Wirus –problem (Trojan...)
Mam problem złapałem wirusa przez pocztę e–mail jest to Trojan downloader. Mój NOD32 wykrył go ale nie umie sobie z nim poradzić. Wiecie moze jak go ununąć
Odpowiedzi: 5
Pisz na PW do Adminów w sprawie loga
Jaka jest Lokalizacja Wira..
załączam program wpisujesz sciezke zaznaczasz opcje Delete of Reboot i czerwony krzyzyk
http://www.idg.pl/ftp/pc_9629/Pocket.KillBox.2.0.0.648.html
Jaka jest Lokalizacja Wira..
załączam program wpisujesz sciezke zaznaczasz opcje Delete of Reboot i czerwony krzyzyk
http://www.idg.pl/ftp/pc_9629/Pocket.KillBox.2.0.0.648.html
przepraszam , ten log znalazl sie tu pomylkowo:( prosze admina o skasowanie tego postu.
Log wporzadku :wink:
Jesli mozesz to podaj lokalizacje i dokladna nazwe Trojana.
Jesli mozesz to podaj lokalizacje i dokladna nazwe Trojana.
Logfile of HijackThis v1.99.1
Scan saved at 12:40:09, on 2006–02–07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Utility\Programy\ochrona\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: DriveLetterAccess – {5CA3D70E–1895–11CF–8E15–001234567890} – C:\WINDOWS\system32\dla\tfswshx.dll
O4 – HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 – HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe –helper
O4 – HKLM\..\Run: [TpShocks] TpShocks.exe
O4 – HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 – HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 – HKLM\..\Run: [TP4EX] tp4ex.exe
O4 – HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 – HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 – HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 – HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 – HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 – HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 – HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 – HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 – HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 – Global Startup: Digital Line Detect.lnk = ?
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 – Extra 'Tools' menuitem: Konsola IBM Java – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O11 – Options group: [JAVA_IBM] Java (IBM)
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139252218278
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139252199629
O20 – Winlogon Notify: psfus – C:\Program Files\IBM fingerprint software\psfus.dll
O20 – Winlogon Notify: QConGina – C:\WINDOWS\SYSTEM32\QConGina.dll
O20 – Winlogon Notify: tphotkey – C:\WINDOWS\SYSTEM32\tphklock.dll
O23 – Service: AntiVir Scheduler (AntiVirScheduler) – H+BEDV Datentechnik GmbH – C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 – Service: AntiVir PersonalEdition Classic Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: EvtEng – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 – Service: IBM Rapid Restore Ultra Service – Unknown owner – C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 – Service: IBM PM Service (IBMPMSVC) – Unknown owner – C:\WINDOWS\System32\ibmpmsvc.exe
O23 – Service: IBM PSA Access Driver Control (PsaSrv) – Unknown owner – C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 – Service: QCONSVC – IBM Corp. – C:\WINDOWS\System32\QCONSVC.EXE
O23 – Service: RegSrvc – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 – Service: Spectrum24 Event Monitor (S24EventMonitor) – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 – Service: IBM KCU Service (TpKmpSVC) – Unknown owner – C:\WINDOWS\system32\TpKmpSVC.exe
O23 – Service: Protector Suite Virtual Token (vtserver) – UPEK Inc. – C:\Program Files\Common Files\Virtual Token\vtserver.exe
Scan saved at 12:40:09, on 2006–02–07
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Utility\Programy\ochrona\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: DriveLetterAccess – {5CA3D70E–1895–11CF–8E15–001234567890} – C:\WINDOWS\system32\dla\tfswshx.dll
O4 – HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 – HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe –helper
O4 – HKLM\..\Run: [TpShocks] TpShocks.exe
O4 – HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 – HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 – HKLM\..\Run: [TP4EX] tp4ex.exe
O4 – HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 – HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 – HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 – HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 – HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 – HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 – HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 – HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 – HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 – Global Startup: Digital Line Detect.lnk = ?
O8 – Extra context menu item: Pobierz stronę WEB z Free Download Manager – file://C:\Program Files\Free Download Manager\dlpage.htm
O8 – Extra context menu item: Pobierz wszystko z Free Download Manager – file://C:\Program Files\Free Download Manager\dlall.htm
O8 – Extra context menu item: Pobierz z Free Download Manager – file://C:\Program Files\Free Download Manager\dllink.htm
O8 – Extra context menu item: Pobierz zaznaczenie z Free Download Manager – file://C:\Program Files\Free Download Manager\dlselected.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 – Extra 'Tools' menuitem: Konsola IBM Java – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O11 – Options group: [JAVA_IBM] Java (IBM)
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1139252218278
O16 – DPF: {6E32070A–766D–4EE6–879C–DC1FA91D2FC3} (MUWebControl Class) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139252199629
O20 – Winlogon Notify: psfus – C:\Program Files\IBM fingerprint software\psfus.dll
O20 – Winlogon Notify: QConGina – C:\WINDOWS\SYSTEM32\QConGina.dll
O20 – Winlogon Notify: tphotkey – C:\WINDOWS\SYSTEM32\tphklock.dll
O23 – Service: AntiVir Scheduler (AntiVirScheduler) – H+BEDV Datentechnik GmbH – C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 – Service: AntiVir PersonalEdition Classic Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: EvtEng – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 – Service: IBM Rapid Restore Ultra Service – Unknown owner – C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 – Service: IBM PM Service (IBMPMSVC) – Unknown owner – C:\WINDOWS\System32\ibmpmsvc.exe
O23 – Service: IBM PSA Access Driver Control (PsaSrv) – Unknown owner – C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 – Service: QCONSVC – IBM Corp. – C:\WINDOWS\System32\QCONSVC.EXE
O23 – Service: RegSrvc – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 – Service: Spectrum24 Event Monitor (S24EventMonitor) – Intel Corporation – C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 – Service: IBM KCU Service (TpKmpSVC) – Unknown owner – C:\WINDOWS\system32\TpKmpSVC.exe
O23 – Service: Protector Suite Virtual Token (vtserver) – UPEK Inc. – C:\Program Files\Common Files\Virtual Token\vtserver.exe
Daj loga z HijackThis. Co i jak to w tematach przyklejonych.
Strona 1 / 1