win32trojan downloader Adload

IP: *.5-87-r.retail.telecomitalia.it 04.11.06, 18:20
win32trojan downloader Adload
Trojan Horse DownloGeneric2.Ley

w dwoch roznych anytwirach AVG i ADAware wychodza mi takie wirusy, komp jest
wolny i cigla mnie atakuja popupy,jestem we wloszech i niemam sie jak poradzic
nikogo, da sie to jakos usunac bo te antywiry nie sa w stanie_

    • Gość: Kolobos Re: win32trojan downloader Adload IP: *.escom.net.pl 04.11.06, 21:30
      Wklej log jak wszyscy.
      • Gość: magda Re: win32trojan downloader Adload IP: *.0-87-r.retail.telecomitalia.it 05.11.06, 11:24
        Logfile of HijackThis v1.99.1
        Scan saved at 11.15.26, on 05/11/2006
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\System32\sistray.EXE
        C:\WINDOWS\System32\khooker.exe
        C:\WINDOWS\System32\pctspk.exe
        C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
        C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Programmi\Messenger\msmsgs.exe
        C:\Programmi\Skype\Phone\Skype.exe
        C:\Programmi\WinZip\WZQKPICK.EXE
        C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
        C:\Programmi\Spyware Doctor\sdhelp.exe
        C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
        C:\WINDOWS\System32\wdfmgr.exe
        C:\Programmi\Mozilla Firefox\firefox.exe
        C:\Documents and Settings\Magda\Desktop\hijackthis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        gw.aliceadsl.it/minisearch
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.google.it/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        gw.aliceadsl.it/home
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
        Internet Explorer fornito da Alice
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyOverride = ;127.0.0.1;<local>
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
        O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} -
        C:\Programmi\VSAdd-in\VSAdd-in.dll (file missing)
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
        O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
        O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
        O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
        O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\NoUSB20.EXE
        O4 - HKLM\..\Run: [sqv78686] RUNDLL32.EXE w024f07b.dll,n 006786800000000a024f07b
        O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus
        6.0\avp.exe"
        O4 - HKLM\..\RunServices: [Windows Update] Windowsupfixer.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
        O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
        O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
        O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =
        C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
        O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -
        C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
        O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
        C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
        O9 - Extra button: Alice - {A68A534B-C95D-494D-BAEE-5BABB4BB012E} -
        gw.aliceadsl.it/alice (file missing) (HKCU)
        O14 - IERESET.INF: START_PAGE_URL=gw.aliceadsl.it/home
        O17 - HKLM\System\CCS\Services\Tcpip\..\{662071D4-3050-4D45-A147-C350B4C143D3}:
        NameServer = 85.37.17.4 85.38.28.70
        O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab -
        C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
        O23 - Service: Command Service (cmdService) - Unknown owner -
        C:\WINDOWS\TWFnZGE\command.exe (file missing)
        O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network
        Monitor\netmon.exe (file missing)
        O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -
        C:\Programmi\Spyware Doctor\sdhelp.exe
        • Gość: Kolobos Re: win32trojan downloader Adload IP: *.escom.net.pl 05.11.06, 12:23
          Zamknij tez porty przy pomocy wwdc.exe oraz przeskanuj system przy pomocy ewido.
          Do tego usuwanie look2me (opis wszystkiego w przyklejonym).

          W hjt usun:
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
          O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} -
          C:\Programmi\VSAdd-in\VSAdd-in.dll (file missing)
          O4 - HKLM\..\Run: [sqv78686] RUNDLL32.EXE w024f07b.dll,n 006786800000000a024f07b <- plik w024f07b.dll usun z dysku.
          O4 - HKLM\..\RunServices: [Windows Update] Windowsupfixer.exe <- plik usun z dysku.

          Uslugi do kasacji (opis usuwania w przyklejonym):
          O23 - Service: Command Service (cmdService) - Unknown owner -
          C:\WINDOWS\TWFnZGE\command.exe (file missing)
          O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network
          Monitor\netmon.exe (file missing)

          • Gość: magda sprawdzenie IP: *.4-87-r.retail.telecomitalia.it 05.11.06, 15:11
            Logfile of HijackThis v1.99.1
            Scan saved at 15.07.55, on 05/11/2006
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\csrss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\System32\sistray.EXE
            C:\WINDOWS\System32\khooker.exe
            C:\WINDOWS\System32\pctspk.exe
            C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
            C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
            C:\WINDOWS\SOUNDMAN.EXE
            C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
            C:\WINDOWS\System32\ctfmon.exe
            C:\Programmi\Messenger\msmsgs.exe
            C:\Programmi\Skype\Phone\Skype.exe
            C:\Programmi\Spyware Doctor\swdoctor.exe
            C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            C:\Programmi\WinZip\WZQKPICK.EXE
            C:\WINDOWS\System32\alg.exe
            C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
            C:\Programmi\Spyware Doctor\sdhelp.exe
            C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
            C:\WINDOWS\System32\wdfmgr.exe
            C:\WINDOWS\System32\wbem\wmiprvse.exe
            C:\Programmi\Mozilla Firefox\firefox.exe
            C:\Documents and Settings\Magda\Desktop\hijackthis.exe

            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
            gw.aliceadsl.it/minisearch
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.google.it/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
            gw.aliceadsl.it/home
            R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
            Internet Explorer fornito da Alice
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
            Settings,ProxyOverride = ;127.0.0.1;<local>
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
            O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
            O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
            O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
            O4 - HKLM\..\Run: [DisableEHCI] C:\WINDOWS\NoUSB20.EXE
            O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
            O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
            O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus
            6.0\avp.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
            O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\swdoctor.exe" /Q
            O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
            O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =
            C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
            O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
            O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} -
            C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
            O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -
            C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
            O9 - Extra button: Alice - {A68A534B-C95D-494D-BAEE-5BABB4BB012E} -
            gw.aliceadsl.it/alice (file missing) (HKCU)
            O14 - IERESET.INF: START_PAGE_URL=gw.aliceadsl.it/home
            O17 - HKLM\System\CCS\Services\Tcpip\..\{662071D4-3050-4D45-A147-C350B4C143D3}:
            NameServer = 85.37.17.4 85.38.28.70
            O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab -
            C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
            O23 - Service: Command Service (cmdService) - Unknown owner -
            C:\WINDOWS\TWFnZGE\command.exe (file missing)
            O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd -
            C:\Programmi\Spyware Doctor\sdhelp.exe

            • Gość: Kolobos Re: sprawdzenie IP: *.escom.net.pl 05.11.06, 15:19
              Sama mozesz sprawdzic i zobaczyc, ze nie zrobilas wszystkiego co napisalem.

              Tego mialo nie byc:
              O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFnZGE\command.exe (file missing)
              • Gość: magda Re: nie da sie IP: *.0-87-r.retail.telecomitalia.it 05.11.06, 17:02
                O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFnZG
                > E\command.exe (file missing) sie nie chce usunac, probowalam 3 razy. dzieki
                • Gość: Kolobos Re: nie da sie IP: *.escom.net.pl 05.11.06, 17:26
                  Start->Uruchom->sc stop cmdService
                  Start->Uruchom->sc delete cmdService
                  Lub killbox'em na jedno wyjdzie i nie pisz, ze sie nie da jak sie da.
                  • Gość: magda da sie! IP: *.4-87-r.retail.telecomitalia.it 06.11.06, 21:15
                    wielkie dzieki !!!!!
Pełna wersja