Miałem wirusa.Sprawdźcie loga


(Jacek Krawczyk1) #1

Logfile of HijackThis v1.98.2

Scan saved at 16:13:16, on 04-11-11

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ATI2EVXX.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

D:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE

C:\WINDOWS\EXPLORER.EXE

D:\PROGRAM FILES\ESET\NOD32KRN.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE

D:\PROGRAM FILES\ESET\NOD32KUI.EXE

C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE

C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE

C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE

C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE

C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE

C:\PROGRAM FILES\WINDOWS ADTOOLS\WINRATCHET.EXE

C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\WEB_REBATES\WEBREBATES1.EXE

C:\PROGRAM FILES\WEB_REBATES\WEBREBATES0.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE

C:\PROGRAM FILES\WANADOO\COMCOMP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\WANADOO\WATCH.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

D:\GADU-GADU\GG.EXE

D:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [MMCWINMGMT] C:\WINDOWS\SYSTEM\wbem\winmgmt.exe

O4 - HKLM..\Run: [autoclk] autoclk.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM..\Run: [nod32kui] d:\Program Files\Eset\nod32kui.exe /WAITSERVICE

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot

O4 - HKLM..\Run: [Windows AdTools] C:\PROGRAM FILES\WINDOWS ADTOOLS\WINADTOOLS.EXE

O4 - HKLM..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [ATIPOLL] ati2evxx.exe

O4 - HKLM..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe

O4 - HKLM..\RunServices: [MicrosoftWBEMCIMObjectManager] C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

O4 - HKLM..\RunServices: [PersFw] "d:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide

O4 - HKLM..\RunServices: [NOD32kernel] d:\Program Files\Eset\nod32krn.exe

O4 - HKCU..\Run: [Gadu-Gadu] "D:\GADU-GADU\GG.EXE" /tray

O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab

O16 - DPF: {5F874A6F-8B34-433D-BA4B-47AC91C0567F} (MailCfg Control) - https://poczta.wp.pl/autoryzacja/mailcfg2.ocx

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_21.cab

O16 - DPF: {A1FE3DEF-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Pirate) - http://67.15.101.3/g_bin/pl/pirate_2_0_0_18.cab

O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.3/g_bin/pl/navy_2_0_0_16.cab

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_55.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_14.cab

O16 - DPF: {AD7013FF-1D9A-4F36-94A6-3CD408A663F9} (GameDesire BreakOut) - http://67.15.101.3/g_bin/pl/breakout_2_0_0_15.cab

O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C6} (GameDesire Pool 8UK) - http://67.15.101.3/g_bin/pl/billard8UK_2_0_0_21.cab

O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/pl/mahjong_2_0_0_17.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C3} (GameDesire Pool 14) - http://67.15.101.3/g_bin/pl/billard14_2_0_0_21.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file. ... 8828e4f747

Oto mój log.Miałem trojana na kompie,ale niepamiętam nazwy,ale plik wirusa nazywał się"saml.exe".Może w logu są jeszcze pozostałości Wirusa wykrył NOD32 lecz niemógł go usunąć.Plik usunołem ręcznie w awaryjnym.


(Xiao19) #2

zawsze tak robisz moze to byl falszywy alarm, staraj sie potwierdzac wynik innymi skanerami AV

--F-Secure--

http://support.f-secure.com/enu/home/ols.shtml

--GeCAD (RAV)--

http://www.ravantivirus.com/scan/

--Softwin (BitDefender)--

http://www.bitdefender.com/scan/licence.php

a co do Loga to kasujesz tak

O4 - HKLM..\Run: [WebRebates0] "C:\PROGRAM FILES\WEB_REBATES\WebRebates0.exe"

O8 - Extra context menu item: Web Rebates - file://C**** :\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm

(szpieg)

robisz Update Pesta i skanujesz nim partycje C:\

jak nic niewykrje sciagasz

Spybot Search and Destroy V1.3.2b

http://js-http.skycn.net:8181/down/spybotsd132b.exe

/mirror/

http://xj-http.skycn.net:8080/down/spybotsd132b.exe

dalej skan skanerami AV

:wink: :wink:


(Jacek Krawczyk1) #3

śćiągnołem Spybota usunął mi kupe róznego syfu adaware se tez miałem nawet jakies 3 procesy 1 moduł i jeszcze wiele innych mks online nieznalazł nic nod32 tez nic jak skanowałem online F Secure to monitor mi przeszedł w stan czuwania i musiałem reset zrobic ale to było przed usunieciem tego syfu oto log obecny

Logfile of HijackThis v1.98.2

Scan saved at 19:16:25, on 04-11-11

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\ATI2EVXX.EXE

C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

D:\PROGRAM FILES\KERIO\PERSONAL FIREWALL\PERSFW.EXE

D:\PROGRAM FILES\ESET\NOD32KRN.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE

D:\PROGRAM FILES\ESET\NOD32KUI.EXE

C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE

C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE

C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE

D:\GADU-GADU\GG.EXE

C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\WANADOO\ESPACEWANADOO.EXE

C:\PROGRAM FILES\WANADOO\COMCOMP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\PROGRAM FILES\WANADOO\WATCH.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

D:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [MMCWINMGMT] C:\WINDOWS\SYSTEM\wbem\winmgmt.exe

O4 - HKLM..\Run: [autoclk] autoclk.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM..\Run: [nod32kui] d:\Program Files\Eset\nod32kui.exe /WAITSERVICE

O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM..\RunServices: [ATIPOLL] ati2evxx.exe

O4 - HKLM..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe

O4 - HKLM..\RunServices: [MicrosoftWBEMCIMObjectManager] C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE

O4 - HKLM..\RunServices: [PersFw] "d:\Program Files\Kerio\Personal Firewall\persfw.exe" /hide

O4 - HKLM..\RunServices: [NOD32kernel] d:\Program Files\Eset\nod32krn.exe

O4 - HKCU..\Run: [Gadu-Gadu] "D:\GADU-GADU\GG.EXE" /tray

O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab