Worm.win32.netsky

Dla specjalistów Bezpieczeństwo
#1

  1. Logfile of Trend Micro HijackThis v2.0.2

  2. Scan saved at 09:22:25, on 2008-03-04

  3. Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

  4. MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  5. Boot mode: Normal

  7. Running processes:

  8. D:\WINDOWS\System32\smss.exe

  9. D:\WINDOWS\system32\csrss.exe

  10. D:\WINDOWS\system32\winlogon.exe

  11. D:\WINDOWS\system32\services.exe

  12. D:\WINDOWS\system32\lsass.exe

  13. D:\WINDOWS\System32\Ati2evxx.exe

  14. D:\WINDOWS\system32\svchost.exe

  15. D:\WINDOWS\System32\svchost.exe

  16. D:\WINDOWS\System32\svchost.exe

  17. D:\WINDOWS\System32\svchost.exe

  18. D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

  19. D:\WINDOWS\system32\spoolsv.exe

  20. D:\WINDOWS\Explorer.EXE

  21. D:\WINDOWS\SOUNDMAN.EXE

  22. D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

  23. D:\Program Files\Common Files\Symantec Shared\ccApp.exe

  24. D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

  25. D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

  26. D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

  27. D:\Program Files\Winamp\Winampa.exe

  28. D:\Program Files\QuickTime\qttask.exe

  29. D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  30. D:\Program Files\Spyware Doctor\pctsTray.exe

  31. D:\Program Files\mks_vir_2007\bin\mksregmon.exe

  32. D:\Program Files\mks_vir_2007\bin\mks_mail.exe

  33. D:\Program Files\mks_vir_2007\bin\mkstray.exe

  34. D:\Program Files\Messenger\msmsgs.exe

  35. D:\WINDOWS\System32\alg.exe

  36. D:\WINDOWS\System32\inetsrv\inetinfo.exe

  37. D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

  38. D:\Program Files\OczyszczaczKomputerza\GDC.exe

  39. D:\Program Files\mks_vir_2007\bin\MksFwall.exe

  40. D:\Program Files\mks_vir_2007\bin\MksPC.exe

  41. D:\Program Files\mks_vir_2007\bin\mksupdate.exe

  42. D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

  43. D:\Program Files\Norton AntiVirus\navapsvc.exe

  44. D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

  45. D:\Program Files\Spyware Doctor\pctsAuxs.exe

  46. D:\Program Files\Spyware Doctor\pctsSvc.exe

  47. D:\Program Files\Mozilla Firefox\firefox.exe

  48. D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  49. D:\Program Files\mks_vir_2007\bin\mks_scan.exe

  51. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

  52. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

  53. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

  54. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  55. O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

  56. O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

  57. O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

  58. O3 - Toolbar: ekvgsnw - {BBE2B433-33B2-4953-BC77-0669D2E9B748} - D:\WINDOWS\ekvgsnw.dll (file missing)

  59. O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

  60. O4 - HKLM…\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

  61. O4 - HKLM…\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe

  62. O4 - HKLM…\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

  63. O4 - HKLM…\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

  64. O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

  65. O4 - HKLM…\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

  66. O4 - HKLM…\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

  67. O4 - HKLM…\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

  68. O4 - HKLM…\Run: [WinampAgent] “D:\Program Files\Winamp\Winampa.exe”

  69. O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime

  70. O4 - HKLM…\Run: [Tray Temperature] D:\PROGRA~1\AWS\MiniBug.exe 1

  71. O4 - HKLM…\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  72. O4 - HKLM…\Run: [iSTray] “D:\Program Files\Spyware Doctor\pctsTray.exe”

  73. O4 - HKLM…\Run: [MKSRegmon] D:\Program Files\mks_vir_2007\bin\mksregmon.exe

  74. O4 - HKLM…\Run: [mks_mail] D:\Program Files\mks_vir_2007\bin\mks_mail.exe

  75. O4 - HKLM…\Run: [mkstray] D:\Program Files\mks_vir_2007\bin\mkstray.exe

  76. O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

  77. O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background

  78. O4 - HKUS\S-1-5-21-1614895754-1336601894-725345543-1005…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background (User ‘?’)

  79. O4 - S-1-5-21-1614895754-1336601894-725345543-1005 Startup: PowerReg Scheduler.exe (User ‘?’)

  80. O4 - Startup: PowerReg Scheduler.exe

  81. O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

  82. O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

  83. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  84. O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  85. O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

  86. O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

  87. O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\mkslsp.dll

  88. O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\mkslsp.dll

  89. O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\mkslsp.dll

  90. O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\mkslsp.dll

  91. O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - G:\Player__CDS2.dll (file missing)

  92. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

  93. O20 - Winlogon Notify: mszsrn32 - D:\WINDOWS\system32\mszsrn32.dll

  94. O21 - SSODL: alofkmn - {9E6EB395-1ECE-4BAA-8E38-943B422D91B6} - D:\WINDOWS\alofkmn.dll

  95. O21 - SSODL: bxlrvps - {26097507-369E-4B00-B08E-17C36DA5E5FE} - D:\WINDOWS\bxlrvps.dll

  96. O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe

  97. O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

  98. O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

  99. O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

  100. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

  101. O23 - Service: MksFwall - MKS Sp z o.o. - D:\Program Files\mks_vir_2007\bin\MksFwall.exe

  102. O23 - Service: MksPC - Unknown owner - D:\Program Files\mks_vir_2007\bin\MksPC.exe

  103. O23 - Service: MksUpdate - MKS Sp. z o. o. - D:\Program Files\mks_vir_2007\bin\mksupdate.exe

  104. O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

  105. O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\mks_vir_2007\bin\mks_scan.exe

  106. O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

  107. O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

  108. O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

  109. O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe

  110. O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

  111. O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

  114. End of file - 8127 bytes

wklejam loga z Hijacka nie za bardzo się na tym znam więc proszę o pomoc

Pozdrawiam

#2

Wyłącz przywracanie systemu na wszystkich dyskach

wpisy

O3 - Toolbar: ekvgsnw - {BBE2B433-33B2-4953-BC77-0669D2E9B748} - D:\WINDOWS\ekvgsnw.dll (file missing)

O4 - HKLM\..\Run: [Tray Temperature] D:\PROGRA~1\AWS\MiniBug.exe 1

O4 - S-1-5-21-1614895754-1336601894-725345543-1005 Startup: PowerReg Scheduler.exe (User '?')

O4 - Startup: PowerReg Scheduler.exe

O20 - Winlogon Notify: mszsrn32 - D:\WINDOWS\system32\mszsrn32.dll

O21 - SSODL: alofkmn - {9E6EB395-1ECE-4BAA-8E38-943B422D91B6} - D:\WINDOWS\alofkmn.dll

O21 - SSODL: bxlrvps - {26097507-369E-4B00-B08E-17C36DA5E5FE} - D:\WINDOWS\bxlrvps.dll

O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

usuń HijackThisem >> Fix checked

Pobierz LSP-Fix http://www.searchengines.pl/index.php?showtopic=87200 usń szkodlowe pliki

potem pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 ale nie włączaj

otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:

#3

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350