Pełno wirusów.... Jak ich skasowac?

dilbert · 13 Sierpień 2007 09:35

Witam mam bardzo nietypowa sprawe. Na moim kompie jest bardzo duzo wirusów których mój program nie wykrywa. Co z nimi zrobić??? Jak inaczej mozna ich usunąc???

Wklejam logi i prosze o sprawdzenie.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:34:19, on 2007-08-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe D:\Gadu-Gadu\gg.exe C:\Program Files\BearShare\BearShare.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKLM…\Run: [bearFlix] “C:\Program Files\BearFlix\bearflix.exe” /pause O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKUS\S-1-5-19…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\RunOnce: [nlsf] cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” (User ‘Default user’) O4 - Startup: Internet ADSL.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi … b31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ES-ES/a-U … E_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A … tPkMSN.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{7F638560-AF59-4758-B7EC-1622AC4F9D9F}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CCS\Services\Tcpip…{FFA3DD19-5693-49AF-A486-1324EFBD2F81}: NameServer = 192.168.0.7 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe – End of file - 6237 bytes

jessica · 13 Sierpień 2007 09:51

Wczoraj @qrczak13 poprosił Cię o log z ComboFixa.

Jakoś nie widzę, byś dał:

http://forum.dobreprogramy.pl/viewtopic.php?t=178065.

Jeśli Ty lekceważysz zalecenia pomagających, to w końcu nikt nie będzie Ci chciał pomagać, bo po co?

.

dilbert · 13 Sierpień 2007 10:15

Niestety predkosc mojego internetu nie pozwala mi na tak szybkie odpowiedzi. PROSZE O POMOC!

LOGI COMBO FIX:

ComboFix 07-08-09.3 - “xxxx” 2007-08-13 12:05:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.241 [GMT 2:00] ADS removed - system32: deleted 55004 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\comio32.dll C:\WINDOWS\hosts ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 ))))))))))))))))))))))))))))))) 2007-08-13 12:01 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-12 18:04 2007-08-12 10:16 143,360 --a------ C:\WINDOWS\adiras.exe 2007-08-12 10:15 64,000 --a------ C:\WINDOWS\system32\drivers\e4ldr.sys 2007-08-12 10:15 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-08-12 10:15 46,892 --a------ C:\WINDOWS\system32\ADADIX16.DLL 2007-08-12 10:15 4,981 --a------ C:\WINDOWS\system32\ADADIX2K.DLL 2007-08-12 10:15 24,576 --a------ C:\WINDOWS\enddisk32.exe 2007-08-12 10:15 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-08-12 10:15 176,128 --a------ C:\WINDOWS\autoclk.exe 2007-08-12 10:15 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I2.BIN 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I1.BIN 2007-08-12 10:15 152,220 --a------ C:\WINDOWS\system32\drivers\L1E4I0.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P2.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P1.BIN 2007-08-12 10:15 152,132 --a------ C:\WINDOWS\system32\drivers\L1E4P0.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P2.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P1.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9P0.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I2.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN 2007-08-12 10:15 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN 2007-08-12 10:15 152,036 --a------ C:\WINDOWS\system32\drivers\L1E4D2.BIN 2007-08-12 10:15 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D1.BIN 2007-08-12 10:15 152,034 --a------ C:\WINDOWS\system32\drivers\L1E4D0.BIN 2007-08-12 10:15 135,168 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-08-12 10:15 127,456 --a------ C:\WINDOWS\system32\IPDETECT.EXE 2007-08-12 10:15 126,976 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-08-12 10:15 126,489 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-08-12 10:15 116,992 --a------ C:\WINDOWS\system32\drivers\e4usbaw.sys 2007-08-12 10:15 2007-08-12 10:13 2007-08-09 19:41 2007-07-26 20:12 2007-07-25 15:39 2007-07-25 15:39 2007-07-25 15:39 2007-07-25 15:38 2007-07-17 18:22 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-13 09:28 4212 —h----- C:\WINDOWS\system32\zllictbl.dat 2007-08-12 17:02 --------- d-------- C:\DOCUME~1\xxxx\DANEAP~1\Skype 2007-08-12 10:16 33 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg 2007-08-12 10:15 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-05 14:46 --------- d-------- C:\DOCUME~1\xxxx\DANEAP~1\Cream Software 2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-07-25 16:20 --------- d-------- C:\Program Files\Winamp 2007-07-03 21:50 --------- d-------- C:\Program Files\BearShare 2007-05-28 15:55 64226 --a------ C:\WINDOWS\system32\perfc015.dat 2007-05-28 15:55 429612 --a------ C:\WINDOWS\system32\perfh015.dat 2007-05-16 17:30 86528 --a–c— C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 17:30 85504 --a–c— C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 17:30 683520 --a–c— C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 17:30 683520 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-05-16 17:30 510976 -----c— C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 17:30 1314816 --a–c— C:\WINDOWS\system32\dllcache\msoe.dll 2007-05-13 20:57 720896 --a–c— C:\WINDOWS\iun6002.exe 2001-11-23 06:08 712704 -ra–c— C:\WINDOWS\inf\OTHER\AUDIO3D.DLL 2000-01-13 09:58 59510 --------- C:\Program Files\setup.ins ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 03:41] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2006-01-02 17:41] “BearFlix”=“C:\Program Files\BearFlix\bearflix.exe” [] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-19 11:39] “Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2006-08-24 00:38] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nlsf”=cmd.exe /C move /Y “%SystemRoot%\System32\syssetub.dll” “%SystemRoot%\System32\syssetup.dll” “nlhr”=RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C “tscuninstall”=%systemroot%\system32\tscupgrd.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoShellSearchButton”=0 (0x0) “NoViewContextMenu”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=0 (0x0) “NoUserNameInStartMenu”=0 (0x0) “NoTrayContextMenu”=0 (0x0) R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys R1 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys R1 papyjoy;papyjoy;C:\WINDOWS\system32\drivers\papyjoy.sys R1 UserPort;UserPort;C:\WINDOWS\system32\Drivers\UserPort.sys R2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne);??\C:\Program Files\Quintessential Player\cdrpdacc.sys R2 Vcs;Vcs support;??\C:\WINDOWS\system32\Drivers\Vcs.sys R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys S3 ASFWHide;ASFWHide;??\C:\DOCUME~1\xxxx\USTAWI~1\Temp\ASFWHide S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys S3 NTSIM;NTSIM;??\C:\WINDOWS\system32\ntsim.sys S3 STIrUsb;Klucz szyfrujący SigmaTel USB-IrDA;C:\WINDOWS\system32\DRIVERS\irstusb.sys Contents of the ‘Scheduled Tasks’ folder 2007-07-24 12:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-13 12:09:31 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … ************************************************************************** Completion time: 2007-08-13 12:12:14 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-08-13 12:11 — E O F —

jessica · 13 Sierpień 2007 10:59

Te zaznaczone na czerwono foldery należą do infekcji “LOP”

Spróbuj usunąć je ręcznie.

Nic tu więcej podejrzanego nie widzę.

.

dilbert · 13 Sierpień 2007 12:24

Dzieki pomogło:D Juz jest ok:D