fokuz11
6 Grudzień 2007 19:33
#1
Witam
Panie i Panowie, co ja mam dalej z tym uczynic nie chce zepsuć kompa a jestem zielony. Wkradł mi sie na kompa jakis trojan użyłem programu HijackThis i wklejam tak jak było w głównym temacie.
Logfile of HijackThis v1.99.1 Scan saved at 20:20:06, on 2007-12-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\system32\LXSUPMON.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Program Files\Winamp\winampa.exe D:\NOKIA\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe C:\Program Files\WLAN\WConfig\WConfig.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Gadu-Gadu\gg.exe C:\DOCUME~1\Admin\USTAWI~1\Temp\Katalog tymczasowy 3 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gadnet.hit.gemius.pl/hitredir/id … w.sheba.pl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mvvzuygd.dll O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler O4 - HKLM…\Run: [bearShare] “D:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [bearFlix] “C:\Program Files\BearFlix\bearflix.exe” /pause O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM…\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM…\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\NOKIA\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [60d9e8cc] rundll32.exe “C:\WINDOWS\system32\ujicvyxt.dll”,b O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\RunOnce: [FFTI] C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\3284fvbg.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=“C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles/3284fvbg.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}” O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: GuardGui.lnk = C:\Program Files\Ashampoo\Ashampoo AntiVirus\GuardGui.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WConfig.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{310A07D1-619C-4DFA-833C-BE65AFD5D14A}: NameServer = 194.204.159.1,194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip…{310A07D1-619C-4DFA-833C-BE65AFD5D14A}: NameServer = 194.204.159.1,194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: E404Helper - {231cdd8a-a17b-4e45-9ef9-0b70c3363037} - e404d.dll (file missing) O23 - Service: avGuard Service (avGuard) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiVirus\ashAvSrv.exe O23 - Service: ##Id_String1 .6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Gutek
6 Grudzień 2007 19:46
#2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R3 - Default URLSearchHook is missing O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mvvzuygd.dll O4 - HKLM…\Run: [60d9e8cc] rundll32.exe “C:\WINDOWS\system32\ujicvyxt.dll”,b O21 - SSODL: E404Helper - {231cdd8a-a17b-4e45-9ef9-0b70c3363037} - e404d.dll (file missing)
usuń wpisy HJT
Użyj VundoFix Trojan.Vundo Removal Tool VirtumundoBeGone
Daj log z ComboFix
fokuz11
6 Grudzień 2007 20:07
#3
Załączyłem tego VundoFix coś tam szuka a dalej to nie wiem co robić
fokuz11
6 Grudzień 2007 23:05
#5
Ok Gutek VundoFix dał rade dzięki serdeczne;)
Gutek
7 Grudzień 2007 16:12
#6
nie tak łatwo - Daj log z ComboFix