Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Recomandare apartament 3 camere i...

La multi ani @buntzi!

Cupoane de reducere

Conectare la un router la 50m dis...
 Reconditionare-Recapping amplific...

Presiune si temperatura mare la l...

Functie cu char* return

Windows 11 pe DELL Optiplex 9020 ...
 Lista materiale termoizolare vata...

Lg 32LA6130

Agențiile de turism/voiaj de pe v...

Se poate intampla ceva daca schim...
 Sate cu apa curenta, canalizare s...

Antena satelit DIGi prin fibra op...

Recomandare imprimanta

Masina spalat indesit wisl 85 nu ...
 

HijackThis - alexxx21a

- - - - -
  • Please log in to reply
50 replies to this topic

#1
alexxx21a

alexxx21a

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 07.04.2010
Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 4:19:59 PM, on 8/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ol.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\v2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\ale---xxx\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Mkey.exe] C:\Program Files\MKey\Mkey.exe
O4 - HKLM\..\Run: [cimiptyns] C:\WINDOWS\System32\cimiptyns.exe
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [cimiptyns] C:\Documents and Settings\ale---xxx\cimiptyns.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\ale---xxx\wuaucldt.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ol] C:\WINDOWS\ol.exe
O4 - HKCU\..\Run: [Apudakaxodemad] rundll32.exe "C:\WINDOWS\copdsr1.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1277885129671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1277885122609
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7924 bytes

Attached Files

  • Attached File  eu.JPG   55.44K   49 downloads

Edited by alexxx21a, 16 August 2010 - 15:29.


#2
Official

Official

    Forzza ASA!

  • Grup: Senior Members
  • Posts: 3,327
  • Înscris: 27.03.2009
Bifeaza si apasa Fix Checked pentru liniile:

View Postalexxx21a, on 16th August 2010, 16:23, said:

O4 - HKLM\..\Run: [cimiptyns] C:\WINDOWS\System32\cimiptyns.exe
O4 - HKLM\..\Run: [wuaucldt] c:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [cimiptyns] C:\Documents and Settings\ale---xxx\cimiptyns.exe
O4 - HKCU\..\Run: [wuaucldt] c:\documents and settings\ale---xxx\wuaucldt.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\ALE---~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ol] C:\WINDOWS\ol.exe
O4 - HKCU\..\Run: [Apudakaxodemad] rundll32.exe "C:\WINDOWS\copdsr1.dll",Startup

Sa nu uiti niciuna!


Apoi descarca: ComboFix si salveaza-l pe Desktop.

Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat:

Quote

File::
c:\documents and settings\ale---xxx\wuaucldt.exe
C:\windows\system32\wuaucldt.exe
C:\WINDOWS\ol.exe
C:\DOCUME~1\ale---xxx\LOCAL Settings\Temp\lsass.exe
C:\DOCUME~1\ale---xxx\LOCAL Settings\Temp\v2.exe
C:\Documents and Settings\ale---xxx\cimiptyns.exe
C:\WINDOWS\System32\cimiptyns.exe
C:\WINDOWS\copdsr1.dll
C:\WINDOWS\system32\regedit.exe

Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos.

[ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ]
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI.

Edited by Official, 16 August 2010 - 15:45.


#3
alexxx21a

alexxx21a

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 07.04.2010
Gata am facut ce mi-ai spus , a inceput programul sa ruleze dupa care a dat o fereastra micuta pe care scria ERROR am dat ok la ea si s`a restartat calculatorul , dupa care a repornit si a facut toata treaba .

Uite aici si rezultatul :

Quote

ComboFix 10-08-15.04 - ale---xxx 08/16/2010  17:16:26.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.732 [GMT 3:00]
Running from: c:\documents and settings\ale---xxx\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ale---xxx\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


