Proszę o sprawdzenie loga

Xe41 · 14 Marzec 2007 14:23

Ok,coś mi dzisiaj wykrywa wiry,nawet nie wiem dlaczego…coś mi tu nie pasuje… o to mój dzisiejszy log:

Logfile of HijackThis v1.99.1

Scan saved at 23:59:44, on 2007-03-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\system32\dllhost.exe

c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\totalcmd\TOTALCMD.EXE

c:\PROGRA~1\NORTON~1\NORTON~1\navw32.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\progra~1\intern~1\iexplore.exe

C:\Program Files\EasyCleaner\EasyClea.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\User\Desktop\Programy używane\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)

O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [ccApp] “c:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (file missing)

O23 - Service: Usługa Auto Protect programu Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

I na dodatek mój svchost ma 38 k ;/! coś sie dzieje.

adam9870 · 14 Marzec 2007 15:12

Możesz kosmetycznie ciachnąć te wpisy HJT.

Dobrze, ale gdzie dokładnie są wykrywane te wirusy? Podaj dokładne lokalizacje do zainfekowanych plików.

Przeskanuj http://www.kaspersky.pl/virusscanner.html lub http://www.ewido.net/en/ i wklej raport plus log z SilentRunners.

To nie koniecznie musi być coś szkodliwego ale uruchom program Windows Worms Doors Cleaner i jeśli zobaczysz komunikat “Your system seems to be infected by a virus, your SVCHOST virtual memory usage 53928Ko is beyond usual values. It is strongly advised to check your system with an AntiVirus up to date and an AntiTrojans” to zastosuj się do mojej rady w tym temacie:

http://forum.dobreprogramy.pl/viewtopic.php?p=962946

JNJN · 14 Marzec 2007 17:26

Xe41

Proszę przeczytać tematy przyklejone w tym dziale i poprawić posta.JNJN

Xe41 · 15 Marzec 2007 16:45

A właśnie,zrobiłem raport z 30% skanowania kasperskym online i:

C:\Documents and Settings\All Users\Application Data\SIZE MFCD THUNK ANTE\Keep lite.exe Zainfekowanych: Trojan.Win32.Obfuscated.ew pominięty

C:\Documents and Settings\User\Desktop\FOLDERY\xxxxxx/data0012 Zainfekowanych: Trojan.Win32.Inject.ba pominięty

adam9870 · 15 Marzec 2007 20:43

Po zakończeniu skanowania usuń wszystko, co zostanie znalezione.

asterisk · 15 Marzec 2007 23:30

Zamieścisz tutaj całość i pamiętaj - więcej upomnień nie będzie