Vanilly
(Zanetaszpil)
3 Wrzesień 2007 21:53
#1
poprosilabym o sprawdzenie loga, avast wczesniej wykryl kilka wirusow, ponoc je usunol, mi, tojana ktorego nazwal: “trojan pornodownloader”
komputer nie uruchamia sie awaryjnie, wiec wylaczylam kopie zapasowa i pousowala syfy.
komputer jest mojej mamy, z sytemem w jezyku wloskim, wiec mam wieksze problemy z opanowaniem go. przy uruchamianiu przegladarki wylancza sie awast, wyskakuje komunikat " blad bazy rpc"
10 giga pamieci, 128 ramu… wiec zawiesza sie strasznie, a chodzi o to zeby mama miala jak sie na nim nauczyc obslugi kompa…
wklejam log.
Z gory dziekuje za pomoc.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23.42.04, on 03/09/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Fast Ram Clean PRO\timerruning.exe C:\Programmi\Winamp\winamp.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Programmi\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Programmi\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVIZIO LOCALE’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVIZIO DI RETE’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Timer Runing (Fast Ram Clean).lnk = C:\Programmi\Fast Ram Clean PRO\timerruning.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home O15 - Trusted Zone: *.whataboutadog.com O15 - Trusted Zone: *.whataboutarabit.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7671833088 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 7672644564 O17 - HKLM\System\CCS\Services\Tcpip…{9B165478-5FA7-43AB-8614-5B023B691A57}: NameServer = 85.37.17.51 85.38.28.97 O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing) – End of file - 4508 bytes
*alice “modem” program do laczenia z netem
Ps. przepraszam za brak polskich znakow, ale wloski system, wloska klawiatura…
Złączono Posta : 03.09.2007 (Pon) 23:55
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
Złączono Posta : 03.09.2007 (Pon) 23:56
co to takiego ??
bo czegos takiego w logach, a czasem tu zagladam poczytac nie widzialam ??
Vanilly
(Zanetaszpil)
11 Wrzesień 2007 11:53
#3
ComboFix 07-09-10.6 - “utente” 2007-09-11 13.07.59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.26 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NWSAPAGENT -------\NwSapAgent ((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 ))))))))))))))))))))))))))))))) . 2007-09-11 13:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-04 10:22 1,740 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-09-04 00:01 2007-09-04 00:00 2007-09-03 23:41 2007-09-01 18:15 1,852 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-09-01 18:15 2007-09-01 18:14 2007-09-01 14:17 2007-09-01 13:56 2007-09-01 13:56 2007-08-28 20:19 2007-08-18 16:10 64,640 --a------ C:\WINDOWS\system32\drivers\qcusbnmea.sys 2007-08-18 16:10 64,640 --a------ C:\WINDOWS\system32\drivers\qcusbmdm6k.sys 2007-08-18 16:10 2007-08-18 16:05 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-08-18 15:47 2007-08-18 00:40 6,550 --a------ C:\WINDOWS\jautoexp.dat 2007-08-18 00:40 46,352 --a------ C:\WINDOWS\setdebug.exe 2007-08-18 00:40 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-08-18 00:40 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-08-18 00:40 113 --a------ C:\WINDOWS\system32\zonedoff.reg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-09 12:52 --------- d-------- C:\DOCUME~1\utente\DATIAP~1\Skype 2007-09-03 23:23 --------- d-------- C:\Programmi\Gadu-Gadu 2007-09-03 23:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Zylom 2007-08-22 20:26 --------- d-------- C:\DOCUME~1\utente\DATIAP~1\AdobeUM 2007-08-18 16:15 --------- d-------- C:\Programmi\Corel 2007-08-18 16:10 --------- d–h----- C:\Programmi\InstallShield Installation Information 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-06-13 15:22 1035776 --a------ C:\WINDOWS\explorer.exe 2007-05-01 16:10:24 88 --sh–r C:\WINDOWS\system32\79F8370715.sys 2007-05-01 16:10:50 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] “Windows Network Firewall”=“C:\WINDOWS\System32\firewall.exe” [] “WinPatrol”=“C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe” [2007-08-12 00:48] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-19 15:39] “Gadu-Gadu”=“C:\Programmi\Gadu-Gadu\gg.exe” [2007-05-10 16:36] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “MSN MESSENGER 9.0”=messengerr.exe C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1\ESECUZ~1\ Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-04-08 03:45:25] C:\DOCUME~1\utente\MENUAV~1\PROGRA~1\ESECUZ~1\ Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:00] Timer Runing (Fast Ram Clean).lnk - C:\Programmi\Fast Ram Clean PRO\timerruning.exe [2004-04-01 23:41:48] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 nwprovau “Server Runtime Process”= C:\WINDOWS\system32\wbem\wbemstest.exe R3 G200;G200;C:\WINDOWS\system32\DRIVERS\G200m.sys S3 ess;Driver audio ESS (WDM);C:\WINDOWS\system32\drivers\ess.sys S3 N100;Driver NIC Ethernet o Fast Ethernet Compaq;C:\WINDOWS\system32\DRIVERS\n100325.sys S3 qcusbmdm6k;MD-1 Proprietary USB Driver;C:\WINDOWS\system32\DRIVERS\qcusbmdm6k.sys S3 qcusbnmea;MD-1 NMEA Port;C:\WINDOWS\system32\DRIVERS\qcusbnmea.sys . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-11 13:34:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-09-11 13:39:24 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-09-11 13:38 . — E O F —
log z combo fixa, … przepraszam ze tak dlugo, ale mialam problemy z netem… i … wszystkim…
Gutek
(Gutek)
11 Wrzesień 2007 23:18
#4
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Pobierz program SDFix