HijackThis - bitzanu1

verifica  daca nu ai unul si in C:\Windows\System32\drivers,

Descarca : http://www.softpedia...B-Vaccine.shtml

Apesi dupa rularea programului: Vaccinate Computer si apoi Vaccinate USB.

Daca ai mai multe stickuri/carduri faci operatia de vaccinare pentru fiecare.

[ http://www.softpedia.com/screenshots/Panda-USB-Vaccine_1.png - Pentru incarcare in pagina (embed) Click aici ]


Descarca SUPERAntiSpyware si salveaza-l pe Desktop.
Instaleaza-l, apoi deschide fereasta principala si apasa Check for Updates...
Dupa update, apasa Scan Computer...Asigura-te ca e bifat Perform Complete Scan si apasa Next.

Posteaza apoi aici rezultatele scanarii.

am facut cum ai zis tu si vad ca nu mai apare virusul..acum am incercat acelasi lucru pe un calculator..i-am bagat SUPERAntiSpyware, Malewarebytes, Panda Vaccine, si kaspersky Rescue..nu a gasit nimic, dar cand rulez HiJackThis apare "W32.Nytemare-> if you try to remove me again next time your computer getrs reformatted" ceva de genu..alte idei mai ai ? multumesc

Edited by JulotM, 29 January 2010 - 17:14.

In cazuri d'astea cu ginganii rezistente la dezinfectie de orice fel ma bazez pe THE ultimate weapon: ComboFix. Daca nici ala nu ma scapa incep sa ma ingrijorez.

Descarca: ComboFix si salveaza-l pe Desktop.

Creeaza un fisier nou de tip .txt cu Notepad si scrie in el ce e mai jos in citat:

Quote

in loc de <user> pui userul tau din Windows. Spre exemplu, daca userul tau din Windows e Cristi pui asa:

Quote

Denumeste fisierul CFScript.txt apoi trage-l peste ComboFix.exe asa cum e aratat in poza de mai jos.

[ http://users.telenet.be/bluepatchy/miekiemoes/images/CFScript.gif - Pentru incarcare in pagina (embed) Click aici ]
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI impreuna cu un nou log HiJackThis.

Edited by crysty2k5, 29 January 2010 - 18:43.

crysty2k5, on 29th January 2010, 18:43, said:

Cristi, iti multumesc pt raspuns. Din pacate acest virus mi-a dat peste cap tot windows-ul. Am pe calculator server SQL, care a fost total dat peste cap si trebuie reinstalat tot windowsul. Am scanat cu tot ce era posibil, nu m-a ajutat nimic, am urmat toti pasii recomandati pe forum, dar degeaba. Astazi ma duc sa ma uit la alt calculator infectat. Poate acolo am mai mult noroc.

Am un log malewarebytes de la alt calculator infectat cu acelasi virus. Din cate observ, are un Worm.Autorun, iar fisierul infectat este secupdat.dat. Ce reprezinta fisierul acesta, intrucat nu vreau sa pierd informatii de pe calculator dak ii dau remove:

Malwarebytes' Anti-Malware 1.44
Database version: 3662
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

1/30/2010 12:15:20 PM
log maleware bytes orhideea

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170925
Time elapsed: 14 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\magazin\secupdat.dat (Worm.Autorun) -> No action taken.
C:\Documents and Settings\magazin\Application Data\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\magazin\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.


Tot la acest calculator am un log HijackThis:

Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 12:31:42 PM, on 1/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Datecs Applications\FPrint WIN\FPrint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\TinaR\Desktop\VIRUS GABI TATARU\Hijack This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FPrintWIN] C:\Program Files\Datecs Applications\FPrint WIN\FPrint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'magazin')
O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'magazin')
O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'magazin')
O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background (User 'magazin')
O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'magazin')
O4 - HKUS\S-1-5-21-448539723-630328440-725345543-1005\..\Run: [MSConfig] C:\Documents and Settings\magazin\odnhya.exe \u (User 'magazin')
O4 - HKUS\S-1-5-21-448539723-630328440-725345543-500\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Administrator')
O4 - S-1-5-21-448539723-630328440-725345543-1005 Startup: wmitcds.exe (User 'magazin')
O4 - S-1-5-21-448539723-630328440-725345543-1005 User Startup: wmitcds.exe (User 'magazin')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://10.0.0.10/RtspVaPgDec.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193388240625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://192.168.1.126/ocx/IMMP4.cab
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\dvdhost.exe (file missing)
O23 - Service: windows MxL - Unknown owner - C:\WINDOWS\SYSTEM32\zidong1433.exe (file missing)

--
End of file - 6511 bytes






ma intereseaza daca considerati ca aceste fisiere sunt virusi:

O4 - S-1-5-21-448539723-630328440-725345543-1005 Startup: wmitcds.exe (User 'magazin')
O4 - S-1-5-21-448539723-630328440-725345543-1005 User Startup: wmitcds.exe (User 'magazin')

Urca fisierele pe virustotal apoi posteaza aici rezultatele ori da-mi intro arhiva doar prin PM acele executabile.
Nu pune pe forum arhiva.

C:\Documents and Settings\magazin\Application Data\fvgqad.dat (Malware.Trace) -> No action taken.

indica faptul ca ai asta:

http://forum.softped...howtopic=620537

Urmeaza pasii de acolo.

Edited by crysty2k5, 30 January 2010 - 12:49.

Header, on 30th January 2010, 12:46, said:

L-a scanat si are un virus, uite log de pe Virus Total.ro :

Antivirus Versiune Ultima actualizare Rezultat
a-squared 4.5.0.50 2010.01.30 -
AhnLab-V3 5.0.0.2 2010.01.30 -
AntiVir 7.9.1.154 2010.01.29 -
Antiy-AVL 2.0.3.7 2010.01.28 -
Authentium 5.2.0.5 2010.01.30 -
Avast 4.8.1351.0 2010.01.30 Win32:Hktr
AVG 9.0.0.730 2010.01.29 -
BitDefender 7.2 2010.01.30 -
CAT-QuickHeal 10.00 2010.01.30 -
ClamAV 0.96.0.0-git 2010.01.30 -
Comodo 3759 2010.01.30 -
DrWeb 5.0.1.12222 2010.01.30 Trojan.Packed.19647
eSafe 7.0.17.0 2010.01.28 -
eTrust-Vet 35.2.7271 2010.01.29 -
F-Prot 4.5.1.85 2010.01.29 -
F-Secure 9.0.15370.0 2010.01.29 -
Fortinet 4.0.14.0 2010.01.30 -
GData 19 2010.01.30 Win32:Hktr  
Ikarus T3.1.1.80.0 2010.01.30 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.960 2010.01.29 -
Kaspersky 7.0.0.125 2010.01.30 Net-Worm.Win32.Kolab.fwc
McAfee 5876 2010.01.29 -
McAfee+Artemis 5876 2010.01.29 Artemis!A3E2D6DC3A18
McAfee-GW-Edition 6.8.5 2010.01.30 Heuristic.BehavesLike.Win32.CodeInjection.H
Microsoft 1.5406 2010.01.30 -
NOD32 4819 2010.01.30 a variant of Win32/Injector.ATI
Norman 6.04.03 2010.01.30 -
nProtect 2009.1.8.0 2010.01.30 -
Panda 10.0.2.2 2010.01.29 Suspicious file
PCTools 7.0.3.5 2010.01.30 -
Rising 22.32.05.04 2010.01.30 -
Sophos 4.50.0 2010.01.30 Troj/LoDrop-Gen
Sunbelt 3.2.1858.2 2010.01.30 -
Symantec 20091.2.0.41 2010.01.30 -
TheHacker 6.5.1.0.172 2010.01.30 Trojan/Injector.ati
TrendMicro 9.120.0.1004 2010.01.30 -
VBA32 3.12.12.1 2010.01.29 -
ViRobot 2010.1.30.2164 2010.01.30 -
VirusBuster 5.0.21.0 2010.01.29 -
Informatii suplimentare
File size: 202247 bytes
MD5   : a3e2d6dc3a18d40d7feb76aaf172d0c9
SHA1  : c242b91010b09b1c8e85e6525c3ca00e0868bd1f
SHA256: 6e53de06af54bdd33a956874abf7e1d0d2194d9f93926532b3aaa7aeabce3df2
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xA517
timedatestamp.....: 0x4B5F6337 (Tue Jan 26 22:48:39 2010)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xF284 0xF400 6.37 4137221d5fc4fd96357442549a975951
.rdata 0x11000 0x1B20 0x1C00 5.47 1cf5784e3d09f75de708ec3540d8bd07
.data 0x13000 0x1C60 0x1200 3.43 4794c377febc33cbbca8c089d27dc92a
.rsrc 0x15000 0x1B4 0x200 5.09 f04f9ac5778da20093f41bec5000d6c3

( 2 imports )

> kernel32.dll: GetProcAddress, GetModuleHandleA, GetLastError, HeapFree, HeapAlloc, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetLocaleInfoA, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW
> user32.dll: MessageBoxA, wsprintfA

( 0 exports )

TrID  : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 3072:+MuLpiaf0DF/0N5mjIrHmJk7IPqXNyoeHsWhyuhrU2aRn1XIAlIQFwjBWqdch21y:xQGTjgHmJoIP7uulUfXXmQFwj0H
hD
Prevx Info: http://info.prevx.co...F5E7800F53CCBFE
PEiD  : -
RDS   : NSRL Reference Data Set
-


SFATURI ?

Vad ca e detectat de Kaspersky 7.0.0.125 2010.01.30 Net-Worm.Win32.Kolab.fwc .

Scaneaza full cu asta:

http://www.softpedia...oval-Tool.shtml

crysty2k5, on 30th January 2010, 12:56, said:

Scanez in safe mode cu Kaspersky?

Poti si in Normal, nu neaparat in Safe Mode.

Doar daca nu merge in normal scanezi cu acel tool in Safe Mode.

crysty2k5, on 30th January 2010, 13:17, said:

Alta intrebare: are ceva dak sterg folderul Content.IE5? acolo a gasit niste troiani. si in C://Widnows/Temp..are ceva dak le sterg?
Apoi, alta intrebare: dak nu imi detecteaza O4 - S-1-5-21-448539723-630328440-725345543-1005 Startup: wmitcds.exe, care e in startup, il sterg manual ? Multumesc

Poate sa ma ajute cineva, sa imi spune dak pot sterge chestiile astea 2 din HiJackThis:

O4 - S-1-5-21-448539723-630328440-725345543-1005 Startup: wmitcds.exe (User 'magazin')
O4 - S-1-5-21-448539723-630328440-725345543-1005 User Startup: wmitcds.exe (User 'magazin')

Le-am pus pe virustotal.com si unele au detectat ca e virus, am scanat cu Kaspersky Virus Removal Tool si nu l-a gasit..daca ii dau Delete cu HiJackThis, e o problema??

Totodata, e indicat sa sterg folderul Content.IE5 ? am avut nsite troieni pe acolo detectati de Kaspersky Rem Tool. Mersi

http://www.prevx.com...MITCDS.EXE.html

Sunt infectatem bifeaza-le si fixeaza-le cu HiJackThis.

Poti sa stergi continutul folderului Content.IE5

Uite aici cum:

http://www.f-prot.co...in_faq/122.html

un nou log Hijack this dupa ce am sters wmitcds.exe:

Logfile of Trend Micro HiJackThis v2.0.2
Scan saved at 6:31:35 PM, on 1/30/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Datecs Applications\FPrint WIN\FPrint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\magazin\Desktop\Hijack This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://target.tinar.ro/target.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FPrintWIN] C:\Program Files\Datecs Applications\FPrint WIN\FPrint.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\magazin\odnhya.exe \u
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://10.0.0.10/RtspVaPgDec.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193388240625
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E62D1A95-8299-4B94-85D0-731DC125A60D} (IMMP4Control Control) - http://192.168.1.126/ocx/IMMP4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Microsoft Agent - Unknown owner - C:\WINDOWS\system32\dllcache\dvdhost.exe (file missing)
O23 - Service: MSSQLSERVER - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE (file missing)
O23 - Service: windows MxL - Unknown owner - C:\WINDOWS\SYSTEM32\zidong1433.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/magazin/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 6593 bytes


E curat?

Edited by JulotM, 30 January 2010 - 18:38.

Bifeaza si apasa Fix checked in HiJackThis pentru:

Quote

Descarca Dr. Web CureIT, ruleaza-l si scaneaza full (Complete Scan). La sfârsit dezinfectezi/stergi si salvezi logul (File -> Save report list) pe care-l postezi aici.

Edited by JulotM, 30 January 2010 - 18:47.