Co to jest? wirus? objawia sie tym, ze...

IP: *.neoplus.adsl.tpnet.pl 17.09.06, 19:20
symantec antywirus wywala co chwile komunikat, ze usunieto trojana Fvadd oraz
dodano do kwarantanny trojana Trojan horse. Skanuje juz wszystkim czym sie da
i zaden skaner nic nie widzi. Wydaje mi sie ze jest to jakis spyware, ktory
chce sciagnac z netu wirusy a symantec je blokuje. Czy ktos potrafi mi pomoc?
Nie mam juz sily na ten shit.
    • wiewia1 Re: Co to jest? wirus? objawia sie tym, ze... 17.09.06, 19:51
      Wklej log-a z programu hijackthis. Dodatkowo zrób scan ewido. O wszystkim masz opis w przyklejonym temacie
    • Gość: ZBYSZEK_ Re: Co to jest? wirus? objawia sie tym, ze... IP: *.neoplus.adsl.tpnet.pl 17.09.06, 22:47
      wklejam loga. ja tu nic nie widze. moze ktos z Was cos zobaczy Logfile of
      HijackThis v1.99.1
      Scan saved at 22:46:16, on 2006-09-17
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
      C:\Compaq\EAKDRV\EAUSBKBD.EXE
      C:\Program Files\YDP\YdpDict\Watch.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
      C:\PROGRA~1\NEOSTR~1\ComComp.exe
      C:\PROGRA~1\NEOSTR~1\Watch.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet
      Files\Content.IE5\XYLOTOTH\xclean_micro[1].exe
      C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no
      file)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
      Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
      Files\Java\jre1.5.0_06\bin\ssv.dll
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
      Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe
      O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone
      Labs\ZoneAlarm\zlclient.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06
      \bin\jusched.exe
      O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button
      Support\StartEAK.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [dztzb.exe] C:\WINDOWS\system32\dztzb.exe
      O4 - Global Startup: Aktywacja Testera.lnk = C:\Program
      Files\YDP\YdpDict\Watch.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
      \dslmon.exe
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-
      00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
      C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
      00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
      C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O16 - DPF: {33331111-1111-1111-1111-611111193429} -
      O16 - DPF: {33331111-1111-1111-1111-615111193427} -
      O16 - DPF: {33331111-1131-1111-1111-611111193428} -
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
      acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
      ax.emsisoft.com/asquared.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      www.mks.com.pl/skaner/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{C05D728A-444C-4594-9F4A-679697E8100A}:
      NameServer = 194.204.152.34 217.98.63.164
      O17 - HKLM\System\CCS\Services\Tcpip\..\{FADF2A70-C8C3-4AD0-9626-D2CC40FA27F7}:
      NameServer = 85.255.113.126,85.255.112.229
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.126
      85.255.112.229
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.126
      85.255.112.229
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.126
      85.255.112.229
      O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -
      C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec
      Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec
      AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
      Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
      Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program
      Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Pełna wersja