Erori windows xp - 16-bit MS-DOS Subsystem

Salut. In intervalul orar 22:15 - 22:30 , in fiecare seara imi apar aceste ferestre care le puteti observa in poza.
Aveti idee de la ce ar putea fi ? Am cautat acele fisiere in folderul cu Windows dar nu le-am gasit , iar pe Google nu gasesc acele nume de fisiere.
http://img35.imagesh...789/eroarek.png

Pune un log HiJackThis si vezi ce ai.

Numai la aceasta ora???Nu am auzit niciodata erori sa dea la ore fixe

Am activat optiunea de a vedea fisierele invizibile si le-am gasit.

Logfile of Trend Micro HiJackThis v2.0.4
Scan saved at 22:47:54, on 29.07.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharewareisland.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware...uicksearch.aspx
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware...uicksearch.aspx
O1 - Hosts: 78.47.251.150 easyanticheat.se # misleading site
O1 - Hosts: 78.47.251.150 www.easyanticheat.se # misleading site
O1 - Hosts: 78.47.251.150 easyanticheat.com # misleading site
O1 - Hosts: 78.47.251.150 www.easyanticheat.com # misleading site
O1 - Hosts: 78.47.251.150 easyanticheat.org # misleading site
O1 - Hosts: 78.47.251.150 www.easyanticheat.org # misleading site
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.113.12.32 istockphoto.com
O1 - Hosts: 208.914.0.38 yfrog.com
O1 - Hosts: 63.309.5.12 virustotal.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.19 xing.com
O1 - Hosts: 59.16.98.139 seesaa.net
O1 - Hosts: 184.72.23.170 hootsuite.com
O1 - Hosts: 211.151.16.16 soku.com
O1 - Hosts: 72.321.12.222 metacafe.com
O1 - Hosts: 9.105.61.98 bitdefender.com
O1 - Hosts: 204.11.19.133 tribalfusion.com
O1 - Hosts: 207.154.14.31 tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.23.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.212.220 booking.com
O1 - Hosts: 118.69.21.6 vnexpress.net
O1 - Hosts: 103.67.11.13 trendmicro.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.16.241.157 softonic.com
O1 - Hosts: 208.83.23.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.16.3.251 nachtagenten.com
O1 - Hosts: 195.82.240.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 124.217.235.76 gsn.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.25 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.20.66.53 liveintercom.com
O1 - Hosts: 71.96.135.201 keenspace.com
O1 - Hosts: 202.51.17.37 jetsoftware.com
O1 - Hosts: 60.21.54.08 jamba.com
O1 - Hosts: 222.161.3.133 ir.com
O1 - Hosts: 200.24.22.170 investopedia.com
O1 - Hosts: 202.149.24.216 choiceradio.com
O1 - Hosts: 91.206.23.22 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 141.76.5.18 chip.com
O1 - Hosts: 128.06.192.15 redv.net
O1 - Hosts: 194.42.170.124 cgi.com
O1 - Hosts: 199.26.24.66 centcomm.com
O1 - Hosts: 202.149.24.26 digitallook.com
O1 - Hosts: 60.251.19.134 domainfactory.com
O1 - Hosts: 222.161.5.13 dvdfocomm.nu
O1 - Hosts: 157.95.56.15 e-kolay.com
O1 - Hosts: 85.29.213.15 eurosport.com
O1 - Hosts: 189.104.19.61 f1cd.com
O1 - Hosts: 125.162.92.234 free6.com
O1 - Hosts: 80.81.19.20 cdsoftware.com
O1 - Hosts: 85.29.23.115 adware-delete.com
O1 - Hosts: 69.89.221.135 hbv.com
O1 - Hosts: 92.48.210.39 protectorsuite.com
O1 - Hosts: 128.31.3.16 howstuffworks.com
O1 - Hosts: 85.249.213.17 hyena.com
O1 - Hosts: 219.19.18.59 zinfo.com204.9.178.11 typepad.com
O1 - Hosts: 74.113.12.32 istockphoto.com
O1 - Hosts: 208.914.0.38 yfrog.com
O1 - Hosts: 63.309.5.12 virustotal.com
O1 - Hosts: 123.125.50.22 126.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.19 xing.com
O1 - Hosts: 59.16.98.139 seesaa.net
O1 - Hosts: 184.72.23.170 hootsuite.com
O1 - Hosts: 211.151.16.16 soku.com
O1 - Hosts: 72.321.12.222 metacafe.com
O1 - Hosts: 9.105.61.98 bitdefender.com
O1 - Hosts: 204.11.19.133 tribalfusion.com
O1 - Hosts: 207.154.14.31 tripadvisor.com
O1 - Hosts: 216.52.240.133 ustream.tv
O1 - Hosts: 174.36.244.132 linkwithin.com
O1 - Hosts: 121.67.23.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.212.220 booking.com
O1 - Hosts: 118.69.21.6 vnexpress.net
O1 - Hosts: 103.67.11.13 trendmicro.com
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.16.241.157 softonic.com
O1 - Hosts: 208.83.23.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.11.53.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.157 nozonedata.com
O1 - Hosts: 76.16.3.251 nachtagenten.com
O1 - Hosts: 195.82.240.124 musicmatch.com
O1 - Hosts: 70.52.56.163 moscowtimes.com
O1 - Hosts: 124.217.235.76 gsn.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1454471165-1229272821-682003330-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CDA5848-1629-427A-B472-30878F00250C}: NameServer = 193.231.189.18 193.231.189.19
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8598 bytes

