Second Opinion
Folosind serviciul second opinion ne puteți trimite RMN-uri, CT -uri, angiografii, fișiere .pdf, documente medicale. Astfel vă vom putea da o opinie neurochirurgicală, fără ca aceasta să poată înlocui un consult de specialitate. Răspunsurile vor fi date prin e-mail în cel mai scurt timp posibil (de obicei în mai putin de 24 de ore, dar nu mai mult de 48 de ore). Second opinion – Neurohope este un serviciu gratuit. www.neurohope.ro |
websearch.helpmefindyour.info - cum scap de el?
Last Updated: Jan 05 2016 23:09, Started by
Bujye
, Apr 07 2013 19:43
·
0
#1
Posted 07 April 2013 - 19:43
Salut!
De cateva zile, cand deschid o fila noua in Firefox, in loc sa-mi apara fila alba, imi apare "http://websearch.hel...findyour.info/" de care nu pot sa scap si care, la randul lui, mai are niste fisiere virusate cu "felicitari, ai castigat un telefon mobil" sau alte chestii din astea la care, desigur, ca nu am dat click. Am incercat sa atasez un printscreen (care merge) si un Logfile cu HijackThis, in care imi apare si virusul asta sau ce o mai fi el dar nu mi se da voie ("nu va este permis sa uploadati acest tip de fisier"). Pt asta, atasez mai jos ce scrie in logfile: Logfile of Trend Micro HiJackThis v2.0.4 Scan saved at 20:27:00, on 07.04.2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\program files\soluto\soluto.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Soluto\SolutoLauncherService.exe C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\Adobe\Shockwave 12\SwHelper_1200112.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hel...057&lg=EN&cc=RO R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Asistenta legaturi Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Soluto] c:\program files\soluto\soluto.exe /init O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2E5C77D8-DB55-4D0B-9B35-B5A968236E48}: NameServer = 213.154.124.1 193.231.252.1 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolutoLauncher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 6872 bytes Attached Files |
#2
Posted 08 April 2013 - 20:03
1. Descarca si salveaza pe Desktop, RogueKiller sau de aici.
Inchide toate programele care ruleaza. Scoate tot din porturile USB(Memory Stick, Hard Extern). Dublu click pe RogueKiller.exe, pentru a rula. Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Asteapta pana Prescan-ul a terminat. Click pe "Scan". Asteapta pana ce in Status box apare "Scan Finished". Click pe "Report" si copy/paste aici. Pe imaginea de mai jos ignora pasul 3! [ http://s9.postimage.org/q04cnvji7/image.jpg - Pentru incarcare in pagina (embed) Click aici ] 2. Descarca AdwCleaner by Xplode pe Desktop. Dublu click pe AdwCleaner.exe pentru al rula. Pentru Windows Vista sau Windows7, click dreapta, selecteaza Run as administrator. Click pe Search. Asteapta sa termine de cautat. Dupa click pe Delete. Un fisier log se va deschide dupa ce va termina de scanat. Posteaza continutul lui aici. Logul se gaseste in C:\AdwCleaner[Sn].txt (n este un numar). [ http://s8.postimage.org/q3trcenth/ADW1.jpg - Pentru incarcare in pagina (embed) Click aici ] Edited by MhG_40, 08 April 2013 - 20:04. |
#3
Posted 08 April 2013 - 20:32
1.
