![]() |
Second Opinion
Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale. Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit. www.neurohope.ro |
Curatare sistem
Last Updated: Mar 10 2009 22:44, Started by
alina_ally23
, Feb 01 2009 22:04
·
0
![](https://forum.softpedia.com//public/style_images/classic/icon_users.png)
#37
Posted 07 March 2009 - 22:10
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI impreuna cu un nou log HiJackThis. |
#38
Posted 07 March 2009 - 22:33
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
ComboFix 09-03-06.02 - contabilitate2 2009-03-07 22:18:08.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.170 [GMT 2:00] Running from: c:\documents and settings\contabilitate2\Desktop\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\contabilitate2\v.exe c:\windows\system32\zip32.dll . ((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 ))))))))))))))))))))))))))))))) . 2009-03-07 21:20 . 2009-03-07 21:21 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser 2009-03-07 21:18 . 2009-03-07 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn 2009-03-07 21:18 . 2008-10-16 20:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll 2009-03-07 21:18 . 2008-07-24 18:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys 2009-03-07 21:18 . 2008-10-16 20:35 28,984 --a------ c:\windows\system32\LMIport.dll 2009-03-07 21:17 . 2008-10-16 20:35 87,352 --a------ c:\windows\system32\LMIinit.dll 2009-03-07 21:17 . 2009-03-07 21:17 1,024 --a------ C:\.rnd 2009-03-07 21:16 . 2009-03-07 21:18 <DIR> d-------- c:\program files\LogMeIn 2009-03-07 21:05 . 2009-03-07 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-07 21:05 . 2009-03-07 21:05 <DIR> d-------- c:\documents and settings\contabilitate2\Application Data\Malwarebytes 2009-03-07 21:05 . 2009-03-07 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 21:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-07 21:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-06 10:44 . 2009-03-07 16:01 <DIR> d-------- c:\program files\ChickenInvadersROTYXmas 2009-03-06 10:27 . 2009-03-06 10:27 <DIR> d-------- c:\program files\Chicken Invaders 1,2,3,4 Collection 2009-03-06 10:27 . 2008-07-20 14:14 245,760 --a------ c:\windows\system32\SUSB.exe 2009-02-17 08:47 . 2009-02-17 09:00 <DIR> d-------- c:\program files\D392 (an 2008) 2009-02-13 18:18 . 2009-03-05 13:22 <DIR> d-------- c:\program files\OPFV 2009 2009-02-13 12:50 . 2009-02-13 12:13 245,557 --a------ C:\fisa_sintetica_finala_17618147_13.02.2009.pdf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-07 19:34 --------- d-----w c:\program files\Yahoo! 2009-03-05 03:59 --------- d-----w c:\program files\Declaratii_BASS 2009-03-02 20:24 --------- d-----w c:\program files\Bilant 1208 2009-03-02 18:44 --------- d-----w c:\program files\Bilant 1206 2009-03-02 08:39 --------- d-----w c:\program files\Declaratii fiscale 2009 2009-02-25 07:12 --------- d-----w c:\program files\OPFV 2007 2009-02-23 17:16 --------- d-----w c:\program files\Bilant 1207 2009-02-17 14:23 --------- d-----w c:\program files\Bilant 2005 2009-02-17 06:35 --------- d-----w c:\program files\Declaratii fiscale 2008 2009-02-13 07:10 --------- d-----w c:\program files\Bilant 0608 2009-02-03 17:26 --------- d-----w c:\program files\Avira 2009-02-03 17:26 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-02-01 19:55 --------- d-----w c:\program files\Trend Micro 2009-01-25 17:12 --------- d-----w c:\documents and settings\contabilitate2\Application Data\Wildfire 2009-01-23 17:54 --------- d-----w c:\program files\Fise fiscale 2008 2009-01-21 05:43 --------- d-----w c:\program files\D394 2006-02-20 05:18 4,754 -c--a-w c:\program files\setup.stf 2006-02-13 10:55 713 -c--a-w c:\program files\FOXUSER.DBF 2006-02-13 10:55 25,731 -c--a-w c:\program files\STARTDECLSOM.EXE 2006-02-13 10:55 1,792 -c--a-w c:\program files\FOXUSER.FPT . ------- Sigcheck ------- 2003-03-31 14:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys 2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2009-02-03_19.08.03.