Chirurgia cranio-cerebrală minim invazivă
Tehnicile minim invazive impun utilizarea unei tehnologii ultramoderne. Endoscoapele operatorii de diverse tipuri, microscopul operator dedicat, neuronavigația, neuroelectrofiziologia, tehnicile avansate de anestezie, chirurgia cu pacientul treaz reprezintă armamentarium fără de care neurochirurgia prin "gaura cheii" nu ar fi posibilă. Folosind tehnicile de mai sus, tratăm un spectru larg de patologii cranio-cerebrale. www.neurohope.ro |
Erori windows xp - 16-bit MS-DOS Subsystem
Last Updated: Jul 31 2011 19:22, Started by
DarkSideBv
, Jul 29 2011 21:37
·
0
#1
Posted 29 July 2011 - 21:37
Salut. In intervalul orar 22:15 - 22:30 , in fiecare seara imi apar aceste ferestre care le puteti observa in poza.
Aveti idee de la ce ar putea fi ? Am cautat acele fisiere in folderul cu Windows dar nu le-am gasit , iar pe Google nu gasesc acele nume de fisiere. http://img35.imagesh...789/eroarek.png |
#3
Posted 29 July 2011 - 21:44
Numai la aceasta ora???Nu am auzit niciodata erori sa dea la ore fixe
|
#4
Posted 29 July 2011 - 21:52
Am activat optiunea de a vedea fisierele invizibile si le-am gasit.
Logfile of Trend Micro HiJackThis v2.0.4 Scan saved at 22:47:54, on 29.07.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware...uicksearch.aspx R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware...uicksearch.aspx O1 - Hosts: 78.47.251.150 easyanticheat.se # misleading site O1 - Hosts: 78.47.251.150 www.easyanticheat.se # misleading site O1 - Hosts: 78.47.251.150 easyanticheat.com # misleading site O1 - Hosts: 78.47.251.150 www.easyanticheat.com # misleading site O1 - Hosts: 78.47.251.150 easyanticheat.org # misleading site O1 - Hosts: 78.47.251.150 www.easyanticheat.org # misleading site O1 - Hosts: 204.9.178.11 typepad.com O1 - Hosts: 74.113.12.32 istockphoto.com O1 - Hosts: 208.914.0.38 yfrog.com O1 - Hosts: 63.309.5.12 virustotal.com O1 - Hosts: 123.125.50.22 126.com O1 - Hosts: 174.36.28.11 SlideShare.com O1 - Hosts: 213.238.60.19 xing.com O1 - Hosts: 59.16.98.139 seesaa.net O1 - Hosts: 184.72.23.170 hootsuite.com O1 - Hosts: 211.151.16.16 soku.com O1 - Hosts: 72.321.12.222 metacafe.com O1 - Hosts: 9.105.61.98 bitdefender.com O1 - Hosts: 204.11.19.133 tribalfusion.com O1 - Hosts: 207.154.14.31 tripadvisor.com O1 - Hosts: 216.52.240.133 ustream.tv O1 - Hosts: 174.36.244.132 linkwithin.com O1 - Hosts: 121.67.23.61 scan.novirusthanks.org O1 - Hosts: 209.172.34.139 imagevenue.com O1 - Hosts: 91.206.212.220 booking.com O1 - Hosts: 118.69.21.6 vnexpress.net O1 - Hosts: 103.67.11.13 trendmicro.com O1 - Hosts: 208.85.40.80 pandora.com O1 - Hosts: 194.16.241.157 softonic.com O1 - Hosts: 208.83.23.15 match.com O1 - Hosts: 202.57.69.84 nwt.com O1 - Hosts: 65.11.53.80 nttnavi.com O1 - Hosts: 72.51.41.235 nrk.no O1 - Hosts: 110.16.19.157 nozonedata.com O1 - Hosts: 76.16.3.251 nachtagenten.com O1 - Hosts: 195.82.240.124 musicmatch.com O1 - Hosts: 70.52.56.163 moscowtimes.com O1 - Hosts: 124.217.235.76 gsn.com O1 - Hosts: 61.178.63.198 mgd.com O1 - Hosts: 174.142.24.25 mediastorm.hu O1 - Hosts: 38.113.207.59 media-servers.com O1 - Hosts: 116.66.206.161 m5prod.com O1 - Hosts: 74.175.65.66 lupa.com O1 - Hosts: 207.20.66.53 liveintercom.com O1 - Hosts: 71.96.135.201 keenspace.com O1 - Hosts: 202.51.17.37 jetsoftware.com O1 - Hosts: 60.21.54.08 jamba.com O1 - Hosts: 222.161.3.133 ir.com O1 - Hosts: 200.24.22.170 investopedia.com O1 - Hosts: 202.149.24.216 choiceradio.com O1 - Hosts: 91.206.23.22 booking.com O1 - Hosts: 118.69.251.6 vnexpress.net O1 - Hosts: 141.76.5.18 chip.com O1 - Hosts: 128.06.192.15 redv.net O1 - Hosts: 194.42.170.124 cgi.com O1 - Hosts: 199.26.24.66 centcomm.com O1 - Hosts: 202.149.24.26 digitallook.com O1 - Hosts: 60.251.19.134 domainfactory.com O1 - Hosts: 222.161.5.13 dvdfocomm.nu O1 - Hosts: 157.95.56.15 e-kolay.com O1 - Hosts: 85.29.213.15 eurosport.com O1 - Hosts: 189.104.19.61 f1cd.com O1 - Hosts: 125.162.92.234 free6.com O1 - Hosts: 80.81.19.20 cdsoftware.com O1 - Hosts: 85.29.23.115 adware-delete.com O1 - Hosts: 69.89.221.135 hbv.com O1 - Hosts: 92.48.210.39 protectorsuite.com O1 - Hosts: 128.31.3.16 howstuffworks.com O1 - Hosts: 85.249.213.17 hyena.com O1 - Hosts: 219.19.18.59 zinfo.com204.9.178.11 typepad.com O1 - Hosts: 74.113.12.32 istockphoto.com O1 - Hosts: 208.914.0.38 yfrog.com O1 - Hosts: 63.309.5.12 virustotal.com O1 - Hosts: 123.125.50.22 126.com O1 - Hosts: 174.36.28.11 SlideShare.com O1 - Hosts: 213.238.60.19 xing.com O1 - Hosts: 59.16.98.139 seesaa.net O1 - Hosts: 184.72.23.170 hootsuite.com O1 - Hosts: 211.151.16.16 soku.com O1 - Hosts: 72.321.12.222 metacafe.com O1 - Hosts: 9.105.61.98 bitdefender.com O1 - Hosts: 204.11.19.133 tribalfusion.com O1 - Hosts: 207.154.14.31 tripadvisor.com O1 - Hosts: 216.52.240.133 ustream.tv O1 - Hosts: 174.36.244.132 linkwithin.com O1 - Hosts: 121.67.23.61 scan.novirusthanks.org O1 - Hosts: 209.172.34.139 imagevenue.com O1 - Hosts: 91.206.212.220 booking.com O1 - Hosts: 118.69.21.6 vnexpress.net O1 - Hosts: 103.67.11.13 trendmicro.com O1 - Hosts: 208.85.40.80 pandora.com O1 - Hosts: 194.16.241.157 softonic.com O1 - Hosts: 208.83.23.15 match.com O1 - Hosts: 202.57.69.84 nwt.com O1 - Hosts: 65.11.53.80 nttnavi.com O1 - Hosts: 72.51.41.235 nrk.no O1 - Hosts: 110.16.19.157 nozonedata.com O1 - Hosts: 76.16.3.251 nachtagenten.com O1 - Hosts: 195.82.240.124 musicmatch.com O1 - Hosts: 70.52.56.163 moscowtimes.com O1 - Hosts: 124.217.235.76 gsn.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1454471165-1229272821-682003330-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - AutorunsDisabled - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{5CDA5848-1629-427A-B472-30878F00250C}: NameServer = 193.231.189.18 193.231.189.19 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8598 bytes |
#6
Posted 29 July 2011 - 22:38
am incarcat acele fisiere pe virustotal si doar 1 din 43 de antivirusuri a seziat o problema, deci nu cred ca e vorba de devirusare. sa sterg acele fisiere , sau sa le las ca poate afecteaza alte programe ?
|
#7
Posted 29 July 2011 - 23:20
Daca ai system restore activat , da un restore inainte de a intampina aceasta problema si pentru orice eventualitate, da o scanare de system cu Malwarebytes, trojan remover, hitman 3.5 - toate sunt soft-uri gratuite si isi fac bine treaba .
|
#8
Posted 30 July 2011 - 10:37
Descarca si ruleaza asta:
http://download.bleepingcomputer.com/bats/hostsperm.bat Navigheaza in: Quote C:\WINDOWS\system32\drivers\etc Si sterge fisierul hosts. Descarca: ComboFix si salveaza-l pe Desktop. Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. |
#9
Posted 30 July 2011 - 11:37
Multumesc pentru suport.
