![]() |
Chirurgia endoscopică a hipofizei
"Standardul de aur" în chirurgia hipofizară îl reprezintă endoscopia transnazală transsfenoidală. Echipa NeuroHope este antrenată în unul din cele mai mari centre de chirurgie a hipofizei din Europa, Spitalul Foch din Paris, centrul în care a fost introdus pentru prima dată endoscopul în chirurgia transnazală a hipofizei, de către neurochirurgul francez Guiot. Pe lângă tumorile cu origine hipofizară, prin tehnicile endoscopice transnazale pot fi abordate numeroase alte patologii neurochirurgicale. www.neurohope.ro |
HijackThis - bitzanu1
Last Updated: Jan 30 2010 23:17, Started by
bitzanu1
, Jan 27 2010 13:22
·
0
![](https://forum.softpedia.com//public/style_images/classic/icon_users.png)
#37
Posted 28 January 2010 - 17:57
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
verifica daca nu ai unul si in C:\Windows\System32\drivers,
|
#38
Posted 28 January 2010 - 18:29
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Descarca : http://www.softpedia...B-Vaccine.shtml
Apesi dupa rularea programului: Vaccinate Computer si apoi Vaccinate USB. Daca ai mai multe stickuri/carduri faci operatia de vaccinare pentru fiecare. [ http://www.softpedia.com/screenshots/Panda-USB-Vaccine_1.png - Pentru incarcare in pagina (embed) Click aici ] Descarca SUPERAntiSpyware si salveaza-l pe Desktop. Instaleaza-l, apoi deschide fereasta principala si apasa Check for Updates... Dupa update, apasa Scan Computer...Asigura-te ca e bifat Perform Complete Scan si apasa Next. Posteaza apoi aici rezultatele scanarii. |
#39
Posted 29 January 2010 - 14:06
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
am facut cum ai zis tu si vad ca nu mai apare virusul..acum am incercat acelasi lucru pe un calculator..i-am bagat SUPERAntiSpyware, Malewarebytes, Panda Vaccine, si kaspersky Rescue..nu a gasit nimic, dar cand rulez HiJackThis apare "W32.Nytemare-> if you try to remove me again next time your computer getrs reformatted" ceva de genu..alte idei mai ai ? multumesc
Edited by JulotM, 29 January 2010 - 17:14. |
#41
Posted 29 January 2010 - 18:43
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Descarca: ComboFix si salveaza-l pe Desktop.
Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat: Quote File:: C:\Documents and Settings\<user>\bulsus.exe C:\Documents and Settings\<user>\cwwc.exe C:\WINDOWS\system32\drivers\ndisvvan.sys C:\WINDOWS\system32\drivers\qwxkqsvf.sys C:\WINDOWS\system32\secupdat.dat C:\WINDOWS\system32\wmisftd.exe in loc de <user> pui userul tau din Windows. Spre exemplu, daca userul tau din Windows e Cristi pui asa: Quote C:\Documents and Settings\Cristi\bulsus.exe C:\Documents and Settings\Cristi\cwwc.exe [ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ] Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI impreuna cu un nou log HiJackThis. Edited by crysty2k5, 29 January 2010 - 18:43. |
#42
Posted 30 January 2010 - 09:49
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Descarca: ComboFix si salveaza-l pe Desktop. Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat: in loc de <user> pui userul tau din Windows. Spre exemplu, daca userul tau din Windows e Cristi pui asa: Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos. [ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ] Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI impreuna cu un nou log HiJackThis. Cristi, iti multumesc pt raspuns. Din pacate acest virus mi-a dat peste cap tot windows-ul. Am pe calculator server SQL, care a fost total dat peste cap si trebuie reinstalat tot windowsul. Am scanat cu tot ce era posibil, nu m-a ajutat nimic, am urmat toti pasii recomandati pe forum, dar degeaba. Astazi ma duc sa ma uit la alt calculator infectat. Poate acolo am mai mult noroc. ![]() |
#43
Posted 30 January 2010 - 12:34
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Am un log malewarebytes de la alt calculator infectat cu acelasi virus. Din cate observ, are un Worm.Autorun, iar fisierul infectat este secupdat.dat. Ce reprezinta fisierul acesta, intrucat nu vreau sa pierd informatii de pe calculator dak ii dau remove:
Malwarebytes' Anti-Malware 1.44 Database version: 3662 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 1/30/2010 12:15:20 PM log maleware bytes orhideea Scan type: Full Scan (C:\|D:\|) Objects scanned: 170925 Time elapsed: 14 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\magazin\secupdat.dat (Worm.Autorun) -> No action taken. C:\Documents and Settings\magazin\Application Data\avdrn.dat (Malware.Trace) -> No action taken. C:\Documents and Settings\magazin\Application Data\fvgqad.dat (Malware.Trace) -> No action taken. Tot la acest calculator am un log HijackThis: Logfile of Trend Micro HiJackThis v2.0.2 Scan saved at 12:31:42 PM, on 1/30/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Datecs Applications\FPrint WIN\FPrint.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Documents and Settings\TinaR\Desktop\VIRUS GABI TATARU\Hijack This.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [FPrintWIN] C:\Program Files\Datecs Applications\FPrint WIN\FPrint.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'magazin') O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'magazin') O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'magazin') O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background (User 'magazin') O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'magazin') O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [MSConfig] C:\Documents and Settings\magazin\odnhya.exe \u (User 'magazin') O4 - HKUS\S-1-5-21-448539723-630328440-725345543-500\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Administrator') O4 - S-1-5-21-448539723-630328440-725345543-1005 Startup: wmitcds.exe (User 'magazin') O4 - S-1-5-21-448539723-630328440-725345543-1005 User Startup: wmitcds.exe (User 'magazin') O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://10.0.0.10/RtspVaPgDec.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193388240625 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://192.168.1.126/ocx/IMMP4.cab O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\dvdhost.exe (file missing) O23 - Service: windows MxL - Unknown owner - C:\WINDOWS\SYSTEM32\zidong1433.exe (file missing) -- End of file - 6511 bytes ma intereseaza daca considerati ca aceste fisiere sunt virusi: O4 - S-1-5-21-448539723-630328440-725345543-1005 Startup: wmitcds.exe (User 'magazin') O4 - S-1-5-21-448539723-630328440-725345543-1005 User Startup: wmitcds.exe (User 'magazin') |
#44
Posted 30 January 2010 - 12:46
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Urca fisierele pe virustotal apoi posteaza aici rezultatele ori da-mi intro arhiva doar prin PM acele executabile.
Nu pune pe forum arhiva. |
#45
Posted 30 January 2010 - 12:49
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
C:\Documents and Settings\magazin\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.