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-02 16:07:40 1,914,440 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2008-05-09 10:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-01-21 15:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-10-30 08:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2008-07-24 16:45:20 10,144 ----a-w c:\windows\system32\drivers\lmimirr.sys + 2007-03-01 07:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys + 2008-10-16 18:35:40 23,736 ----a-w c:\windows\system32\lmimirr.dll + 2008-10-16 18:35:42 10,040 ----a-w c:\windows\system32\lmimirr2.dll + 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe + 2009-02-26 15:34:20 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2008-10-16 18:35:44 34,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll + 2008-10-16 18:35:46 43,320 ----a-w c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll + 2008-10-16 18:35:46 43,320 ----a-w c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll + 2008-10-16 18:35:44 34,104 ----a-w c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll + 2008-10-16 18:35:46 43,320 ----a-w c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll + 2008-10-16 18:35:46 43,320 ----a-w c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll + 2008-10-16 18:35:50 47,416 ----a-w c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-12-14 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-12-14 118784] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "diagnostics"="C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2008-10-31 557149] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] c:\documents and settings\contabilitate2\Start Menu\Programs\Startup\ Wireless.lnk - c:\windows\system32\SUSB.exe [2009-03-06 245760] Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2006-05-23 1806336] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] Wireless.lnk - c:\windows\system32\SUSB.exe [2009-03-06 245760] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "wmsncs.exe"= wmsncs.exe:SYSTEM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1013:TCP"= 1013:TCP:BS "8081:TCP"= 8081:TCP:PORT2 "8080:TCP"= 8080:TCP:PORT1 "1240:TCP"= 1240:TCP:FD "1494:TCP"= 1494:TCP:FD R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-02-03 45376] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-07 47640] S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-10-31 30464] S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-10-31 12672] S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2008-10-31 40320] S4 LMIRfsClientNP;LMIRfsClientNP; [x] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}] c:\windows\Fonts\wmsncs.exe . Contents of the 'Scheduled Tasks' folder 2009-02-01 c:\windows\Tasks\ErrorSmart Scheduled Scan.job - c:\program files\ErrorSmart\ErrorSmart.exe [] 2009-02-01 c:\windows\Tasks\ErrorSmart Scheduled Scan.job - c:\program files\ErrorSmart [] 2009-03-07 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-04-21 23:21] 2008-11-03 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-04-21 23:21] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\contabilitate2\Application Data\Mozilla\Firefox\Profiles\qmorj9o7.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-07 22:19:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service] "ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(524) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2009-03-07 22:21:38 ComboFix-quarantined-files.txt 2009-03-07 20:21:36 ComboFix2.txt 2009-02-03 17:08:40 Pre-Run: 2.046.304.256 bytes free Post-Run: 2,176,135,168 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 183 si HijackThis Logfile of Trend Micro HiJackThis v2.0.2 Scan saved at 22:31:29, on 07/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Wireless.lnk = C:\WINDOWS\system32\SUSB.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless.lnk = C:\WINDOWS\system32\SUSB.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -- End of file - 4647 bytes |
#39
Posted 07 March 2009 - 22:38
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Folosesti asa ceva? C:\Program Files\LogMeIn\x86\RaMaint.exe
Da-i fix la O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) in restul logul este curat. Mai ai pobleme? Edited by xxvirusxx, 07 March 2009 - 22:44. |
#40
Posted 07 March 2009 - 22:54
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Folosesti asa ceva? C:\Program Files\LogMeIn\x86\RaMaint.exe
Da-i fix la O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) in restul logul este curat. Mai ai pobleme? Da, din pacate n-am scapat de problema. Tot apar paginile alea ![]() |
#42
Posted 07 March 2009 - 22:58
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
#43
Posted 07 March 2009 - 23:34
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Vezi daca se rezolva cu un update la Internet Explorer.
|
#44
Posted 07 March 2009 - 23:38
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Vezi daca se rezolva cu un update la Internet Explorer. ![]() |
#45
Posted 07 March 2009 - 23:44
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Intra in Start-RUN iar aici scrii msconfig si apesi Enter.
