| Author |
Message
|
mrdawid95
Poziom 5
Joined: 10 Jan 2010
Posts: 12
|
 #1
 10 Jan 2010 11:56 Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Ostatnio gdy włączyłem kompa avast wykrył mi takiego wirusa: win32 trojan-gen, i nie mogę go usunąć, może ktoś pomoże
Log z HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 11:45:24, on 2010-01-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice115.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\QuestService\questservice.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\staszek\Moje dokumenty\Downloads\HijackThis_v1.99.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.2.0.5360\ACEIEAddOn.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.2.0.2080\CMWIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.2.0.2040\TCPIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.2.0.2150\wso.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: GameRaving Toolbar - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\GameRaving Toolbar\2.2.0.7580\mvb0.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.2.0.1420\InternetToday.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\staszek\USTAWI~1\Temp\herss.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [NeoChronos] C:\DOCUME~1\staszek\USTAWI~1\Temp\c.exe
O4 - HKCU\..\Run: [VideoBarApp] C:\Program Files\GameRaving Toolbar\2.2.0.7580\mvbapp.exe
O4 - HKCU\..\Run: [Wru] C:\Program Files\Wru\Wru.exe
O4 - Startup: Rejestracja Need for Speed™ Undercover.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: QuestService Service - Unknown owner - C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice115.exe" "C:\Program Files\QuestService\questservice.dll" Service (file missing)
|
|
| Back to top |
|
 |
Google
|
| #
10 Jan 2010 11:56 |
|
|
|
|
|
| Back to top |
|
|
Kolobos
Poziom 26
Joined: 13 Jun 2003
Posts: 26223
Location: Warszawa
|
|
| Back to top |
|
|
mrdawid95
Poziom 5
Joined: 10 Jan 2010
Posts: 12
|
#3
10 Jan 2010 12:42 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Skanowałem kompa przez avasta i oto zainfekowane pliki:
c.exe lokalizacja: C:\DOCUME~1\staszek\USTAWI~1\Temp wirus:Win32:Trojan-gen
kernel32.dll lokalizacja: C:\WINDOWS\system32
kernel32.dll lokalizacja: C:\WINDOWS\system32
winsock.dll lokalizacja: C:\WINDOWS\system32
wsock32.dll lokalizacja: C:\WINDOWS\system32
i mam właśnie problem bo gdy włącze kompa nie wyskakuje prawie żada ikona w pasku i chwile pochodzi a pózniej mi się wszystko zawiesza i muszę resetować,
log z HijackThis:
| Description: |
|
Download |
| Filename: |
HijackThis.txt |
| Contents: |
|
| Filesize: |
10.61 KB |
| Punkty: |
0.00 |
|
|
| Back to top |
|
|
miloszja
Poziom 13
Joined: 13 Nov 2007
Posts: 143
Location: Gdansk
|
#4
10 Jan 2010 13:04 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Log z HijackThis jest za słaby,pokazuje zbyt mało.
Zastosuj się do tego co napisał @Kolobos, czyli do linku z przyklejonych.Przeskanuj się przed zrobieniem logów tymi programami które są podane zaraz za nagłówkiem postu.
http://www.elektroda.pl/rtvforum/topic1044160.html
Przeskanuj się przed zrobieniem logów tymi programami które są podane zaraz za nagłówkiem postu.
Tu masz jak zrobić loga Gmer i OTL
http://cybertrash.pl/Tata/OTListIt2/OTListIt2.html
http://www.cybertrash.pl/forum1/index.php?topic=299.0
| Quote: |
kernel32.dll lokalizacja: C:\WINDOWS\system32
kernel32.dll lokalizacja: C:\WINDOWS\system32
winsock.dll lokalizacja: C:\WINDOWS\system32
wsock32.dll lokalizacja: C:\WINDOWS\system32 |
Coś się pewno podczepia pod pliki.Wątpię by HijackThis to pokazał.
|
|
| Back to top |
|
|
mrdawid95
Poziom 5
Joined: 10 Jan 2010
Posts: 12
|
#5
10 Jan 2010 14:57 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Log z OTL:
| Description: |
|
Download |
| Filename: |
OTL.Txt |
| Contents: |
|
| Filesize: |
75.27 KB |
| Punkty: |
0.00 |
|
|
| Back to top |
|
|
ordynat1
Poziom 17
Joined: 07 Mar 2009
Posts: 375
Location: ŻARY
|
#6
10 Jan 2010 15:13 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Masz kilka różnych infekcji.
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:
| Quote: |
:OTL
MOD - [2009-12-31 21:12:12 | 00,598,016 | ---- | M] () -- C:\Program Files\QuestService\questservice.dll
SRV - [2009-12-31 21:12:18 | 00,058,744 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService\questservice115.exe -- (QuestService Service)
FF - prefs.js..browser.startup.homepage: "http://home.mykeysearch.com/"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.2.0.5360
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.2.0.2050
FF - prefs.js..extensions.enabledItems: {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0
FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.2.0.2150
FF - HKLM\software\mozilla\Firefox\Extensions\\{40f1eb95-4de4-4f36-a826-054ee36bb905}: C:\Program Files\GameRaving Toolbar\2.2.0.7580\FFToolbar [2010-01-05 15:45:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.2.0.2150\FF [2010-01-05 15:45:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF [2010-01-05 15:45:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF [2010-01-05 15:45:57 | 00,000,000 | ---D | M]
[2010-01-05 16:31:06 | 00,000,000 | ---D | M] (QuestService) -- C:\Program Files\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
[2010-01-05 16:31:06 | 00,002,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\questservice115.xml
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.2.0.5360\ACEIEAddOn.dll ()
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.2.0.2050\CPAIEAddOn.dll ()
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.2.0.2080\CMWIE.dll ()
O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.2.0.2040\TCPIE.dll ()
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.2.0.2150\WSO.dll ()
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (GameRaving Toolbar) - {D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} - C:\Program Files\GameRaving Toolbar\2.2.0.7580\mvb0.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (GameRaving Toolbar) - {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - C:\Program Files\GameRaving Toolbar\2.2.0.7580\mvb0.dll ()
O4 - HKLM..\Run: [Internet Today Task] C:\Program Files\Internet Today\1.2.0.1420\InternetToday.exe ()
O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\staszek\USTAWI~1\Temp\herss.exe File not found
O4 - HKCU..\Run: [NeoChronos] C:\DOCUME~1\staszek\USTAWI~1\Temp\c.exe File not found
O4 - HKCU..\Run: [VideoBarApp] C:\Program Files\GameRaving Toolbar\2.2.0.7580\mvbapp.exe ()
O33 - MountPoints2\{6741aee6-d1e4-11de-8dc4-00241d90db79}\Shell\AutoRun\command - "" = I:\opdux.exe -- File not found
O33 - MountPoints2\{6741aee6-d1e4-11de-8dc4-00241d90db79}\Shell\open\Command - "" = I:\opdux.exe -- File not found
[2010-01-05 15:46:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuestService
[2010-01-05 15:46:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\QuestService
[2010-01-05 15:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Textual Content Provider
[2010-01-05 15:46:18 | 00,000,000 | ---D | C] -- C:\Program Files\Textual Content Provider
[2010-01-05 15:46:12 | 00,000,000 | ---D | C] -- C:\Program Files\Content Management Wizard
[2010-01-05 15:46:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Internet Today
[2010-01-05 15:46:05 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Today
[2010-01-05 15:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Customized Platform Advancer
[2010-01-05 15:45:56 | 00,000,000 | ---D | C] -- C:\Program Files\Customized Platform Advancer
[2010-01-05 15:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\Automated Content Enhancer
[2010-01-05 15:45:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Automated Content Enhancer
[2010-01-05 15:45:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\Web Search Operator
[2010-01-05 15:45:48 | 00,000,000 | ---D | C] -- C:\Program Files\Web Search Operator
[2010-01-05 15:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\GameRaving Toolbar
[2010-01-05 15:45:32 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\{48AECF59-0268-47F9-86A0-AFE0790C3969}
[2010-01-05 15:45:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\staszek\Ustawienia lokalne\Dane aplikacji\GameRaving Toolbar
2010-01-10 14:50:49 | 00,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2009-12-04 14:44:16 | 00,226,304 | ---- | C] () -- C:\WINDOWS\System32\sshnas.dll
:Services
QuestService Service
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
:Commands
[emptytemp]
[Reboot]
|
Kliknij w Run Fix. Zatwierdź restart komputera.
Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz log z usuwania.
Pliki uznane przez Avasta za zarażone sprawdź na -> JOTTI/
albo na VIRUSTOTAL.
.
|
|
| Back to top |
|
|
Google
|
| #
10 Jan 2010 15:13 |
|
|
|
|
|
| Back to top |
|
|
mrdawid95
Poziom 5
Joined: 10 Jan 2010
Posts: 12
|
#7
10 Jan 2010 15:34 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
"OTL" to nowy log a "ol" to log z uwuwania
oraz gdy uruchomiłem OTL i zrobiłem Run Fix pojawiły mi się na pulpicie pliki tak jak by były niewidoczne.
| Description: |
|
Download |
| Filename: |
OTL.txt |
| Contents: |
|
| Filesize: |
31.9 KB |
| Punkty: |
0.00 |
| Description: |
|
Download |
| Filename: |
ol.txt |
| Contents: |
|
| Filesize: |
17.04 KB |
| Punkty: |
0.00 |
|
|
| Back to top |
|
|
ordynat1
Poziom 17
Joined: 07 Mar 2009
Posts: 375
Location: ŻARY
|
#8
10 Jan 2010 16:05 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Uruchom OTL i w oknie Custom Scans/Fixes wklej to:
| Quote: |
:OTL
FF - prefs.js..extensions.enabledItems: {40f1eb95-4de4-4f36-a826-054ee36bb905}:2.2.0.0
[2010-01-10 15:22:18 | 00,000,244 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Commands
[emptytemp]
[Reboot]
|
Kliknij w Run Fix. Zatwierdź restart komputera.
Następnie uruchom OTL ponownie, tym razem kliknij "Run Scan".
Pokaż nowy log OTL.txt oraz log z usuwania.
.
|
|
| Back to top |
|
|
Google
|
| #
10 Jan 2010 16:05 |
|
|
|
|
|
| Back to top |
|
|
mrdawid95
Poziom 5
Joined: 10 Jan 2010
Posts: 12
|
#9
10 Jan 2010 22:08 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Oto nowy log oraz log z usuwania:
| Description: |
|
Download |
| Filename: |
usuwanie.txt |
| Contents: |
|
| Filesize: |
1.59 KB |
| Punkty: |
0.00 |
| Description: |
|
Download |
| Filename: |
nowy log.txt |
| Contents: |
|
| Filesize: |
31.29 KB |
| Punkty: |
0.00 |
|
|
| Back to top |
|
|
ordynat1
Poziom 17
Joined: 07 Mar 2009
Posts: 375
Location: ŻARY
|
#10
10 Jan 2010 23:11 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Czysto.
W OTL kliknij na przycisk "CleanUp" - to go usunie razem z jego Kwarantanną.
Usuń kopie szkodników z folderu "System Volume Information" poprzez chwilowe wyłączenie "Przywracania Systemu":
| Quote: |
>START>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.
(W czasie tego chwilowego wyłączenia te kopie usuną się samoczynnie, więc nie ma potrzeby zaglądania do folderu.)
Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka). |
.
|
|
| Back to top |
|
|
mrdawid95
Poziom 5
Joined: 10 Jan 2010
Posts: 12
|
#11
11 Jan 2010 13:18 Re: Win32.Trojan-gen. Prosze o pomoc |
|
|
|
Dzienx za pomoc ;]
|
|
| Back to top |
|
|