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Administrator [Admin rights] Mode : Scan -- Date : 04/08/2013 21:22:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{2E5C77D8-DB55-4D0B-9B35-B5A968236E48} : NameServer (213.154.124.1 193.231.252.1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[25] : NtClose @ 0x805679CD -> HOOKED (Unknown @ 0xBA70B6C4) SSDT[41] : NtCreateKey @ 0x80570F9F -> HOOKED (Unknown @ 0xBA70B67E) SSDT[50] : NtCreateSection @ 0x805653B3 -> HOOKED (Unknown @ 0xBA70B6CE) SSDT[53] : NtCreateThread @ 0x8058A33B -> HOOKED (Unknown @ 0xBA70B674) SSDT[63] : NtDeleteKey @ 0x80595A16 -> HOOKED (Unknown @ 0xBA70B683) SSDT[65] : NtDeleteValueKey @ 0x80593636 -> HOOKED (Unknown @ 0xBA70B68D) SSDT[68] : NtDuplicateObject @ 0x80571A5B -> HOOKED (Unknown @ 0xBA70B6BF) SSDT[98] : NtLoadKey @ 0x805ADC0B -> HOOKED (Unknown @ 0xBA70B692) SSDT[122] : NtOpenProcess @ 0x80571C42 -> HOOKED (Unknown @ 0xBA70B660) SSDT[128] : NtOpenThread @ 0x80590C57 -> HOOKED (Unknown @ 0xBA70B665) SSDT[177] : NtQueryValueKey @ 0x8056A2F9 -> HOOKED (Unknown @ 0xBA70B6E7) SSDT[193] : NtReplaceKey @ 0x8064FFF8 -> HOOKED (Unknown @ 0xBA70B69C) SSDT[200] : NtRequestWaitReplyPort @ 0x80574E84 -> HOOKED (Unknown @ 0xBA70B6D8) SSDT[204] : NtRestoreKey @ 0x8064FB8D -> HOOKED (Unknown @ 0xBA70B697) SSDT[213] : NtSetContextThread @ 0x8062E787 -> HOOKED (Unknown @ 0xBA70B6D3) SSDT[237] : NtSetSecurityObject @ 0x80598182 -> HOOKED (Unknown @ 0xBA70B6DD) SSDT[247] : NtSetValueKey @ 0x80572D04 -> HOOKED (Unknown @ 0xBA70B688) SSDT[255] : NtSystemDebugControl @ 0x8064ABCF -> HOOKED (Unknown @ 0xBA70B6E2) SSDT[257] : NtTerminateProcess @ 0x80584B31 -> HOOKED (Unknown @ 0xBA70B66F) S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xBA70B6F6) S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xBA70B6FB) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Maxtor 6E040L0 +++++ --- User --- [MBR] c8c1f4d8275279b79bef17b9baeed1a0 [BSP] db74f9bf673b1b5c7ec9a9dbfe94da85 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29188 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 59793923 | Size: 10001 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD800BB-75JHA0 +++++ --- User --- [MBR] 76d36304638184024d400a265bb06a89 [BSP] 453e48878cc16cf913feb13ec6ebdeb8 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 61432560 | Size: 46288 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04082013_02d2122.txt >> RKreport[1]_S_04082013_02d2122.txt 2. # Adwcleaner v2.200 - Logfile created 04/08/2013 at 21:26:05 # Updated 02/04/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - HOME-CDCD0C9938 # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t9n4sds1.default\searchplugins\WebSearch.xml Folder Deleted : C:\Documents and Settings\Administrator\Application Data\NCdownloader Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\SProtector Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Software Key Deleted : HKLM\Software\SP Global Key Deleted : HKLM\Software\SProtector Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (ro) File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t9n4sds1.default\prefs.js Deleted : user_pref("aol_toolbar.default.homepage.check", false); Deleted : user_pref("aol_toolbar.default.search.check", false); Deleted : user_pref("browser.search.defaultenginename", "WebSearch"); Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch"); Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.helpmefindyour.info/?pid=700&r=2013/03/31&h[...] Deleted : user_pref("browser.search.order.1", "WebSearch"); Deleted : user_pref("browser.search.order.1,S", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine", "WebSearch"); Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch"); Deleted : user_pref("extensions.515820e817e3c.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0); Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Deleted : user_pref("keyword.URL", "hxxp://websearch.helpmefindyour.info/?pid=700&r=2013/03/31&hid=3717159057&[...] Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch"); Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch"); Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.helpmefindyour.info[...] Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.helpmefindyour.info/?pid=700&r=2[...] Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Deleted : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v [Unable to get version] File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.167] : homepage = "hxxp://websearch.helpmefindyour.info/?pid=700&r=2013/03/31&hid=3717159057&lg=EN&cc=RO"[...] ************************* AdwCleaner[R1].txt - [5130 octets] - [08/04/2013 21:25:37] AdwCleaner[S1].txt - [5006 octets] - [08/04/2013 21:26:05] ########## EOF - C:\AdwCleaner[S1].txt - [5066 octets] ########## |
#4
Posted 08 April 2013 - 20:37
Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. |
#5
Posted 09 April 2013 - 16:25
