Virus Robobot
gdy jestem połączony z internetem średnio co 10 minut dostaje informacje od AVAST'a o tym źe atakuje mnie jakiś koń trojański "Robobot". co robić aby zaprzestał on takich ataków.
Odpowiedzi: 7
usunięte
kinio:
jak usunąć te wybrane pozycje? przez HijackThis?? jak tak to jak.
a ten Install.exe został usunięty przy próbie wdarcia się do kompa.
http://forum.centrumxp.pl/viewtopic.php?t=19974
tam wszystko pisze.
jak usunąć te wybrane pozycje? przez HijackThis?? jak tak to jak.
a ten Install.exe został usunięty przy próbie wdarcia się do kompa.
a ten Install.exe został usunięty przy próbie wdarcia się do kompa.
W pierwszej kolejności usun tego śmiecia:
Install.exe usun w trybie awaryjnym i przeskanuj cały system antywirusem.
Do tego usuń:
O4 – HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
Install.exe usun w trybie awaryjnym i przeskanuj cały system antywirusem.
Do tego usuń:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R3 – URLSearchHook: (no name) – – (no file)
O2 – BHO: Accoona Search Assistant – {944864A5–3916–46E2–96A9–A2E84F3F1208} – C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 16:49:17, on 2005–12–28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Programy\aVast\ashDisp.exe
E:\Programy\HP\HP Share–to–Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Programy\DVD\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd2.exe
E:\Programy\HP\HP Share–to–Web\hpgs2wnf.exe
C:\Documents and Settings\All Users\Dane aplikacji\Spontania4IM\spontania4IM.exe
E:\Programy\aVast\aswUpdSv.exe
E:\Programy\aVast\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
E:\Programy\aVast\ashMaiSv.exe
E:\Programy\aVast\ashWebSv.exe
E:\Programy\Opera\Opera.exe
C:\Documents and Settings\kom\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Accoona Search Assistant – {944864A5–3916–46E2–96A9–A2E84F3F1208} – C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [Outpost Firewall] E:\PROGRAMY\OUTPOS~1\outpost.exe /waitservice
O4 – HKLM\..\Run: [avast!] E:\Programy\aVast\ashDisp.exe
O4 – HKLM\..\Run: [Share–to–Web Namespace Daemon] E:\Programy\HP\HP Share–to–Web\hpgs2wnd.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [RemoteControl] E:\Programy\DVD\PowerDVD\PDVDServ.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Microsoft Office.lnk = E:\Programy\Office\Office10\OSA.EXE
O4 – Global Startup: Spontania Monitor.lnk = C:\Documents and Settings\All Users\Dane aplikacji\Spontania4IM\spontania4IM.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://E:\Programy\Office\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra button: Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – E:\Programy\Outpost Firewall\TRASH.EXE (HKCU)
O9 – Extra 'Tools' menuitem: Show Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – E:\Programy\Outpost Firewall\TRASH.EXE (HKCU)
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{9D56DC9E–C14C–447E–AAD0–16DFBD6F11F2}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – E:\Programy\aVast\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – E:\Programy\aVast\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – E:\Programy\aVast\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – E:\Programy\aVast\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: O&O Defrag – O&O Software GmbH – C:\WINDOWS\system32\oodag.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum – E:\PROGRAMY\OUTPOS~1\outpost.exe
Scan saved at 16:49:17, on 2005–12–28
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Programy\aVast\ashDisp.exe
E:\Programy\HP\HP Share–to–Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Programy\DVD\PowerDVD\PDVDServ.exe
C:\WINDOWS\vsnpstd2.exe
E:\Programy\HP\HP Share–to–Web\hpgs2wnf.exe
C:\Documents and Settings\All Users\Dane aplikacji\Spontania4IM\spontania4IM.exe
E:\Programy\aVast\aswUpdSv.exe
E:\Programy\aVast\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
E:\Programy\aVast\ashMaiSv.exe
E:\Programy\aVast\ashWebSv.exe
E:\Programy\Opera\Opera.exe
C:\Documents and Settings\kom\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com/start.shtml
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: Accoona Search Assistant – {944864A5–3916–46E2–96A9–A2E84F3F1208} – C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [Outpost Firewall] E:\PROGRAMY\OUTPOS~1\outpost.exe /waitservice
O4 – HKLM\..\Run: [avast!] E:\Programy\aVast\ashDisp.exe
O4 – HKLM\..\Run: [Share–to–Web Namespace Daemon] E:\Programy\HP\HP Share–to–Web\hpgs2wnd.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k
O4 – HKLM\..\Run: [RemoteControl] E:\Programy\DVD\PowerDVD\PDVDServ.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Microsoft Office.lnk = E:\Programy\Office\Office10\OSA.EXE
O4 – Global Startup: Spontania Monitor.lnk = C:\Documents and Settings\All Users\Dane aplikacji\Spontania4IM\spontania4IM.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://E:\Programy\Office\Office10\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 – Extra button: Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – E:\Programy\Outpost Firewall\TRASH.EXE (HKCU)
O9 – Extra 'Tools' menuitem: Show Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – E:\Programy\Outpost Firewall\TRASH.EXE (HKCU)
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{9D56DC9E–C14C–447E–AAD0–16DFBD6F11F2}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – E:\Programy\aVast\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown owner – E:\Programy\aVast\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – E:\Programy\aVast\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – E:\Programy\aVast\ashWebSv.exe" /service (file missing)
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: O&O Defrag – O&O Software GmbH – C:\WINDOWS\system32\oodag.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum – E:\PROGRAMY\OUTPOS~1\outpost.exe
Daj log z Hijack This (opisany w temacie przyklejonym)
Poszperaj w opcjach programu, powinno tam byc cos o tym.
Albo moze dlatego rze jestes na jakiesjs podejrzanej stronie.
Spróbuj tez przeskanowac system czyms innym.
Albo moze dlatego rze jestes na jakiesjs podejrzanej stronie.
Spróbuj tez przeskanowac system czyms innym.
Strona 1 / 1