FILE ::
"c:\docume~1\ale---xxx\LOCAL Settings\Temp\lsass.exe"
"c:\docume~1\ale---xxx\LOCAL Settings\Temp\v2.exe"
"c:\documents and settings\ale---xxx\cimiptyns.exe"
"c:\documents and settings\ale---xxx\wuaucldt.exe"
"c:\windows\copdsr1.dll"
"c:\windows\ol.exe"
"c:\windows\System32\cimiptyns.exe"
"c:\windows\system32\regedit.exe"
"c:\windows\system32\wuaucldt.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALE---~1\LOCALS~1\Temp\lsass.exe
c:\docume~1\ale---xxx\LOCAL Settings\Temp\lsass.exe
c:\docume~1\ale---xxx\LOCAL Settings\Temp\v2.exe
c:\documents and settings\ale---xxx\Application Data\chrtmp
c:\documents and settings\ale---xxx\Application Data\gnja.exe
c:\documents and settings\ale---xxx\Application Data\inst.exe
c:\documents and settings\ale---xxx\cimiptyns.exe
c:\documents and settings\ale---xxx\msgvn.exe
c:\documents and settings\ale---xxx\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\ale---xxx\wuaucldt.exe
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-3071634982-0830670934-050293930-9477\nissan.exe
c:\windows\copdsr1.dll
c:\windows\ol.exe
c:\windows\System32\cimiptyns.exe
c:\windows\system32\wuaucldt.exe

----- BITS: Possible infected sites -----

hxxp://downlj+|[email protected]:NGD_DQ{[email protected](M(O.O?{=
Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048408.sys
.
(((((((((((((((((((((((((   Files Created from 2010-07-16 to 2010-08-16  )))))))))))))))))))))))))))))))
.

2010-08-16 12:43 . 2010-08-16 12:43 -------- d-----w- c:\program files\ESET
2010-08-16 12:11 . 2010-08-16 12:11 76288 ----a-w- c:\windows\bhat.exe
2010-08-16 12:10 . 2010-08-16 12:10 40960 ----a-w- c:\windows\as36.exe
2010-08-16 11:39 . 2010-08-16 11:39 90112 ----a-w- c:\windows\system32\YmsgCrypt.dll
2010-08-16 11:39 . 2010-08-16 11:39 139264 ----a-w- c:\windows\system32\DartCertificate.dll
2010-08-16 11:39 . 2010-08-16 11:39 147456 ----a-w- c:\windows\system32\DartSecure2.dll
2010-08-16 11:39 . 2010-08-16 11:39 212992 ----a-w- c:\windows\system32\DartSock.dll
2010-08-16 09:37 . 2010-08-16 09:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-08-12 15:59 . 2010-08-12 15:59 -------- d-----w- c:\program files\Conduit
2010-08-07 05:55 . 2010-08-07 05:55 61440 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f88d24c-n\decora-sse.dll
2010-08-07 05:55 . 2010-08-07 05:55 503808 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\msvcp71.dll
2010-08-07 05:55 . 2010-08-07 05:55 499712 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\jmc.dll
2010-08-07 05:55 . 2010-08-07 05:55 12800 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f88d24c-n\decora-d3d.dll
2010-08-07 05:55 . 2010-08-07 05:55 348160 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5402958d-n\msvcr71.dll
2010-07-29 15:42 . 2010-07-29 15:42 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\vlc
2010-07-23 08:45 . 2010-07-23 08:45 -------- d-----w- c:\program files\Alcohol Soft
2010-07-22 13:58 . 2003-10-27 11:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-07-22 13:58 . 2003-10-27 11:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2010-07-22 13:58 . 2003-10-27 11:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2010-07-22 13:58 . 2003-10-27 11:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2010-07-22 13:58 . 2003-10-27 11:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-07-22 13:58 . 2010-07-22 13:58 -------- d-----w- c:\program files\Ubisoft
2010-07-22 13:35 . 2010-07-22 13:35 -------- d-----w- c:\program files\7-Zip
2010-07-19 11:28 . 2010-07-19 11:28 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Media Player Classic

