pan_ziomal
(Grzesiekzurek)
28 Listopad 2007 13:54
#1
No mam problem… mialem wirusa b bodajże wirus Virus.Win32.Virut.as
Mam Kasperskeygo 6-tke no i mnie wkurza bo co chwile ppraca ten sam koń trojański a raczej dwa no i na dysku C : są takie pliki
C:\wsusupd.exe (jakiś cholerny wirus) i kilka podobnych… … myślałem ze uda mi sie zrobić formata dysku a tu nić… błąd SP2 nieda sie zainstalowac bo sie wiesza w połowie ;(
niewiem co zrobić
a co do trojanów to wyświetla mi taki komunikat tzn źródło plików
Koń trojański Trojan.Win32.Agent.csm Plik: D:\Documents and Settings\PC\Ustawienia lokalne\Temporary Internet Files\Content.IE5\2PCKCR91\hsyotmo[1].txt
Koń trojański Trojan-Downloader.Win32.Searcher.f Plik: D:\Documents and Settings\PC\Ustawienia lokalne\Temporary Internet Files\Content.IE5\6D0XOFA1\mxafungms[1].htm
no a mój log… no to
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:53:44, on 2007-11-28 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\System32\Ati2evxx.exe D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe D:\WINDOWS\system32\dllcache\mravsc32.exe D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe D:\WINDOWS\System32\ctfmon.exe D:\Program Files\Messenger\msmsgs.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\mozilla.org \SeaMonkey\seamonkey.exe D:\WINDOWS\system32\notepad.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = proxy.dialog.net.pl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dialog.net.pl:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [AVP] “D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKLM…\Run: [shareSearcher] C:\rwtubehk.exe O4 - HKLM…\RunServices: [Auto File System Conversion Utility] D:\WINDOWS\System32\scricon.exe O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunServices: [Auto File System Conversion Utility] D:\WINDOWS\System32\scricon.exe (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - HKUS.DEFAULT…\RunServices: [Auto File System Conversion Utility] D:\WINDOWS\System32\scricon.exe (User ‘Default user’) O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Add to AMV Converter… - D:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html O8 - Extra context menu item: Save F&lash with FlashCapture - res://D:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 6169175386 O17 - HKLM\System\CCS\Services\Tcpip…{00E9D0E2-06DC-4858-B5AC-A6406118FD9B}: NameServer = 217.30.129.0,217.30.137.0 O17 - HKLM\System\CCS\Services\Tcpip…{59415AC7-7BF0-41F8-B4D8-DE3FCEA0F5C8}: NameServer = 217.30.129.149,217.30.137.200 O17 - HKLM\System\CS1\Services\Tcpip…{00E9D0E2-06DC-4858-B5AC-A6406118FD9B}: NameServer = 217.30.129.0,217.30.137.0 O17 - HKLM\System\CS2\Services\Tcpip…{00E9D0E2-06DC-4858-B5AC-A6406118FD9B}: NameServer = 217.30.129.0,217.30.137.0 O17 - HKLM\System\CS3\Services\Tcpip…{00E9D0E2-06DC-4858-B5AC-A6406118FD9B}: NameServer = 217.30.129.0,217.30.137.0 O17 - HKLM\System\CS4\Services\Tcpip…{00E9D0E2-06DC-4858-B5AC-A6406118FD9B}: NameServer = 217.30.129.0,217.30.137.0 O17 - HKLM\System\CS5\Services\Tcpip…{00E9D0E2-06DC-4858-B5AC-A6406118FD9B}: NameServer = 217.30.129.0,217.30.137.0 O17 - HKLM\System\CS6\Services\Tcpip…{00E9D0E2-06DC-4858-B5AC-A6406118FD9B}: NameServer = 217.30.129.0,217.30.137.0 O17 - HKLM\System\CS7\Services\Tcpip…{00E9D0E2-06DC-4858-B5AC-A6406118FD9B}: NameServer = 217.30.129.0,217.30.137.0 O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Distributed Allocated Memory Unit - Unknown owner - D:\WINDOWS\system32\dllcache\mravsc32.exe O23 - Service: MSN RAV - Unknown owner - D:\WINDOWS\system\msnrav.exe (file missing) O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - D:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe – End of file - 6774 bytes
no bo formata systemowego zrobić nie moge
z góry dzięki