Trojany mnie dopadły- HELP!


(Szattanek) #1

Mam problem, padł mi na jakiś czas antywirus i dopadły mnie trojany:

  • WhAgent.exe

  • WhSurvey.exe

  • Whiehlpr.dll

jest to ponoć trojan gen {VC} OTHER

oraz infekcja Win32: Bobax-B {Wrm}

JAK SIE TEGO POZBYĆ, BO ŻADEN PROGRAM NIE MOŻE DAĆ SOBIE Z NIMI RADY :frowning:


(Musg) #2

zacznijmy od loga hijacka:

http://www.merijn.org/files/hijackthis.zip

powiedz jaki program wykrył te trojany i daj screna z ich lokalizacji


(system) #3

tryb awaryjny i skanuj swoim antywiruse, Ad-aware, Pest-Patrol,


(Szattanek) #4

przesyłam screna i co dalej??

StartupList report, 2005-06-03, 21:07:54

StartupList version: 1.52.2

Started from : F:\Documents and Settings\admin\Ustawienia lokalne\Temp\HijackThis.EXE

Detected: Windows XP Dodatek SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\explorer.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\SOUNDMAN.EXE

F:\WINDOWS\system32\PROMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

F:\Program Files\Logitech\iTouch\iTouch.exe

F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

F:\WINDOWS\system32\ctfmon.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Program Files\Messenger\msmsgs.exe

F:\WINDOWS\system32\RaConfig.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

F:\Program Files\Alwil Software\Avast4\ashServ.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

F:\WINDOWS\System32\NMSSvc.exe

F:\WINDOWS\System32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

F:\Program Files\Alwil Software\Avast4\ashWebSv.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

F:\Program Files\Gadu-Gadu\gg.exe

F:\Program Files\Opera\Opera.exe

F:\WINDOWS\system32\SLEE503.exe

F:\Program Files\Steganos Security Suite 6\sss.exe

F:\Documents and Settings\admin\Ustawienia lokalne\Temp\HijackThis.exe

F:\DOCUME~1\admin\USTAWI~1\Temp\update.tmp


Listing of startup folders:

Shell folders Common Startup:

[F]

RaConfig.lnk = F:\WINDOWS\system32\RaConfig.exe

Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE

Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

hpoddt01.exe.lnk = ?

hp psc 1000 series.lnk = ?

WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = F:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SoundMan = SOUNDMAN.EXE

NvCplDaemon = RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

PROMon.exe = PROMon.exe


Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Microsoft Internet Explorer = iexplorer.exe


Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = F:\WINDOWS\system32\ctfmon.exe

NvMediaCenter = RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

MSMSGS = "F:\Program Files\Messenger\msmsgs.exe" /background

Gadu-Gadu = "F:\Program Files\Gadu-Gadu\gg.exe" /tray

SMS Express = "C:\Program Files\SMS Express\smsexpr.exe" /tray

Anty_16BitNT Automatyczna Ochrona = F:\WINDOWS\Anty_16BitNT.exe AO

SSS6_Suite = "F:\Program Files\Steganos Security Suite 6\sss.exe" /booting

SSS6_SAFE = "F:\Program Files\Steganos Security Suite 6\safe.exe" /booting

SSS6_SPM = "F:\Program Files\Steganos Security Suite 6\spm.exe" /booting


Shell & screensaver key from F:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

Policies Shell key:

HKCU..\Policies: Shell=*Registry key not found*

HKLM..\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - F:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - F:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}


Enumerating Task Scheduler jobs:

FRU Task #Hewlett-Packard#hp psc 1200 series#1094990721.job


Enumerating Download Program Files:

[Microsoft Office Template and Media Control]

InProcServer32 = F:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL

CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[ActiveScan Installer Class]

InProcServer32 = F:\WINDOWS\Downloaded Program Files\asinst.dll

CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]

CODEBASE = http://v4.windowsupdate.microsoft.com/C ... 4830555556

[shockwave Flash Object]

InProcServer32 = F:\WINDOWS\system32\Macromed\Flash\FLASH.OCX

CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

[PopCapLoader Object]

InProcServer32 = F:\WINDOWS\Downloaded Program Files\popcaploader.dll

CODEBASE = http://www.incredigames.com/online2/zum ... der_v5.cab

[MainControl Class]

InProcServer32 = F:\WINDOWS\System32\SkanerOnline.dll

CODEBASE = http://skaner.mks.com.pl/SkanerOnline.cab


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: F:\WINDOWS\system32\SHELL32.dll