ComboFix 11-07-29.03 - DarkSide 30.07.2011 12:28:25.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.947 [GMT 3:00] Running from: c:\documents and settings\DarkSide.LEETWORL-16E4E7\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\x264vfw-uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-30 ))))))))))))))))))))))))))))))) . . 2068-01-16 08:48 . 2004-01-15 12:26 4057803 ----a-w- c:\program files\Mozilla Firefox\Speed.exe 2011-07-30 09:26 . 2011-07-29 19:27 2329 --sha-w- c:\windows\winbasrv.exe 2011-07-30 09:26 . 2011-07-29 19:23 2329 --sha-w- c:\windows\mcshlz.exe 2011-07-30 09:26 . 2011-07-29 19:19 2329 --sha-w- c:\windows\dsrsrv2.exe 2011-07-30 09:26 . 2011-07-29 19:15 2329 --sha-w- c:\windows\dserv23.exe 2011-07-29 19:45 . 2011-07-29 19:45 388096 ----a-r- c:\documents and settings\DarkSide.LEETWORL-16E4E7\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-29 19:45 . 2011-07-29 19:45 -------- d-----w- c:\program files\Trend Micro 2011-07-24 17:33 . 2011-07-25 11:23 -------- d-----w- C:\D.Gray-man 2011-07-24 15:50 . 2003-10-27 11:06 115016 ----a-w- c:\windows\system32\MSINET.OCX 2011-07-24 15:50 . 2003-10-27 11:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL 2011-07-24 15:50 . 2003-10-27 11:06 69632 ----a-w- c:\windows\system32\xmltok.dll 2011-07-24 15:50 . 2003-10-27 11:06 36864 ----a-w- c:\windows\system32\xmlparse.dll 2011-07-24 15:50 . 2003-10-27 11:06 26096 ----a-w- c:\windows\system32\xmlinst.exe 2011-07-24 15:50 . 2003-10-27 11:06 35840 ----a-w- c:\windows\system32\comdlg32.oca 2011-07-24 15:50 . 2003-10-27 11:06 29184 ----a-w- c:\windows\system32\MSINET.oca 2011-07-24 15:50 . 2003-10-27 11:06 24576 ----a-w- c:\windows\system32\msxml3a.dll 2011-07-21 13:24 . 2011-07-21 13:24 -------- d-----w- c:\documents and settings\DarkSide.LEETWORL-16E4E7\Local Settings\Application Data\GHISLER 2011-07-21 13:21 . 2011-07-21 13:21 -------- d-----w- C:\totalcmd 2011-07-21 13:21 . 2011-07-21 13:21 -------- d-----w- c:\documents and settings\DarkSide.LEETWORL-16E4E7\Application Data\GHISLER 2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\UC.PIF 2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\RAR.PIF 2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\PKZIP.PIF 2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\PKUNZIP.PIF 2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\NOCLOSE.PIF 2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\LHA.PIF 2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\ARJ.PIF 2011-07-21 12:08 . 2011-07-21 12:08 -------- d-----w- c:\program files\MSECache 2011-07-18 17:07 . 2011-07-28 14:25 -------- d-----w- c:\program files\mIRC 2011-07-11 07:55 . 2011-07-11 07:57 -------- d-----w- c:\program files\NVIDIA Corporation 2011-07-11 07:55 . 2011-07-11 07:55 -------- d-----w- C:\NVIDIA 2011-07-08 16:41 . 2011-07-08 16:41 -------- d-----w- c:\program files\Common Files\Spigot 2011-07-08 16:40 . 2011-07-08 16:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\YouTube Downloader 2011-07-07 10:20 . 2011-07-07 10:20 -------- d-----w- c:\program files\WEBZEN 2011-07-07 10:20 . 2010-11-04 15:49 53616 ----a-w- c:\windows\system32\CMStarter_Eng.dll 2011-07-07 10:20 . 2010-11-04 15:49 53616 ----a-w- c:\windows\system32\CMStarter_Kor.dll 2011-07-07 10:20 . 2010-11-04 15:49 364912 ----a-w- c:\windows\system32\CMStarterCore.exe 2011-07-07 10:17 . 2011-05-01 21:19 4045688 ----a-w- c:\windows\system32\GameMon.des 2011-07-07 10:17 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys 2011-07-07 10:17 . 2003-07-20 09:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd 2011-07-03 04:04 . 2011-07-03 04:04 59836 --sh--w- c:\windows\dtmn.exe 2011-07-03 04:04 . 2011-07-03 04:04 71678 --sh--w- c:\windows\pdwa.exe 2011-07-03 04:04 . 2011-07-03 04:04 66047 --sh--w- c:\windows\kdhr.exe 2011-07-03 04:04 . 2011-07-03 04:04 71686 --sh--w- c:\windows\wtsx.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-20 03:29 . 2011-05-20 04:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-25 06:09 . 2010-12-28 12:21 4198272 ----a-w- c:\windows\system32\nv4_disp.dll 2011-05-25 06:09 . 2010-12-28 12:21 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-06-25 20:21 . 2011-05-21 20:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272] "NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^DarkSide.LEETWORL-16E4E7^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\documents and settings\DarkSide.LEETWORL-16E4E7\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer] c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 09:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-06 09:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui] 2010-12-06 06:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2] 2010-12-20 10:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2011-05-25 06:09 13895272 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2011-05-04 21:02 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor] 2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2003-07-30 07:08 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar] 2008-11-14 19:57 131778 ----a-w- c:\program files\Vista Rainbar\launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Steam\\Steam.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "d:\\Steam\\steamapps\\costelplescan\\counter-strike\\hl.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 "4458:TCP"= 4458:TCP:Application Sharing . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/28/2010 4:32 PM 721904] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/27/2011 2:12 AM 218688] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [12/6/2010 9:31 AM 1238408] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/11/2011 10:56 AM 2214504] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [4/3/2011 1:51 PM 27632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/3/2011 1:51 PM 13224] S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [1/20/2011 2:55 PM 616064] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] . Contents of the 'Scheduled Tasks' folder . 2011-07-29 c:\windows\Tasks\At10.job - c:\windows\dtmn.exe [2011-07-03 04:04] . 2011-07-29 c:\windows\Tasks\At2.job - c:\windows\kdhr.exe [2011-07-03 04:04] . 2011-07-29 c:\windows\Tasks\At3.job - c:\windows\wtsx.exe [2011-07-03 04:04] . 2011-07-29 c:\windows\Tasks\At4.job - c:\windows\pdwa.exe [2011-07-03 04:04] . 2011-07-29 c:\windows\Tasks\At5.job - c:\windows\dtmn.exe [2011-07-03 04:04] . 2011-07-29 c:\windows\Tasks\At7.job - c:\windows\kdhr.exe [2011-07-03 04:04] . 2011-07-29 c:\windows\Tasks\At8.job - c:\windows\wtsx.exe [2011-07-03 04:04] . 2011-07-29 c:\windows\Tasks\At9.job - c:\windows\pdwa.exe [2011-07-03 04:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ro/ mStart Page = hxxp://www.sharewareisland.com uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx TCP: Interfaces\{5CDA5848-1629-427A-B472-30878F00250C}: NameServer = 193.231.189.18 193.231.189.19 . - - - - ORPHANS REMOVED - - - - . AddRemove-x264vfw - c:\windows\system32\x264vfw-uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-30 12:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . Completion time: 2011-07-30 12:33:59 ComboFix-quarantined-files.txt 2011-07-30 09:33 ComboFix2.txt 2011-07-30 09:22 . Pre-Run: 9.204.920.320 bytes free Post-Run: 9.181.302.784 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 3BBE50474EBC38CCD14845D73C194AAD |
#10
Posted 30 July 2011 - 14:28
Descarca
Malwarebytes Anti-Malware 1.51.1.1800 si salveaza-l pe Desktop. Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish. [ http://i53.tinypic.com/13za8f8.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i54.tinypic.com/2dtq001.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i53.tinypic.com/qrerzm.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i54.tinypic.com/2wnpfr6.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i54.tinypic.com/15i7tea.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i55.tinypic.com/1ikapc.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i51.tinypic.com/2efpyfl.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i56.tinypic.com/5xo5g8.