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 09:57 . 2010-04-26 16:57 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\uTorrent
2010-08-11 17:17 . 2010-04-26 20:44 -------- d-----w- c:\program files\Garena
2010-08-03 10:38 . 2010-04-26 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-07-29 11:55 . 2010-04-26 03:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-29 11:55 . 2010-04-26 03:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-26 22:47 . 2010-04-26 16:53 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Skype
2010-07-26 22:44 . 2010-04-26 16:54 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\skypePM
2010-07-23 08:43 . 2010-04-26 16:58 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-13 07:04 . 2010-04-26 03:40 44528 ----a-w- c:\documents and settings\ale---xxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-13 06:48 . 2010-04-26 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-07 16:15 . 2010-07-07 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-07-07 15:21 . 2010-07-07 15:21 2568656 ----a-w- c:\documents and settings\ale---xxx\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-07-02 14:22 . 2010-07-02 00:52 -------- d-----w- c:\program files\nLite
2010-06-30 08:28 . 2010-04-26 17:17 -------- d-----w- c:\program files\Microsoft Works
2010-06-25 18:04 . 2010-06-25 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-06-25 15:34 . 2010-06-25 15:33 -------- d-----w- c:\documents and settings\ale---xxx\Application Data\Vso
2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\documents and settings\ale---xxx\Application Data\pcouffin.sys
2010-06-25 15:33 . 2010-06-25 15:33 47360 ----a-w- c:\documents and settings\ale---xxx\Application Data\pcouffin.sys
2010-06-25 15:33 . 2010-06-25 15:33 -------- d-----w- c:\program files\VSO
2010-05-28 22:55 . 2010-05-28 22:55 503808 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\msvcp71.dll
2010-05-28 22:55 . 2010-05-28 22:55 61440 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4fa0f48e-n\decora-sse.dll
2010-05-28 22:55 . 2010-05-28 22:55 499712 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\jmc.dll
2010-05-28 22:55 . 2010-05-28 22:55 348160 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-18868e93-n\msvcr71.dll
2010-05-28 22:55 . 2010-05-28 22:55 12800 ----a-w- c:\documents and settings\ale---xxx\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4fa0f48e-n\decora-d3d.dll
2010-05-20 07:46 . 2010-05-20 07:25 52224 ----a-w- c:\windows\ipuninst.exe
2004-10-01 12:00 . 2010-04-26 17:02 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE8"="advpack.dll" [2009-11-05 128512]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^raid_tool.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\raid_tool.exe.lnk
backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-06-28 18:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-07-12 08:33 1581056 ----a-r- c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-09-13 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-25 16:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 08:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-03-19 14:27 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Strong Dc++ 2.02\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Tzopcast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Tzopcast\\Tzopcast.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Jocuri\\MONOPOLY\\Monopoly.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Programe\\kituri\\NRPG RatioMaster.exe"=
"d:\\Jocuri\\STEAM\\steamapps\\shade_alex\\counter-strike\\hl.exe"=

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [4/26/2010 6:36 AM 75904]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp --> c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/26/2010 7:58 PM 697328]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ale---xxx\Application Data\Mozilla\Firefox\Profiles\1iziyp5k.default\
FF - prefs.js: browser.startup.homepage - www.google.ro
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- Firefox POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Mkey.exe - c:\program files\MKey\Mkey.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 17:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ALE---~1\LOCALS~1\Temp\SVX2.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-16  17:24:34 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-16 14:24

Pre-Run: 6,254,882,816 bytes free
Post-Run: 6,289,113,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 8617B1B6C59B5F54AE10CD6F6F0B0D36


#4
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
Pune urmatorul folder intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza.

Quote


C:\Qoobox

NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM !

Descarca

Malwarebytes Anti-Malware 1.46

si salveaza-l pe Desktop.

Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.

Posted Image

Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele.

Database version: 4XXX

Posted Image

Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan.

Posted Image

La terminarea scanarii apasa OK si apoi Show Results.

Posted Image

Posted Image

Asigura-te ca e totul bifat si apoi apasa Remove Selected.

Posted Image

Posted Image

La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

Posted Image

Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.)

Posted Image

Edited by crysty2k5, 16 August 2010 - 16:37.


#5
alexxx21a

alexxx21a

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 07.04.2010
Uite aici rezultatul la ultima scanare :

Quote

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4436

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2010 6:42:16 PM
mbam-log-2010-08-16 (18-42-16).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|H:\|)
Objects scanned: 198865
Time elapsed: 37 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\ale---xxx\msgvn.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-3071634982-0830670934-050293930-9477\nissan.exe.vir (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048697.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048698.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048715.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP101\A0048716.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049947.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049941.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049943.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP103\A0049948.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP96\A0046210.Exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048564.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{97BD0BB9-2897-471E-BD2C-311BFA8AA82E}\RP99\A0048565.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\Programe\kituri\BaDBoYv4.2\BaDBoYv4.2.exe (Trojan.Armin) -> Quarantined and deleted successfully.


Scuze pt ultimul virus, ce bine ca l-a detectat si l-a sters , erau coade de cs uitate demult prin calculator

Edited by alexxx21a, 16 August 2010 - 17:45.


#6
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
Ok. Sterge folderul

Quote

C:\Qoobox


Mai sunt probleme ?

#7
Official

Official

    Forzza ASA!

