Quenthel
(Jewel17)
20 Październik 2008 14:26
#1
Od paru dni antywirusy wykrywają 3 zainfekowane pliki, próba usunięcia kończy się zawsze niepowodzeniem (w F-secure oraz Mks-skaner online). Wirus przejawia się otwieraniem bardzo dużej ilości okienek w Internet Explorer z prąbą ściągania różnych plików. Niebardzo wiem jak usunąć wirusa ręcznie, daltego proszę o sprawdzenie loga.
Logfile of HijackThis v1.99.1 Scan saved at 16:19:01, on 2008-10-20 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\UPCSmartGuard\Common\FSM32.EXE C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\UPCSmartGuard\Anti-Virus\fsgk32st.exe C:\Program Files\UPCSmartGuard\Anti-Virus\FSGK32.EXE C:\Program Files\UPCSmartGuard\Common\FSMA32.EXE C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\UPCSmartGuard\Common\FSMB32.EXE C:\Program Files\UPCSmartGuard\Common\FCH32.EXE C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\UPCSmartGuard\Common\FAMEH32.EXE C:\Program Files\UPCSmartGuard\Anti-Virus\fsqh.exe C:\Program Files\UPCSmartGuard\FSGUI\fsguidll.exe C:\Program Files\UPCSmartGuard\FSAUA\program\fsaua.exe C:\Program Files\UPCSmartGuard\FWES\Program\fsdfwd.exe C:\Program Files\UPCSmartGuard\Anti-Virus\fssm32.exe C:\Program Files\UPCSmartGuard\FSAUA\program\fsus.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\opera.exe C:\Program Files\UPCSmartGuard\Anti-Virus\fsav32.exe D:\Instalki\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE /P23 “EPSON Stylus C48 Series” /O6 “USB001” /M “Stylus C48” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” O4 - HKLM…\Run: [F-Secure Manager] “C:\Program Files\UPCSmartGuard\Common\FSM32.EXE” /splash O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\upcsmartguard\fsps\program\fslsp.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - AppInit_DLLs: lnlciw.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\UPCSmartGuard\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\UPCSmartGuard\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\UPCSmartGuard\FWES\Program\fsdfwd.exe O23 - Service: Agent zarządzania F-Secure (FSMA) - F-Secure Corporation - C:\Program Files\UPCSmartGuard\Common\FSMA32.EXE O23 - Service: Usługa iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Gutek
(Gutek)
20 Październik 2008 14:30
#2
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052
O20 - AppInit_DLLs: lnlciw.dll
usuń wpis HJT
Daj log z ComboFix