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i53.tinypic.com/2e2dnkn.png - Pentru incarcare in pagina (embed) Click aici ] Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele. Database version: 7XXX [ http://i52.tinypic.com/9fyxjr.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i52.tinypic.com/5ytef5.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i51.tinypic.com/2gw53z7.png - Pentru incarcare in pagina (embed) Click aici ] Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan. [ http://i54.tinypic.com/23h3pj7.png - Pentru incarcare in pagina (embed) Click aici ] La terminarea scanarii apasa OK si apoi Show Results. [ http://i55.tinypic.com/1z1yavt.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i55.tinypic.com/2cygmc5.png - Pentru incarcare in pagina (embed) Click aici ] Asigura-te ca e totul bifat si apoi apasa Remove Selected. [ http://i53.tinypic.com/2rrqi2q.png - Pentru incarcare in pagina (embed) Click aici ] La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici. [ http://i53.tinypic.com/1zxazrk.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i56.tinypic.com/2enrbwj.png - Pentru incarcare in pagina (embed) Click aici ] Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.) [ http://i51.tinypic.com/2yllhk5.png - Pentru incarcare in pagina (embed) Click aici ] [ http://i53.tinypic.com/1zxazrk.png - Pentru incarcare in pagina (embed) Click aici ] |
|
#11
Posted 30 July 2011 - 15:53
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org Database version: 7325 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 30.07.2011 16:52:47 mbam-log-2011-07-30 (16-52-47).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 368568 Time elapsed: 49 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Qoobox\quarantine\C\WINDOWS\uhcd.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. c:\system volume information\_restore{75d1eaa0-a83c-42f0-b67a-7928d5a58780}\RP1\A0000071.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\system volume information\_restore{75d1eaa0-a83c-42f0-b67a-7928d5a58780}\RP1\A0000086.exe (PUP.CCProxy) -> Quarantined and deleted successfully. c:\system volume information\_restore{75d1eaa0-a83c-42f0-b67a-7928d5a58780}\RP1\A0000131.exe (Joke.Stressreducer) -> Quarantined and deleted successfully. c:\system volume information\_restore{75d1eaa0-a83c-42f0-b67a-7928d5a58780}\RP1\A0000319.exe (Trojan.LDPinch) -> Quarantined and deleted successfully. c:\system volume information\_restore{f87f9462-296f-4c6c-ba14-87f07a5fbdcf}\RP149\A0062558.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\pdwa.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\wtsx.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\darkside.leetworl-16e4e7\Desktop\new desktop\super simple wall v7.0\sswv7.0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. c:\documents and settings\darkside.leetworl-16e4e7\local settings\application data\Xenocode\Sandbox\pluginplus\1.00\2009.07.15t08.20\Native\STUBEXE\@WINDIR@\101.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\darkside.leetworl-16e4e7\local settings\application data\Xenocode\Sandbox\pluginplus\1.00\2009.07.15t08.20\Virtual\STUBEXE\@APPDIR@\PaSsWard.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\darkside.leetworl-16e4e7\local settings\application data\Xenocode\Sandbox\usb security utilities\1.0.0.0\2010.07.22t14.20\Virtual\STUBEXE\@APPDIR@\usb security utilities.exe (Trojan.Agent) -> Quarantined and deleted successfully. d:\desktop\desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully. d:\desktop\bnetgatewayeditor\bnetgatewayeditor.exe (Trojan.LDPinch) -> Quarantined and deleted successfully. d:\starcraft 1.16.1.1\bnetgatewayeditor.exe (Trojan.LDPinch) -> Quarantined and deleted successfully. c:\WINDOWS\system32\config\systemprofile\application data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully. |
#13
Posted 31 July 2011 - 19:22
am avut 16 infectii dar nici una nu era despre acele 4 exe-uri si n-au mai aparut acele erori.
|
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users