  • Grup: Senior Members
  • Posts: 3,327
  • Înscris: 27.03.2009
Daca nu mai ai probleme, scoate Nod32 (s-a vazut ca e inutil) si pune Avira sau Avast (ambele sunt gratuite).

http://www.softpedia...e-Edition.shtml

http://www.softpedia...l-Edition.shtml

Edited by crysty2k5, 16 August 2010 - 17:59.
links


#8
alexxx21a

alexxx21a

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 07.04.2010
Mi se pare ca merge bine acuma, nu mai am probleme , am intrat si pe Steam si ruleaza perfect .
Mai trebuie sa astept vreun raspuns analiza folderului Qoobox ?


Si pentru celalalt amic care are problema similara cu a mea ( atasez inca odata aici poza sa vezi ) pot urma aceeasi pasi de pe acel sistem ? Ca el nu se prea stie cu forumurile sa isi faca el cont si il ajut eu . Merg deseara pe la el si pot urma pasii ca si aici sau cum imi sugerez sa fac si sa postez rezultatele tot in acest topic .

Lui ii apar la fel 2 erori cand porneste windowsul si ii merge calculatorul cam lent . ( are windowsul doar de vreo 2-3 saptamani instalat , acelasi ca si al meu din cate tin eu minte ) .



Multumesc foarte mult pentru ajutor !!!! M-ai scutit de o formatare aiurea .

Attached Files



#9
Official

Official

    Forzza ASA!

  • Grup: Senior Members
  • Posts: 3,327
  • Înscris: 27.03.2009
Poti urma aceiasi pasi dar, daca poti, pune logurile aici sa vedem daca mai sunt si alte intrari malitioase.

Edited by Official, 16 August 2010 - 18:04.


#10
alexxx21a

alexxx21a

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 07.04.2010
Gata incep acum sa postez tot in acest topic logurile de pe sistemul amicului meu :

Quote

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 12:23:20 AM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\WebCam\M1000\M1000Mnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\v2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\iste10.exe
C:\Documents and Settings\Florynaaa\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccmiptyns] C:\WINDOWS\System32\ccmiptyns.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ccmiptyns] C:\Documents and Settings\Florynaaa\ccmiptyns.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{661491D6-829A-46D0-A3EB-C319312F5A82}: NameServer = 213.154.124.1 193.231.252.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7658 bytes

Va rog mult de tot daca puteti sa imi dati si aici la fel ca si data trecuta , ce trebuie sa selectez sa stearga la fel ca si mai sus. Multumesc frumos

Edited by alexxx21a, 16 August 2010 - 23:27.


#11
Official

Official

    Forzza ASA!

  • Grup: Senior Members
  • Posts: 3,327
  • Înscris: 27.03.2009
Bifeaza si apasa Fix Checked pentru:

Quote

O4 - HKLM\..\Run: [ccmiptyns] C:\WINDOWS\System32\ccmiptyns.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ccmiptyns] C:\Documents and Settings\Florynaaa\ccmiptyns.exe
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\FLORYN~1\LOCALS~1\Temp\lsass.exe


Descarca: ComboFix si salveaza-l pe Desktop.

Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat:

Quote

File::
C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\lsass.exe
C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\v2.exe
C:\Documents and Settings\Florynaaa\LOCAL Settings\Temp\iste10.exe
C:\Documents and Settings\Florynaaa\ccmiptyns.exe

Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos.

[ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ]
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI.

#12
alexxx21a

alexxx21a

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 07.04.2010
Gata  si acest pas  :

Quote

ComboFix 10-08-16.04 - Florynaaa 08/17/2010  15:44:25.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.292 [GMT 3:00]
Running from: c:\documents and settings\Florynaaa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Florynaaa\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active


FILE ::
"c:\documents and settings\Florynaaa\ccmiptyns.exe"
"c:\documents and settings\Florynaaa\LOCAL Settings\Temp\iste10.exe"
"c:\documents and settings\Florynaaa\LOCAL Settings\Temp\lsass.exe"
"c:\documents and settings\Florynaaa\LOCAL Settings\Temp\v2.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\FLORYN~1\LOCALS~1\Temp\lsass.exe
c:\documents and settings\Florynaaa\Application Data\chrtmp
c:\documents and settings\Florynaaa\ccmiptyns.exe
c:\documents and settings\Florynaaa\LOCAL Settings\Temp\iste10.exe
c:\documents and settings\Florynaaa\LOCAL Settings\Temp\lsass.exe
c:\documents and settings\Florynaaa\LOCAL Settings\Temp\v2.exe
c:\documents and settings\Florynaaa\msgvn.exe
c:\windows\system32\msssc.dll

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0009530.sys
.
(((((((((((((((((((((((((   Files Created from 2010-07-17 to 2010-08-17  )))))))))))))))))))))))))))))))
.

