Proszę o sprawdzenie w celu usunięcia resztek po wirusie


(Heros991) #1

Proszę o sprawdzenie loga po wirusie w c:windows nod32 znalazł mi wusua chodz był gdzie indziej usunąłem go i prosze o sprawdzenie loga:

Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:41:15, on 2007-09-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll

O2 - BHO: (no name) - {1C3C4699-B285-475F-BE47-0B26088CE876} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM..\Run: [sXe Injected] C:\Program Files\sXe Injected\sXe Injected.exe

O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [Odkurzacz-QC] C:\Program Files\Odkurzacz\odk_qc.exe

O4 - HKCU..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus ... nicode.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/programs/ ... canner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_35.cab

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 127.0.0.1

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 127.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 127.0.0.1

O22 - SharedTaskScheduler: andropogon - {655560a9-3ca8-4509-9632-6abbef21426b} - (no file)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--

End of file - 6737 bytes


(jessica) #2

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Możesz dać jeszcze log z ComboFix (na dole tej strony z linku) -

Log wklej na http://wklej.org/, a w poście daj tylko link.(czyli skopiuj adres z paska adresów) .

jessi


(Heros991) #3

już sfiksowałem

Złączono Posta : 22.09.2007 (Sob) 9:21

log z combofix:

http://wklej.org/id/e58a66275e

Złączono Posta : 22.09.2007 (Sob) 9:21

ComboFix 07-09-21.2 - "Waciciel" 2007-09-22 9:15:36.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.241 [GMT 2:00]

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))

.

2007-09-22 09:1551,200--a------C:\WINDOWS\NirCmd.exe

2007-09-22 07:23

2007-09-22 07:23

2007-09-20 17:58

2007-09-20 17:57

2007-09-20 10:55

2007-09-19 22:46

2007-09-13 19:5723--ahs----C:\WINDOWS\system32\bbedf_d.dll

2007-09-11 16:52

2007-09-11 16:51

2007-09-11 16:51

2007-09-08 13:10

2007-09-07 17:04

2007-09-05 10:20

2007-09-05 10:18

2007-08-31 15:45

2007-08-31 14:52

2007-08-31 13:59512,096--a------C:\WINDOWS\system32\drivers\amon.sys

2007-08-31 13:59298,104--a------C:\WINDOWS\system32\imon.dll

2007-08-31 13:5915,424--a------C:\WINDOWS\system32\drivers\nod32drv.sys

2007-08-30 14:29

2007-08-29 13:40

2007-08-28 19:20

2007-08-28 18:28

2007-08-28 18:28

2007-08-28 13:599,464---------C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-08-28 13:599,336---------C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-08-28 13:59129,784---------C:\WINDOWS\system32\pxafs.dll

2007-08-25 19:30

2007-08-25 19:01685,816--a------C:\WINDOWS\system32\drivers\sptd.sys

2007-08-25 00:08

2007-08-24 12:18

2007-08-23 17:41

2007-08-23 01:09

2007-08-23 01:07

2007-08-23 01:07

2007-08-23 01:07

2007-08-22 20:59

2007-08-22 16:23

2007-08-22 09:3722--a------C:\WINDOWS\system32\Dysst.dll

2007-08-22 09:29102,400--a------C:\WINDOWS\system32\unzip32.dll

2007-08-22 09:29

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-21 20:07---------d--------C:\Program Files\SpeedFan

2007-09-19 12:05---------d--------C:\Program Files\Valve

2007-09-15 14:09---------d--------C:\Program Files\sXe Injected

2007-09-14 18:26---------d--------C:\Program Files\IE7Pro

2007-09-05 10:27---------d--------C:\Program Files\EA GAMES

2007-09-05 10:1512400--a------C:\WINDOWS\system32\drivers\secdrv.sys

2007-09-02 18:54---------d--------C:\Program Files\Ganymede

2007-08-29 11:27---------d--------C:\Program Files\Winamp

2007-08-20 09:45---------d--------C:\Program Files\SubEdit-Player

2007-08-19 14:14---------d--------C:\Program Files\Google

2007-08-18 14:48---------d--------C:\Program Files\Trend Micro

2007-08-16 11:11---------d--------C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google

2007-08-14 04:18---------d--h-----C:\Program Files\InstallShield Installation Information

2007-08-13 13:35108144--a------C:\WINDOWS\system32\CmdLineExt.dll

2007-08-09 10:38---------d--------C:\Program Files\Gadu-Gadu

2007-08-08 16:3019456--a------C:\WINDOWS\system32\OnlineScannerLang.dll

2007-08-07 21:30---------d--------C:\Program Files\foobar2000

2007-08-04 23:57---------d--------C:\Program Files\VideoLAN

2007-08-02 18:11253952--a------C:\WINDOWS\system32\OnlineScannerDLLA.dll

2007-08-02 18:11241664--a------C:\WINDOWS\system32\OnlineScannerDLLW.dll

2007-07-30 19:1992504--a------C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19549720--a------C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:1953080--a------C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:1943352--a------C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19325976--a------C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19203096--a------C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:191712984--a------C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:1833624--a------C:\WINDOWS\system32\wups.dll

2007-07-29 22:45---------d--------C:\Program Files\AnalogX

2007-07-28 14:04---------d--------C:\Program Files\ffdshow

2007-07-27 15:49225355--a------C:\WINDOWS\system32\lnod32apiW.dll

2007-07-27 15:49196683--a------C:\WINDOWS\system32\lnod32apiA.dll

2007-07-13 18:4143520--a------C:\WINDOWS\system32\CmdLineExt03.dll

2007-06-27 19:05972072--a------C:\WINDOWS\UNNeroMediaHome.exe

2007-06-26 14:12972072--a------C:\WINDOWS\UNNeroVision.exe

2007-06-26 08:101104896--a------C:\WINDOWS\system32\msxml3.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTrayp"="VTtrayp.exe" [2005-11-01 04:15 C:\WINDOWS\system32\VTTrayp.exe]

"SoundMan"="SOUNDMAN.EXE" [2006-06-20 14:42 C:\WINDOWS\soundman.exe]

"SMSERIAL"="sm56hlpr.exe" [2005-11-10 04:44 C:\WINDOWS\sm56hlpr.exe]

"sXe Injected"="C:\Program Files\sXe Injected\sXe Injected.exe" [2007-08-12 01:36]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-31 13:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-18 17:29]

"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2007-05-03 10:02]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]

"Odkurzacz-QC"="C:\Program Files\Odkurzacz\odk_qc.exe" [2007-05-03 10:01]

"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 00:13]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]

C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys

R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-09-15 21:20:00 C:\WINDOWS\Tasks\uTorrent.job"

  • C:\Program Files\uTorrent\uTorrent.exe

.

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-22 09:16:29

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-09-22 9:17:02

.

--- E O F ---


(JNJN) #4

baldys15

Przeczytaj tematy przyklejone w tym dziale i popraw posty.JNJN


(jessica) #5

Czysto. :slight_smile:

jessi


(Heros991) #6

ok dzięki za pomoc


(Gutek) #7

jesteś o coś proszony - to nie jest takie trudne