4 wirusy i inne problemy

11.01.05, 19:29
zaczne od standartu
system xp
przeskanowalem mks wykryl kilkanascie wirusow z czego 4 zostaly
winServAd.exe - adware.winadd
deskadcomm.dll - adware.deskad.J04
deskkeep.exe adware.admili
deskserv.exe - adware.deskad.J04

uzywalem tez spybota i adware ale wirusy pozostaly

prosze o pomoc
ps slyszalem tez ostatnio o nowym robaku ktory kradnie hasla i chcialem sie
zapytac o niego rowniez gdyz dzisiaj siedzialem na gg i nagle komp sie
zrestartowal tak poprostu !!!!!!! a jak nastepnie chcialem wejsc na swoje
konto na gg to wyskakiwalo ze zle haslo a watpie zebym nagle zapomnial jak
uzywam go codziennie

moj log

Logfile of HijackThis v1.97.7
Scan saved at 19:28:48, on 2005-01-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Omniquad\Omniquad Personal Firewall\OPFSVC.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Promise\Utility\MsgSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Wanadoo\taskbaricon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\WINDOWS\System32\PopUpBlockercd.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\WINDOWS\sgewlf.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Omniquad\Omniquad Personal Firewall\OPF.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
c:\documents and settings\tyski\ustawienia lokalne\temp\fsg_4104a.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\PATRYK\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://default.home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada
Plus wita Cie w Internecie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Łącza
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no
file)
O2 - BHO: (no name) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} -
C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} -
C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G
DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [MarBitTools] C:\Program Files\MarBit\TOOLS\tools.exe 1
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows
ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd
Service\DeskAdServ.exe
O4 - HKLM\..\Run: [start uploading] smsss.exe
O4 - HKLM\..\Run: [eCPTAD] C:\WINDOWS\sgewlf.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvlfh32.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\tyski\ustawienia
lokalne\temp\fsg_4104a.exe"
O4 - HKLM\..\RunServices: [Popup Blocker System32c Monitoring]
PopUpBlockercd.exe
O4 - HKLM\..\RunServices: [start uploading] smsss.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [OPF] C:\Program Files\Omniquad\Omniquad Personal
Firewall\OPF.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe
p2esocks_1030.dll,InstantAccess
O4 - HKCU\..\Run: [Popup Blocker System32c Monitoring] PopUpBlockercd.exe
O4 - HKCU\..\Run: [start uploading] smsss.exe
O4 - HKCU\..\RunServices: [start uploading] smsss.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search &
Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4
\PCAlert4.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZN
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with Internet TOOLS - C:\Program
Files\MarBit\TOOLS\MBdownload.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Badanie (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_file.php?
bt=ie&p=4ee1cae38ba3878e9eecabd7ed570ec56d32d820ee236f08cd80640c904e40287d5469
6570d0340c3432e4069acbf04ca9281b7f4b:d9153716a5b53d9922b36b447e607517
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromed
    • Gość: t Re: 4 wirusy i inne problemy IP: *.crowley.pl 13.01.05, 18:55
      może to być trojan „Wspomagacz: Reload”.
      • Gość: t Re:sprostowanie IP: *.crowley.pl 13.01.05, 19:17
        pomyliłam się co do nazwy trojana
        • Gość: t Re:sprostowanie IP: *.crowley.pl 13.01.05, 19:24
          www.ggt.int.pl/
Pełna wersja