Problem w systemie pojawilo sie PEAKER 1 EXE

Dla specjalistów Bezpieczeństwo
#1

MAM PROBLEM Z AKUALIZACJA WINDOWSA NIE POBIERA ICH PISZE ZE PROGRAM JEST W TRYBIE PROWIZYJNYM JEST CHOLERNIE ZWOLNIONY I CALY CZAS UKAZUJA SIE REKLAMY CID,PRZY ZAMYKANIU SESJI WLACZAL SIEJAKIS PROGRAM O

NAZWIE PEAKER 1 EXE,WKLEJAM HIJAKSA

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:30:54 , on 13/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Prevx\prevx.exe

C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

C:\Programmi\sony\giga pocket\shwserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\Programmi\Sony\giga pocket\RM_SV.exe

C:\Programmi\Prevx\prevx.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Wireless Desktop\LgWDskTp.exe

C:\Programmi\Sony\HotKey Utility\HKserv.exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Programmi\drag’n drop cd+dvd\BinFiles\DragDrop.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Programmi\Sony\HotKey Utility\HKWnd.exe

C:\Programmi\ScanSoft\OmniPageSE\opware32.exe

C:\Programmi\Winamp\winampa.exe

C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\vsnpstd.exe

C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Programmi\sony\usbsircs\usbsircs.exe

C:\Programmi\Sony\giga pocket\ReserveModule.exe

C:\Programmi\Sony\VAIO Action Setup\VAServ.exe

C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe

C:\Programmi\Alice ti aiuta\bin\mpbtn.exe

C:\Programmi\sony\giga pocket\gps.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/it

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-vaio.sony-europe.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Guida per l’accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM…\Run: [LgWDskTp] C:\Programmi\Wireless Desktop\LgWDskTp.exe

O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM…\Run: [HKSERV.EXE] C:\Programmi\Sony\HotKey Utility\HKserv.exe

O4 - HKLM…\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Programmi\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [Drag’n Drop CD+DVD] C:\Programmi\drag’n drop cd+dvd\BinFiles\DragDrop.exe /StartUp

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 “EPSON Stylus C62 Series” /O6 “USB001” /M “Stylus C62”

O4 - HKLM…\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM…\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM…\Run: [Google Desktop Search] “C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe” /startup

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [MsnMsgr] “C:\Programmi\Windows Live\Messenger\msnmsgr.exe” /background

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe”

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Remocon Driver.lnk = ?

O4 - Global Startup: Timer Recording Manager.lnk = C:\Programmi\Sony\giga pocket\ReserveModule.exe

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Open in new background tab - res://C:\Programmi\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?93399071dd454c26a064d2778e95a0fb

O8 - Extra context menu item: Open in new foreground tab - res://C:\Programmi\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?93399071dd454c26a064d2778e95a0fb

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Programmi\sony\giga pocket\shwserv.exe

O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Servizio di Google Update (gupdate1c9fb52342c276e) (gupdate1c9fb52342c276e) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Programmi\Sony\giga pocket\halsv.exe

O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Programmi\Sony\giga pocket\RM_SV.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Programmi\Sony\vaio media music server\SSSvr.exe

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\vaio media platform\sv_httpd.exe

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\vaio media platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Programmi\sony\photo server\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Programmi\File comuni\sony shared\vaio media platform\SV_Httpd.exe

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Programmi\File comuni\sony shared\vaio media platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Programmi\Sony\giga pocket\GPVSvr.exe

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Programmi\File comuni\sony shared\vaio media platform\SV_Httpd.exe

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Programmi\File comuni\sony shared\vaio media platform\UPnPFramework.exe

End of file - 11870 bytes

Dodane 13.11.2009 (Pt) 17:53

SORRY ZA NIE UWAGE

http://www.wklej.org/id/204328/

#2

W OTL przed skanowaniem, ustaw jeszcze dodatkowe opcje poprzez wklejenie do pola “Custom Scans/Fixes”:

Następnie przestaw “Processes” i “Modules” na “All”, inne ustawienia zrób zgodnie z opisem narzędzia, i potem kliknij “Run Scan”,

Logi wklej na http://wklejto.pl/, a w poście daj tylko linki(czyli skopiuj adres z paska adresów)

jessi

#3

http://wklejto.pl/47143 OTL

http://wklejto.pl/47145

CIAO JESSI

#4

Jest infekcja “LOP”.

Uruchom System Repair Engineer > zakładka “System Repair” >>karta “BrowserAdd-ons”>

>wyszukaj i zaznaczaj w polu “CLSID 1” po kolei te:

i klikaj na przycisk “Delete Selected”.

Uruchom OTL i w oknie Custom Scans/Fixes wklej to:

Kliknij w Run Fix. Zatwierdź restart komputera.

Następnie uruchom OTL ponownie, tym razem wywołaj opcję Run Scan.

Pokaż nowy log OTL.txt oraz log z czyszczenia.

jessi

Nowa fala ataków robaka Gumblar

Conficker rozprzestrzenia się po Polsce

#5

logz czysczenia http://wklejto.pl/47155

Dodane 13.11.2009 (Pt) 19:16

http://wklejto.pl/47157

#6

Czysto.

W OTL kliknij na przycisk “CleanUp” - to go usunie.

Usuń kopie szkodników z folderu “System Volume Information” poprzez chwilowe wyłączenie “Przywracania Systemu”:

jessi