[cerere] Program
Last Updated: Aug 31 2011 14:50, Started by
xHeadBusterx
, Aug 31 2011 14:38
·
0
#1
Posted 31 August 2011 - 14:38
salut
am si eu o mica problema cu pc-ul ... in ultimile zile mi sa tot infestat pc-ul cu virusul "somborski" (sjlp.exe) . am reusit sa scap de el dar iar si iar a revenit ... am incercat cu mai multi antivirusi (avg , kaspersky , comodo , Avira , Avast ) , acum am scapat de el cu ajutorul "combo fix" sa revin la cererea de program ... la calculatoarele de la scoala ( acum vreo 4-5 ani ) aveau un program care la restartarea pc-ului toate informatiile reveneau la o anumita data asa ca ... oricat incercai sa virusezi acel pc ... dupa ce se restart pc-ul , virusul disparea din pacate nu mai tin mitne cum se chema acel program , asa ca va rog eu mult daca stiti vreun program de genu asta va rog scrieti aici ... multumesc mult pentru ajutor |
#3
Posted 31 August 2011 - 14:50
ms mult ... nici nu sti cat de mult mai ajutat ...
tineam minte ca e ceva cu o fata de urs .. sau ceva de genu ... dar nu mai stiam exact mai jos e un log creat de "combofix" , puteti sa imi ziceti daca e ceva suspicios in el ? eu acum am webroot internet security complete (trial) ComboFix 11-08-31.02 - Done 08/31/2011 14:43:48.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.236 [GMT 3:00] Running from: c:\documents and settings\Done\Desktop\ComboFix.exe AV: Webroot Internet Security Complete *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597} FW: Webroot Internet Security Complete *Disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Done\Application Data\sjlp.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 ))))))))))))))))))))))))))))))) . . 2011-08-17 13:58 . 2011-08-17 13:58 -------- d-----w- C:\$AVG 2011-08-17 09:04 . 2011-08-31 10:29 -------- d-----r- C:\SOMBORSKI . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{6B78A880-15CA-468f-8422-A7960AD6FBB9}" [HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}] 2011-07-21 13:04 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}" [HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}] 2011-07-21 13:04 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}" [HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}] 2011-07-21 13:04 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{493FC96E-B938-4924-9B38-C4088E9B8AC2}" [HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}] 2011-07-21 13:04 326928 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-08-19 1382984] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini backup=c:\windows\pss\desktop.iniCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 09:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2011-06-16 04:55 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 02:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2004-10-29 13:50 4620288 ----a-w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2004-10-29 13:50 86016 ----a-w- c:\windows\system32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2004-10-29 13:50 921600 ----a-w- c:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "YahooAUService"=2 (0x2) "ose"=3 (0x3) "NVSvc"=2 (0x2) "CLPSLS"=2 (0x2) "MDM"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "e:\\Program Files\\Garena Classic\\Garena.exe"= . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/25/2011 9:38 PM 232512] R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [8/19/2011 8:22 PM 122696] R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [8/19/2011 8:22 PM 45584] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [8/19/2011 8:17 PM 3381184] S3 GGSAFERDriver;GGSAFER Driver;\??\e:\program files\Garena Classic\safedrv.sys --> e:\program files\Garena Classic\safedrv.sys [?] S3 XDva369;XDva369;\??\c:\windows\system32\XDva369.sys --> c:\windows\system32\XDva369.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - NTMSSVC . Contents of the 'Scheduled Tasks' folder . 2011-08-31 c:\windows\Tasks\PandaUSBVaccine.job - c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-08-31 14:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ro/ IE: E&xport în Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-COMODO - c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe MSConfigStartUp-CPA - c:\program files\COMODO\COMODO GeekBuddy\VALA.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-31 15:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2011-08-31 15:16:32 ComboFix-quarantined-files.txt 2011-08-31 12:16 . Pre-Run: 24,703,995,904 bytes free Post-Run: 24,802,947,072 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - C74A2EEC87558F2F53C31153B24EFB10 |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users