CDBurn: F:\WINDOWS\system32\SHELL32.dll

WebCheck: %system%\webcheck.dll

SysTray: F:\WINDOWS\System32\stobject.dll


End of report, 6 978 bytes

Report generated in 0,063 seconds

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only


(Szattanek) #5

Logfile of HijackThis v1.99.1

Scan saved at 22:13:15, on 2005-06-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\explorer.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\SOUNDMAN.EXE

F:\WINDOWS\system32\PROMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

F:\Program Files\Logitech\iTouch\iTouch.exe

F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

F:\WINDOWS\system32\ctfmon.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Program Files\Messenger\msmsgs.exe

F:\WINDOWS\system32\RaConfig.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

F:\Program Files\Alwil Software\Avast4\ashServ.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

F:\WINDOWS\System32\NMSSvc.exe

F:\WINDOWS\System32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

F:\Program Files\Alwil Software\Avast4\ashWebSv.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

F:\Program Files\Opera\Opera.exe

F:\WINDOWS\system32\SLEE503.exe

F:\Program Files\Steganos Security Suite 6\sss.exe

F:\Documents and Settings\admin\Ustawienia lokalne\Temp\HijackThis.exe

F:\WINDOWS\system32\notepad.exe

F:\Program Files\Gadu-Gadu\gg.exe

F:\Program Files\Windows Media Player\wmplayer.exe

F:\Documents and Settings\admin\Moje dokumenty\hijackthis.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: My Digital Kitchen Bar - {B602FDE0-843C-40D4-880D-D007FBF120D4} - F:\WINDOWS\System32\MDKTOO~1.DLL

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM..\Run: [Microsoft Internet Explorer] iexplorer.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [TkBellExe] "realsched.exe" -osboot

O4 - HKLM..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\RunServices: [Microsoft Internet Explorer] iexplorer.exe

O4 - HKCU..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [sMS Express] "C:\Program Files\SMS Express\smsexpr.exe" /tray

O4 - HKCU..\Run: [Anty_16BitNT Automatyczna Ochrona] F:\WINDOWS\Anty_16BitNT.exe AO

O4 - HKCU..\Run: [sSS6_Suite] "F:\Program Files\Steganos Security Suite 6\sss.exe" /booting

O4 - HKCU..\Run: [sSS6_SAFE] "F:\Program Files\Steganos Security Suite 6\safe.exe" /booting

O4 - HKCU..\Run: [sSS6_SPM] "F:\Program Files\Steganos Security Suite 6\spm.exe" /booting

O4 - Global Startup: RaConfig.lnk = F:\WINDOWS\system32\RaConfig.exe

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll

O9 - Extra button: MDK Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - F:\WINDOWS\System32\MDKTOO~1.DLL

O9 - Extra 'Tools' menuitem: My Digital Kitchen Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - F:\WINDOWS\System32\MDKTOO~1.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.incredigames.com/online2/zum ... der_v5.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - F:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Steganos Live Encryption Engine (Version 503) service - Unknown owner - F:\WINDOWS\system32\SLEE503.exe


(Musg) #6

leci hijackiem:

tu masz virusa:

usuwasz recznie pogrubiony wpis

dajesz raz jeszcze log

:slight_smile:

tylko zwroc uwage na pisownie:

leci taki wpis i z powyzszej lokalizacji:

iexplorer.exe


(Szattanek) #7

Dzięki za pomoc, ale to nie koniec mojego problemu. Od jakiegoś czasu nie mogę używać przeglądarki internet explorer, działa jako offline. Pojawia się natomiast okienko " Połączenie telefoniczne" wygląda to tak jak gdyby komputer chciał połaczyc się za pośrednictwem modemu, ale ja modemu nie mam od roku. Korzystam ze stalego łącza za posrednictwem drogi radiowej. Co zorbić, azeby sie tego pozbyć??


(Musg) #8

pokazujesz log po usunieciu tego cio ci podalem!!

lecisz:

po zakonczeniu usuwania wywalasz jeszcze zbedniki:

dajesz raz jeszcze log :slight_smile:


(Szattanek) #9

Logfile of HijackThis v1.99.1

Scan saved at 01:48:51, on 2005-06-04

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\explorer.exe

F:\WINDOWS\system32\spoolsv.exe

F:\WINDOWS\SOUNDMAN.EXE

F:\WINDOWS\system32\PROMon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

F:\Program Files\Logitech\iTouch\iTouch.exe

F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

F:\WINDOWS\system32\ctfmon.exe

F:\WINDOWS\system32\RUNDLL32.EXE

F:\Program Files\Messenger\msmsgs.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

F:\Program Files\Alwil Software\Avast4\ashServ.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