Apoi faci o poza cu procesele care ruleaza in Startup ( aici tragi de acea linie de la command spre dreapta sa se vada locatia fisierelor) Se deschide pur si simplu daca nu intri pe internet? |
#46
Posted 08 March 2009 - 07:33
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Intra in Start-RUN iar aici scrii msconfig si apesi Enter. Apoi faci o poza cu procesele care ruleaza in Startup ( aici tragi de acea linie de la command spre dreapta sa se vada locatia fisierelor) Se deschide pur si simplu daca nu intri pe internet? Da, paginile alea se deschid singure. Chiar daca nu se face nimic pe calculatorul ala...alea tot se deschid. Eu nu inteleg ce este acel wireless ![]() Attached Files |
|
#47
Posted 08 March 2009 - 11:01
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
OK daca nu are wireless debifeaza din Startup urmatoarele:
- cele 2 Wireless - Winampa - ca nu este necesar in startup - NeroCheck - care nici acesta nu este - Microsoft Office - la fel Apoi ii dai un restart la calc. Dupa ce i-ai dat restart te duci in C:\WINDOWS\system32 arhivezi SUSB.exe si mi-l trimiti mie prin PM sa vad ce anume este acest fisier. Edited by xxvirusxx, 08 March 2009 - 11:09. |
#48
Posted 08 March 2009 - 12:34
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Si eu am zis ca e laptop si ca ai wireless activ
![]() Pune urmatoarele fisiere intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza. Quote C:\WINDOWS\system32\SUSB.exe NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM ! Dupa ce ai facut asta si numai dupa ce faci asta... Daca imi dadeam seama, iti faceam script de prima data ![]() Descarca: ComboFix si salveaza-l pe Desktop. Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat: Quote File:: C:\WINDOWS\system32\SUSB.exe Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos. [ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ] Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI impreuna cu un nou log HiJackThis. Later edit: fisierul a fost trimis la analiza. Multumesc ![]() Edited by crysty2k5, 08 March 2009 - 19:25. |
#49
Posted 08 March 2009 - 19:27
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
ComboFix 09-03-06.02 - contabilitate2 2009-03-08 19:22:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.244 [GMT 2:00] Running from: c:\documents and settings\contabilitate2\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\contabilitate2\Desktop\CFScript.txt AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\windows\system32\SUSB.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\SUSB.exe . ((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 ))))))))))))))))))))))))))))))) . 2009-03-07 21:20 . 2009-03-07 21:21 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser 2009-03-07 21:18 . 2009-03-07 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogMeIn 2009-03-07 21:18 . 2008-10-16 20:35 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll 2009-03-07 21:18 . 2008-07-24 18:46 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys 2009-03-07 21:18 . 2008-10-16 20:35 28,984 --a------ c:\windows\system32\LMIport.dll 2009-03-07 21:17 . 2008-10-16 20:35 87,352 --a------ c:\windows\system32\LMIinit.dll 2009-03-07 21:17 . 2009-03-07 21:17 1,024 --a------ C:\.rnd 2009-03-07 21:16 . 2009-03-08 06:44 <DIR> d-------- c:\program files\LogMeIn 2009-03-07 21:05 . 2009-03-07 21:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-07 21:05 . 2009-03-07 21:05 <DIR> d-------- c:\documents and settings\contabilitate2\Application Data\Malwarebytes 2009-03-07 21:05 . 2009-03-07 21:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-07 21:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-07 21:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-06 10:44 . 2009-03-08 09:31 <DIR> d-------- c:\program files\ChickenInvadersROTYXmas 2009-03-06 10:27 . 2009-03-06 10:27 <DIR> d-------- c:\program files\Chicken Invaders 1,2,3,4 Collection 2009-02-17 08:47 . 2009-02-17 09:00 <DIR> d-------- c:\program files\D392 (an 2008) 2009-02-13 18:18 . 2009-03-05 13:22 <DIR> d-------- c:\program files\OPFV 2009 2009-02-13 12:50 . 2009-02-13 12:13 245,557 --a------ C:\fisa_sintetica_finala_17618147_13.02.2009.pdf . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-07 19:34 --------- d-----w c:\program files\Yahoo! 2009-03-05 03:59 --------- d-----w c:\program files\Declaratii_BASS 2009-03-02 20:24 --------- d-----w c:\program files\Bilant 1208 2009-03-02 18:44 --------- d-----w c:\program files\Bilant 1206 2009-03-02 08:39 --------- d-----w c:\program files\Declaratii fiscale 2009 2009-02-25 07:12 --------- d-----w c:\program files\OPFV 2007 2009-02-23 17:16 --------- d-----w c:\program files\Bilant 1207 2009-02-17 14:23 --------- d-----w c:\program files\Bilant 2005 2009-02-17 06:35 --------- d-----w c:\program files\Declaratii fiscale 2008 2009-02-13 07:10 --------- d-----w c:\program files\Bilant 0608 2009-02-03 17:26 --------- d-----w c:\program files\Avira 2009-02-03 17:26 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2009-02-01 19:55 --------- d-----w c:\program files\Trend Micro 2009-01-25 17:12 --------- d-----w c:\documents and settings\contabilitate2\Application Data\Wildfire 2009-01-23 17:54 --------- d-----w c:\program files\Fise fiscale 2008 2009-01-21 05:43 --------- d-----w c:\program files\D394 2006-02-20 05:18 4,754 -c--a-w c:\program files\setup.stf 2006-02-13 10:55 713 -c--a-w c:\program files\FOXUSER.DBF 2006-02-13 10:55 25,731 -c--a-w c:\program files\STARTDECLSOM.EXE 2006-02-13 10:55 1,792 -c--a-w c:\program files\FOXUSER.FPT . ------- Sigcheck ------- 2003-03-31 14:00 332928 244a2f9816bc9b593957281ef577d976 c:\windows\$NtServicePackUninstall$\tcpip.sys 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\ServicePackFiles\i386\tcpip.sys 2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2009-02-03_19.08.03.