ComboFix 13-04-08.04 - Administrator 09.04.2013 17:09:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1083 [GMT 3:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Bruowsee2save c:\documents and settings\All Users\Application Data\Bruowsee2save\515820e817f23.tlb c:\documents and settings\All Users\Application Data\Bruowsee2save\settings.ini c:\documents and settings\All Users\Application Data\Seayrech-NeWTab c:\documents and settings\All Users\Application Data\Seayrech-NeWTab\515821013650d.tlb c:\documents and settings\All Users\Application Data\Seayrech-NeWTab\data\Seayrech-NeWTab.dat c:\documents and settings\All Users\Application Data\Seayrech-NeWTab\settings.ini . . ((((((((((((((((((((((((( Files Created from 2013-03-09 to 2013-04-09 ))))))))))))))))))))))))))))))) . . 2013-03-30 21:44 . 2013-03-30 21:44 -------- d-----r- C:\MSOCache 2013-03-30 21:31 . 2013-03-30 21:31 -------- d-----w- C:\Esl 2013-03-30 21:30 . 2013-03-30 21:31 -------- d-----w- C:\Resource 2013-03-30 21:30 . 2013-03-30 21:31 -------- d-----w- C:\Setup Files 2013-03-30 21:30 . 2013-03-30 21:31 -------- d-----w- C:\Reader . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-29 18:30 . 2008-04-14 12:00 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-29 18:30 . 2008-04-14 12:00 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-05 20:04 . 2012-06-13 15:36 920064 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:04 . 2012-06-13 15:36 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 20:04 . 2012-06-13 15:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:40 . 2012-06-13 15:36 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 03:55 . 2012-06-13 15:35 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-03-07 14:30 . 2013-04-07 15:24 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-06-13 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "nwiz"="nwiz.exe" [2002-08-30 372736] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-31 345312] "Soluto"="c:\program files\soluto\soluto.exe" [2013-03-27 1279552] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Soluto\\SolutoCleanup.exe"= "c:\\Program Files\\Soluto\\SolutoConsole.exe"= "c:\\Program Files\\Soluto\\SolutoUpdateService.exe"= "c:\\Program Files\\Soluto\\SolutoService.exe"= "c:\\Program Files\\Soluto\\Soluto.exe"= . R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [13.06.2012 18:45 13616] R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [13.06.2012 18:45 5632] R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [13.06.2012 18:45 13616] R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [31.03.2013 23:26 51144] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [31.03.2013 13:19 37352] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.03.2013 01:13 242240] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [31.03.2013 13:19 86752] R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [27.03.2013 15:36 166976] R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [27.03.2013 15:36 714816] R3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\drivers\CamSuiteVAC.sys [30.03.2013 22:48 37560] R3 cpuz136;cpuz136;\??\c:\windows\TEMP\cpuz136\cpuz136_x32.sys --> c:\windows\TEMP\cpuz136\cpuz136_x32.sys [?] S3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [27.03.2013 15:33 1245248] . Contents of the 'Scheduled Tasks' folder . 2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 18:30] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ro/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: Interfaces\{2E5C77D8-DB55-4D0B-9B35-B5A968236E48}: NameServer = 213.154.124.1 193.231.252.1 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t9n4sds1.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.ro/ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-03-31 14:42; [email protected]; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t9n4sds1.default\extensions\[email protected] FF - ExtSQL: 2013-03-31 14:42; [email protected]; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\t9n4sds1.default\extensions\[email protected] FF - ExtSQL: 2013-03-31 23:25; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . AddRemove-{A066F680-028E-9618-7E35-004041D7E0F9} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{6B017~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-09 17:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(644) c:\program files\Avira\AntiVir Desktop\avsda.dll . Completion time: 2013-04-09 17:20:02 ComboFix-quarantined-files.txt 2013-04-09 14:19 . Pre-Run: 14.378.655.744 bytes free Post-Run: 14.549.450.752 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - CC485CFF2D833B053B80E0C7BF5F38AA |
#7
Posted 09 April 2013 - 18:34
#8
Posted 09 April 2013 - 19:04
Fa ca aici si reseteaza Firefox:
http://forum.softped...8#entry12666437 Posteaza un log nou cu HiJackThis. Edited by MhG_40, 09 April 2013 - 19:05. |
#9
Posted 09 April 2013 - 19:39
facut ce mi-ai spus, nu mai apare "websearch-ul".