2010-08-16 10:29 . 2010-08-16 10:29 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\ESET
2010-08-16 10:29 . 2010-08-16 10:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-08-14 19:02 . 2010-08-15 16:27 33792 ----a-w- c:\windows\system32\ccmiptyns.exe
2010-08-13 15:20 . 2008-04-13 20:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-13 15:20 . 2001-08-17 09:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-08-13 15:20 . 2001-08-17 09:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2010-08-13 09:57 . 2010-08-16 16:12 10 ----a-w- c:\windows\popcinfo.dat
2010-08-13 09:57 . 2010-08-13 09:57 -------- d-----w- c:\program files\PopCap Games
2010-08-03 20:30 . 2008-04-13 20:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2010-08-03 20:30 . 2008-04-13 20:21 101120 ----a-w- c:\windows\system32\drivers\bthpan.sys
2010-08-03 20:29 . 2008-04-13 20:16 59136 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys
2010-08-03 20:29 . 2008-04-13 20:16 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys
2010-08-03 20:29 . 2008-04-14 01:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-08-03 20:29 . 2008-04-14 01:42 151552 ----a-w- c:\windows\system32\irftp.exe
2010-08-03 20:29 . 2008-04-14 01:42 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-08-03 20:29 . 2008-04-14 01:42 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-08-03 20:29 . 2008-04-14 01:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-08-03 20:29 . 2008-04-14 01:41 28160 ----a-w- c:\windows\system32\irmon.dll
2010-08-03 20:29 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\bthenum.sys
2010-08-03 20:29 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys
2010-08-03 20:29 . 2008-04-13 20:16 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys
2010-08-03 20:29 . 2008-04-13 20:16 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2010-08-03 20:28 . 2010-08-03 20:28 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\IsolatedStorage
2010-08-03 20:28 . 2010-08-03 20:28 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\HP
2010-08-03 20:28 . 2010-08-03 20:28 132 ----a-w- c:\documents and settings\Florynaaa\Local Settings\Application Data\fusioncache.dat
2010-08-03 20:27 . 2010-08-17 12:50 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\ApplicationHistory
2010-08-03 20:19 . 2010-08-03 20:19 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-03 20:19 . 2010-08-03 20:19 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\skypePM
2010-08-03 18:56 . 2010-08-03 18:56 -------- d-----w- c:\documents and settings\Florynaaa\Local Settings\Application Data\Yahoo
2010-08-03 18:56 . 2010-08-03 18:56 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Yahoo!
2010-08-03 16:19 . 2008-04-13 20:09 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2010-08-03 16:19 . 2008-04-13 20:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2010-08-03 16:19 . 2008-04-13 20:16 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2010-08-03 16:19 . 2008-04-13 20:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-08-03 16:19 . 2008-04-13 20:16 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2010-08-03 16:19 . 2008-04-13 20:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-08-03 16:18 . 2008-04-13 20:16 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2010-08-03 16:18 . 2008-04-13 20:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2010-08-03 16:18 . 2008-04-13 20:16 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-08-03 16:18 . 2008-04-13 20:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2010-08-03 16:18 . 2008-04-13 20:16 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-08-03 16:18 . 2008-04-13 20:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2010-08-03 16:18 . 2008-04-13 20:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-08-03 16:18 . 2008-04-13 20:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2010-08-03 16:18 . 2008-04-14 01:42 53760 ----a-w- c:\windows\vfwwdm32.dll
2010-08-03 15:57 . 2010-08-03 15:57 -------- d-----w- c:\program files\Common Files\HP
2010-08-03 15:55 . 2010-08-03 15:55 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-03 15:55 . 2010-08-03 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-08-03 15:55 . 2004-05-11 07:53 82432 ----a-r- c:\windows\system32\MSXML4r.dll
2010-08-03 15:55 . 2004-05-11 07:53 626960 ----a-r- c:\windows\system32\hpvaut32.dll
2010-08-03 15:55 . 2004-05-11 07:53 487424 ----a-r- c:\windows\system32\hpvcp70.dll
