Prosze o pomoc z logiem na kompie mojej koleżanki miała dość dużo różnego plugastwa i żadnych zabezpieczeń antywirus troche znalazł i ewido też ale nie wiem czy wszystko...
=> wyniki z av
- Kod: Zaznacz wszystko
The scan over running processes will be started
E:\WINDOWS\System32\netwkrs32.exe
[DETECTION] Is the Trojan horse TR/FURootkit
[INFO] The file was deleted!
E:\WINDOWS\System32\msmnsg.exe
[DETECTION] Contains signature of the worm WORM/IRCBo.112640.1
[INFO] The file was deleted!
22 Processes was scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
E:\WINDOWS\system32\mssvcc.exe
[DETECTION] Contains signature of the worm WORM/Rbot.76146
[INFO] The file was deleted!
E:\WINDOWS\system32\mssvcc.exe
[DETECTION] Contains signature of the worm WORM/Rbot.76146
E:\WINDOWS\system32\vxddirectx32.exe
[DETECTION] Contains signature of the worm WORM/SdBot.64996
[INFO] The file was deleted!
E:\WINDOWS\system32\vxddirectx32.exe
[DETECTION] Contains signature of the worm WORM/SdBot.64996
E:\WINDOWS\system32\Windowsfixsystem.exe
[DETECTION] Contains signature of the worm WORM/Rbot.147968.11
[INFO] The file was deleted!
E:\WINDOWS\system32\Windowsfixsystem.exe
[DETECTION] Contains signature of the worm WORM/Rbot.147968.11
E:\WINDOWS\system32\vxddirectx32.exe
[WARNING] The file could not be opened!
The registry was scanned ( 11 files ).
Starting the file scan:
E:\hiberfil.sys
[WARNING] The file could not be opened!
E:\pagefile.sys
[WARNING] The file could not be opened!
E:\Documents and Settings\Administrator\msdirectx.sys
[DETECTION] Is the Trojan horse TR/FURootkit
[INFO] The file was deleted!
E:\Documents and Settings\Administrator\NTUSER.DAT
[WARNING] The file could not be opened!
E:\Documents and Settings\Administrator\ntuser.dat.LOG
[WARNING] The file could not be opened!
E:\Documents and Settings\Administrator\SMonitor.sys
[DETECTION] Is the Trojan horse TR/Dldr.Rootkit.JS1
[INFO] The file was deleted!
E:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
E:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
E:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\Perflib_Perfdata_6b8.dat
[WARNING] The file could not be opened!
E:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
E:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
E:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
E:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
E:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
E:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
E:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
E:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
E:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
a tutaj HijackThis
=>
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 19:36:11, on 2006-08-14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
E:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
E:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
E:\WINDOWS\Mixer.exe
E:\Program Files\AutoConnect\AutoConnect.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\System32\mssvcc.exe
E:\Documents and Settings\Administrator\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avgnt] "E:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Outpost Firewall] E:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [WheelMouse] E:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKCU\..\Run: [AutoConnect] E:\Program Files\AutoConnect\AutoConnect.exe
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://E:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96E27F18-E472-4335-9DA6-24B2F0F97933}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - E:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - E:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
na tą chwile komputer mocno "przymula" wcześniej pokazywały sie net sendy z "ciekawymi" reklamami. Nie mozna było uruchomić Menadżera zadań ani nie których pozycji w panelu sterowanie teraz niby to znikło ale np. mysz sana sie rusza po całym ekranie(moze to być wina sprzetu)
