Log kumpla-->wirus

bartas · 25 Luty 2006 18:20

prosze o sprawdzenie loga kumpla bo zlapal jakiegos wirusa ktory blokuje wszystkie pliki exe i nic nie idzie wlaczyc.

Logfile of HijackThis v1.99.1 Scan saved at 19:18:11, on 2006-02-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Wintab32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Power Manager\PM.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\Creative\Mouse Optical\mouse_2k.exe C:\WINDOWS\system32\ZPOINT32.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashChest.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Leszek\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donquijote.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM…\Run: [ProgramPath] C:\Program Files\Power Manager\PM.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Agrsmmsg] AGRSMMSG.exe O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM…\Run: [VTTimer] VTTimer.exe O4 - HKLM…\Run: [VTTrayp] VTtrayp.exe O4 - HKLM…\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe O4 - HKLM…\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad O4 - HKLM…\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{4B4C3649-EE5F-4242-B720-1B10D67E8226}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{C6779E68-92DA-4123-B983-28F67C86EA6C}: NameServer = 194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{4B4C3649-EE5F-4242-B720-1B10D67E8226}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Gutek · 25 Luty 2006 18:37

Ja nic nie widzę, użyj -UnHookExec.inf -

który odblokuje uruchamianie exe. Po ściągnięciu pliku UnHookExec.inf na dysk należy kliknąć na niego prawym i wybrać opcję Instaluj. Nic się nie pokaże bo to nie jest żadna instalacja.

FlashGet próbowałeś usunąć?

bartas · 25 Luty 2006 19:03

a teraz moze cos? bo te pliki zawiruszone byly pod kwarantanna avasta.

jakby co to wirus ponoc nazywa sie Win32:Jeefo.

Logfile of HijackThis v1.99.1 Scan saved at 20:00:54, on 2006-02-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Wintab32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Power Manager\PM.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE C:\Program Files\Creative\Mouse Optical\mouse_2k.exe C:\WINDOWS\system32\ZPOINT32.exe C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashChest.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Leszek\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.donquijote.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=explorer.exe O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM…\Run: [ProgramPath] C:\Program Files\Power Manager\PM.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Agrsmmsg] AGRSMMSG.exe O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM…\Run: [VTTimer] VTTimer.exe O4 - HKLM…\Run: [VTTrayp] VTtrayp.exe O4 - HKLM…\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe O4 - HKLM…\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad O4 - HKLM…\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{4B4C3649-EE5F-4242-B720-1B10D67E8226}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{C6779E68-92DA-4123-B983-28F67C86EA6C}: NameServer = 194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{4B4C3649-EE5F-4242-B720-1B10D67E8226}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

da rade cos z tym zrobic?

Gutek · 25 Luty 2006 19:06

No powinien być wpis

ale nie ma, usuwacz do Jefoo

bartas · 25 Luty 2006 19:36

sciagnales ten programik co podales i…

nie nastraja optymistycznie.

da rade cos zrobic z tym?

Gutek · 25 Luty 2006 20:07

Użyj teraz scanerów online - Scanery do wyboru

bartas · 25 Luty 2006 20:15

moglbys sie do mojego kumpla odezwac na gg w tej sprawie? 4532507