara dupa ce l-am dezarhivat mi-a aparut un fel de text,i-am dat install apoi restart si nu a mai aparut nimic.Presupun ca asa si trebuie.Acesta este log-ul de la Combo fix :
ComboFix 08-11-16.01 - Andrei 2008-11-17  0:15:56.1 - NTFSx86
Running from: c:\documents and settings\Andrei\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\MSINET.oca

.
(((((((((((((((((((((((((   Files Created from 2008-10-16 to 2008-11-16  )))))))))))))))))))))))))))))))
.

2008-11-16 19:32 . 2008-11-16 19:32 <DIR> d-------- c:\program files\Trend Micro
2008-11-15 20:03 . 2008-11-15 20:03 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-11-15 19:58 . 2008-11-15 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-15 19:53 . 2008-11-15 20:16 <DIR> d-------- c:\windows\SxsCaPendDel
2008-11-15 19:53 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-15 19:53 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-15 19:53 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-15 19:53 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-15 19:53 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-15 19:53 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-15 19:53 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-15 19:48 . 2008-11-15 19:48 <DIR> d-------- c:\program files\MSXML 6.0
2008-11-15 19:31 . 2008-02-28 13:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-11-15 19:31 . 2008-02-28 13:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-11-15 19:22 . 2008-11-15 19:22 <DIR> d-------- c:\program files\Common Files\Scanner
2008-11-15 14:45 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-11-15 14:45 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-11-15 14:45 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-11-15 14:45 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-11-15 14:45 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-11-15 14:45 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-11-15 14:45 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-11-14 21:34 . 2008-11-14 21:46 138,376 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-14 21:33 . 2008-11-14 21:45 182,928 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-14 21:33 . 2008-11-14 21:33 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-10 18:39 . 2008-11-10 18:39 <DIR> d--hs---- c:\windows\ftpcache
2008-10-30 23:28 . 2008-11-15 19:31 <DIR> d-------- c:\program files\Common Files\Nero
2008-10-24 13:57 . 2008-10-24 13:57 <DIR> d-------- c:\windows\lhsp
2008-10-24 13:56 . 2008-10-24 13:56 <DIR> d-------- c:\windows\speech
2008-10-24 13:56 . 1999-04-12 23:00 1,046,288 --a------ c:\windows\system32\MSJET35.DLL
2008-10-24 13:56 . 1996-10-23 23:00 803,680 --a------ c:\windows\system32\AXDIST.EXE
2008-10-24 13:56 . 1999-04-12 23:00 415,504 --a------ c:\windows\system32\MSREPL35.DLL
2008-10-24 13:56 . 1998-04-23 23:00 252,176 --a------ c:\windows\system32\MSRD2X35.DLL
2008-10-24 13:56 . 1998-04-23 23:00 123,664 --a------ c:\windows\system32\MSJINT35.DLL
2008-10-24 13:56 . 1998-04-23 23:00 24,848 --a------ c:\windows\system32\MSJTER35.DLL
2008-10-24 13:55 . 2008-10-24 13:55 <DIR> d-------- c:\program files\QFIT
2008-10-24 13:54 . 1998-10-01 14:22 373,248 --a------ c:\windows\uninst.exe
2008-10-24 00:37 . 2008-10-24 00:40 37 --a------ c:\windows\entpack.ini
2008-10-24 00:36 . 2008-10-24 00:36 <DIR> d-------- c:\documents and settings\Andrei\WINDOWS
2008-10-24 00:36 . 1991-09-11 23:00 271,264 --a------ c:\windows\VBRUN100.DLL
2008-10-24 00:36 . 1991-09-11 23:00 19,200 --a------ c:\windows\WEPUTIL.DLL
2008-10-24 00:23 . 2008-10-24 00:31 <DIR> d-------- c:\program files\Beat the House!
2008-10-22 16:11 . 2008-10-22 16:11 <DIR> d-------- c:\program files\EA SPORTS

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 15:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-16 15:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-16 02:35 --------- d-----w c:\documents and settings\Andrei\Application Data\uTorrent
2008-11-15 17:21 --------- d-----w c:\program files\Yahoo!
2008-11-14 18:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 12:27 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-12 18:48 --------- d-----w c:\program files\RegCure
2008-10-11 19:10 --------- d-----w c:\program files\4U Computing
2008-10-08 20:07 --------- d-----w c:\program files\Winamp
2008-10-01 21:02 --------- d-----w c:\documents and settings\Andrei\Application Data\temp
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 14:14 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-15 14:52 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 18:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4748528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 391296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-15 729178]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 315454]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 128568 c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-05-04 09:59 864256 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 210320 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 15:45 391296 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe"=
"c:\\Program Files\\RegCure\\RegCure.exe"=
"c:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\WINDOWS\\system32\\CF7780.exe"=

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-11-16 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-10-12 20:39]

2008-11-13 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-10-12 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: {0F51DFD2-F06A-4BDD-8391-582E5E040C3F} = 193.231.252.1 213.154.124.1

c:\windows\Downloaded Program Files\sysreqlab3.dll - c:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 00:17:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????6?0?5?8??????? ???B?????????????hLC? ??????
  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-17  0:19:28
ComboFix-quarantined-files.txt  2008-11-16 22:19:21

Pre-Run: 2,074,456,064 bytes free
Post-Run: 3,129,520,128 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

188 --- E O F --- 2008-11-16 17:58:38

Acum cand incerc sa intru in HiJackThis imi da eroare cu Don't send.O sa-l dezinstalez si o sa-l descarc iar de pe site sa vad poate merge.

Nu merge sa dezinstalez HiJackThis :deadtongue:

Pana la urma am reusit sa il fac iar sa imi scaneze.Acesta este log-ul :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:45 AM, on 11/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\bbqqhr.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\winishinb.exe
C:\DOCUME~1\Andrei\LOCALS~1\Temp\qjpnin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co...sreqlab_srl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F51DFD2-F06A-4BDD-8391-582E5E040C3F}: NameServer = 193.231.252.1 213.154.124.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows CardSpace (idsvc) - Macrovision Corporation - (no file)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 6223 bytes

#18
kriss_kringle

kriss_kringle

    Junior Member

  • Grup: Members
  • Posts: 40
  • Înscris: 15.11.2008
Dupa ce am folosit programele respective mi-a mers pana la urma sa dau scan si cu Nod32 online.Mi-a gasit 222 de threats.

Attached Files

  • Attached File  scan.JPG   129.85K   48 downloads


Anunturi

Chirurgia cranio-cerebrală minim invazivă Chirurgia cranio-cerebrală minim invazivă

Tehnicile minim invazive impun utilizarea unei tehnologii ultramoderne.

Endoscoapele operatorii de diverse tipuri, microscopul operator dedicat, neuronavigația, neuroelectrofiziologia, tehnicile avansate de anestezie, chirurgia cu pacientul treaz reprezintă armamentarium fără de care neurochirurgia prin "gaura cheii" nu ar fi posibilă. Folosind tehnicile de mai sus, tratăm un spectru larg de patologii cranio-cerebrale.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate