amarozo utworzono 9 sierpnia 2007 utworzono 9 sierpnia 2007 TROJAN-PWS.Delf-PROGRAM SPYWARE DOKTOR-pokazuje mi-201plików. Wiem ze jest to wirus do Opis: Trojanin.PSW.Delf jest ogólnym wykrywaniem dla trojans, który próbuje ukraść nazwy użytkownika i hasła wprowadziły komputery do pamięci i wysłały ich napastnikowi. Jak to usunąc.
amarozo komentarz 10 sierpnia 2007 Autor komentarz 10 sierpnia 2007 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:37:27, on 2007-08-10Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:WINDOWSsystem32svchost.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program FilesJavajre1.6.0_02binjusched.exeC:Program FilesLexmark 4300 Seriesezprint.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesAlwil SoftwareAvast4ashMaiSv.exeC:Program FilesAlwil SoftwareAvast4ashWebSv.exeC:WINDOWSsystem32lxcecoms.exeC:Program FilesGran Paradisofirefox.exeC:Documents and SettingsWłaścicielPulpitHiJackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gry.pl/R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blankO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dllO4 - HKLM..Run: [soundMan] SOUNDMAN.EXEO4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exeO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"O4 - HKLM..Run: [lxcemon.exe] "C:Program FilesLexmark 4300 Serieslxcemon.exe"O4 - HKLM..Run: [EzPrint] "C:Program FilesLexmark 4300 Seriesezprint.exe"O4 - HKLM..Run: [FaxCenterServer] "C:Program FilesLexmark Fax Solutionsfm3032.exe" /sO4 - HKCU..Run: [Odkurzacz-MCD] C:Program FilesOdkurzaczodk_mcd.exeO4 - HKCU..Run: [MSMSGS] "C:WINDOWS$hf_mig$KB887472SP2QFEMsmsgs.exe" /backgroundO4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exeO4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')O4 - Startup: UniSpiker-2.6.lnk = ?O4 - Global Startup: RaConfig.lnk = C:WINDOWSsystem32RaConfig.exeO8 - Extra context menu item: &Download All with Rapidshare Downloader - C:DOCUME~1WACICI~1USTAWI~1TempRarSFX0jc_all.htmO8 - Extra context menu item: &Download with Rapidshare Downloader - C:DOCUME~1WACICI~1USTAWI~1TempRarSFX0jc_link.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dllO9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:WINDOWS$hf_mig$KB887472SP2QFEmsmsgs.exeO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173194661203O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - F:AreschatServer.exe (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exeO23 - Service: lxce_device - Lexmark International, Inc. - C:WINDOWSsystem32lxcecoms.exeO23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware Doctorsvcntaux.exeO23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:Program FilesSpyware Doctorswdsvc.exe--End of file - 5545 bytes ComboFix 07-08-09.3 - "Waciciel" 2007-08-10 9:39:56.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.284 [GMT 2:00] * Created a new restore point((((((((((((((((((((((((( Files Created from 2007-07-10 to 2007-08-10 )))))))))))))))))))))))))))))))2007-08-10 09:39 51,200 --a------ C:WINDOWSnircmd.exe2007-08-09 17:48 83,024 --a------ C:WINDOWSsystem32driversiksyssec.sys2007-08-09 17:48 57,424 --a------ C:WINDOWSsystem32driversiksysflt.sys2007-08-09 17:48 53,840 --a------ C:WINDOWSsystem32driversikfilesec.sys2007-08-09 17:48 39,376 --a------ C:WINDOWSsystem32driversikfileflt.sys2007-08-09 17:48 29,264 --a------ C:WINDOWSsystem32driverskcom.sys2007-08-09 17:48 <DIR> d-------- C:Program FilesSpyware Doctor2007-08-09 17:48 <DIR> d-------- C:DOCUME~1WACICI~1DANEAP~1PC Tools2007-08-09 17:47 626,688 --a------ C:WINDOWSsystem32msvcr80.dll2007-08-08 22:01 <DIR> d-------- C:Program FilesGran Paradiso2007-08-08 19:53 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1ConeXware2007-08-08 13:17 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Skype2007-08-07 17:46 <DIR> d-------- C:Program FilesUltraISO2007-08-07 17:46 <DIR> d-------- C:Program FilesCommon FilesEZB Systems2007-08-07 16:28 <DIR> d-------- C:Program FilesMarBit2007-08-07 16:28 <DIR> d-------- C:Program Filesivo2007-08-03 08:09 <DIR> d-------- C:Program Filesa-squared Free2007-07-29 08:49 <DIR> d-------- C:Program FilesCommon FilesReal2007-07-29 08:47 <DIR> d-------- C:DOCUME~1WACICI~1DANEAP~1Real2007-07-28 23:54 <DIR> d-------- C:DOCUME~1WACICI~1DANEAP~1tor2007-07-22 23:20 <DIR> d-------- C:WINDOWSsystem32ActiveScan2007-07-22 12:42 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Avanquest Software2007-07-22 11:48 12,800 --------- C:WINDOWSsystem32Wing32.dll2007-07-21 23:14 5 --ahs---- C:WINDOWSsystem32cabdcfec8_g.dll2007-07-21 23:02 <DIR> d-------- C:DOCUME~1WACICI~1DANEAP~1Uniblue(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-08-09 19:01 --------- d-------- C:Program FilesOdkurzacz2007-08-09 08:24 --------- d-------- C:Program FilesGoogle2007-08-08 00:53 249856 --------- C:WINDOWSSetup1.exe2007-08-07 23:05 --------- d-------- C:Program FilesDivX2007-08-07 18:08 468 --a------ C:WINDOWSsystem32xvidcore.dll2007-08-07 18:08 468 --a------ C:WINDOWSsystem32WMV9VCM.dll2007-08-07 18:08 468 --a------ C:WINDOWSsystem32vorbisenc.dll2007-08-07 18:08 468 --a------ C:WINDOWSsystem32vorbis.dll2007-08-07 18:08 468 --a------ C:WINDOWSsystem32OggDS.dll2007-08-07 18:08 468 --a------ C:WINDOWSsystem32ogg.dll2007-08-07 18:08 468 --a------ C:WINDOWSsystem32mplvpx.dll2007-08-07 18:08 468 --a------ C:WINDOWSsystem32ir50_32.dll2007-08-07 18:08 468 --a------ C:WINDOWSsystem32cpuinf32.dll2007-08-02 07:34 --------- d-------- C:Program FilesLavasoft2007-07-29 08:50 15993 --a------ C:WINDOWSmozver.dat2007-07-28 21:50 163644 --a------ C:WINDOWSsystem32driverssecdrv.sys2007-07-28 00:07 783224 --a------ C:WINDOWSsystem32aswBoot.exe2007-07-28 00:02 94416 --a------ C:WINDOWSsystem32driversaswmon2.sys2007-07-28 00:02 92848 --a------ C:WINDOWSsystem32driversaswmon.sys2007-07-28 00:00 23152 --a------ C:WINDOWSsystem32driversaswRdr.sys2007-07-27 23:59 42912 --a------ C:WINDOWSsystem32driversaswTdi.sys2007-07-27 23:58 26624 --a------ C:WINDOWSsystem32driversaavmker4.sys2007-07-27 23:57 95608 --a------ C:WINDOWSsystem32AVASTSS.scr2007-07-22 23:59 --------- d-------- C:DOCUME~1WACICI~1DANEAP~1Lavasoft2007-07-22 23:08 --------- d-------- C:Program FilesCommon FilesInstallShield2007-07-22 10:20 50620 --a------ C:WINDOWSsystem32command.com2007-07-21 19:30 --------- d-------- C:Program FilesSkanerOnline2007-07-12 12:47 --------- d-------- C:DOCUME~1WACICI~1DANEAP~1Tlen.pl2007-07-11 20:33 79392 --a------ C:WINDOWSsystem32perfc015.dat2007-07-11 20:33 458008 --a------ C:WINDOWSsystem32perfh015.dat2007-07-09 00:20 --------- d-------- C:DOCUME~1WACICI~1DANEAP~1WNR2007-07-08 23:52 --------- d-------- C:DOCUME~1WACICI~1DANEAP~1DMCache2007-07-07 09:37 --------- d-------- C:Program FilesLexmark 4300 Series2007-07-07 09:33 --------- d-------- C:Program FilesLexmark Fax Solutions2007-07-06 19:29 22768 --a------ C:WINDOWSsystem32driversusbsermpt.sys2007-06-28 12:45 58 --a------ C:WINDOWSsystem32DonationCoder_ScreenshotCaptor_InstallInfo.dat2007-06-28 02:33 --------- d-------- C:DOCUME~1WACICI~1DANEAP~1Ahead2007-06-27 08:21 --------- d-------- C:DOCUME~1WACICI~1DANEAP~1Ambient Design2007-06-22 16:55 356352 --a------ C:WINDOWSeSellerateEngine.dll2007-06-19 08:05 720896 --a------ C:WINDOWSiun6002.exe2007-05-16 17:19 85504 --a--c--- C:WINDOWSsystem32dllcachewabimp.dll2007-05-16 17:19 510976 --a--c--- C:WINDOWSsystem32dllcachewab32.dll2007-05-16 17:19 1314816 --a--c--- C:WINDOWSsystem32dllcachemsoe.dll2007-05-16 17:18 86528 --a--c--- C:WINDOWSsystem32dllcachedirectdb.dll2007-05-16 17:18 683520 --a--c--- C:WINDOWSsystem32dllcacheinetcomm.dll2007-05-16 17:18 683520 --a------ C:WINDOWSsystem32inetcomm.dll((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"SoundMan"="SOUNDMAN.EXE" [2006-03-01 10:22 C:WINDOWSsoundman.exe]"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-07-28 00:03]"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_02binjusched.exe" [2007-07-12 04:00]"lxcemon.exe"="C:Program FilesLexmark 4300 Serieslxcemon.exe" [2005-08-02 19:47]"EzPrint"="C:Program FilesLexmark 4300 Seriesezprint.exe" [2005-07-26 14:17]"FaxCenterServer"="C:Program FilesLexmark Fax Solutionsfm3032.exe" [2005-07-12 11:36][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"Odkurzacz-MCD"="C:Program FilesOdkurzaczodk_mcd.exe" [2007-05-03 10:02]"MSMSGS"="C:WINDOWS$hf_mig$KB887472SP2QFEMsmsgs.exe" [2004-10-13 18:21]"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2006-03-02 14:00]C:Documents and SettingsWacicielMenu StartProgramyAutostartUniSpiker-2.6.lnk - C:Program FilesivoUniSpiker-2.6uni_spiker-2.6.exe [2006-03-06 16:55:32]C:Documents and SettingsAll UsersMenu StartProgramyAutostartRaConfig.lnk - C:WINDOWSsystem32RaConfig.exe [2007-02-21 15:31:20][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice"[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice"[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]C:WINDOWSsystem32ctfmon.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]"C:WINDOWS$hf_mig$KB887472SP2QFEMsmsgs.exe" /background[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregShareaza][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWMPNSCFG]C:Program FilesWindows Media PlayerWMPNSCFG.exeR1 AmdK8;AMD Processor Driver;C:WINDOWSsystem32DRIVERSAmdK8.sysR1 ISODrive;ISO DVD/CD-ROM Device Driver;??C:Program FilesUltraISOdriversISODrive.sysR3 IKFileFlt;File Filter Driver;C:WINDOWSsystem32driversikfileflt.sysR3 IKFileSec;File Security Driver;C:WINDOWSsystem32driversikfilesec.sysR3 IkSysFlt;System Filter Driver;C:WINDOWSsystem32driversiksysflt.sysR3 IKSysSec;System Security Driver;C:WINDOWSsystem32driversiksyssec.sysR3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:WINDOWSsystem32DRIVERSRtnicxp.sysS3 GMSIPCI;GMSIPCI;??G:INSTALLGMSIPCI.SYSS3 RT2400;RT2400 Wireless Driver;C:WINDOWSsystem32DRIVERSRT2400.sysS3 usbscan;Sterownik skanera USB;C:WINDOWSsystem32DRIVERSusbscan.sysS3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{c7089c83-1d2a-11d7-a2e2-806d6172696f}]AutoRuncommand- G:Setup.exeContents of the 'Scheduled Tasks' folder2007-08-09 23:31:00 C:WINDOWSTasksMP Scheduled Scan.job - C:Program FilesWindows DefenderMpCmdRun.exe**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-08-10 09:40:47Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden registry entries ...[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavoitesA151c]"Order"=hex:08,00,00,00,02,00,00,00,f8,02,00,00,01,00,00,00,07,00,00,00,8c,..scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-08-10 9:41:23 --- E O F ---
GoBi komentarz 10 sierpnia 2007 komentarz 10 sierpnia 2007 Logi są czyste... Czyli program którym skanowałeś poradził sobie z tymi trojanami
amarozo komentarz 10 sierpnia 2007 Autor komentarz 10 sierpnia 2007 Logi są czyste... Czyli program którym skanowałeś poradził sobie z tymi trojanami DZIEKUJE BARDZO.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.