Trojan win32.crypt.t
jak go usunac??!!porbowalam przez F–secure i SpySweepera ale nic:( ciagle wraca~!
sprawdzilam logsa..ale nic nie wykazalo!!
Logfile of HijackThis v1.99.1
Scan saved at 16:35:44, on 2005–11–26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
e:\PROGRA~1\F–SECU~1\backweb\4476822\Program\SERVIC~1.EXE
e:\Program Files\F–Secure Anti–Virus\Anti–Virus\fsgk32st.exe
e:\Program Files\F–Secure Anti–Virus\Anti–Virus\FSGK32.EXE
e:\Program Files\F–Secure Anti–Virus\backweb\4476822\program\fsbwsys.exe
e:\Program Files\F–Secure Anti–Virus\Anti–Virus\fssm32.exe
e:\Program Files\F–Secure Anti–Virus\Common\FSMA32.EXE
e:\Program Files\F–Secure Anti–Virus\Common\FSMB32.EXE
D:\Program Files\Spy Sweeper\WRSSSDK.exe
e:\Program Files\F–Secure Anti–Virus\Common\FCH32.EXE
e:\Program Files\F–Secure Anti–Virus\Common\FAMEH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\F–Secure Anti–Virus\Common\FSM32.EXE
D:\Program Files\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\PLANET WL–8313\WLANMON.exe
e:\Program Files\F–Secure Anti–Virus\FWES\Program\fsdfwd.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
e:\Program Files\F–Secure Anti–Virus\Anti–Virus\fsav32.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
e:\Program Files\F–Secure Anti–Virus\FSGUI\fsguiexe.exe
e:\Program Files\F–Secure Anti–Virus\backweb\4476822\Program\fspex.exe
D:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\Barbara\USTAWI~1\Temp\link.txt
O4 – HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe –boot
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [F–Secure Manager] "e:\Program Files\F–Secure Anti–Virus\Common\FSM32.EXE" /splash
O4 – HKLM\..\Run: [F–Secure TNB] "e:\Program Files\F–Secure Anti–Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 – HKLM\..\Run: [F–Secure Startup Wizard] "e:\Program Files\F–Secure Anti–Virus\FSGUI\FSSW.EXE" /reboot
O4 – HKLM\..\Run: [SpySweeper] "D:\Program Files\Spy Sweeper\SpySweeper.exe" /startintray
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WL–8313 Configuration Utility.lnk = ?
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {31E68DE2–5548–4B23–88F0–C51E6A0F695E} (Microsoft PID Sniffer) – https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7DAA37EC–D7B7–45CC–A30A–98B7EA1C1F39}: NameServer = 10.1.4.2,194.204.159.1
O20 – Winlogon Notify: WRNotifier – C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: F–Secure Anti–Virus 2005 (BackWeb Plug–in – 4476822) – Unknown owner – e:\PROGRA~1\F–SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 – Service: F–Secure Gatekeeper Handler Starter – F–Secure Corp. – e:\Program Files\F–Secure Anti–Virus\Anti–Virus\fsgk32st.exe
O23 – Service: fsbwsys – F–Secure Corp. – e:\Program Files\F–Secure Anti–Virus\backweb\4476822\program\fsbwsys.exe
O23 – Service: F–Secure Anti–Virus Firewall Daemon (FSDFWD) – F–Secure Corporation – e:\Program Files\F–Secure Anti–Virus\FWES\Program\fsdfwd.exe
O23 – Service: F–Secure Management Agent (FSMA) – F–Secure Corporation – e:\Program Files\F–Secure Anti–Virus\Common\FSMA32.EXE
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Webroot Spy Sweeper Engine (svcWRSSSDK) – Webroot Software, Inc. – D:\Program Files\Spy Sweeper\WRSSSDK.exe
porsze o pomoc!!z gory wielkie dzioeki
sprawdzilam logsa..ale nic nie wykazalo!!
Logfile of HijackThis v1.99.1
Scan saved at 16:35:44, on 2005–11–26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
e:\PROGRA~1\F–SECU~1\backweb\4476822\Program\SERVIC~1.EXE
e:\Program Files\F–Secure Anti–Virus\Anti–Virus\fsgk32st.exe
e:\Program Files\F–Secure Anti–Virus\Anti–Virus\FSGK32.EXE
e:\Program Files\F–Secure Anti–Virus\backweb\4476822\program\fsbwsys.exe
e:\Program Files\F–Secure Anti–Virus\Anti–Virus\fssm32.exe
e:\Program Files\F–Secure Anti–Virus\Common\FSMA32.EXE
e:\Program Files\F–Secure Anti–Virus\Common\FSMB32.EXE
D:\Program Files\Spy Sweeper\WRSSSDK.exe
e:\Program Files\F–Secure Anti–Virus\Common\FCH32.EXE
e:\Program Files\F–Secure Anti–Virus\Common\FAMEH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
E:\Program Files\F–Secure Anti–Virus\Common\FSM32.EXE
D:\Program Files\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\Program Files\PLANET WL–8313\WLANMON.exe
e:\Program Files\F–Secure Anti–Virus\FWES\Program\fsdfwd.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labtec Wireless Desktop\OSD.EXE
e:\Program Files\F–Secure Anti–Virus\Anti–Virus\fsav32.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
e:\Program Files\F–Secure Anti–Virus\FSGUI\fsguiexe.exe
e:\Program Files\F–Secure Anti–Virus\backweb\4476822\Program\fspex.exe
D:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\program files\google\googletoolbar1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\Barbara\USTAWI~1\Temp\link.txt
O4 – HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe –boot
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [F–Secure Manager] "e:\Program Files\F–Secure Anti–Virus\Common\FSM32.EXE" /splash
O4 – HKLM\..\Run: [F–Secure TNB] "e:\Program Files\F–Secure Anti–Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 – HKLM\..\Run: [F–Secure Startup Wizard] "e:\Program Files\F–Secure Anti–Virus\FSGUI\FSSW.EXE" /reboot
O4 – HKLM\..\Run: [SpySweeper] "D:\Program Files\Spy Sweeper\SpySweeper.exe" /startintray
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WL–8313 Configuration Utility.lnk = ?
O8 – Extra context menu item: &Google Search – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Translate English Word – res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {31E68DE2–5548–4B23–88F0–C51E6A0F695E} (Microsoft PID Sniffer) – https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{7DAA37EC–D7B7–45CC–A30A–98B7EA1C1F39}: NameServer = 10.1.4.2,194.204.159.1
O20 – Winlogon Notify: WRNotifier – C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: F–Secure Anti–Virus 2005 (BackWeb Plug–in – 4476822) – Unknown owner – e:\PROGRA~1\F–SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 – Service: F–Secure Gatekeeper Handler Starter – F–Secure Corp. – e:\Program Files\F–Secure Anti–Virus\Anti–Virus\fsgk32st.exe
O23 – Service: fsbwsys – F–Secure Corp. – e:\Program Files\F–Secure Anti–Virus\backweb\4476822\program\fsbwsys.exe
O23 – Service: F–Secure Anti–Virus Firewall Daemon (FSDFWD) – F–Secure Corporation – e:\Program Files\F–Secure Anti–Virus\FWES\Program\fsdfwd.exe
O23 – Service: F–Secure Management Agent (FSMA) – F–Secure Corporation – e:\Program Files\F–Secure Anti–Virus\Common\FSMA32.EXE
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: Webroot Spy Sweeper Engine (svcWRSSSDK) – Webroot Software, Inc. – D:\Program Files\Spy Sweeper\WRSSSDK.exe
porsze o pomoc!!z gory wielkie dzioeki
Odpowiedzi: 2
FUCK!!!! Te świetlówki w szkole mnie dobijają i psują oczy – taką rzecz ominąć :oops: . Sorki masz racje Żółty
Log nie jest czysty
Usuń wpis i plik.
O4 – HKLM\..\Run: [MouseDrv] C:\DOCUME~1\Barbara\USTAWI~1\Temp\link.txt
Usuń wpis i plik.
Strona 1 / 1