Intrebari legate de virusi

Dupa ce mi-am devirusat pc-ul, ca am devenit expert, inca mai apare uneori ca nortonul blocheaza nu stiu ce incercare. Am scanat si verficat si manual cu norton, cu spybot search and destroy, malware AntiMalware, spyware doctor, security task manager, registry cleaner, spyware blaster, UnHackMe, removeit - care sunt cele mai bune si ma intreb ce as mai putea folosi, nu cred ca alte programe pot sa descopere ceva in plus. Plus ca m-am uitat eu prin sistem si file sa vad daca e ceva ciudat

Si am o intrebare caraghioasa, hackerii astia nu sunt pedepsiti? adica vad adresa de unde sunt atacat, chem politia, uite domne logul si dovada ca sunt furat

Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 16:25:42, on 28.02.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\Userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - D:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1258068865531
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.p...kanerOnline.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4532749B-253E-42E5-8212-5B40E261C82F}: NameServer = 82.76.253.115 82.76.253.125
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - D:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec Eraser Service (EraserSvc10923) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8639 bytes

Editat de bubu™, 28 februarie 2010 - 16:30.

bubu™, pe 28th February 2010, 16:27, a scris:

Really ?!  

Sa te supun la teste ?!  

Log-ul e curat.

bubu™, pe 28th February 2010, 16:27, a scris:

Chiar te rog. Sa vedem daca resusesti ceva

mersi, deci sa nu-mi fac probleme cu mesajele ca norton blocheaza niste atacuri de la anumite adrese etc?..

da, chiar sunt expert heh, nu am reinstalat niciodata windowsul pe cele doua sisteme de operare pe care le am, in 3 ani, si am fost virusat cam o data la 9 luni pe fiecare... mare lucru, scanez, caut manual, folosesc google, recunosc denumirile fisiereleor ciudate etc. Program bun nestiut de multi - UnHackMe. Si nu lasati sistem restore activat cand devirusati

si intrebarea cu pedeapsa ramane, chiar nu sunt legi pe net?...

Editat de Adm, 20 februarie 2017 - 10:41.

bubu™, pe 28th February 2010, 16:52, a scris:

1. No problem.
2. Legi exista dar nu are cine sa le aplice. E greu de controlat atatea milioane de utilizatori. La noi, cel putin, si daca faci plangere tot ai sanse slabe sa reusesti ceva. Daca te protejezi cum trebuie nu ar trebui sa-ti faci griji.

mersi, oricum nu cred ca e chiar no problem, pt ca inainte nu apareau, oricum n-am terminat de verficat, tocmai am mai descoperit ceva micut, cu toate ca hjack log era curat... mai vad zilele urmatoare

Editat de bubu™, 28 februarie 2010 - 17:24.

am descoperit, am sau am avut cel mai rau virus posibil. Nortonul arata cam la 30 de min ca blocheaza asta-
Attempted Intrusion "HTTPS Tidserv Request" against your machine was detected and blocked.
Intruder: d45648675.cn(https(443)).

am cautat si pare ceva grav si poate de nescos:
http://answers.yahoo...07152620AA3WTbL

ar fi prima chestie care nu reusesc s-o scot, dar mai incerc. In rest windowsul e ok si poate ca e curat, numai ca nortonul arata blocajul acela. Ce spune ala acolo e sa rulezi scanarile de pe cd etc, eu am rulat-o de pe celalalt sistem de operare, curat, cred ca e acelasi lucru. Intr-adevar virusul dezactivase TOATE programele de protectie (!!) si a trebuit sa le reinstalez, in afara de norton, care si-a revenit numai ca phishing protection da eroare

Editat de bubu™, 28 februarie 2010 - 18:59.

Alea se intampla daca insta in PC. Norton l-a blocat, nu e problema.

Mentine Norton si Windows Update la zi si nu sunt probleme.

mersi. Mai am mult de munca, deocamdata dupa multe citeli pe net am rulat ComboFix care se pare ca a facut minuni, virusul pare bagat in sistem restore etc, e un rootkit

Editat de bubu™, 28 februarie 2010 - 20:22.

Dezactiveaza System Restore, restart, scaneaza cu antivirus si scapi de el.

Daca nu il vede, scaneaza cu Kaspersky Virus Removal Tool 2010 9.0.0.722 sau Dr.Web CureIt!5.00.10.

Editat de crysty2k5, 28 februarie 2010 - 21:05.