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-02 16:07:40 1,914,440 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE + 2008-05-09 10:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys + 2008-01-21 15:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys + 2008-10-30 08:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2008-07-24 16:45:20 10,144 ----a-w c:\windows\system32\drivers\lmimirr.sys + 2007-03-01 07:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys + 2008-10-16 18:35:40 23,736 ----a-w c:\windows\system32\lmimirr.dll + 2008-10-16 18:35:42 10,040 ----a-w c:\windows\system32\lmimirr2.dll + 2009-02-03 02:07:18 240,544 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10b.exe + 2009-02-26 15:34:20 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2008-10-16 18:35:44 34,104 ----a-w c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll + 2008-10-16 18:35:46 43,320 ----a-w c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll + 2008-10-16 18:35:46 43,320 ----a-w c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll + 2008-10-16 18:35:44 34,104 ----a-w c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll + 2008-10-16 18:35:46 43,320 ----a-w c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll + 2008-10-16 18:35:46 43,320 ----a-w c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll + 2008-10-16 18:35:50 47,416 ----a-w c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-12-14 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-12-14 118784] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "diagnostics"="C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" [2008-10-31 557149] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "wmsncs.exe"= wmsncs.exe:SYSTEM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1013:TCP"= 1013:TCP:BS "8081:TCP"= 8081:TCP:PORT2 "8080:TCP"= 8080:TCP:PORT1 "1240:TCP"= 1240:TCP:FD "1494:TCP"= 1494:TCP:FD R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2009-02-03 45376] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-07 47640] S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2008-10-31 30464] S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2008-10-31 12672] S3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\drivers\steth.sys [2008-10-31 40320] S4 LMIRfsClientNP;LMIRfsClientNP; [x] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}] c:\windows\Fonts\wmsncs.exe . Contents of the 'Scheduled Tasks' folder 2009-02-01 c:\windows\Tasks\ErrorSmart Scheduled Scan.job - c:\program files\ErrorSmart\ErrorSmart.exe [] 2009-02-01 c:\windows\Tasks\ErrorSmart Scheduled Scan.job - c:\program files\ErrorSmart [] 2009-03-08 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-04-21 23:21] 2008-11-03 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-04-21 23:21] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\contabilitate2\Application Data\Mozilla\Firefox\Profiles\qmorj9o7.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 19:25:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\st330service] "ImagePath"="C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(520) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2009-03-08 19:27:09 ComboFix-quarantined-files.txt 2009-03-08 17:27:07 ComboFix2.txt 2009-03-07 20:21:39 ComboFix3.txt 2009-02-03 17:08:40 Pre-Run: 2.065.260.544 bytes free Post-Run: 2,167,078,912 bytes free 174 |
#50
Posted 08 March 2009 - 19:30
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
100% acel fisier este problema cu deschis paginile. L-am testat personal si deschide mereu pagini web.
Desi pe Virustotal nu l-a detectat ca fiind un virus. |
#51
Posted 08 March 2009 - 19:31
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
100% acel fisier este problema cu deschis paginile. L-am testat personal si deschide mereu pagini web. Desi pe Virustotal nu l-a detectat ca fiind un virus. Se va adauga definitie. L-am trimis la BitDefender si Avira ![]() |
|
#52
Posted 08 March 2009 - 19:35
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Oricum Alina daca ai debitat din Startup cele 2 cu Wirless care au locatia C:\Windows\system32\susb.exe, apoi l-ai sters nu o sa mai ai probleme cu deschisul paginilor.
Edited by xxvirusxx, 08 March 2009 - 19:36. |
#53
Posted 08 March 2009 - 19:36
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Multumesc mult de tot crysty2k5, multumesc xxvirusxx...pentru ajutor
![]() Am dat restart si vad ca e "liniste"...nu s-a mai deschis nicio pagina ![]() Multumesc inca o data ![]() |
#54
Posted 08 March 2009 - 19:38
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Ok. Daca mai e ceva, stii unde ne gasesti
![]() Daca nu uit o sa anunt cand primesc rezultatul analizei pe email aici ![]() |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users