Forum Romania Inedit
Romania Inedit - Resursa ta de Fun
|
Lista Forumurilor Pe Tematici
|
Forum Romania Inedit | Reguli | Inregistrare | Login
POZE FORUM ROMANIA INEDIT
Nu sunteti logat.
|
Nou pe simpatie:
crazy_hell_angel pe Simpatie.ro
 | Femeie
25 ani
Gorj
cauta Barbat
25 - 53 ani |
|
|
plush
Pe lista neagra
Inregistrat: acum 18 ani
|
|
Am instalat un windows XP cu SP3 acasa ( dupa ce am mai incercat vreo 2 variante )
Am folosit Driver magician ca sa fac un backup la drivere si am ales sa imi creeze un executabil care sa imi instaleze driverele.
Dupa vreo 3 ore de la instalare a pornit Rapid Antivirus sa scaneze .....
Nu am gasit cum sa il sterg din Control Panel asa ca am urmat sfaturi de pe google si am sters executabilul ( nu mai stiu pe unde era ) ....
Mai nou am un fisier ".tmp" care porneste o data cu windowsu.
Am scanat cu NOD 32, apoi cu Avira. Avira de fiecare data gaseste aceste fisiere tmp si le sterge, apoi cand repornesc windowsu apar ( de unde ?  )
Acelasi windows il am instalat si la servici, iar aici totul e ok ( nu are virusi )
Problema mai grava e ca nu pot sa rulez nici un installler de antispyware sau antimalware ...... pur si simplu dau click pe exe si apare pentru o fractiune de secunda in procese ( task manager) si apoi dispare.
Pun mai jos logurile de la Avira si Hijackthis poate gasesc o solutie sa il repar ....
Logfile of HijackThis v1.99.1
Scan saved at 21:01:43, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\fky4.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Shortcut to RDS.lnk = ?
O4 - Startup: Skype.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C6C3238-5779-4E67-8E33-89ECB7AD2561}: NameServer = 213.154.124.1 193.231.252.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: qlbphwdx - C:\WINDOWS\SYSTEM32\qlbphwdx.dll
O23 - Service: Avira AntiVir Premium MailGuard (antivirmailservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (aveservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing)
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing)
|
Si ce a gasit Avira
Avira AntiVir Premium
Report file date: Tuesday, March 03, 2009 19:34
Scanning for 1281204 virus strains and unwanted programs.
Licensed to: ........
Serial number: ...........
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: Administrator
Computer name: M....
Version information:
BUILD.DAT : 8.2.0.374 20012 Bytes 11/21/2008 10:11:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 3/3/2009 16:20:43
AVSCAN.DLL : 8.1.4.0 40705 Bytes 3/3/2009 16:20:43
LUKE.DLL : 8.1.4.5 164097 Bytes 3/3/2009 16:20:44
LUKERES.DLL : 8.1.4.0 12033 Bytes 3/3/2009 16:20:44
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 16:20:46
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 16:20:46
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 16:20:46
ANTIVIR3.VDF : 7.1.2.112 55296 Bytes 3/3/2009 16:20:46
Engineversion : 8.2.0.98
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/3/2009 16:20:47
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 3/3/2009 16:20:47
AESCN.DLL : 8.1.1.7 127347 Bytes 3/3/2009 16:20:47
AERDL.DLL : 8.1.1.3 438645 Bytes 3/3/2009 16:20:47
AEPACK.DLL : 8.1.3.8 397684 Bytes 3/3/2009 16:20:47
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/3/2009 16:20:47
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 3/3/2009 16:20:47
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/3/2009 16:20:46
AEGEN.DLL : 8.1.1.22 336245 Bytes 3/3/2009 16:20:46
AEEMU.DLL : 8.1.0.9 393588 Bytes 3/3/2009 16:20:46
AECORE.DLL : 8.1.6.6 176501 Bytes 3/3/2009 16:20:46
AEBB.DLL : 8.1.0.3 53618 Bytes 3/3/2009 16:20:46
AVWINLL.DLL : 1.0.0.12 15105 Bytes 3/3/2009 16:20:43
AVPREF.DLL : 8.0.2.0 38657 Bytes 3/3/2009 16:20:43
AVREP.DLL : 8.0.0.2 98344 Bytes 3/3/2009 16:20:46
AVREG.DLL : 8.0.0.1 33537 Bytes 3/3/2009 16:20:43
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 3/3/2009 16:20:43
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 3/3/2009 16:20:44
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2564353 Bytes 3/3/2009 16:20:39
RCTEXT.DLL : 8.0.51.0 86273 Bytes 3/3/2009 16:20:39
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Premium\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Tuesday, March 03, 2009 19:34
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'D3B7.tmp' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\TEMP\D3B7.tmp'
Scan process 'D3B7.tmp' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\TEMP\D3B7.tmp'
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'TOTALCMD.EXE' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avmailc.exe' - '1' Module(s) have been scanned
Scan process 'avesvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'D3B7.tmp' has been terminated
Process 'D3B7.tmp' has been terminated
C:\WINDOWS\TEMP\D3B7.tmp
[DETECTION] Contains a recognition pattern of the (harmful) BDS/KeyStart.BC back-door program
[NOTE] The file was deleted!
39 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\crypts.dll
[DETECTION] Is the TR/Dldr.JLRL Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\WINDOWS\system32\qlbphwdx.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was deleted!
The registry was scanned ( '57' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\ARK309.tmp
[DETECTION] Is the TR/Dldr.JLRL Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\eslb.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was deleted!