Nu aici,pe aria Devirusare

am incarcat acele fisiere pe virustotal si doar 1 din 43 de antivirusuri a seziat o problema, deci nu cred ca e vorba de devirusare. sa sterg acele fisiere , sau sa le las ca poate afecteaza alte programe ?

Daca ai system restore activat , da un restore inainte de a intampina aceasta problema si pentru orice eventualitate, da o scanare de system cu Malwarebytes, trojan remover, hitman 3.5 - toate sunt soft-uri gratuite si isi fac bine treaba .

Descarca si ruleaza asta:

http://download.bleepingcomputer.com/bats/hostsperm.bat

Navigheaza in:

Quote

Si sterge fisierul hosts.

Descarca: ComboFix si salveaza-l pe Desktop.

Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI.

Multumesc pentru suport.

ComboFix 11-07-29.03 - DarkSide 30.07.2011  12:28:25.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1535.947 [GMT 3:00]
Running from: c:\documents and settings\DarkSide.LEETWORL-16E4E7\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\x264vfw-uninstall.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-06-28 to 2011-07-30  )))))))))))))))))))))))))))))))
.
.
2068-01-16 08:48 . 2004-01-15 12:26 4057803 ----a-w- c:\program files\Mozilla Firefox\Speed.exe
2011-07-30 09:26 . 2011-07-29 19:27 2329 --sha-w- c:\windows\winbasrv.exe
2011-07-30 09:26 . 2011-07-29 19:23 2329 --sha-w- c:\windows\mcshlz.exe
2011-07-30 09:26 . 2011-07-29 19:19 2329 --sha-w- c:\windows\dsrsrv2.exe
2011-07-30 09:26 . 2011-07-29 19:15 2329 --sha-w- c:\windows\dserv23.exe
2011-07-29 19:45 . 2011-07-29 19:45 388096 ----a-r- c:\documents and settings\DarkSide.LEETWORL-16E4E7\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-29 19:45 . 2011-07-29 19:45 -------- d-----w- c:\program files\Trend Micro
2011-07-24 17:33 . 2011-07-25 11:23 -------- d-----w- C:\D.Gray-man
2011-07-24 15:50 . 2003-10-27 11:06 115016 ----a-w- c:\windows\system32\MSINET.OCX
2011-07-24 15:50 . 2003-10-27 11:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-07-24 15:50 . 2003-10-27 11:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2011-07-24 15:50 . 2003-10-27 11:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2011-07-24 15:50 . 2003-10-27 11:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2011-07-24 15:50 . 2003-10-27 11:06 35840 ----a-w- c:\windows\system32\comdlg32.oca
2011-07-24 15:50 . 2003-10-27 11:06 29184 ----a-w- c:\windows\system32\MSINET.oca
2011-07-24 15:50 . 2003-10-27 11:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-07-21 13:24 . 2011-07-21 13:24 -------- d-----w- c:\documents and settings\DarkSide.LEETWORL-16E4E7\Local Settings\Application Data\GHISLER
2011-07-21 13:21 . 2011-07-21 13:21 -------- d-----w- C:\totalcmd
2011-07-21 13:21 . 2011-07-21 13:21 -------- d-----w- c:\documents and settings\DarkSide.LEETWORL-16E4E7\Application Data\GHISLER
2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\UC.PIF
2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\RAR.PIF
2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\PKZIP.PIF
2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\LHA.PIF
2011-07-21 13:21 . 2010-07-07 04:55 545 ----a-w- c:\windows\ARJ.PIF
2011-07-21 12:08 . 2011-07-21 12:08 -------- d-----w- c:\program files\MSECache
2011-07-18 17:07 . 2011-07-28 14:25 -------- d-----w- c:\program files\mIRC
2011-07-11 07:55 . 2011-07-11 07:57 -------- d-----w- c:\program files\NVIDIA Corporation
2011-07-11 07:55 . 2011-07-11 07:55 -------- d-----w- C:\NVIDIA
2011-07-08 16:41 . 2011-07-08 16:41 -------- d-----w- c:\program files\Common Files\Spigot
2011-07-08 16:40 . 2011-07-08 16:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\YouTube Downloader
2011-07-07 10:20 . 2011-07-07 10:20 -------- d-----w- c:\program files\WEBZEN
2011-07-07 10:20 . 2010-11-04 15:49 53616 ----a-w- c:\windows\system32\CMStarter_Eng.dll
2011-07-07 10:20 . 2010-11-04 15:49 53616 ----a-w- c:\windows\system32\CMStarter_Kor.dll
