Ai şi tu o întrebare ? Pune-o aici
 
2171317intrebari
TPU.ro blog

Tricourile au plecat spre campioni (2013-05-14)
Ultimele intrebari Twitter
micşorează boxul
Categorii
micşorează boxul
Blogul tău poate ajuta
Iti recomandam
TRAFIC
22 Mai		 SATI 498.215AFISARI
211.239VIZITE
176.692V. UNICI
9 Iulie 2011
SCOOBftw intreaba:

Hi TpU.



Revin cu o foarte mare problema :)!



Am bagat un stick in unitate, al uni prieten si era ceva acolo, care credeam ca e un film. Dau pe el, se deschide CommandPrompt, nimic interesant.Era chiar FunnyUSTScandal (mi-a afectat procese multe, foarte multe, mi-a facut mii de probleme, nu mi-a mers TaskManager si RegistryEditor, nici acum nu merg, nu stiam ce sa fac.Am instalat Task Killer si am inchis toate procesele ce tineau de virus, dar a afectat cateva si anume lsass. exe, csass. exe, smss. exe, xmss. exe (procesul FUS), am scapat de FUS, dar au ramas urme de pe stick). Azi am descoperit, si anume autorun.inf.In C si in D.



In C:





[AutoRun]

;



;

OPeN =uksjhr. exe

; qkkvolGGSBvrge CqsxAcrXbiShmI sogWftHeh cJvgJ

shell\open\coMMand= uksjhr. exe



; cxgarkmN

sheLl\eXPLOre\comMand =uksjhr. exe

; fkAo KcIL

sHELl\opEN\DEfaULT=1

;

ShEll\AUtoplAY\coMmaNd= uksjhr. exe

; pcSDvbkaPKCA



uksjhr. exe e un fisier ce apare in C, pot sa il sterg, dar reapare.



In D:



[AutoRun]

; SfaePRNoCVC

; JoFt UepDMHitGoyOaiCChiWtLYotS geip KvfbS ypRlGq

sHeLl\OpeN\DeFaulT=1

shell\explOre\Command= fecjyk. exe

;

opEn =fecjyk. exe

; rNhwslRsDTjOmuAWhv

Shell\OpEN\commanD= fecjyk. exe



;

shell\AUtOPlAy\cOMmanD= fecjyk. exe

; ulpwR cMmHeshfpOyc



fecjyk. exe pot sa il sterg dar reapare.



Cand incerc sa sterg autorun.inf imi spune ca e utilizat de alt program.Cand aprind PC, imediat ma duc la ele, se sterg dar reapar.



Am download MalwareAntyBytes, am sterg ce a detectat.

Antivirus nu pot instala nici unul, pentru ca, intru in instalare dar dupa 10 secunde iese din ea.



Raport HiJackThis.



Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:27:52, on 10/07/2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20583)

Boot mode: Normal



Running processes:

C:\WINDOWS\system32\csrss. exe

C:\WINDOWS\system32\winlogon. exe

C:\WINDOWS\system32\services. exe

C:\WINDOWS\system32\lsass. exe

C:\WINDOWS\system32\svchost. exe

C:\WINDOWS\system32\svchost. exe

C:\WINDOWS\System32\svchost. exe

C:\WINDOWS\system32\svchost. exe

C:\WINDOWS\system32\svchost. exe

C:\Program Files\Bonjour\mDNSResponder. exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService. exe

C:\WINDOWS\Explorer. EXE

C:\WINDOWS\system32\ctfmon. exe

D:\Program Files\Task Killer\TaskKiller. exe

C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect. exe

C:\WINDOWS\system32\svchost. exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome. exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome. exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome. exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome. exe

D:\HijackThis. exe

C:\WINDOWS\system32\wbem\wmiprvse. exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.gooogle.ro/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *. local

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt. dll (file missing)

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin. dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt. dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv. dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin. dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt. dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt. dll

O4 - HKLM\.\Run: [VTTimer] VTTimer. exe

O4 - HKLM\.\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon. exe" -lang 1033

O4 - HKLM\.\Run: [IObit Security 360] "D:\Program Files\IObit\IObit Security 360\IS360tray. exe" /autostart

O4 - HKCU\.\Run: [ctfmon. exe] C:\WINDOWS\system32\ctfmon. exe

O4 - HKCU\.\Run: [Task Killer] D:\Program Files\Task Killer\TaskKiller. exe

O4 - HKCU\.\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3(Premmium)\AWC. exe" /startup

O4 - HKUS\S-1-5-19\.\Run: [CTFMON. EXE] C:\WINDOWS\system32\CTFMON. EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\.\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\.\Run: [CTFMON. EXE] C:\WINDOWS\system32\CTFMON. EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\.\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\.\Run: [CTFMON. EXE] C:\WINDOWS\system32\CTFMON. EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\.\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')

O4 - HKUS\. DEFAULT\.\Run: [CTFMON. EXE] C:\WINDOWS\system32\CTFMON. EXE (User 'Default user')

O4 - HKUS\. DEFAULT\.\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ System, DisableRegedit=1

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin. dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin. dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag. exe

O9 - Extra 'Tools' menuitem: @xpsp3res. dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag. exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs. exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs. exe

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin. dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1. DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui. dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui. dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder. exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc. exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService. exe

O23 - Service: IS360service - IObit - D:\Program Files\IObit\IObit Security 360\IS360srv. exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs. exe

O23 - Service: SAVScan - Unknown owner - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan. exe (file missing)

O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ. exe (file missing)

O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService. exe



--

End of file - 6878 bytes





Spuneti-mi ce as putea instala, ce as putea face. De formatare ma feresc.





Urmareste intrebarea Adauga la favorite
Ce nota dai intrebarii?
  • 2 răspunsuri RSS raspunsuri)
  • idctm idctm
    10 Iulie 2011 04:59
    idctm a răspuns:
    Pai dc nu ai avut antivirus? nici inainte nu puteai instala antivirus? incearca dr.web aici il descarci ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe si daca nu merge nici asa altfel nu stiu
    idctm asculta >>>
  • SCOOBftw
    10 Iulie 2011 15:58
    SCOOBftw explică:
    Inainte puteam instala...Dar daca n-am avut instalat, asta e.