| SCOOBftw a întrebat:

Hi TpU.

Revin cu o foarte mare problema :)!

Am bagat un stick in unitate, al uni prieten si era ceva acolo, care credeam ca e un film. Dau pe el, se deschide CommandPrompt, nimic interesant.Era chiar FunnyUSTScandal (mi-a afectat procese multe, foarte multe, mi-a facut mii de probleme, nu mi-a mers TaskManager si RegistryEditor, nici acum nu merg, nu stiam ce sa fac.Am instalat Task Killer si am inchis toate procesele ce tineau de virus, dar a afectat cateva si anume lsass. exe, csass. exe, smss. exe, xmss. exe (procesul FUS), am scapat de FUS, dar au ramas urme de pe stick). Azi am descoperit, si anume autorun.inf.In C si in D.

In C:


[AutoRun]
;

;
OPeN =uksjhr. exe
; qkkvolGGSBvrge CqsxAcrXbiShmI sogWftHeh cJvgJ
shell\open\coMMand= uksjhr. exe

; cxgarkmN
sheLl\eXPLOre\comMand =uksjhr. exe
; fkAo KcIL
sHELl\opEN\DEfaULT=1
;
ShEll\AUtoplAY\coMmaNd= uksjhr. exe
; pcSDvbkaPKCA

uksjhr. exe e un fisier ce apare in C, pot sa il sterg, dar reapare.

In D:

[AutoRun]
; SfaePRNoCVC
; JoFt UepDMHitGoyOaiCChiWtLYotS geip KvfbS ypRlGq
sHeLl\OpeN\DeFaulT=1
shell\explOre\Command= fecjyk. exe
;
opEn =fecjyk. exe
; rNhwslRsDTjOmuAWhv
Shell\OpEN\commanD= fecjyk. exe

;
shell\AUtOPlAy\cOMmanD= fecjyk. exe
; ulpwR cMmHeshfpOyc

fecjyk. exe pot sa il sterg dar reapare.

Cand incerc sa sterg autorun.inf imi spune ca e utilizat de alt program.Cand aprind PC, imediat ma duc la ele, se sterg dar reapar.

Am download MalwareAntyBytes, am sterg ce a detectat.
Antivirus nu pot instala nici unul, pentru ca, intru in instalare dar dupa 10 secunde iese din ea.

Raport HiJackThis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:27:52, on 10/07/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss. exe
C:\WINDOWS\system32\winlogon. exe
C:\WINDOWS\system32\services. exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchost. exe
C:\WINDOWS\system32\svchost. exe
C:\WINDOWS\System32\svchost. exe
C:\WINDOWS\system32\svchost. exe
C:\WINDOWS\system32\svchost. exe
C:\Program Files\Bonjour\mDNSResponder. exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService. exe
C:\WINDOWS\Explorer. EXE
C:\WINDOWS\system32\ctfmon. exe
D:\Program Files\Task Killer\TaskKiller. exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect. exe
C:\WINDOWS\system32\svchost. exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome. exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome. exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome. exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome. exe
D:\HijackThis. exe
C:\WINDOWS\system32\wbem\wmiprvse. exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.gooogle.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *. local
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt. dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin. dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt. dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv. dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin. dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt. dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt. dll
O4 - HKLM\.\Run: [VTTimer] VTTimer. exe
O4 - HKLM\.\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon. exe" -lang 1033
O4 - HKLM\.\Run: [IObit Security 360] "D:\Program Files\IObit\IObit Security 360\IS360tray. exe" /autostart
O4 - HKCU\.\Run: [ctfmon. exe] C:\WINDOWS\system32\ctfmon. exe
O4 - HKCU\.\Run: [Task Killer] D:\Program Files\Task Killer\TaskKiller. exe
O4 - HKCU\.\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3(Premmium)\AWC. exe" /startup
O4 - HKUS\S-1-5-19\.\Run: [CTFMON. EXE] C:\WINDOWS\system32\CTFMON. EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\.\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\.\Run: [CTFMON. EXE] C:\WINDOWS\system32\CTFMON. EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\.\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\.\Run: [CTFMON. EXE] C:\WINDOWS\system32\CTFMON. EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\.\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\. DEFAULT\.\Run: [CTFMON. EXE] C:\WINDOWS\system32\CTFMON. EXE (User 'Default user')
O4 - HKUS\. DEFAULT\.\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ System, DisableRegedit=1
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin. dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin. dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag. exe
O9 - Extra 'Tools' menuitem: @xpsp3res. dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag. exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs. exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs. exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin. dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1. DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui. dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui. dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder. exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc. exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService. exe
O23 - Service: IS360service - IObit - D:\Program Files\IObit\IObit Security 360\IS360srv. exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs. exe
O23 - Service: SAVScan - Unknown owner - D:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan. exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ. exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService. exe

--
End of file - 6878 bytes


Spuneti-mi ce as putea instala, ce as putea face. De formatare ma feresc.

2 răspunsuri:
| DenisIonut01 a răspuns:

Pai dc nu ai avut antivirus? nici inainte nu puteai instala antivirus? incearca dr.web aici il descarci ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe si daca nu merge nici asa altfel nu stiu

| SCOOBftw explică:

Inainte puteam instala...Dar daca n-am avut instalat, asta e.