2010-08-03 15:55 . 2004-05-11 07:53 44544 ----a-r- c:\windows\system32\MSXML4a.dll
2010-08-03 15:55 . 2004-05-11 07:53 344064 ----a-r- c:\windows\system32\hpvcr70.dll
2010-08-03 15:55 . 2004-05-11 07:53 1230336 ----a-r- c:\windows\system32\MSXML4.dll
2010-08-03 15:54 . 2010-08-03 15:54 45056 ----a-r- c:\documents and settings\Florynaaa\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2010-08-03 15:53 . 2010-08-03 15:53 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-03 15:52 . 2010-08-03 15:52 -------- d-----w- c:\windows\system32\URTTEMP
2010-08-03 15:50 . 2004-06-21 20:02 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-08-03 15:50 . 2004-06-21 20:02 51088 ----a-r- c:\windows\system32\drivers\hpzid412.sys
2010-08-03 15:50 . 2004-06-21 20:02 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-08-03 15:49 . 2008-04-13 20:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-08-03 15:49 . 2008-04-13 20:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-03 15:49 . 2008-04-13 20:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-03 15:49 . 2008-04-13 20:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-03 15:49 . 2008-04-13 20:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-08-03 15:49 . 2008-04-13 20:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-08-03 15:48 . 2004-03-18 13:55 65536 ----a-w- c:\windows\system32\HPZipm12.exe
2010-08-03 15:48 . 2004-03-18 13:39 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-08-03 15:48 . 2004-03-18 13:39 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-08-03 15:48 . 2004-03-18 13:38 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-08-03 15:48 . 2004-03-18 13:56 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-08-03 15:48 . 2004-03-18 13:53 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-08-03 15:47 . 2010-08-03 15:59 -------- d-----w- c:\program files\HP
2010-08-03 15:44 . 2010-08-03 16:04 104257 ----a-w- c:\windows\hpoins04.dat
2010-08-03 15:44 . 2004-06-21 20:02 17176 ------w- c:\windows\hpomdl04.dat
2010-08-03 15:32 . 2010-08-03 15:33 -------- d-----w- c:\program files\Java
2010-08-03 15:32 . 2010-08-03 15:32 -------- d-----w- c:\program files\Common Files\Java
2010-08-03 15:30 . 2010-08-03 20:20 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Skype
2010-08-03 15:29 . 2010-08-03 15:29 -------- d-----w- c:\program files\Common Files\Skype
2010-08-03 15:29 . 2010-08-03 15:30 -------- d-----r- c:\program files\Skype
2010-08-03 15:29 . 2010-08-03 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-03 15:27 . 2010-08-03 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-03 15:27 . 2010-04-20 13:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2010-08-03 15:26 . 2010-08-03 15:27 -------- d-----w- c:\program files\Yahoo!
2010-08-03 15:25 . 2010-08-03 15:26 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Hamachi
2010-08-03 15:25 . 2010-08-03 15:25 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2010-08-03 15:25 . 2010-08-03 15:25 -------- d-----w- c:\program files\Hamachi
2010-08-03 15:22 . 2010-08-03 15:22 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-08-03 15:18 . 2010-08-03 15:18 -------- d-----w- c:\program files\StrongDC++
2010-08-03 15:16 . 2010-08-03 15:23 -------- d-----w- C:\Temp
2010-08-03 15:16 . 2010-08-03 15:16 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Syntrillium
2010-08-03 15:16 . 2001-10-19 11:40 1683792 ----a-w- c:\windows\system32\wmvcore2.dll
2010-08-03 15:16 . 2001-10-19 11:40 438608 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-08-03 15:16 . 2001-10-19 11:40 665424 ----a-w- c:\windows\system32\wmv8dmoe.dll
2010-08-03 15:16 . 2001-10-19 11:39 572752 ----a-w- c:\windows\system32\wmvdmoe.dll
2010-08-03 15:15 . 2010-08-03 15:17 -------- d-----w- c:\program files\coolpro2
2010-08-03 15:03 . 2001-08-17 12:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-08-03 15:03 . 2008-04-13 23:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-08-03 15:01 . 2010-08-03 16:00 -------- d-sh--w- c:\windows\Installer
2010-08-03 15:01 . 2008-04-14 11:00 61440 -c--a-w- c:\windows\system32\dllcache\spcplui.dll
2010-08-03 15:01 . 2008-04-14 11:00 77824 -c--a-w- c:\windows\system32\dllcache\spcommon.dll
2010-08-03 15:01 . 2008-04-14 11:00 774144 -c--a-w- c:\windows\system32\dllcache\spttseng.dll
2010-08-03 15:01 . 2008-04-14 11:00 36864 -c--a-w- c:\windows\system32\dllcache\sapisvr.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 19:57 . 2010-08-03 13:51 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\uTorrent
