Wirus> LOG


(Błażej) #1

W czasie “surfowania” po internecie władował mi virus Trojan Downloader Agent Acd. Mój ArcaVir nie mógł go usunąć ani przenieść do kwarantanny ale po późniejszym skanowaniu systemu już go niebyło.

Żeby się upewnić że nic niemam daje loga do sprawdzenia:

Logfile of HijackThis v1.99.1

Scan saved at 15:42:31, on 06-01-08

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOW\SYSTEM\KERNEL32.DLL

C:\WINDOW\SYSTEM\MSGSRV32.EXE

C:\WINDOW\SYSTEM\MPREXE.EXE

C:\WINDOW\SYSTEM\mmtask.tsk

C:\WINDOW\SYSTEM\MSTASK.EXE

C:\PROGRAM FILES\ARCAVIR\BIN\NETMONSV.EXE

C:\WINDOW\EXPLORER.EXE

C:\WINDOW\SYSTEM\LVCOMS.EXE

C:\WINDOW\SYSTEM\STIMON.EXE

C:\PROGRAM FILES\ARCAVIR\BIN\ABMENU.EXE

C:\PROGRAM FILES\ARCAVIR\BIN\AVMON.EXE

C:\PROGRAM FILES\ARCAVIR\BIN\ABREGMON.EXE

C:\PROGRAM FILES\ARCAVIR\BIN\ARCASCAN.EXE

C:\PROGRAM FILES\NEOSTRADA TP\NEOSTRADATP.EXE

C:\PROGRAM FILES\NEOSTRADA TP\COMCOMP.EXE

C:\WINDOW\SYSTEM\TAPISRV.EXE

C:\WINDOW\SYSTEM\RNAAPP.EXE

C:\PROGRAM FILES\NEOSTRADA TP\WATCH.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOW\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\PERFECT SERIES\OPTICAL MOUSE\3.0\MOUSE32A.EXE

C:\WINDOW\SYSTEM\PSTORES.EXE

C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE

C:\WINDOW\PULPIT\HIJACKTHIS.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOW\SYSTEM\SAFEIE.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOW\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOW\SYSTEM\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [LVComs] C:\WINDOW\SYSTEM\LVComS.exe

O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOW\SYSTEM\STIMON.EXE

O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe

O4 - HKLM\..\Run: [AVMON] C:\Program Files\ArcaVir\Bin\AVMon.exe

O4 - HKLM\..\Run: [ABREGMON] C:\PROGRAM FILES\ARCAVIR\BIN\ABregmon.exe

O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [ABNetMon] C:\PROGRAM FILES\ARCAVIR\BIN\NETMONSV.EXE

O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta - C:\PROGRAM FILES\WELLGET\nxall.htm

O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\PROGRAM FILES\WELLGET\nxcatch.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Program Files\WellGet\WellGet.exe

O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

O12 - Plugin for .3gp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_24.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab

(Gutek) #2

Jest Ok :wink:


(Błażej) #3

A wiesz może od czego jest ten wpis?


(Gutek) #4

Tak od Protected Storage Service