indica faptul ca ai asta: http://forum.softped...howtopic=620537 Urmeaza pasii de acolo. Edited by crysty2k5, 30 January 2010 - 12:49. |
#46
Posted 30 January 2010 - 12:52
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Urca fisierele pe virustotal apoi posteaza aici rezultatele ori da-mi intro arhiva doar prin PM acele executabile. Nu pune pe forum arhiva. L-a scanat si are un virus, uite log de pe Virus Total.ro : Antivirus Versiune Ultima actualizare Rezultat a-squared 4.5.0.50 2010.01.30 - AhnLab-V3 5.0.0.2 2010.01.30 - AntiVir 7.9.1.154 2010.01.29 - Antiy-AVL 2.0.3.7 2010.01.28 - Authentium 5.2.0.5 2010.01.30 - Avast 4.8.1351.0 2010.01.30 Win32:Hktr AVG 9.0.0.730 2010.01.29 - BitDefender 7.2 2010.01.30 - CAT-QuickHeal 10.00 2010.01.30 - ClamAV 0.96.0.0-git 2010.01.30 - Comodo 3759 2010.01.30 - DrWeb 5.0.1.12222 2010.01.30 Trojan.Packed.19647 eSafe 7.0.17.0 2010.01.28 - eTrust-Vet 35.2.7271 2010.01.29 - F-Prot 4.5.1.85 2010.01.29 - F-Secure 9.0.15370.0 2010.01.29 - Fortinet 4.0.14.0 2010.01.30 - GData 19 2010.01.30 Win32:Hktr Ikarus T3.1.1.80.0 2010.01.30 - Jiangmin 13.0.900 2010.01.28 - K7AntiVirus 7.10.960 2010.01.29 - Kaspersky 7.0.0.125 2010.01.30 Net-Worm.Win32.Kolab.fwc McAfee 5876 2010.01.29 - McAfee+Artemis 5876 2010.01.29 Artemis!A3E2D6DC3A18 McAfee-GW-Edition 6.8.5 2010.01.30 Heuristic.BehavesLike.Win32.CodeInjection.H Microsoft 1.5406 2010.01.30 - NOD32 4819 2010.01.30 a variant of Win32/Injector.ATI Norman 6.04.03 2010.01.30 - nProtect 2009.1.8.0 2010.01.30 - Panda 10.0.2.2 2010.01.29 Suspicious file PCTools 7.0.3.5 2010.01.30 - Rising 22.32.05.04 2010.01.30 - Sophos 4.50.0 2010.01.30 Troj/LoDrop-Gen Sunbelt 3.2.1858.2 2010.01.30 - Symantec 20091.2.0.41 2010.01.30 - TheHacker 6.5.1.0.172 2010.01.30 Trojan/Injector.ati TrendMicro 9.120.0.1004 2010.01.30 - VBA32 3.12.12.1 2010.01.29 - ViRobot 2010.1.30.2164 2010.01.30 - VirusBuster 5.0.21.0 2010.01.29 - Informatii suplimentare File size: 202247 bytes MD5 : a3e2d6dc3a18d40d7feb76aaf172d0c9 SHA1 : c242b91010b09b1c8e85e6525c3ca00e0868bd1f SHA256: 6e53de06af54bdd33a956874abf7e1d0d2194d9f93926532b3aaa7aeabce3df2 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xA517 timedatestamp.....: 0x4B5F6337 (Tue Jan 26 22:48:39 2010) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xF284 0xF400 6.37 4137221d5fc4fd96357442549a975951 .rdata 0x11000 0x1B20 0x1C00 5.47 1cf5784e3d09f75de708ec3540d8bd07 .data 0x13000 0x1C60 0x1200 3.43 4794c377febc33cbbca8c089d27dc92a .rsrc 0x15000 0x1B4 0x200 5.09 f04f9ac5778da20093f41bec5000d6c3 ( 2 imports ) > kernel32.dll: GetProcAddress, GetModuleHandleA, GetLastError, HeapFree, HeapAlloc, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetLocaleInfoA, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW > user32.dll: MessageBoxA, wsprintfA ( 0 exports ) TrID : File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) ssdeep: 3072:+MuLpiaf0DF/0N5mjIrHmJk7IPqXNyoeHsWhyuhrU2aRn1XIAlIQFwjBWqdch21y:xQGTjgHmJoIP7uulUfXXmQFwj0H hD Prevx Info: http://info.prevx.co...F5E7800F53CCBFE PEiD : - RDS : NSRL Reference Data Set - SFATURI ? ![]() |
|
#47
Posted 30 January 2010 - 12:56
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Vad ca e detectat de Kaspersky 7.0.0.125 2010.01.30 Net-Worm.Win32.Kolab.fwc .