2011-07-07 10:20 . 2010-11-04 15:49 364912 ----a-w- c:\windows\system32\CMStarterCore.exe
2011-07-07 10:17 . 2011-05-01 21:19 4045688 ----a-w- c:\windows\system32\GameMon.des
2011-07-07 10:17 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2011-07-07 10:17 . 2003-07-20 09:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd
2011-07-03 04:04 . 2011-07-03 04:04 59836 --sh--w- c:\windows\dtmn.exe
2011-07-03 04:04 . 2011-07-03 04:04 71678 --sh--w- c:\windows\pdwa.exe
2011-07-03 04:04 . 2011-07-03 04:04 66047 --sh--w- c:\windows\kdhr.exe
2011-07-03 04:04 . 2011-07-03 04:04 71686 --sh--w- c:\windows\wtsx.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 03:29 . 2011-05-20 04:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 06:09 . 2010-12-28 12:21 4198272 ----a-w- c:\windows\system32\nv4_disp.dll
2011-05-25 06:09 . 2010-12-28 12:21 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-06-25 20:21 . 2011-05-21 20:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^DarkSide.LEETWORL-16E4E7^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\DarkSide.LEETWORL-16E4E7\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 09:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 09:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 06:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-12-20 10:03 697856 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 06:09 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-05-04 21:02 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
2003-07-30 07:08 143360 ----a-w- c:\program files\Analog Devices\SoundMAX\SMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar]
2008-11-14 19:57 131778 ----a-w- c:\program files\Vista Rainbar\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Steam\\steamapps\\costelplescan\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"4458:TCP"= 4458:TCP:Application Sharing
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/28/2010 4:32 PM 721904]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2/27/2011 2:12 AM 218688]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [12/6/2010 9:31 AM 1238408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/11/2011 10:56 AM 2214504]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [4/3/2011 1:51 PM 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [4/3/2011 1:51 PM 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [1/20/2011 2:55 PM 616064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-29 c:\windows\Tasks\At10.job
- c:\windows\dtmn.exe [2011-07-03 04:04]
.
2011-07-29 c:\windows\Tasks\At2.job
- c:\windows\kdhr.exe [2011-07-03 04:04]
.
2011-07-29 c:\windows\Tasks\At3.job
- c:\windows\wtsx.exe [2011-07-03 04:04]
.
2011-07-29 c:\windows\Tasks\At4.job
- c:\windows\pdwa.exe [2011-07-03 04:04]
.
2011-07-29 c:\windows\Tasks\At5.job
- c:\windows\dtmn.exe [2011-07-03 04:04]
.
2011-07-29 c:\windows\Tasks\At7.job
- c:\windows\kdhr.exe [2011-07-03 04:04]
.
2011-07-29 c:\windows\Tasks\At8.job
- c:\windows\wtsx.exe [2011-07-03 04:04]
.
2011-07-29 c:\windows\Tasks\At9.job
- c:\windows\pdwa.exe [2011-07-03 04:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
mStart Page = hxxp://www.sharewareisland.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
TCP: Interfaces\{5CDA5848-1629-427A-B472-30878F00250C}: NameServer = 193.231.189.18 193.231.189.19
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-x264vfw - c:\windows\system32\x264vfw-uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-30 12:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Completion time: 2011-07-30  12:33:59
ComboFix-quarantined-files.txt  2011-07-30 09:33
ComboFix2.txt  2011-07-30 09:22
.
Pre-Run: 9.204.920.320 bytes free
Post-Run: 9.181.302.784 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3BBE50474EBC38CCD14845D73C194AAD

Descarca

Malwarebytes Anti-Malware 1.51.1.1800

si salveaza-l pe Desktop.

Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish.

[ http://i53.tinypic.com/13za8f8.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i54.tinypic.com/2dtq001.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i53.tinypic.com/qrerzm.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i54.tinypic.com/2wnpfr6.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i54.tinypic.com/15i7tea.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i55.tinypic.com/1ikapc.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i51.tinypic.com/2efpyfl.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i56.tinypic.com/5xo5g8.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i53.tinypic.com/2e2dnkn.png - Pentru incarcare in pagina (embed) Click aici ]

Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele.

Database version: 7XXX

[ http://i52.tinypic.com/9fyxjr.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i52.tinypic.com/5ytef5.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i51.tinypic.com/2gw53z7.png - Pentru incarcare in pagina (embed) Click aici ]

Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan.

[ http://i54.tinypic.com/23h3pj7.png - Pentru incarcare in pagina (embed) Click aici ]

La terminarea scanarii apasa OK si apoi Show Results.

[ http://i55.tinypic.com/1z1yavt.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i55.tinypic.com/2cygmc5.png - Pentru incarcare in pagina (embed) Click aici ]

Asigura-te ca e totul bifat si apoi apasa Remove Selected.

[ http://i53.tinypic.com/2rrqi2q.png - Pentru incarcare in pagina (embed) Click aici ]

La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici.

[ http://i53.tinypic.com/1zxazrk.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i56.tinypic.com/2enrbwj.png - Pentru incarcare in pagina (embed) Click aici ]

Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.)

[ http://i51.tinypic.com/2yllhk5.png - Pentru incarcare in pagina (embed) Click aici ]

[ http://i53.tinypic.com/1zxazrk.png - Pentru incarcare in pagina (embed) Click aici ]

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7325

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

30.07.2011 16:52:47
mbam-log-2011-07-30 (16-52-47).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 368568
Time elapsed: 49 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\uhcd.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{75d1eaa0-a83c-42f0-b67a-7928d5a58780}\RP1\A0000071.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\system volume information\_restore{75d1eaa0-a83c-42f0-b67a-7928d5a58780}\RP1\A0000086.exe (PUP.CCProxy) -> Quarantined and deleted successfully.
c:\system volume information\_restore{75d1eaa0-a83c-42f0-b67a-7928d5a58780}\RP1\A0000131.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\system volume information\_restore{75d1eaa0-a83c-42f0-b67a-7928d5a58780}\RP1\A0000319.exe (Trojan.LDPinch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f87f9462-296f-4c6c-ba14-87f07a5fbdcf}\RP149\A0062558.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\pdwa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\wtsx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\darkside.leetworl-16e4e7\Desktop\new desktop\super simple wall v7.0\sswv7.0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\documents and settings\darkside.leetworl-16e4e7\local settings\application data\Xenocode\Sandbox\pluginplus\1.00\2009.07.15t08.20\Native\STUBEXE\@WINDIR@\101.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\darkside.leetworl-16e4e7\local settings\application data\Xenocode\Sandbox\pluginplus\1.00\2009.07.15t08.20\Virtual\STUBEXE\@APPDIR@\PaSsWard.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\darkside.leetworl-16e4e7\local settings\application data\Xenocode\Sandbox\usb security utilities\1.0.0.0\2010.07.22t14.20\Virtual\STUBEXE\@APPDIR@\usb security utilities.exe (Trojan.Agent) -> Quarantined and deleted successfully.
d:\desktop\desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
d:\desktop\bnetgatewayeditor\bnetgatewayeditor.exe (Trojan.LDPinch) -> Quarantined and deleted successfully.
d:\starcraft 1.16.1.1\bnetgatewayeditor.exe (Trojan.LDPinch) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\application data\addon.dat (Malware.Trace) -> Quarantined and deleted successfully.

Ai avut ceva infectii. Mai sunt probleme ?

am avut 16 infectii dar nici una nu era despre acele 4 exe-uri si n-au mai aparut acele erori.

Daca mai sunt probleme, revino aici.