Wirus czy nie?

maroani · 23 Styczeń 2008 22:26

Witam,

Dzisaj moja dziewczyna przyniosła do domu swojego pendriva… eset wykrył na nim kilka nieciekawych wirusów dokłądnie takie:

J:\n1deiect.com - Win32/Pacex.Gen wirus

J:\u.bat - Win32/Pacex.Gen wirus

J:\ntde1ect.com - prawdopodobnie odmiana wirusa Win32/Pacex.Gen wirus

J:\Recycled\ctfmon.exe - Win32/VB.NFZ koń trojański

Ktoś dla żartów jej wgrał… pozostawie to no comment… poczym niby eset to wykasował… ale na moim C: pojawiły się następujące:

amvo0.dll

amvo0.exe i

pku5kehx.dll

Potem eset włożył pliki do kwarantanny… i co dalej właściwie nie wiem niby wszystko jest ok ale chcę się upewnić bo nie jestem zbytnio obcykany w temacie… wklejam loga z COMBOFIX… i proszę o ewentualną pomoc: LOG:

ComboFix 08-01-23.2 - Administrator 2008-01-23 23:14:52.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1635 [GMT 1:00]

Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat

J:\autorun.inf

----- BITS: Possible infected sites -----

hxxp://javadl.sun.com

.

((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))

.

2008-01-23 23:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe

2008-01-22 20:40 . 2008-01-22 20:40 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-01-21 14:35 . 2008-01-21 14:35

2008-01-21 10:59 . 2008-01-21 10:59

2008-01-18 16:32 . 2008-01-18 16:33

2008-01-18 16:32 . 2004-07-26 17:16 1,568,768 --a------ C:\WINDOWS\system32\imagX7.dll

2008-01-18 16:32 . 2003-03-19 07:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll

2008-01-18 16:32 . 2003-03-18 21:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll

2008-01-18 16:32 . 2004-07-26 17:16 476,320 --a------ C:\WINDOWS\system32\imagXpr7.dll

2008-01-18 16:32 . 2004-07-26 17:16 471,040 --a------ C:\WINDOWS\system32\imagXRA7.dll

2008-01-18 16:32 . 2004-07-09 09:43 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll

2008-01-18 16:32 . 2004-07-26 17:16 262,144 --a------ C:\WINDOWS\system32\imagXR7.dll

2008-01-17 18:11 . 2008-01-17 18:11

2008-01-17 17:36 . 2002-07-17 09:20 45,056 --a------ C:\WINDOWS\system32\Wnaspi32.dll

2008-01-17 17:36 . 2002-07-17 08:53 16,877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys

2008-01-17 17:36 . 2002-07-17 16:22 4,455 --a------ C:\WINDOWS\system\Winaspi.dll

2008-01-17 17:36 . 2002-07-17 16:22 3,535 --a------ C:\WINDOWS\system\Wowpost.exe

2008-01-16 17:44 . 2008-01-16 17:44

2008-01-16 07:11 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-01-15 21:06 . 2008-01-15 21:07

2008-01-15 21:00 . 2008-01-15 21:00

2008-01-15 21:00 . 1999-01-06 00:18 1,057,552 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX

2008-01-15 21:00 . 2000-05-22 17:58 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX

2008-01-15 21:00 . 2005-04-20 20:08 196,608 --a------ C:\WINDOWS\system32\PDFSpooler.exe

2008-01-15 21:00 . 1998-07-06 17:55 158,208 --a------ C:\WINDOWS\system32\MSCMCDE.DLL

2008-01-15 21:00 . 1998-07-06 17:56 125,712 --a------ C:\WINDOWS\system32\VB6DE.DLL

2008-01-15 21:00 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll

2008-01-15 21:00 . 1998-07-06 17:55 64,512 --a------ C:\WINDOWS\system32\MSCC2DE.DLL

2008-01-15 21:00 . 1998-07-06 17:55 33,792 --a------ C:\WINDOWS\system32\CMDLGDE.DLL

2008-01-15 21:00 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL

2008-01-15 20:57 . 2008-01-15 20:57

2008-01-15 20:25 . 2008-01-15 20:25

2008-01-15 20:24 . 2008-01-15 21:19

2008-01-15 20:24 . 2008-01-15 20:24

2008-01-15 20:24 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-15 18:53 . 2008-01-15 18:53

2008-01-15 15:53 . 2008-01-15 15:53

2008-01-15 15:53 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-01-15 15:53 . 2008-01-15 15:53 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys

2008-01-15 15:53 . 2006-11-01 14:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2008-01-15 15:53 . 2006-11-01 15:26 77,824 --a------ C:\WINDOWS\system32\xvid.ax

2008-01-15 15:53 . 2008-01-15 15:53 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys

2008-01-15 15:52 . 2008-01-15 15:52

2008-01-15 15:08 . 2008-01-15 15:08

2008-01-15 15:06 . 2008-01-15 15:06 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-01-15 15:03 . 2008-01-15 15:03

2008-01-15 14:56 . 2008-01-15 14:56

2008-01-15 14:54 . 2008-01-15 14:54

2008-01-15 14:52 . 2008-01-18 16:18

2008-01-15 14:29 . 2005-03-14 14:01 208,896 --------- C:\WINDOWS\system32\SSRemove.exe

2008-01-15 14:29 . 2005-03-03 13:32 151,552 --a------ C:\WINDOWS\system32\SSCoInst.exe

2008-01-15 14:29 . 2005-03-03 19:09 57,344 --a------ C:\WINDOWS\system32\SSCoInst.dll

2008-01-15 14:29 . 2006-09-13 18:18 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-15 14:29 . 2005-04-08 11:29 20,622 --a------ C:\WINDOWS\system32\SUGS2LMK.DLL

2008-01-15 14:29 . 2005-03-14 14:01 8,478 --------- C:\WINDOWS\system32\SP119.ICO

2008-01-15 14:29 . 2005-03-03 20:23 604 --a------ C:\WINDOWS\system32\SUGS2LMK.SMT

2008-01-15 14:28 . 2008-01-15 14:28

2008-01-15 14:28 . 2005-03-14 14:01 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS

2008-01-15 14:23 . 2007-12-05 14:17 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe

2008-01-15 14:15 . 2008-01-15 14:15 10 --a------ C:\WINDOWS\WININIT.INI

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-17 16:30 --------- d-----w C:\Program Files\Marvell

2008-01-16 16:44 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-01-15 13:24 --------- d-----w C:\Program Files\ATI Technologies

2008-01-15 12:42 --------- d-----w C:\Program Files\ASUS

2008-01-15 12:26 --------- d-----w C:\Program Files\SteelSeries USB Soundcard

2008-01-15 12:20 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-01-15 11:50 --------- d-----w C:\Program Files\DIFX

2008-01-15 11:48 --------- d–h--w C:\Program Files\Uninstall Information

2008-01-15 11:39 --------- d-----w C:\Program Files\Usługi online

2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-12-05 03:04 269,312 ------w C:\WINDOWS\system32\ati2dvag.dll

2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll

2007-12-05 02:44 3,175,584 ------w C:\WINDOWS\system32\ati3duag.dll

2007-12-05 02:33 1,640,192 ------w C:\WINDOWS\system32\ativvaxx.dll

2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2007-12-05 02:11 499,712 ------w C:\WINDOWS\system32\ati2cqag.dll

2007-11-23 20:52 53,768 ----a-w C:\WINDOWS\system32\drivers\epfwtdi.sys

2007-11-23 20:52 50,696 ----a-w C:\WINDOWS\system32\drivers\epfw.sys

2007-11-23 20:52 30,728 ----a-w C:\WINDOWS\system32\drivers\epfwndis.sys

2007-11-23 20:50 33,800 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2007-11-23 20:50 27,656 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-12-07 11:16 6254592]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09 171464]

“uTorrent”=“C:\Program Files\uTorrent\uTorrent.exe” [2008-01-18 12:03 219952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CM108Sound”=“CM108.cpl” []

“ATIModeChange”=“Ati2mdxx.exe” [2007-12-05 03:55 26112 C:\WINDOWS\system32\Ati2mdxx.exe]

“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35 90112]

“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2007-11-23 21:51 1410304]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-01-12 03:01 32768]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

R0 mv61xx;mv61xx;C:\WINDOWS\system32\DRIVERS\mv61xx.sys [2007-06-15 08:52]

R2 MRUWebService;MRU Web Service;“C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe” [2007-05-23 01:17]

R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\CM108.sys [2006-12-21 10:05]

R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

S3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]

S3 Marvell RAID;Marvell RAID Event Agent;C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-06-12 19:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8202b274-c37f-11dc-bdd5-001d6005a16b}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

*Newly Created Service* - PROCEXP90

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-23 23:15:38

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2649]

C:\Program Files\Tlen.pl\hook.dll

.

BArdzo proszę o wskazówki co zrobić

Serdecznie pozdrawiam i gratuluje forum!!

Gutek · 23 Styczeń 2008 23:23

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Skan AVG Anti-Spyware 7.5 po update