Chirurgia spinală minim invazivă
Chirurgia spinală minim invazivă oferă pacienților oportunitatea unui tratament eficient, permițându-le o recuperare ultra rapidă și nu în ultimul rând minimizând leziunile induse chirurgical. Echipa noastră utilizează un spectru larg de tehnici minim invazive, din care enumerăm câteva: endoscopia cu variantele ei (transnazală, transtoracică, transmusculară, etc), microscopul operator, abordurile trans tubulare și nu în ultimul rând infiltrațiile la toate nivelurile coloanei vertebrale. www.neurohope.ro |
VIrus Win32/Bflient.K.Worm
Last Updated: Sep 07 2010 15:10, Started by
d3iu29
, Sep 06 2010 11:46
·
0
#1
Posted 06 September 2010 - 11:46
Salut, am unvirus worm Bflient k si nu stiu cum sa scap de el am cautat peste tot si nu am gasit nimic
SI nu stiu ce face mai exact.Deocamdata calculatoru nu are nimic dar virusu tot acolo este Ce face acest virus? daca stiti si cum as putea sa scap de el? |
#2
Posted 06 September 2010 - 12:08
#3
Posted 06 September 2010 - 13:39
Official, on 6th September 2010, 13:08, said: Quote :\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Vlad\My Documents\Downloads\HiJackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmiode.exe O4 - HKCU\..\Run: [bcservice] C:\Program Files\BitComet\bcservice.exe O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-21-1659004503-1177238915-1417001333-1004\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User 'Koss') O4 - S-1-5-21-1659004503-1177238915-1417001333-1004 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User 'Koss') O4 - S-1-5-21-1659004503-1177238915-1417001333-1004 User Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User 'Koss') O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.co...sreqlab_nvd.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 5643 bytes |
#4
Posted 06 September 2010 - 13:46
In HiJackThis bifeaza si apasa Fix Checked pentru linia urmatoare:
Quote O4 - HKLM\..\Run: [MSODESNV7] C:\WINDOWS\system32\msvmiode.exe Apoi: Descarca: ComboFix si salveaza-l pe Desktop. Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat: Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos. Quote File:: C:\WINDOWS\system32\msvmiode.exe Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. |
#5
Posted 06 September 2010 - 16:41
Il vede si Malwarebytes
Quote C:\WINDOWS\system32\msvmiode.exe (Backdoor.Bot) -> Quarantined and deleted successfully. |
#6
Posted 07 September 2010 - 10:48
Quote ComboFix 10-09-06.03 - Vlad 09/07/2010 11:37:17.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.645 [GMT 3:00] Running from: c:\documents and settings\Vlad\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Vlad\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\windows\system32\msvmiode.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\cfdrive32.exe c:\windows\system32\74.exe . ((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 ))))))))))))))))))))))))))))))) . 2010-09-06 11:34 . 2010-09-06 11:34 19296 ----a-w- c:\documents and settings\Vlad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-06 10:15 . 2010-09-06 10:15 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\ESET 2010-09-06 09:14 . 2010-09-06 09:14 -------- d--h--w- c:\windows\$hf_mig$ 2010-09-06 08:56 . 2010-09-06 08:56 -------- d-----w- c:\documents and settings\Vlad\Local Settings\Application Data\ESET 2010-09-06 08:55 . 2010-09-06 08:55 -------- d-----w- c:\windows\system32\LogFiles 2010-09-06 08:54 . 2010-09-06 08:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-09-06 08:43 . 2010-09-06 08:43 -------- d-----w- c:\windows\system32\wbem\Repository 2010-09-06 08:36 . 2010-09-06 08:43 -------- d-s---w- c:\documents and settings\Administrator.ASDASD 2010-09-05 21:11 . 2010-09-05 21:11 -------- d-----w- c:\program files\VideoLAN 2010-09-05 21:09 . 2010-09-05 21:09 -------- d-----w- c:\windows\system32\skin 2010-09-05 21:09 . 2010-09-05 21:09 -------- d-----w- c:\windows\system32\languages 2010-09-05 21:09 . 2010-09-05 21:09 -------- d-----w- c:\windows\system32\adv 2010-09-03 15:39 . 2010-09-03 15:39 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\DFX 2010-09-03 15:07 . 2010-09-03 15:07 -------- d-----w- c:\documents and settings\Vlad\Local Settings\Application Data\DFX 2010-09-03 15:06 . 2010-09-03 15:06 -------- d-----w- c:\program files\DFX 2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\SUPPORT_388945a0 2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\HelpAssistant 2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\Guest 2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX 2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\documents and settings\Administrator 2010-09-03 15:04 . 2010-09-03 15:04 -------- d-----w- c:\program files\Common Files\DFX 2010-09-03 11:50 . 2010-09-03 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2010-09-02 17:32 . 2010-09-02 17:33 -------- d-----w- c:\program files\Common Files\Adobe 2010-09-02 17:29 . 2010-09-02 17:37 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\Adobe 2010-09-01 14:30 . 2010-09-01 14:39 -------- d-----w- C:\total drama world tour 2010-09-01 14:26 . 2010-09-01 14:26 503808 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72ed5803-n\msvcp71.dll 2010-09-01 14:26 . 2010-09-01 14:26 499712 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72ed5803-n\jmc.dll 2010-09-01 14:26 . 2010-09-01 14:26 348160 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-72ed5803-n\msvcr71.dll 2010-09-01 14:26 . 2010-09-01 14:26 61440 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31019b14-n\decora-sse.dll 2010-09-01 14:26 . 2010-09-01 14:26 12800 ----a-w- c:\documents and settings\Koss\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-31019b14-n\decora-d3d.dll 2010-09-01 12:28 . 2004-08-03 20:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2010-08-31 14:50 . 2010-08-31 14:50 -------- d-----w- c:\windows\Sun 2010-08-31 14:50 . 2010-08-31 14:50 -------- d-----w- c:\program files\Common Files\Java 2010-08-31 14:50 . 2010-08-31 14:50 503808 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70ac6d28-n\msvcp71.dll 2010-08-31 14:50 . 2010-08-31 14:50 499712 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70ac6d28-n\jmc.dll 2010-08-31 14:50 . 2010-08-31 14:50 348160 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-70ac6d28-n\msvcr71.dll 2010-08-31 14:50 . 2010-08-31 14:50 61440 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-64a49991-n\decora-sse.dll 2010-08-31 14:50 . 2010-08-31 14:50 12800 ----a-w- c:\documents and settings\Vlad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-64a49991-n\decora-d3d.dll 2010-08-31 14:50 . 2010-08-31 14:49 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-31 14:49 . 2010-08-31 14:49 -------- d-----w- c:\program files\Java 2010-08-30 22:52 . 2009-08-11 18:21 90112 ----a-w- c:\documents and settings\Koss\Application Data\BSplayer\AC3 Filter\spdif_test.exe 2010-08-30 22:52 . 2009-08-11 18:21 87552 ----a-w- c:\documents and settings\Koss\Application Data\BSplayer\AC3 Filter\ac3config.exe 2010-08-30 22:52 . 2009-08-11 18:21 1021440 ----a-w- c:\documents and settings\Koss\Application Data\BSplayer\AC3 Filter\ac3filter_intl.dll 2010-08-30 22:52 . 2010-03-22 11:52 697690 ----a-w- c:\documents and settings\Koss\Application Data\BSplayer\AC3 Filter\unins000.exe 2010-08-30 22:49 . 2010-09-01 22:19 -------- d-----w- c:\documents and settings\Koss\Application Data\BSplayer 2010-08-30 22:49 . 2010-08-30 22:49 -------- d-----w- c:\documents and settings\Koss\Application Data\BSplayer Pro 2010-08-30 22:27 . 2010-08-30 22:27 -------- d-----w- c:\program files\WinMend 2010-08-30 16:07 . 2010-09-06 23:34 -------- d-----w- c:\documents and settings\Koss\Application Data\uTorrent 2010-08-30 16:00 . 2010-08-30 16:00 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\Mozilla 2010-08-30 15:52 . 2010-09-06 12:53 -------- d-----w- c:\documents and settings\Koss\Application Data\Winamp 2010-08-30 15:51 . 2010-08-30 22:45 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\AskToolbar 2010-08-30 15:51 . 2010-09-01 12:41 19296 ----a-w- c:\documents and settings\Koss\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-08-30 15:50 . 2010-09-05 09:22 -------- d-----w- c:\documents and settings\Koss\Local Settings\Application Data\Yahoo 2010-08-30 15:50 . 2010-08-30 15:51 -------- d-----w- c:\documents and settings\Koss\Application Data\Yahoo! 2010-08-30 14:04 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2010-08-30 14:03 . 2004-08-03 22:59 57472 ----a-w- c:\windows\system32\drivers\redbook.sys 2010-08-30 14:03 . 2004-08-04 00:56 86016 ----a-w- c:\windows\system32\mdmxsdk.dll 2010-08-30 14:03 . 2004-08-04 00:56 32285 ----a-w- c:\windows\system32\HSFCISP2.dll 2010-08-30 14:03 . 2004-08-03 22:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys 2010-08-30 14:03 . 2004-08-03 22:41 1041536 ----a-w- c:\windows\system32\drivers\HSFDPSP2.sys 2010-08-30 14:03 . 2004-08-03 22:41 685056 ----a-w- c:\windows\system32\drivers\HSFCXTS2.sys 2010-08-30 14:03 . 2004-08-03 22:41 220032 ----a-w- c:\windows\system32\drivers\HSFBS2S2.sys 2010-08-30 14:02 . 2008-05-16 11:01 6108928 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll 2010-08-30 14:02 . 2008-05-16 11:01 6108928 ----a-w- c:\windows\system32\nv4_disp.dll 2010-08-30 14:02 . 2004-08-03 22:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys 2010-08-30 14:02 . 2004-08-03 22:59 5504 ----a-w- c:\windows\system32\drivers\intelide.sys 2010-08-30 14:02 . 2004-08-04 00:56 74240 ----a-w- c:\windows\system32\usbui.dll 2010-08-30 14:02 . 2004-08-03 23:07 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-07 08:34 . 2010-08-30 12:12 -------- d-----w- c:\documents and settings\Vlad\Application Data\uTorrent 2010-09-07 08:26 . 2010-08-30 11:55 0 ----a-w- c:\documents and settings\Vlad\client.dll 2010-09-06 08:43 . 2010-08-30 12:13 -------- d-----w- c:\program files\Ask.com 2010-09-06 08:08 . 2010-08-30 11:43 -------- d-----w- c:\program files\ESET 2010-09-05 09:21 . 2010-08-30 12:09 -------- d-----w- c:\program files\Yahoo! 2010-09-03 19:24 . 2010-08-30 12:08 -------- d-----w- c:\documents and settings\Vlad\Application Data\Winamp 2010-09-03 15:04 . 2010-08-30 12:08 -------- d-----w- c:\program files\Winamp 2010-09-01 00:32 . 2010-08-30 11:23 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-08-31 09:51 . 2010-08-30 12:12 -------- d-----w- c:\program files\uTorrent 2010-08-30 16:16 . 2010-08-30 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2010-08-30 12:31 . 2010-08-30 12:30 -------- d-----w- c:\documents and settings\Vlad\Application Data\Yahoo! 2010-08-30 12:30 . 2010-08-30 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2010-08-30 12:15 . 2010-08-30 12:15 0 ----a-w- c:\windows\nsreg.dat 2010-08-30 12:13 . 2010-08-30 12:12 -------- d-----w- c:\documents and settings\Vlad\Application Data\BSplayer 2010-08-30 12:12 . 2010-08-30 12:12 -------- d-----w- c:\documents and settings\Vlad\Application Data\BSplayer Pro 2010-08-30 12:12 . 2010-08-30 12:12 -------- d-----w- c:\program files\Webteh 2010-08-30 12:08 . 2010-08-30 12:08 -------- d-----w- c:\program files\Winamp Detect 2010-08-30 11:59 . 2010-08-30 11:59 -------- d-----w- c:\program files\SystemRequirementsLab 2010-08-30 11:52 . 2010-08-30 11:52 -------- d-----w- c:\program files\C-Media 3D Audio 2010-08-30 11:52 . 2010-08-30 11:52 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-30 11:52 . 2010-08-30 11:52 -------- d-----w- c:\program files\Common Files\InstallShield 2010-08-30 11:43 . 2010-08-30 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-08-30 11:38 . 2010-08-30 11:38 -------- d-----w- c:\program files\BitComet 2010-08-30 11:24 . 2010-08-30 11:24 -------- d-----w- c:\program files\microsoft frontpage 2010-08-30 11:20 . 2010-08-30 11:20 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-08-30 11:19 . 2010-08-30 11:19 -------- d-----w- c:\program files\Windows Media Connect 2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 13:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "bcservice"="c:\program files\BitComet\bcservice.exe" [2008-01-11 2787689] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-08-30 328568] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] c:\documents and settings\Koss\Start Menu\Programs\Startup\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184] c:\documents and settings\Vlad\Start Menu\Programs\Startup\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\GAmes\\COunter-strike 1.6\\steamapps\\stanica_cristian\\counter-strike\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27550:TCP"= 27550:TCP:BitComet 27550 TCP "27550:UDP"= 27550:UDP:BitComet 27550 UDP R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960] . Contents of the 'Scheduled Tasks' folder 2010-09-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:50] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\Vlad\Application Data\Mozilla\Firefox\Profiles\kozv9b17.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll ---- Firefox POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKLM-Run-Cmaudio - cmicnfg.cpl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-07 11:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2010-09-07 11:41:44 ComboFix-quarantined-files.txt 2010-09-07 08:41 Pre-Run: 2,447,044,608 bytes free Post-Run: 2,473,201,664 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 586314473B33BDA4E555CAA4AABAE971 Cred ca e de bine nu? Am scapat de el:) Da pana la urma ce face aces virusi ca nu mia-ti zis:) |
#7
Posted 07 September 2010 - 13:17
Este un virus de tip warm,deci poate folosii PC tau pentru a trimite si altora virusul , ia date din PC-ul tau si le trimite celui care a creat virusul respectiv prin email,afecteaza network-ul,messenger-ul..etc..mai multe informatii aici Bflient posibil sa fie denumirea lui
|
#8
Posted 07 September 2010 - 15:10
Descarca
Malwarebytes Anti-Malware 1.46 si salveaza-l pe Desktop. Instaleaza-l si la sfarsit asigura-te ca ai bifat urmatoarele: Update Malwarebytes' Anti-Malware si Launch Malwarebytes' Anti-Malware. Apoi apasa Finish. Dupa lansarea programului, click pe tab-ul Update si apasa butonul Check for Updates pentru a verifica daca definitiile descarcate sunt ultimele. Database version: 4XXX Click pe tab-ul Scanner, selecteaza Perform full scan si apoi apasa pe Scan. La terminarea scanarii apasa OK si apoi Show Results. Asigura-te ca e totul bifat si apoi apasa Remove Selected. La final se va deschide un fisier in Notepad cu rezultatele scanarii. Posteaza continutul lui aici. Daca ai dat restart pentru indepartare malware din PC, log-ul il gasesti in fereastra principala in cadrul tab-ului Logs. Verifica sa fie ultimul(dupa data din numele fisierului .txt.) |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users