Kaspersky wykryl mi trojana

pawcio151 · 19 Październik 2006 21:32

Kaspersky wygryl mi dzisiaj trojana. Usunolem go przeskanowalem kaperkym caly dysk i nic juz niewykryl, ale w logu zawsze mozna cos znalesc (niema najlepszego antywirusa) .

Moj problem polega tez natym ze w ostatnim czasie internet mi bardzo zwolnil, moze w logu znajdzie sie przyczyna.

Logfile of HijackThis v1.99.1 Scan saved at 23:10:21, on 06-10-19 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\iexplore.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O4 - HKCU…\Run: [EdHTML] d:\edHTML\EdHTML.exe /none O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip…{C2101948-8947-414B-80CB-D2E91754B42F}: NameServer = 192.168.10.1,194.204.159.1 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Bieniol · 19 Październik 2006 21:40

W trybie awaryjnym z wyłączonym przywracaniem systemu usuwasz (wpisy Hijackiem, pliki/foldery na czerwono ręcznie z dysku):

Po zabiegach nowy log z Hijacka + log z Silent Runners

pawcio151 · 20 Październik 2006 13:19

silent runners niemoge otworzyc. Instalowalem ostatnio EdHTML i otwieral mi sie silent runners w tym programie. Odinstalowalem EdHTML i dalej niemoge go otworzyc i zrobic loga.

Logfile of HijackThis v1.99.1 Scan saved at 15:22:01, on 06-10-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\WISPTIS.EXE D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [kav] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe” O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip…{C2101948-8947-414B-80CB-D2E91754B42F}: NameServer = 192.168.10.1,194.204.159.1 O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

adam9870 · 20 Październik 2006 13:27

no już ok.

odnośnie silenta - zobacz:

http://www.searchengines.pl/phpbb203/in … &hl=edhtml

pawcio151 · 20 Październik 2006 21:25

niemoge nic zrozumiec natej stronie skasowalem rozszerzenie VBS i teraz niemoge go znow zainstalowac to znaczy niemoge nic zrozumiec natej stronie. Czy moglby ktos to bardziej przyjzyscie wytlumaczyc??

Bieniol · 21 Październik 2006 06:26

Jak odpalasz Silenta, to co się pojawia? Jaki błąd?

pawcio151 · 21 Październik 2006 14:03

pokazuje sie komunkat:

Myszak · 21 Październik 2006 14:28

Ściągnij noscript. : włącz i zmień z disable na enable.

pawcio151 · 21 Październik 2006 14:49

sciagnolem noscript. Wlaczylem go i pokazalo mi sie nowe okno

i mam do wyboru “Enable” i “Cancel” kliknolem oczywiscie na enable i pokazalo mi sie okno

do wyboru mialem ok i sie wylaczyl program. W dalszym ciagu niemoge wlaczyc Silenta

Bieniol · 21 Październik 2006 16:41

W takim razie wrzuć log z ComboFix

pawcio151 · 21 Październik 2006 20:05

Administrator - 06-10-21 22:05:04,15 Dodatek Service Pack 2 ComboFix 06.10.19 - Running from: “D:\instalki” ((((((((((((((((((((((((((((((( Files Created from 2006-09-21 to 2006-10-21 )))))))))))))))))))))))))))))))))) 2006-10-17 17:31 545 --a------ C:\WINDOWS\UC.PIF 2006-10-17 17:31 545 --a------ C:\WINDOWS\RAR.PIF 2006-10-17 17:31 545 --a------ C:\WINDOWS\PKZIP.PIF 2006-10-17 17:31 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2006-10-17 17:31 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2006-10-17 17:31 545 --a------ C:\WINDOWS\LHA.PIF 2006-10-17 17:31 545 --a------ C:\WINDOWS\ARJ.PIF (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-14 14:14 -------- d-------- C:\Program Files\Wolfenstein - Enemy Territory 2006-10-13 18:57 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys 2006-10-13 18:57 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys 2006-10-13 18:45 -------- d-------- C:\Program Files\Kaspersky Lab 2006-10-03 16:48 -------- d-------- C:\Program Files\Gadu-Gadu 2006-09-24 13:05 -------- d-------- C:\Program Files\Mozilla Firefox 2006-09-24 13:05 -------- d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla 2006-09-14 15:24 -------- d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Help 2006-09-13 07:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll 2006-09-12 22:38 -------- d-------- C:\Program Files\Ares 2006-09-12 22:30 -------- d-------- C:\Program Files\Soulseek 2006-09-11 22:09 -------- d-------- C:\Program Files\eMule 2006-09-11 00:25 -------- d-------- C:\Program Files\BearFlix 2006-09-10 23:08 -------- d-------- C:\Program Files\Shareaza 2006-09-10 23:08 -------- d-------- C:\Documents and Settings\Administrator\Dane aplikacji\Shareaza 2006-09-10 13:34 -------- d-------- C:\Program Files\BearShare 2006-08-31 23:11 -------- d-------- C:\Program Files\Ultimate Systems 2006-08-25 17:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll 2006-08-23 00:11 -------- d-------- C:\Program Files\Opera 2006-08-21 14:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe 2006-08-21 11:14 128896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2006-08-16 13:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll 2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:29 72704 --a------ C:\WINDOWS\system32\hlink.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “SoundMan”=“SOUNDMAN.EXE” “NVRaidService”=“C:\WINDOWS\system32\nvraidservice.exe” “nwiz”=“nwiz.exe /install” “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” “kav”="“C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe”" “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Moja bieżąca strona główna” “Flags”=dword:00000002 “Position”=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 “CurrentState”=hex:04,00,00,40 “OriginalStateInfo”=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\ 00,00,04,00,00,40 “RestoredStateInfo”=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] “{438755C2-A8BA-11D1-B96B-00A0C90312E1}”=“Moduł wstępnego ładowania interfejsu Browseui” “{8C7461EF-2B13-11d2-BE35-3078302C2030}”=“Demon buforu kategorii składników” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”="" “legalnoticetext”="" “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “PostBootReminder”="{7849596a-48ea-486e-8937-a2a3009f31a9}" “CDBurn”="{fbeb8a05-beee-4442-804e-409d6c4515e9}" “WebCheck”="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" “SysTray”="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20061019-235851-331 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) backup-20061019-235806-419 O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL (file missing) backup-20061019-235750-921 O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL backup-20060404-234719-763 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) Completion time: 06-10-21 22:06:00.39 C:\ComboFix.txt … 06-10-21 22:06

Bieniol · 21 Październik 2006 20:34

Czysto