Naprawdę wielka prośba o sprawdzenie loga

system · 24 Luty 2006 20:05

Ok, no to się poprawiam:

Mam kasperskiego i co chwila mam komunikat o wirusie backdoor, usuwam go, ale to nic nie daje po jakimś czasie pojawia mi się wiecej tego typu komunikatów, jeden po drugim. Bardzo tnie mi komputer, np. przycina mi muzykę, czy nawet kursor myszki. Proszę o sprawdzenie loga, który wrzucam poniżej.

Logfile of HijackThis v1.99.1 Scan saved at 20:50:21, on 2006-02-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\lup.exe C:\WINDOWS\System32\mssvcc.exe C:\WINDOWS\System32\winsystems.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Instalki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=D:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [WinService32] D:\Program Files\System32\svchost.exe O4 - HKLM…\Run: [secures23] lup.exe O4 - HKLM…\Run: [msconfig38] mssvcc.exe O4 - HKLM…\Run: [KAVPersonal50] “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe” /minimize O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [secures23] lup.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [msconfig38] mssvcc.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Gutek · 24 Luty 2006 20:33

użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa.

Po tym start do trybu awaryjnego i ecznie usuń pliki zaznacone na czerwono, a wpisy hijackiem usuń i po tym log z hijacka kontrolnie.

system · 24 Luty 2006 20:42

uuuh nie wiem jak je usunąć? :mrgreen:

:mrgreen: :mrgreen:

Gutek · 24 Luty 2006 20:47

Masz temat w przyklejony - http://forum.dobreprogramy.pl/viewtopic.php?t=36654

asterisk · 24 Luty 2006 20:50

Uruchamiasz program

Klikasz Do a system scan only
Na pokazanej liście, zgodnie z tym, co Ci podał Gutek2222

zaznaczasz v w kwadraciku po lewej stronie

klikasz na dole Fix Checked

system · 24 Luty 2006 21:13

kontrolny log:

Logfile of HijackThis v1.99.1 Scan saved at 22:09:41, on 2006-02-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE E:\Instalki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [secures23] lup.exe O4 - HKLM…\Run: [msconfig38] mssvcc.exe O4 - HKLM…\Run: [KAVPersonal50] “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe” /minimize O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

ale coś czuję, że niewiele to pomogło… nadal komputer się tnie

Gutek · 24 Luty 2006 21:19

zostało usunwanie jak wyzej - lokalizacje do recznego kasowania: C:\WINDOWS\System32\lup.exe

C:\WINDOWS\System32\mssvcc.exe

C:\WINDOWS\System32\winsystems.exe

system · 24 Luty 2006 21:33

usunąłem je jeszcze przed zrobieniem i wstawieniem na forum kontrolnego loga, teraz już nie ma tych plików i z przykrością stwierdzam, że komputer nadal się tnie…

Gutek · 24 Luty 2006 21:46

Ale to nowy log więc pokazuje ze sa - ten nad moją ostatnią analizą

system · 24 Luty 2006 21:51

wklejam log, który zrobiłem przed chwilą.

plików takich system nie znalazł w komputerze, ja sam też nie

Logfile of HijackThis v1.99.1 Scan saved at 22:48:55, on 2006-02-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\System32\mssecure.exe C:\WINDOWS\System32\mssvcc.exe C:\WINDOWS\System32\winsystems.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Instalki\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=D:\YDPDict\watch.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [secures23] mssecure.exe O4 - HKLM…\Run: [msconfig38] mssvcc.exe O4 - HKLM…\Run: [KAVPersonal50] “D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe” /minimize O4 - HKLM…\Run: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [msconfig38] mssvcc.exe O4 - HKLM…\RunServices: [winsystems25] winsystems.exe O4 - HKLM…\RunServices: [secures23] mssecure.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} (EARTPatch8X Class) - http://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Gutek · 24 Luty 2006 22:07

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\System32\mssecure.exe

C:\WINDOWS\System32\mssvcc.exe

C:\WINDOWS\System32\winsystems.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz. Użyty został program Windows Worms Doors Cleaner??? - linkowany wyzej?