Mam wirusa! prosze o pomoc!


(Lukas 1) #1

strasznie mi muli kompa. do mojego komputera jest podlaczony drugi komp i to pewnie od niego mam non stop badziewia.

jak zabepieczyc komputery??moj ma zone alarm i avasta, a drugi nic nie ma.

oto moj log

Logfile of HijackThis v1.98.2

Scan saved at 17:09:45, on 2005-01-05

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

C:\PROGRA~1\Eyeball\EYEBAL~1\EyeballChat.exe

C:\Program Files\Opera\opera.exe

D:\Programy\Firewalle i ochrona\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [ETD Security Scanner] "C:\Program Files\ETD Security Scanner\ETD Security Scanner.exe" /s

O4 - HKCU..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart

O4 - HKCU..\Run: [Eyeball Chat] C:\PROGRA~1\Eyeball\EYEBAL~1\EyeballChat.exe -min

O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6834485656

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://www.toolbar.google.com/data/pl/b ... gleNav.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - http://www.wrotamalopolski.pl/cms/Wrota ... rdhtml.cab

O17 - HKLM\System\CCS\Services\Tcpip..{9F76CBDC-4558-4737-8910-7DD86D47E039}: NameServer = 194.204.152.34 217.98.63.164

prosze o fachowa pomoc!!


(Adarek) #2

Log masz czysty

Wejdz w msconfig , na zakładce uruchamianie wyłacz emule.

Czy od razu na starcie coś pobierasz ?? Potrzebne Ci to ?? . Muli jak diabli.

Można jeszcze stamtąd wywalić Skype , Gadu-Gadu , PowerDVD Wszystko to na starci ładuje sie od razu na łacza i muli , zatyka.

Odchacz co trzeba restartuj kompa i daj loga z wetsji HijackThis v1.99.0

http://www.merijn.org/downloads.html

Zobaczymy co w nim widać .

Na drugim mie można dać Pandy, np ?? Działa darmowo przez 90 dni

Jest antywirem + wbudowany Firewal

http://www.pspolska.pl/download/downloa ... ?prod=plat


(Lukas 1) #3

P.S.

GG uzywam, skype tez, a power DVD nie widzialem ze mi sie ururchamia z systemem. Ale gafa - ale juz to wyprostowalem.

oto log z tego nowego HAJDŻEKA

Logfile of HijackThis v1.99.0

Scan saved at 18:37:45, on 2005-01-05

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Opera\opera.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Dropsik\USTAWI~1\Temp\Rar$EX00.734\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe

O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6834485656

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://www.toolbar.google.com/data/pl/b ... gleNav.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - http://www.wrotamalopolski.pl/cms/Wrota ... rdhtml.cab

O17 - HKLM\System\CCS\Services\Tcpip..{9F76CBDC-4558-4737-8910-7DD86D47E039}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


(Damian) #4
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} (Microsoft CMS HTML Editor Toolbar) - http://www.wrotamalopolski.pl/cms/Wrota2/CMS/WebAuthor/Client/PlaceholderControl Support/nrdhtml.cab

Nic więcej nie widac.


(Lukas 1) #5

a to co to jest??

bo ja bym to chetnie unicestwil


(Adarek) #6

NPDocBox.dll >>> nie szkodliwy dodatek Adobe Acrobat do IE.

No i co z tego ? Ja też !!

Ale nie mam właczone na starcie , ani wszystkie naraz .

A o emule nic nie powiesz ?? ?? Moż ciągnieci plik na maxa i to z dwóch naraz . I Miszlisz że ma być wtedy OK ?? :smiley:

Dalej ci muli ?? no to leć na :

http://skaner.mks.com.pl/

http://security.symantec.com/sscv6/defa ... venid=sym

http://www.pandasoftware.com/activescan ... IdPais=152

http://www.pestscan.com/

http://www.spywareinfo.com/xscan.php

http://www.webroot.com/services/spyaudit_03.htm

http://pl.trendmicro-europe.com/consume ... ll_pre.php

http://www.windowsecurity.com/trojanscan/

http://support.f-secure.com/enu/home/ols.shtml

http://www.ravantivirus.com/scan/

http://www.bitdefender.com/scan/licence.php

http://www.kaspersky.com/remoteviruschk.html

Jak nic nie znajdą to to nie wirusy.