Jump to content

Mafy

Active Members
  • Posts

    95
  • Joined

  • Last visited

Posts posted by Mafy

  1. Exista un "hack" al registrylor care poate pune acele restrictii la scrierea pe medii amovibile. Nu ar fi rau sa verifici. Poate ai acele valori introduse in registry. Citeste aici:
    http://www.mydigitallife.info/how-to-disable-write-access-to-usb-hard-disk-and-flash-key-drives/

    Vezi si ce face utilitarul de aici: http://www.apacer.com/en/support/downloads/Repair_v2.9.1.1.zip

    Multi zic ca au scapat de problema cu acest mic soft. Inca nu l-am testat pt ca nu am de formatat niciun stick.

    am incercat cu amandoua :), si cu registri si cu programelu ala + cateva zeci de genu aluia, si majoritatea zic ca nu gaseste sticku

    astept sugestii in continuare, multumesc

  2. In timp ce bagam niste kituri pe stick, din senin cand sa mai copiez ceva pe el apare eroarea " The disk is write protected. Remove the write protection or use another disk " (nu are cum sa fie vreun virus pe el, l-am scanat, si kiturile care le bagam eu pe el erau de pe filelist, winamp, bs-player, etc.)

    Am incercat tot felu` de programe sa-l formatez, de la hp usb disk, hard disk low level format, kill disk, repair , panda usb vaccine, restartat, incercat format in safe mode, incercat pe alta unitate, incercat sa-i dau format din Disk Management, si din registri, si din run->cmd, deci cam tot ce se gaseste, cred ca nu e site/forum/chat/discutie pe unde sa nu ma fi uitat :)), intrebarea este, mai stiti voi alta metoda ? cea cu linux pot sa zic ca nu cunosc pe nimeni care sa aiba

    ...orice e bine venit

    ps. Daca dau clic dreapta pe el si Explore, pot sa copiez orice de pe el in calculator, dar nu ma lasa sa sterg nimic, etc.

    ps2. stickul nu are buton de write protect sau altceva

  3. nu vreau sa ma bag aiurea dar inainte sa faci un req in care sa ceri hdb e chiar penibila chestia sa spui ca dai la schimb cu bitsense.org care e un tracker de kkt cel mult, macar gandeste ce scrii daca tot ai pretentii la un asa tracker, oricum nici ca ai sa faci rost de invitatie te asigur

    stiu, am zis sa incerc totusi :)

    o intrebare, ce trackere mai stiti care sa aibe carti/documente multe ? (inafara de docspedia)

  4. dupa 2 zile in care nu a mai avut nimic, astazi iar a aparut problema :|, daca mai aveti ceva noi idei sunt bine primite, n-as prea vrea sa-i bag windowsu...doar ce i-am bagat wordu + cateva noi programe

    ps. nu e nici din cauza tastei backspace...cum zicea cineva intr-un reply

  5. exact, de asta am spus ca nu conteaza cookies cand sunt detectate, legat de "nu ma lasa ma conectez la net/sa intru in cpanel", e o problema intalnita rar cu explorer.exe, il inchizi si repornesti din taskman si ar trebui sa poti continua, in alte cazuri un codec poate provoca probleme in explorer.exe si de aici un dezechilibru in sistem, cu regvac scaneaza de 2-3 ori ca m-ai lasa ramasite, sper ca ai dat pe expert mode si ai trecut prin toate zonele safe, si m-ai scoate-i din programele antispyware si serviciile inutile din windows

    da i-am dat, si da, am scos tot, i-am lasat doar avira (cu licenta, full, tot)

  6. wait WHAT THE FUCK, regvac curata registrii nu partitii si superantispyware gasise doar cookies de browser, nu a mai intrat dupa pe respectivele siteuri = nu au mai aparut, chiar daca reapar alea sunt 0 pericol, sunt doar "tracing cookie", risc pentru intimitate pe propriul pc, nimic mai mult deci daca nu mai are probleme era doar o problema in registrii

    mda, cred ca am scanat cu altceva, o sa intru acum la ea sa scanez cu regvac si o sa-ti zic ce-a gasit, si ce naiba de pagini , ca intra decat pe youtube, filelist, cateva site-uri de traduceri, si vplay, daca ar fi din cauza paginilor web, ce treaba ar avea cu internetul, aseara nu ma mai lasa nici la net sa ma conectez, nu puteam sa mai intru nici in control panel, in fine, mai fac o scanare

    later edit: am terminat de scanat, a sters 630 registrii, sper sa fie bine acum :)

  7. congrats, totul e in ordine in prinvinta virusilor, ma indoiesc ca e un file infector 0-day, nimeni nu mai creeaza asa ceva, poti testa plasand un executabil curat de al tau in pc-ul ei, compari md5-ul care l-a avut pe pc-ul tau si md5-ul care il are pe pc-ul ei dupa ce a fost executat si inchis, daca sunt egale nu are nimic, legat de

    "Aprind calculatorul, conectez internetul, intru pe orice pagina de internet, totul bine si frumos (cred ca 30 de min n-am avut probleme), cand deodata imi iese din tot si ma duce pe home page. Apoi nici in partitii nu mai puteam sa intru (are 3 partitii C/D/E), dau dublu clic, vad pentru 2 secunde folderele din C apoi ma duce iar inapoi in my computer"

    asigura-te ca nu ai probleme cu tasta "backspace" la tastatura, ar mai fi o varianta sa ai anumite pagube in registry, ia regvac si da o curatare completa, daca problema persista foloseste un system restore point de dinainte sa ai problema asta si pe viitor urmeaza sfatul lui tex daca e asa inapta tipa

    poti face asta cu norton ghost

    am luat regvac, a fost totul ok la toate partitiile, dupa scanarea cu superantispyware (care mi-a gasit virusii aia), am mai dat o scanare cu Malware anti mallware si avira si n-au mai gasit nimic, am facut update la opera, ie, si cat timp am stat la ea (1 ora si ceva), nu s-a mai intamplat nimic :D, finger crossed, si in caz ca apare iar problema, ii bag windowsul, multumesc pentru raspunsuri & la multi ani!

  8. Log GMER :

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover

    Rootkit scan 2005-03-17 16:38:37

    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3320613AS rev.SD22

    Running: GMER..exe; Driver: C:\DOCUME~1\Dana\LOCALS~1\Temp\pxtdapod.sys

    ---- System - GMER 1.0.15 ----

    SSDT BA6E69D4 ZwClose

    SSDT BA6E698E ZwCreateKey

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB9F82A20]

    SSDT BA6E69DE ZwCreateSection

    SSDT BA6E6984 ZwCreateThread

    SSDT BA6E6993 ZwDeleteKey

    SSDT BA6E699D ZwDeleteValueKey

    SSDT BA6E69CF ZwDuplicateObject

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB9F832A8]

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB9F8E910]

    SSDT BA6E69BB ZwLoadDriver

    SSDT BA6E69A2 ZwLoadKey

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB9F8E794]

    SSDT BA6E6970 ZwOpenProcess

    SSDT BA6E6975 ZwOpenThread

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB9F832C8]

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xB9F8E866]

    SSDT BA6E69AC ZwReplaceKey

    SSDT BA6E69A7 ZwRestoreKey

    SSDT BA6E69E3 ZwSetContextThread

    SSDT BA6E69C0 ZwSetSystemInformation

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB9F8E0B0]

    SSDT BA6E6998 ZwSetValueKey

    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA4F6B640]

    SSDT BA6E697A ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C58 80503858 4 Bytes JMP A6B6F255

    .text ntkrnlpa.exe!ZwCallbackReturn + 2DF8 805039F8 4 Bytes CALL F642F3F5

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5354000, 0x1985C4, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[1948] SHELL32.dll!StrStrW 7C9CC1D0 8 Bytes [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [61346306] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [61346344] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [61346537] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [61346344] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcA] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [613464A2] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [61346306] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2376] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [61346306] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [61346344] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AnimateWindow] [61346537] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenuEx] [61346344] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcA] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColor] [613463D7] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [61346CC4] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [613464A2] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TrackPopupMenu] [61346306] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\Program Files\Yahoo!\Messenger\yui.dll

    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2744] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\Program Files\Yahoo!\Messenger\yui.dll

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 89D842E8

    Device \Driver\Cdrom \Device\CdRom0 89A53798

    Device \FileSystem\Rdbss \Device\FsWrap 8994F1E8

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89A53B98

    Device \Driver\atapi \Device\Ide\IdePort0 89A53B98

    Device \Driver\atapi \Device\Ide\IdePort1 89A53B98

    Device \Driver\atapi \Device\Ide\IdePort2 89A53B98

    Device \Driver\atapi \Device\Ide\IdePort3 89A53B98

    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 89A53B98

    Device \Driver\Cdrom \Device\CdRom1 89A53798

    Device \FileSystem\Srv \Device\LanmanServer 89C985B0

    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8970B738

    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8970B738

    Device \FileSystem\Npfs \Device\NamedPipe 89AA6208

    Device \FileSystem\Msfs \Device\Mailslot 89AA2DD0

    Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 89ABF520

    Device \Driver\d347prt \Device\Scsi\d347prt1 89ABF520

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8998C880

    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8998C880

    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8998C880

    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8998C880

    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8998C880

    Device \FileSystem\Cdfs \Cdfs 89C51898

    ---- Modules - GMER 1.0.15 ----

    Module _________ B9EE5000-B9EFD000 (98304 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40

    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x07 0x81 0xFC 0x40 ...

