Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
betano.ro

Poveste fara sfarșit

I-auziti voi! - nu vor romani...

Colon iritabil
 Perioada de gratie inexistenta

Cel mai ieftin TV LED mic

Reverse proxy si htaccess pe Raps...

Statie de epurare sau fosa septic...
 "enerlux p" afisaj interm...

Adaptor usb3.1gigabit vs Adaptor ...

La multi ani @Atreides!

La multi ani @KENSINGTON!
 La multi ani @burebista!

La multi ani de Florii!

Stihl fs 70 c-e

Challengers (2024)
 

[cerere] Program

- - - - -
Last Updated: Aug 31 2011 14:50, Started by xHeadBusterx , Aug 31 2011 14:38  
  ·  
  • Please log in to reply
2 replies to this topic

#1
xHeadBusterx
Posted 31 August 2011 - 14:38

xHeadBusterx

    New Member

  • Grup: Members
  • Posts: 8
  • Înscris: 13.02.2010
salut

am si eu o mica problema cu pc-ul ... in ultimile zile mi sa tot infestat pc-ul cu virusul "somborski" (sjlp.exe) . am reusit sa scap de el dar iar si iar a revenit ... am incercat cu mai multi antivirusi (avg , kaspersky , comodo , Avira , Avast ) , acum am scapat de el cu ajutorul "combo fix"

sa revin la cererea de program ... la calculatoarele de la scoala ( acum vreo 4-5 ani ) aveau un program care la restartarea pc-ului toate informatiile reveneau la o anumita data asa ca ... oricat incercai sa virusezi acel pc ... dupa ce se restart pc-ul , virusul disparea
din pacate nu mai tin mitne cum se chema acel program , asa ca va rog eu mult daca stiti vreun program de genu asta va rog scrieti aici ...


multumesc mult pentru ajutor

#2
mostwanted4
Posted 31 August 2011 - 14:40

mostwanted4

    Junior Member

  • Grup: Members
  • Posts: 52
  • Înscris: 26.05.2009
Se cheama DeepFreeze.

#3
xHeadBusterx
Posted 31 August 2011 - 14:50

xHeadBusterx

    New Member

  • Grup: Members
  • Posts: 8
  • Înscris: 13.02.2010
ms mult ... nici nu sti cat de mult mai ajutat ...

tineam minte ca e ceva cu o fata de urs .. sau ceva de genu ... dar nu mai stiam exact


mai jos e un log creat de "combofix" , puteti sa imi ziceti daca e ceva suspicios in el ? eu acum am webroot internet security complete (trial)

ComboFix 11-08-31.02 - Done 08/31/2011  14:43:48.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.236 [GMT 3:00]
Running from: c:\documents and settings\Done\Desktop\ComboFix.exe
AV: Webroot Internet Security Complete *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Complete *Disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Done\Application Data\sjlp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-28 to 2011-08-31  )))))))))))))))))))))))))))))))
.
.
2011-08-17 13:58 . 2011-08-17 13:58	--------	d-----w-	C:\$AVG
2011-08-17 09:04 . 2011-08-31 10:29	--------	d-----r-	C:\SOMBORSKI
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2011-07-21 13:04	326928	----a-w-	c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2011-07-21 13:04	326928	----a-w-	c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2011-07-21 13:04	326928	----a-w-	c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2011-07-21 13:04	326928	----a-w-	c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-08-19 1382984]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 09:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 04:55	6276408	----a-w-	c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:42	1695232	------w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-10-29 13:50	4620288	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2004-10-29 13:50	86016	----a-w-	c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2004-10-29 13:50	921600	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"CLPSLS"=2 (0x2)
"MDM"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Garena Classic\\Garena.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [8/25/2011 9:38 PM 232512]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [8/19/2011 8:22 PM 122696]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [8/19/2011 8:22 PM 45584]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [8/19/2011 8:17 PM 3381184]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\program files\Garena Classic\safedrv.sys --> e:\program files\Garena Classic\safedrv.sys [?]
S3 XDva369;XDva369;\??\c:\windows\system32\XDva369.sys --> c:\windows\system32\XDva369.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTMSSVC
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-31 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2011-08-31 14:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ro/
IE: E&xport în Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-COMODO - c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe
MSConfigStartUp-CPA - c:\program files\COMODO\COMODO GeekBuddy\VALA.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-31 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-31  15:16:32
ComboFix-quarantined-files.txt  2011-08-31 12:16
.
Pre-Run: 24,703,995,904 bytes free
Post-Run: 24,802,947,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C74A2EEC87558F2F53C31153B24EFB10

Anunturi

Bun venit pe Forumul Softpedia!
Back to Dezbateri despre securitatea IT

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Forumul Softpedia
  2. Soft Related / OS
  3. Antivirus & Security
  4. Dezbateri despre securitatea IT
Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate