Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Melodie dance veche

RIP Shifty Shellshock

Daca nu ar conta salariul, ce mes...

Racordare la apa termosemineu
 Mi-am luat 4x4 si vreau sa-l testez

Recomandare laptop cu luminozitat...

Cautarea pe google android nu merge

Caut serviciu serios de captura v...
 Frauda magazin online

AC Woods Venezia Smart - nu races...

podea ciment denivelata

Îndepartare bule folie reflectoriz...
 Revista imobiliara cu poze... cir...

Recomandare soundbar pentru laptop

Veți renunța in 2025 la...

Coaxial pentru cablare casa
 

Virus Backdoor

- - - - -
Last Updated: Aug 18 2006 07:58, Started by championul , Aug 17 2006 14:00  
  ·  
  • Please log in to reply
4 replies to this topic

#1
championul
Posted 17 August 2006 - 14:00

championul

    Junior Member

  • Grup: Members
  • Posts: 162
  • Înscris: 29.06.2006
Am reusit sa iau astazi un virus imi provoaca pagube mari. Virusul mi-a inchis antivirusul si acesta nu vrea sa mai porneasca. Am incercat cu mai multi antivirusi si la fel mi-a facut. Am incercat chiar si cu o scanare on-line dar Internet Explorer nu ma lasa sa downloadez ActiveX-ul necesar(mentionez ca am schimbat setarile de securitate la low si chiar si asa am mai scanat online inainte de a avea problema cu virusul asta). Am downloadad HiJackThis si postez aici log-ul:



Logfile of HijackThis v1.99.1
Scan saved at 14:57:08, on 17.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
c:\windows\system32\winlog.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Adminu\Desktop\HijackThis.exe
D:\Downloads\'de vazut ce ai in ram - bestial\autoruns v432.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\regedit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Razvan
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F0 - system.ini: Shell=Explorer.exe c:\windows\system32\winlog.exe
F1 - win.ini: run=c:\windows\system32\winlog.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [regguard] c:\windows\system32\winlog.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [regguard] c:\windows\system32\winlog.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {93B52CD5-EDFF-4405-8975-754100710FD5} (GameLauncher Control) - http://www.linkmania...amelauncher.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



am mai facut ceva: am luat un program care scaneaza si "vede" ce ai in memorie. Am gasit acolo asa:



HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdll Offline Network Agent Microsoft Corporation C:\WINDOWS\system32\cscdll.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\system32\wlnotify.dll

+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\system32\wlnotify.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\system32\wlnotify.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation C:\WINDOWS\system32\wlnotify.dll

HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation C:\WINDOWS\system32\userinit.exe

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Corporation C:\WINDOWS\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ BDMCon BitDefender Management Console SOFTWIN S.R.L. C:\Program Files\Softwin\BitDefender9\bdmcon.exe

+ BDNewsAgent BitDefender News Agent SOFTWIN S.R.L C:\Program Files\Softwin\BitDefender9\bdnagent.exe

+ BDOESRV bdoesrv application SOFTWIN SRL C:\Program Files\Softwin\BitDefender9\bdoesrv.exe

+ BDSwitchAgent C:\Program Files\Softwin\BitDefender9\bdswitch.exe

+ NeroFilterCheck NeroCheck Ahead Software Gmbh C:\WINDOWS\system32\NeroCheck.exe

+ nod32kui C:\Program Files\ESET\nod32kui.exe

+ regguard c:\WINDOWS\system32\winlog.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Corporation C:\Program Files\OUTLOOK EXPRESS\setup50.exe

+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Corporation C:\WINDOWS\system32\iedkcs32.dll

+ Internet Explorer Windows NT User Data Migration Tool Microsoft Corporation C:\WINDOWS\system32\shmgrate.exe

+ Internet Explorer C:\WINDOWS\system32\SETUPAPI.exe

+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation C:\WINDOWS\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation C:\Program Files\OUTLOOK EXPRESS\setup50.exe

