Sophie89
14 Lipiec 2007 17:52
#1
Dzisiaj odkryłam, ze moja strona startowa uległa zmianie bez mojej ingerencji… Czy złapaliście kiedyś wirusa, który coś takiego by powodował, do tego, na mojej ,nowej" stronie startowej pojawia się komunikat czerwonymi literami: ASP WARNING i coś tam o żekomym odwiedzaniu przeze mnie niedozwolonych stron internetowych i o tym, że podjęte zostanie śledztwo w tej sprawie i ze znane są już dane mojego kompa itp itd… Co to w ogóle znaczy?? Czy spotkaliście się z tym problemem???
Poza tym Avast już o kilku dni wykrywa mi stale jakies trojany i wirusy… Wyświetliło mi się, ze mam 14 zarażonych plików…
Proszę o pomoc
Z góry bardzo dziękuję…
Logfile of HijackThis v1.99.1 Scan saved at 18:42:19, on 2007-07-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\system32\qwerty12.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\essspk.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu3\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\AVerTV2K\QuickTV.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\LimeWire Turbo Accelerator\LimeWire Turbo Accelerator.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\TransAng3\TransEn3.exe C:\Documents and Settings\user\Dane aplikacji\tmpA.tmp.exe C:\Program Files\WinAce\WinAce.exe C:\DOCUME~1\user\USTAWI~1\Temp~AceTemp\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.realmadrid.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: (no name) - {50404b93-8df1-410b-8e42-93c92b4599a0} - C:\WINDOWS\system32\mkzaac.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\tmp9.tmp.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [EssSpkPhone] essspk.exe O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe O4 - HKLM…\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM…\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM…\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [AVGCtrl] “C:\Documents and Settings\user\Pulpit\AVGNT.EXE” /min O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [sDR6_Check] “C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe” O4 - HKLM…\Run: [PAS_Check] “C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe” O4 - HKLM…\Run: [winehq.org ] rundll32.exe “C:\WINDOWS\rqomnl.dll”,realset O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [WITaj!] rem – Anulowane uruchamianie programu WITaj! 2000 O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu3\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [GoD] “C:\Program Files\GoD\GoD.exe” /tray O4 - Startup: LimeWire Turbo Accelerator.lnk = C:\Program Files\LimeWire Turbo Accelerator\LimeWire Turbo Accelerator.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe O4 - Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Tłumacz z polskiego na angielski - {7BFE183A-7A50-420C-84EE-6EFD2DA47994} - C:\Program Files\TransAng3\tren3ie_tlumacz2.htm O9 - Extra ‘Tools’ menuitem: Tłumacz z polskiego na angielski - {7BFE183A-7A50-420C-84EE-6EFD2DA47994} - C:\Program Files\TransAng3\tren3ie_tlumacz2.htm O9 - Extra button: Tłumacz z angielskiego na polski - {7DE19680-4CF2-418B-BB5F-6374EDB40116} - C:\Program Files\TransAng3\tren3ie_tlumacz.htm O9 - Extra ‘Tools’ menuitem: Tłumacz z angielskiego na polski - {7DE19680-4CF2-418B-BB5F-6374EDB40116} - C:\Program Files\TransAng3\tren3ie_tlumacz.htm O9 - Extra button: Opcje tłumaczenia (angielsko-polski) - {7F27B609-F13A-42FC-8D66-3AE87E5E01D8} - C:\Program Files\TransAng3\tren3ie_opcje.htm O9 - Extra ‘Tools’ menuitem: Opcje tłumaczenia (angielsko-polski) - {7F27B609-F13A-42FC-8D66-3AE87E5E01D8} - C:\Program Files\TransAng3\tren3ie_opcje.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O17 - HKLM\System\CCS\Services\Tcpip…{089DB416-7EBF-4715-B677-4A432492BBC1}: NameServer = 217.28.150.195 213.172.186.4 O17 - HKLM\System\CS1\Services\Tcpip…{089DB416-7EBF-4715-B677-4A432492BBC1}: NameServer = 217.28.150.195 213.172.186.4 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: c:\windows\system32\ddayayx.dll O20 - Winlogon Notify: mkzaac - C:\WINDOWS\SYSTEM32\mkzaac.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Joan
16 Lipiec 2007 11:32
#2
za dużo tu syfu na strzelanie w ciemno, ot kosz
Zastosuj VundoFix Trojan.Vundo Removal Tool VirtumundoBeGone
start > uruchom > msconfig > wpisz
sc stop DomainService
sc delete DomainService
O2 - BHO: (no name) - {50404b93-8df1-410b-8e42-93c92b4599a0} - C:\WINDOWS\system32\mkzaac.dll O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\tmp9.tmp.dll O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file) O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [winehq.org ] rundll32.exe “C:\WINDOWS\rqomnl.dll”,realset O20 - AppInit_DLLs: c:\windows\system32\ddayayx.dll O20 - Winlogon Notify: mkzaac - C:\WINDOWS\SYSTEM32\mkzaac.dll O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
usun wszystko co na czerwono ręcznie z dysku, daj nowe logi hjt + SilentRunners + ComboFix