F:\WINDOWS\System32\NMSSvc.exe

F:\WINDOWS\System32\nvsvc32.exe

F:\WINDOWS\System32\svchost.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

F:\Program Files\Alwil Software\Avast4\ashWebSv.exe

F:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

F:\Program Files\Opera\Opera.exe

F:\WINDOWS\system32\SLEE503.exe

F:\Program Files\Steganos Security Suite 6\sss.exe

F:\Program Files\Gadu-Gadu\gg.exe

F:\Documents and Settings\admin\Moje dokumenty\hijackthis.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: My Digital Kitchen Bar - {B602FDE0-843C-40D4-880D-D007FBF120D4} - F:\WINDOWS\System32\MDKTOO~1.DLL

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Gadu-Gadu] "F:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [sMS Express] "C:\Program Files\SMS Express\smsexpr.exe" /tray

O4 - HKCU..\Run: [sSS6_Suite] "F:\Program Files\Steganos Security Suite 6\sss.exe" /booting

O4 - HKCU..\Run: [sSS6_SAFE] "F:\Program Files\Steganos Security Suite 6\safe.exe" /booting

O4 - HKCU..\Run: [sSS6_SPM] "F:\Program Files\Steganos Security Suite 6\spm.exe" /booting

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = F:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll

O9 - Extra button: MDK Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - F:\WINDOWS\System32\MDKTOO~1.DLL

O9 - Extra 'Tools' menuitem: My Digital Kitchen Bar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - F:\WINDOWS\System32\MDKTOO~1.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.incredigames.com/online2/zum ... der_v5.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - F:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - F:\WINDOWS\System32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Steganos Live Encryption Engine (Version 503) service - Unknown owner - F:\WINDOWS\system32\SLEE503.exe


(Szattanek) #10

Problem dalej jest ten sam, a wiury jak były tak dalej są :frowning:


(Musg) #11

dobrze w logu juz nic nie widac

sciagnij jescze ten program i przeskanuj nim system:

to wersja 30 dniowa ,ale niezle wymiata.Napisz jakie efekty

a czy ty czasem nie uzywasz kazzy?


(Damian) #12

:arrow: CWShredder 2.15

:arrow: SpyBot - Search & Destroy v1.4 PL

:arrow: Ad-aware SE Personal 1.05

:arrow:PestPatrol

A w tym topiku znajdziesz skanery On-Line:

http://forum.dobreprogramy.pl/viewtopic ... 347#187347


(Szattanek) #13

Dzięki za pomoc. Pozbyłem się wirusów, połączenia telefonicznego także. Nareszcie komp działa jak należy, a wszystko wróciło do normy :lol:


(Szattanek) #14

Mam jesio jeden problem z kompem w pracy. Znalazłem trojana Rbot.Gen, którego nie mogę usunąć. Ponadto pojawia się okienko z takim wpisem: " wuakomp32.exe" jak się tego pozbyć??


(Kuz5) #15

Dobrze by było jak byś zapodał loga

Pierwszym krokiem są skany:

:arrow: Panda

:arrow: Kaspersky

:arrow: mks_vir

:arrow: Trend

:arrow: Dr.Web

Dodatkowy skan programami:

:arrow: PestPatrol

:arrow: Spybot Search & Destroy 1.4

:arrow: Ad-aware SE Personal

:arrow: CWShredder

A jeżeli znasz ścieżkę do tego dziadostwa to ciachasz w trybie awaryjnym.


(Szattanek) #16

Proszę o sprawdzenie loga

Logfile of HijackThis v1.99.1

Scan saved at 12:39:00, on 2005-06-09

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\WANADOO\TaskbarIcon.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Programy\Gadu-Gadu\gg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\ISTsvc\istsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Programy\WinRAR\WinRAR.exe

C:\DOCUME~1\EWABOR~1\USTAWI~1\Temp\Rar$EX00.107\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [rGdBCGBG4] C:\WINDOWS\kuymiutm.exe

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [Microsoft Update] wuamkop32.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM..\RunServices: [Microsoft Update] wuamkop32.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Programy\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Programy\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{BFDF131E-27DF-4841-B9AD-328A9C331A40}: NameServer = 194.204.152.34 217.98.63.164

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe


(wieszak) #17

O4 - HKLM..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM..\RunServices: [Microsoft Update] wuamkop32.exe

O4 - HKLM..\Run: [rGdBCGBG4] C:\WINDOWS\kuymiutm.exe

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [Microsoft Update] wuamkop32.exe

Do wywalenia :smiley: A to na czerwono poszukaj na dysku i też aut