C:\lsass.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C9URS5YZ\725f[1].exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/KeyStart.BC back-door program
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C9URS5YZ\ccsuper0[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HF1QIOO0\ccsuper2[1].htm
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HF1QIOO0\hrobc[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HF1QIOO0\vbclmznn[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S8JSESD6\ccsuper1[1].htm
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\S8JSESD6\dnkkycc[1].txt
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YV3GCU6B\dnxkllz[1].htm
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\qlbphwdx32.dll
[DETECTION] Is the TR/Hijacker.Gen Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\WINDOWS\system32\rs32net.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\svchost.exe:ext.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\171.exe
[DETECTION] Is the TR/Dldr.Avfake Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\3a31ced.sys
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\578.exe
[DETECTION] Is the TR/Dldr.Avfake Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\ati3quxx.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\securentm.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\Temp\B327.tmp
[DETECTION] Contains a recognition pattern of the (harmful) BDS/KeyStart.BC back-door program
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN24.tmp
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN3.tmp
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\Temp\cbp9.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\Temp\FFD6.tmp
[DETECTION] Contains a recognition pattern of the (harmful) BDS/KeyStart.BC back-door program
[NOTE] The file was deleted!
C:\WINDOWS\Temp\qmk32.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\Temp\wvh33.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
End of the scan: Tuesday, March 03, 2009 19:41
Used time: 06:51 Minute(s)
The scan has been done completely.
1823 Scanning directories
42421 Files were scanned
30 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
28 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
42389 Files not concerned
470 Archives were scanned
5 Warnings
28 Notes
|
Avira la o scanare gaseste 2-3, daca dau restart si mai scanez o data imi gaseste 10-15 
Va multumesc tuturor si astept sa rezolv problema
Modificat de plush (acum 15 ani)
|
|
| pus acum 15 ani |
|
|
emil89
Membru Gold
Inregistrat: acum 16 ani
|
|
incearca sa instalezi un program (gen easy cleaner) pentru:
- a vedea si edita lista cu aplicatii care se deschid odata cu windows-ul
- a vedea si dezisntala programele instalate (inclusiv starea lor)
- a curata registrii (mie imi tine windows-ul in functiune)
daca vrei pot sa ti-l trimit sau sa pun un link, dar nu cred ca vei avea o sansa de reusita (la scapare de acest virus) mai mare de 60%
ps: m-am mai gandit, s-ar putea sa ai un virus tip autorun, e usor de veirificat daca ai sau nu, dai click dreapta pe o paritie (a calculatorului) si daca iti apare autorun..... cauti orice fisier gen autorun.inf din paritia respectiva si il stergi, dupa care dai un restart si verifici iar (eu am scapat usor de mititei din astia cu avg-ul)
Modificat de emil89 (acum 15 ani)
_______________________________________
provoc dureri de cap
asus K50AB
|
|
| pus acum 15 ani |
|
calincalin
Moderator
 Din: Cluj-Napoca
Inregistrat: acum 17 ani
|
|
malwarebytes sau Dr.Web CureIt! mai bune pt genul de malware pe care il ai tu pe computer
Modificat de calincalin (acum 15 ani)
_______________________________________
"Cunoaşteţi adevărul, şi adevărul vă va face liberi." (Ioan 8.32)
|
|
| pus acum 15 ani |
|
|
plush
Pe lista neagra
Inregistrat: acum 18 ani
|
|
calincalin a scris:
malwarebytes sau Dr.Web CureIt! mai bune pt genul de malware pe care il ai tu pe computer |
Malwarebytes nu ma lasa sa il instalez
O sa incerc sa instalez Dr.Web CureIt
|
|
| pus acum 15 ani |
|
darck key-o
Membru Gold
 Din: taramul fagaduintei
Inregistrat: acum 17 ani
|
|
ai incercat sa dezactivezi system restore, sa scanezi cu avira si dai delete la tot ce gaseste???  (doar o parere)
_______________________________________
Seattle WA
|
|
| pus acum 15 ani |
|
|
andreyutz2008
MEMBRU VIP
Din: burta mamei
Inregistrat: acum 16 ani
|
|
inca un sfat dezactiveaza system restore
|
|
| pus acum 15 ani |
|
costica_ina
MEMBRU DE BAZA
 Din: Moreni
Inregistrat: acum 18 ani
|
|
Trebuie stiut ca nu este de ajuns sa stergi din control panel.Imediat ce ai sters din control panel intri in registri si stergi si de acolo, altfel nu ai facut nici o treaba. Un program bun este windows doctor. 
_______________________________________
Auto-respectul este piatra de termelie a virtutii. 
|
|
| pus acum 15 ani |
|
ktalin_jordan
Music addicted
 Din: măta
Inregistrat: acum 17 ani
|
|
Eu am avut probleme cu niste tr/spy.gen trojan si cu tr/hijack trojan si malware bytes nu a facut nimic  
|
|
| pus acum 15 ani |
|
caprioara1975
MEMBRU VIP
 Inregistrat: acum 17 ani
|
|
Ca sa fii sigur ca ai scapat fa o scanare completa cu A-Squared AntiMallware si nu strica sa incerci si AVG Free. 
_______________________________________
,,Numai cei slabi sunt cruzi. Blândeţea este a celor puternici.”
Leo Roskin
|
|
| pus acum 15 ani |
|
|
r3w1nd
Pe lista neagra
Inregistrat: acum 17 ani
|
|
si click pe primul rezultat gasit 
Modificat de r3w1nd (acum 15 ani)
|
|
| pus acum 15 ani |
|
nu .....