    ---- EOF - GMER 1.0.15 ----

    Printuri Proces Explorer:

    procesexplorer1.jpg

    procesexplorer2.jpg

  9. exact ce ti-am zis, NU SUNT VIRUSI, sunt COOKIES si niste valori de registrii, scaneaza cu ce ti-am spus si posteaza alea nu asa ceva

    acum scanez cu Hitman Pro, o sa postez imediat rezultatul

    rezultatxp.jpg

    i-am dat sa scaneze cu GMER acum

  10. reposting

    daca eram genu ala, crede-ma ca nici nu stateam pe ganduri si bagam din nou windowsul, dar nu vreau sa-l bag decat in cazul in care nu-i dau de cap, si in timpul asta, i-am dat un scan cu SUPERAntiSpyware , sugerat de cineva de pe alt forum

  11. multumesc pentru raspunsuri, o sa revin cu niste printuri la task manager, msconfig, si un log cu Hijackthis, daca nu-l rezolv, ma gandeam sa bag windowsul complet, sa sterg tot

    edit: am revenit cu printurile si log-ul hijackthis

    Printuri msconfig:

    printmsconfig.jpg

    printmsconfig2.jpg

    Printuri taskmanager:

    taskmanagerprint1.jpg

    taskmanagerprint2.jpg

    Si log-ul :

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 15:07:41, on 17.03.2005

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\uTorrent\uTorrent.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

    C:\Program Files\Opera\Opera.exe

    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    C:\Program Files\WinRAR\WinRAR.exe

    C:\DOCUME~1\Dana\LOCALS~1\Temp\Rar$EX43.833\HijackThis.exe

    C:\Program Files\TeamViewer\Version7\TeamViewer.exe

    C:\Program Files\TeamViewer\Version7\tv_w32.exe

    c:\program files\teamviewer\version7\TeamViewer_Desktop.exe

    C:\WINDOWS\system32\taskmgr.exe

    C:\jackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Search-results Search

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! India

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! India

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! India

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! India

    R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Cercetare - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D1F9B3D0-112D-492E-BA90-6A2BBFA86CC0}: NameServer = 193.231.252.1 193.231.252.1

    O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

    O23 - Service: Serviciul Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Serviciul Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --

    End of file - 6189 bytes

    astept raspunsurile voastre

  12. Salutare tuturor, am o vecina care nu stiu cum face dar cel putin odata pe luna ma cheama sa-i repar calculatorul...nu stiu pe unde intra dar virusul asta care l-a luat acum imi da de cap rau de tot.

    Aprind calculatorul, conectez internetul, intru pe orice pagina de internet, totul bine si frumos (cred ca 30 de min n-am avut probleme), cand deodata imi iese din tot si ma duce pe home page. Apoi nici in partitii nu mai puteam sa intru (are 3 partitii C/D/E), dau dublu clic, vad pentru 2 secunde folderele din C apoi ma duce iar inapoi in my computer. Am instalat "Malwarebytes Anti-Malware", i-am dat scanare la C, mi-a gasit 2 virusi, i-am dat remove, am dat restart, si tot asa, din ce in ce mai repede, adica dupa restart dura foarte putin pana sa-si revina virusul, si sa nu ma mai lase sa accesez paginile de net sau partitiile. Am instalat si avira, am dat scan, nu a gasit nimic (am scanat on-line cu 3-4 anti-virusuri, si n-a gasit nimic). Am intrat si in safe mode, am dat scan cu Malwarebytes Anti-Malware, si n-a mai gasit nimic. Dupa ce i-am dat restart si am intrat normal in windows, nici la internet (rds) nu ma mai lasa sa ma conectez ), parca stia , dadeam dublu clic pe rds, si nu-mi aparea nimic, daca intram din control panel la network connections nu-mi mai aparea nimic.

    Poate stiti cu ce virus am de`a face, si cum sa scap de el. O sa revin maine cu un log cu Hijackthis daca este nevoie

    multumesc anticipat

    ps. am uitat sa spun ca la inceput daca intram in control panel -> Internet Options si dadeam delete la cookies/temporary files si history, puteam apoi sa intru pe orice pagina de net, si in orice partitie...la inceput dura 4-5 minute pana isi revenea, dupa n-a mai mers deloc metoda asta

  13. nu am zis ca vreau gratis, am zis ca poate s-a lasat careva de cs si vrea sa-l dea...si nu stiu unde citisem acum ceva timp ca, crackuise cineva steam-u si daca bagai nu stiu ce patch/crack, aveai steam, deasta am intrebat

    si la cel care mi-a zis sa ma duc la colindat, nu m-am dus niciodata...nu sunt eu de colindat, si chiar daca m-as duce...s-ar duce toti banii in seara aia :)...in fine, sper sa pot sa ma lipsesc dupa sarbatori 4-5 zile de tigari si o sa-mi iau un steam :D

    Sarbatori Fericite la toti, sa fiti iubiti si sanatosi !

  14. Dupa ceva timp (1 an si cva), m-am apucat iar de cs:))...joc de plictiseala, nu sunt inrait...as vrea sa va intreb daca are cumva cineva vreun steam de imprumutat/donat ;;) ...stau 10-20 de min sa ma conectez pe`un server :(, e foarte frustrant, sau daca stiti cum se crackuieste un steam sau sa fac ceva sa nu ma mai scoata de pe servere

    sper sa-mi achizitionez un steam dupa sarbatori, din cate stiam era 5 euro, tot asa este pretul ?

×
×
  • Create New...