Logfile of Trend Micro HiJackThis v2.0.4 Scan saved at 20:36:24, on 09.04.2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\program files\soluto\soluto.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Soluto\SolutoLauncherService.exe C:\Program Files\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Asistenta legaturi Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Soluto] c:\program files\soluto\soluto.exe /init O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{2E5C77D8-DB55-4D0B-9B35-B5A968236E48}: NameServer = 213.154.124.1 193.231.252.1 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolutoLauncher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 5807 bytes |
#10
Posted 09 April 2013 - 20:41
Arata bine.
1. Dublu click pe adwcleaner.exe Pentru Windows Vista sau Windows 7, click dreapta, selecteaza Run as administrator. Click pe Uninstall. Confirma cu Yes. [ http://s14.postimage.org/ise7yeyv5/ADW2.jpg - Pentru incarcare in pagina (embed) Click aici ] 2. Start, Run si scrie: combofix /uninstall Intre (combofix si / ) este un spatiu! 3. RogueKiller si logurile ramase se sterg normal. Numai bine. [ http://i1.ifrm.com/228/109/upload/p22002758.gif - Pentru incarcare in pagina (embed) Click aici ] |
|
#11
Posted 10 April 2013 - 15:39
Executat, mersi frumos pt ajutor.
Numai bine si tie si mult succes mai departe (am vazut ca ai mai ajutat nestiutori ca mine). |
#13
Posted 05 January 2016 - 22:58
MhG_40, on 08 aprilie 2013 - 20:37, said:
Descarca: ComboFix si salveaza-l pe Desktop. Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. "This operating system is not suported! ComboFix only runs on: *Windows XP (32 bit) *Windows Vista (32/64 bit) *Windows 7 (32/64 bit) *Windows 8 (32/64 bit)", ori eu am Windows 8.1, deci să înțeleg că pe Windows 8.1 nu este suportat!? |
#14
Posted 05 January 2016 - 23:09
Screenshot_2016-01-05_22-07-11.png 8.39K
0 downloads
Daca crezi ca te pot ajuta, deschide un subiect nou. Descrie acolo problema. Descarca si salveaza Farbar Recovery Scan Tool, pe Desktop. Dublu click pe FRST.exe pentru al rula.[ http://s4.postimg.org/b7b2g838p/Frst1.png - Pentru incarcare in pagina (embed) Click aici ] Pentru Windows Vista sau Windows7,Windows8 click dreapta, selecteaza Run as administrator. Click pe Yes. [ http://s27.postimg.org/yzw6sw783/FRST2.png - Pentru incarcare in pagina (embed) Click aici ] Click pe Scan. [ http://s4.postimg.org/69q3ljvgt/Frst5.jpg - Pentru incarcare in pagina (embed) Click aici ] La terminare vor apare 2 ferestre de Notepad - FRST.txt si Addition.txt. Ataseaza FRST.txt si Addition.txt in urmatorul raspuns. [ http://s30.postimg.org/m4ozfqfpt/ataseaza.jpg - Pentru incarcare in pagina (embed) Click aici ] |
Anunturi
▶ 1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users