Scaneaza full cu asta: http://www.softpedia...oval-Tool.shtml |
#48
Posted 30 January 2010 - 13:02
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Vad ca e detectat de Kaspersky 7.0.0.125 2010.01.30 Net-Worm.Win32.Kolab.fwc . Scaneaza full cu asta: http://www.softpedia...oval-Tool.shtml Scanez in safe mode cu Kaspersky? |
#49
Posted 30 January 2010 - 13:17
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Poti si in Normal, nu neaparat in Safe Mode.
Doar daca nu merge in normal scanezi cu acel tool in Safe Mode. |
#50
Posted 30 January 2010 - 13:26
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Poti si in Normal, nu neaparat in Safe Mode. Doar daca nu merge in normal scanezi cu acel tool in Safe Mode. Alta intrebare: are ceva dak sterg folderul Content.IE5? acolo a gasit niste troiani. si in C://Widnows/Temp..are ceva dak le sterg? Apoi, alta intrebare: dak nu imi detecteaza O4 - S-1-5-21-448539723-630328440-725345543-1005 Startup: wmitcds.exe, care e in startup, il sterg manual ? Multumesc |
#51
Posted 30 January 2010 - 14:11
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Poate sa ma ajute cineva, sa imi spune dak pot sterge chestiile astea 2 din HiJackThis:
O4 - S-1-5-21-448539723-630328440-725345543-1005 Startup: wmitcds.exe (User 'magazin') O4 - S-1-5-21-448539723-630328440-725345543-1005 User Startup: wmitcds.exe (User 'magazin') Le-am pus pe virustotal.com si unele au detectat ca e virus, am scanat cu Kaspersky Virus Removal Tool si nu l-a gasit..daca ii dau Delete cu HiJackThis, e o problema?? Totodata, e indicat sa sterg folderul Content.IE5 ? am avut nsite troieni pe acolo detectati de Kaspersky Rem Tool. Mersi |
|
#52
Posted 30 January 2010 - 14:42
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
http://www.prevx.com...MITCDS.EXE.html
Sunt infectatem bifeaza-le si fixeaza-le cu HiJackThis. Poti sa stergi continutul folderului Content.IE5 Uite aici cum: http://www.f-prot.co...in_faq/122.html |
#53
Posted 30 January 2010 - 18:37
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
un nou log Hijack this dupa ce am sters wmitcds.exe:
Logfile of Trend Micro HiJackThis v2.0.2 Scan saved at 6:31:35 PM, on 1/30/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Datecs Applications\FPrint WIN\FPrint.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\magazin\Desktop\Hijack This.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://target.tinar.ro/target.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [FPrintWIN] C:\Program Files\Datecs Applications\FPrint WIN\FPrint.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\magazin\odnhya.exe \u O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://10.0.0.10/RtspVaPgDec.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193388240625 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://192.168.1.126/ocx/IMMP4.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\dvdhost.exe (file missing) O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (file missing) O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (file missing) O23 - Service: windows MxL - Unknown owner - C:\WINDOWS\SYSTEM32\zidong1433.exe (file missing) O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/magazin/LOCALS~1/Temp/msohtml1/01/clip_image002.gif -- End of file - 6593 bytes E curat? Edited by JulotM, 30 January 2010 - 18:38. |
#54
Posted 30 January 2010 - 18:47
![](https://forum.softpedia.com//public/style_images/classic/post_offline.png)
Bifeaza si apasa Fix checked in HiJackThis pentru:
Quote O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\magazin\odnhya.exe \u O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\dvdhost.exe (file missing) O23 - Service: windows MxL - Unknown owner - C:\WINDOWS\SYSTEM32\zidong1433.exe (file missing) O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/magazin/LOCALS~1/Temp/msohtml1/01/clip_image002.gif Descarca Dr. Web CureIT, ruleaza-l si scaneaza full (Complete Scan). La sfârsit dezinfectezi/stergi si salvezi logul (File -> Save report list) pe care-l postezi aici. Edited by JulotM, 30 January 2010 - 18:47. |
Anunturi
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users