2010-08-05 15:32 . 2010-08-03 12:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-03 18:00 . 2010-08-03 13:39 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\BSplayer
2010-08-03 15:23 . 2010-08-03 13:30 68456 ----a-w- c:\documents and settings\Florynaaa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-03 15:21 . 2010-08-03 13:38 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-08-03 15:07 . 2010-08-03 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-03 14:59 . 2010-08-03 14:59 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\vlc
2010-08-03 14:54 . 2010-08-03 14:54 -------- d-----w- c:\program files\Genius
2010-08-03 14:54 . 2010-08-03 12:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-03 14:53 . 2010-08-03 12:33 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-03 14:50 . 2010-08-03 14:46 -------- d-----w- c:\program files\Common Files\LightScribe
2010-08-03 14:45 . 2010-08-03 14:41 -------- d-----w- c:\program files\Ahead
2010-08-03 14:41 . 2010-08-03 14:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-08-03 14:40 . 2010-08-03 14:40 -------- d-----w- c:\program files\CyberLink
2010-08-03 14:40 . 2010-08-03 14:40 -------- d-----w- c:\program files\CyberLink DVD Solution
2010-08-03 14:32 . 2010-08-03 14:32 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-03 14:08 . 2010-08-03 14:08 -------- d-----w- c:\program files\Microsoft Works
2010-08-03 14:08 . 2010-08-03 14:08 -------- d-----w- c:\program files\MSBuild
2010-08-03 14:07 . 2010-08-03 14:07 -------- d-----w- c:\program files\Microsoft.NET
2010-08-03 14:06 . 2010-08-03 14:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-08-03 13:57 . 2010-08-03 13:56 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\Winamp
2010-08-03 13:56 . 2010-08-03 13:56 -------- d-----w- c:\program files\Winamp
2010-08-03 13:55 . 2010-08-03 13:55 0 ----a-w- c:\windows\nsreg.dat
2010-08-03 13:54 . 2010-08-03 13:54 -------- d-----w- c:\program files\Switch Off
2010-08-03 13:53 . 2010-08-03 13:53 -------- d-----w- c:\program files\ESET
2010-08-03 13:53 . 2010-08-03 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\program files\uTorrent
2010-08-03 13:51 . 2010-08-03 13:51 -------- d-----w- c:\program files\WhereIsIt
2010-08-03 13:51 . 2010-08-03 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\WhereIsIt
2010-08-03 13:42 . 2010-08-03 13:42 -------- d-----w- c:\program files\VideoLAN
2010-08-03 13:40 . 2010-08-03 13:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-03 13:39 . 2010-08-03 13:39 -------- d-----w- c:\program files\Webteh
2010-08-03 13:39 . 2010-08-03 13:39 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\BSplayer Pro
2010-08-03 13:36 . 2010-08-03 13:36 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-03 13:36 . 2010-08-03 13:36 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\DAEMON Tools
2010-08-03 13:30 . 2010-08-03 13:30 -------- d-----w- c:\documents and settings\Florynaaa\Application Data\ATI
2010-08-03 13:28 . 2010-08-03 12:53 -------- d-----w- c:\program files\ATI Technologies
2010-08-03 13:12 . 2010-08-03 13:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-03 13:12 . 2010-08-03 13:11 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-03 13:07 . 2010-08-03 13:07 -------- d-----w- c:\program files\ASUS
2010-08-03 12:42 . 2010-08-03 12:42 -------- d-----w- c:\program files\Analog Devices
2010-08-03 12:34 . 2010-08-03 12:34 -------- d-----w- c:\program files\Intel
2010-08-03 12:25 . 2010-08-03 12:25 -------- d-----w- c:\program files\microsoft frontpage
2010-08-03 12:21 . 2010-08-03 12:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-03 12:20 . 2010-08-03 12:20 -------- d-----w- c:\program files\Windows Media Connect 2
2004-10-01 12:00 . 2010-08-03 14:40 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2009-11-05 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE8"="advpack.dll" [2009-11-05 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\StrongDC++\\StrongDC.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 468224]
R3 M1000Srv;M5603C USB2.0 Camera Driver;c:\windows\system32\drivers\M1000KNT.sys [8/3/2010 5:55 PM 276930]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/3/2010 4:36 PM 717296]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Florynaaa\Application Data\Mozilla\Firefox\Profiles\eyx5tynl.default\
FF - prefs.js: browser.startup.homepage - www.google.ro

---- Firefox POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-M1000Mnt - M1000Rmv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 15:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\rundll32.exe
c:\windows\WebCam\M1000\M1000Mnt.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-17  15:53:19 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-17 12:53

Pre-Run: 13,017,628,672 bytes free
Post-Run: 13,151,350,784 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 75BF038EC6A5D64ABBC12E67D93BECF5


#13
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
Pune urmatorul folder intr-o arhiva cu parola infected si trimite-mi un PM cu ea sau urc-o pe un server (de exemplu: http://www.rapidshare.com ) si trimite-mi PM cu link-ul de download sa trimit la analiza.

Quote


C:\Qoobox

NU ATASA ARHIVA SI NU POSTA LINK-UL DE DOWNLOAD PE FORUM !



Descarca

Malwarebytes Anti-Malware 1.46

si salveaza-l pe Desktop.

Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.

Posted Image

Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele.

Database version: 4XXX

Posted Image

Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan.

Posted Image

La terminarea scanarii apasa OK si apoi Show Results.

Posted Image

Posted Image

Asigura-te ca e totul bifat si apoi apasa Remove Selected.

Posted Image

Posted Image

La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

Posted Image

Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.)

Posted Image

#14
alexxx21a

alexxx21a

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 07.04.2010
Am facut si pasul cu  Malware . Iata si rezultatul :

Quote

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4439

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/17/2010 4:31:29 PM
mbam-log-2010-08-17 (16-31-29).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 185493
Time elapsed: 28 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\Florynaaa\ccmiptyns.exe.vir (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Florynaaa\msgvn.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ndis.sys.vir (Rootkit.Patched) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010526.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010527.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010537.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0010538.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011540.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011541.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011582.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP17\A0011583.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015839.sys (Rootkit.Patched) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015840.sys (Rootkit.Patched) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015841.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015842.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E1C9C699-91BF-4DAB-9A82-4282D6DCC4C7}\RP19\A0015883.sys (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccmiptyns.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Imediat iti trimit si folderul Qoobox.

PS : Trebuie sa astept si eu ceva raspuns de la cei care analizeaza acel folder sau asta a fost tot ?
Multumesc mult de ajutor

Edited by alexxx21a, 17 August 2010 - 15:38.


#15
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
Multumesc pentru folder.

Nu e problema ta analiza. Tu spune daca mai sunt probleme ? :)

Folderul ala o sa ajunga la toate companiile sa fie semnate fisierele ca pe viitor altii sa nu se mai infecteze.

#16
alexxx21a

alexxx21a

    Junior Member

  • Grup: Members
  • Posts: 26
  • Înscris: 07.04.2010
Ahaa :) nu stiam ce fel de analiza se face .
Merge bine acuma si acest calculator nu mai apar erorile si nu mai merge greu .
Voi reveni zilele acestea credca si cu un al 3lea sistem ( un laptop ) dar acolo nu stiu care este exact problema .. nu da erori dar mi se pare ca merge cam greu .

Multumesc foarte mult pentru ajutor  !!!

#17
rootkit

rootkit

    Awake. Security DNA

  • Grup: Senior Members
  • Posts: 34,883
  • Înscris: 07.02.2007
Cu placere. Ne gasesti aici.

#18
Official

Official

    Forzza ASA!

  • Grup: Senior Members
  • Posts: 3,327
  • Înscris: 27.03.2009
Nu uita sa inlocuiesti Nod32 si de pe acest sistem.  :)

Anunturi

Chirurgia spinală minim invazivă Chirurgia spinală minim invazivă

Chirurgia spinală minim invazivă oferă pacienților oportunitatea unui tratament eficient, permițându-le o recuperare ultra rapidă și nu în ultimul rând minimizând leziunile induse chirurgical.

Echipa noastră utilizează un spectru larg de tehnici minim invazive, din care enumerăm câteva: endoscopia cu variantele ei (transnazală, transtoracică, transmusculară, etc), microscopul operator, abordurile trans tubulare și nu în ultimul rând infiltrațiile la toate nivelurile coloanei vertebrale.

www.neurohope.ro

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate