Czy to wirus

Dla specjalistów Bezpieczeństwo
#1

Net zwalnia programy sie wieszająnie wiem co zrobic.

#2

Usuń wpisy HJT.

Przeskanuj ten plik na stronie http://virusscan.jotti.org/ lub http://www.virustotal.com/ a jeśli okaże się szkodliwy - plik usuń ręcznie w trybie awaryjnym natomiast wpis HJT.

Proponuję usunąć Megaupload Toolbar ponieważ jest to Toolbar wątpliwej reputacji. Bowiem zbiera dane o użytkowniki i gdzieś je wysyła, nie wiadomo gdzie.

#3

Gdzie ten plik moze być?

P.S. Mam Avasta, SP2, Ad-Aware SE Personal, Spybot - Search & Destroy, RegCleaner co mozna dodac do tego zestawu albo co zamienić?

Złączono Posta : 05.04.2007 (Czw) 16:58

To mi wyskoczylo w jednym z skanów:

STATUS: QUEUED

Your file “ShowWnd.exe” is queued in position: 41. Estimated start time is between 7 and 11 minutes.

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

A to 2:

Scan taken on 05 Apr 2007 14:54:23 (GMT)

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

Co z tym zrobic??

#4

Plik może znajdować się w tej lokalizacji:

#5

Jeszcze raz daje loga

i jeszcze to:

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""F:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"PowerBar" = (empty string)


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"iTunesHelper" = ""F:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

"AVFX Engine" = "F:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" ["Creative Technology Ltd."]

"V0220Mon.exe" = "D:\WINDOWS\V0220Mon.exe" ["Creative Technology Ltd."]

"RemoteControl" = ""F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]

"NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"CHotkey" = "zHotkey.exe" ["Chicony"]

"ShowWnd" = "ShowWnd.exe" [null data]

"avast!" = "F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\(Default) = "MEGAUPLOADTOOLBAR" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {CLSID}\InProcServer32\(Default) = "E:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

{bf00e119-21a3-4fd1-b178-3b8537e75c92}\(Default) = "Mega Manager IE Click Monitor"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll" ["Megaupload Limited"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]

"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Dodatki Spika"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

"{B4B924A2-EBDA-11DA-95DA-00E08161165F}" = "Dodatki Spika"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

"{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}" = "wodShellMenu"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\wodShellMenu.dll" ["WeOnlyDo! COM"]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: "]

INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\wodShellMenu.dll" ["WeOnlyDo! COM"]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\wodShellMenu.dll" ["WeOnlyDo! COM"]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Spik\(Default) = "{B4B924A2-EBDA-11DA-95DA-00E08161165F}"

  -> {CLSID}\InProcServer32\(Default) = "F:\Program Files\Spik\shellext_wpmsg.dll" ["Wirtualna Polska"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {CLSID}\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]

wodShellMenu\(Default) = "{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93}"

  -> {CLSID}\InProcServer32\(Default) = "D:\WINDOWS\system32\wodShellMenu.dll" ["WeOnlyDo! COM"]



Active Desktop and Wallpaper:

-----------------------------


Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


HKCU\Control Panel\Desktop\

"Wallpaper" = "D:\Documents and Settings\bbbb\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"



Startup items in "bbbb" & "All Users" startup folders:

------------------------------------------------------


D:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

"Adobe Gamma Loader" -> shortcut to: "D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = "MEGAUPLOADTOOLBAR" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]


"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}" = "MEGAUPLOADTOOLBAR" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL" ["MegaUpload"]


"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "Yahoo! Toolbar" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]

avast! Antivirus, avast! Antivirus, ""F:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]

avast! iAVS4 Control Service, aswUpdSv, ""F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]

avast! Mail Scanner, avast! Mail Scanner, ""F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

ewido security suite control, ewido security suite control, "F:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]

iPod Service, iPod Service, ""D:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]

Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

hpzsnt08\Driver = "hpzsnt08.dll" ["HP"]



----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 156 seconds, including 5 seconds for message boxes)
#6

Plik nie został wykryty jako szkodliwy o czym świadczy stwierdzenie Found nothing. Tak więc jest on jak najbardziej w porządku i nie należy go kasować - logi są Ok.

#7

A co z tymi programami ktore wymieniłem ?

#8

Dodaj firewalla i pozamykaj najbardziej niebezpieczne porty Windows Worms Doors Cleaner 1.4.1 http://dobreprogramy.com/index.php?dz=2&id=1643&t=55 8)

#9

Zrobię to jutro ale PC nadal zamula net tez co moze byc tego powodem?

Złączono Posta : 06.04.2007 (Pią) 12:07

Gadałem z kolega z tej samej sieci co ja jemu net działa normalnie a mi muli to samo co z PC. Skanowałem wszystkim co ma i nic czysto to co jeszcze moge zrobić?