Virus Podobny do MC Micro Anty Virus


(Adamson144) #1

Witam mam problem z virusem podobnym do MC Micro anty virus .... wyskakoja na pulpicie skroty internetowe np Gey of porn itp wyskakoje Secjurity Center i co chcile jakies propozycje skanowania kompa czi czegos a pozatyma pasku zadan mam 4 ikony screen : http://www.wrzuta.pl/obraz/xcmgGBFTZY/omgvirus i http://www.wrzuta.pl/obraz/g98PuB0OcR/omg2 Nazwywa sie chyba Rapid antyvirus skanowalem go Hijack .... usunolem jeden log i nieby nie ma ale ikony home of porno home zostaly i te ikonki na pasku i nadal wyskakoje jakies gowno nie wiem gdzie sie ukrywa ale recznie i tak bym go nie usuna probowalem Malwarebytes' Anti-Malware i tez nic a wiec dam loga

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:58:06, on 2008-10-15

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

C:\Program Files\InterVideo\WinDVR\WinRemote.exe

C:\Windows\system32\YUR48.exe

C:\Windows\system32\YUR49.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Windows\system32\YUR4A.exe

C:\Windows\system32\YUR4B.exe

C:\Windows\system32\YUR4C.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\Systems.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Documents and Settings\Jacek\Menu Start\Programy\Autostart\lsass.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\gry\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.133.4.29:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.zycie.pzu;

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (file missing)

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: LPVideoPlugin - {AB49995B-C75C-4012-80C5-865EE1334BFA} - C:\WINDOWS\system32\LPVideo.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (file missing)

O3 - Toolbar: Wisdom-soft Toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWis1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [WINSCHEDULER] C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE

O4 - HKLM..\Run: [WinRemote] "C:\Program Files\InterVideo\WinDVR\WinRemote.exe"

O4 - HKLM..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM..\Run: [serwer] C:\Windows\system32\system010.exe

O4 - HKLM..\Run: [watch] "C:\Documents and Settings\Jacek\Pulpit\keylogger\logger.exe" /ukryj /lbl:SYSTEM

O4 - HKLM..\Run: [\YUR33A.exe] C:\Windows\system32\YUR33A.exe

O4 - HKLM..\Run: [\YUR33B.exe] C:\Windows\system32\YUR33B.exe

O4 - HKLM..\Run: [\YUR33C.exe] C:\Windows\system32\YUR33C.exe

O4 - HKLM..\Run: [\YUR33D.exe] C:\Windows\system32\YUR33D.exe

O4 - HKLM..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe

O4 - HKLM..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe

O4 - HKLM..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe

O4 - HKLM..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe

O4 - HKLM..\Run: [POL Agent] C:\Program Files\POL\POL.exe

O4 - HKLM..\Run: [\YUR48.exe] C:\Windows\system32\YUR48.exe

O4 - HKLM..\Run: [\YUR49.exe] C:\Windows\system32\YUR49.exe

O4 - HKLM..\Run: [\YUR4A.exe] C:\Windows\system32\YUR4A.exe

O4 - HKLM..\Run: [\YUR4B.exe] C:\Windows\system32\YUR4B.exe

O4 - HKLM..\Run: [\YUR4C.exe] C:\Windows\system32\YUR4C.exe

O4 - HKLM..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [steam] "d:\gry\counter strike 1.6\steam.exe" -silent

O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [systems] C:\Windows\Systems.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU..\Run: [\YUR33A.exe] C:\Windows\system32\YUR33A.exe

O4 - HKCU..\Run: [\YUR33B.exe] C:\Windows\system32\YUR33B.exe

O4 - HKCU..\Run: [\YUR33C.exe] C:\Windows\system32\YUR33C.exe

O4 - HKCU..\Run: [\YUR33D.exe] C:\Windows\system32\YUR33D.exe

O4 - HKCU..\Run: [\YUR1.exe] C:\Windows\system32\YUR1.exe

O4 - HKCU..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe

O4 - HKCU..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe

O4 - HKCU..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe

O4 - HKCU..\Run: [\YUR48.exe] C:\Windows\system32\YUR48.exe

O4 - HKCU..\Run: [\YUR49.exe] C:\Windows\system32\YUR49.exe

O4 - HKCU..\Run: [\YUR4A.exe] C:\Windows\system32\YUR4A.exe

O4 - HKCU..\Run: [\YUR4B.exe] C:\Windows\system32\YUR4B.exe

O4 - HKCU..\Run: [\YUR4C.exe] C:\Windows\system32\YUR4C.exe

O4 - HKCU..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe

O4 - Startup: hamachi.lnk = C:\Documents and Settings\Jacek\Pulpit\Mu Online\tibiasoft_com_ipc7[1].81\hamachi.exe

O4 - Startup: lsass.exe

O4 - Startup: UniSpiker-2.6.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2A781DED-C22D-4153-9812-CEA98A32981C} (GameDesire Makao) - http://download.gamedesire.com/g_bin/pl ... 0_0_29.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8521454874

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8521803952

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--

End of file - 12316 bytes

Prosze o szybka pomoc :frowning: :oops: :oops:


(tores1977) #2

Chyba nie ten dział

viewforum.php?f=16


(Apdjs) #3

dla mnie najbardziej podejrzane ale niech jeszcze ktoś bardziej doświadczony sprawdzi


(huber2t) #4

fix w hijackthis

Podaj log z Combofix