+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation C:\WINDOWS\inf\unregmp2.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation C:\WINDOWS\system32\advpack.dll

+ NetMeeting 3.01 ADVPACK Microsoft Corporation C:\WINDOWS\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation C:\WINDOWS\system32\shmgrate.exe

+ Themes Setup Microsoft© Register Server Microsoft Corporation C:\WINDOWS\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Corporation C:\WINDOWS\system32\regsvr32.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Corporation C:\WINDOWS\system32\advpack.dll

HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

C:\Documents and Settings\Adminu\Start Menu\Programs\Startup

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Corporation C:\WINDOWS\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation C:\WINDOWS\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Corporation C:\WINDOWS\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Corporation C:\WINDOWS\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Corporation C:\WINDOWS\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Corporation C:\WINDOWS\system32\webcheck.dll

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ Yahoo! Pager Yahoo! Messenger Yahoo! Inc. C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

Task Scheduler



Imediat dupa antivirulul mi-a detectat virusul mi-a aparut o eroare cum ca c:\windows\system32\ldrmsvbvm06.dll lipseste si dupa aia cand dau enable la scutul antivirus el ramane tot pe disable. Poate fi fisierul asta problema?



Multumesc anticipat


Edit: Am observat ca nici Yahoo Messengerul nu imi porneste. Imi da o eroare de windows
Attached File  eroare.PNG   11.68K   61 downloads

Edited by championul, 17 August 2006 - 14:06.

#2
fido_glc
Posted 17 August 2006 - 17:52

fido_glc

    Junior Member

  • Grup: Members
  • Posts: 194
  • Înscris: 08.05.2006
Hmm.. bun virusul..:D
Incearca sa-ti iei un antivirus bun. Dar daca nu te lasa.. si e asha de avansat virusul asta.. probabil ca nu o sa scapi asha usor de el. Cel mai sigur si rapid e sa-ti reinstalezi windowsul.

#3
championul
Posted 17 August 2006 - 18:26

championul

    Junior Member

  • Grup: Members
  • Posts: 162
  • Înscris: 29.06.2006
am sters dll-ul acela si dupa aceea am cautat in registru numele, am sters si de acolo, am restartat calculatorul dar nod32 si bitdefender nu vor sa porneasca. Insa acum imi merge messengerul, am scanat online cu kaspersky, mi-a detectat inca un dll virusat, l-am sters si pe ala si acum scanez cu kaspersky trial si vad ca am calculatorul curat. Cred ca am rezolvat problema...Daca crede cineva ca nu am facut-o rog sa posteze aici

Multumesc

#4
Daisuke
Posted 17 August 2006 - 22:11

Daisuke

    Moderator

  • Grup: Senior Members
  • Posts: 2,173
  • Înscris: 19.01.2004
Posteaza un nou log te rog. "Virusul" tau e un trojan.

#5
championul
Posted 18 August 2006 - 07:58

championul

    Junior Member

  • Grup: Members
  • Posts: 162
  • Înscris: 29.06.2006
din pacate, daca pot spune asa, am rezolvat problema...printr-un format si instalarea unei copii noi de windows . :cursing: Multumesc celor care au incercat sa ma ajute :coolspeak:

Anunturi

Neurochirurgie minim invazivă Neurochirurgie minim invazivă

"Primum non nocere" este ideea ce a deschis drumul medicinei spre minim invaziv.

Avansul tehnologic extraordinar din ultimele decenii a permis dezvoltarea tuturor domeniilor medicinei. Microscopul operator, neuronavigația, tehnicile anestezice avansate permit intervenții chirurgicale tot mai precise, tot mai sigure. Neurochirurgia minim invazivă, sau prin "gaura cheii", oferă pacienților posibilitatea de a se opera cu riscuri minime, fie ele neurologice, infecțioase, medicale sau estetice.

www.neurohope.ro
Back to Devirusare & raportare virusi/malware

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Forumul Softpedia
  2. Soft Related / OS
  3. Antivirus & Security
  4. Devirusare & raportare virusi/malware
Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate