Worm.win32.netsky


(Krzysztof Stempien) #1
  1. Logfile of Trend Micro HijackThis v2.0.2

  2. Scan saved at 09:22:25, on 2008-03-04

  3. Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

  4. MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

  5. Boot mode: Normal

6.

  1. Running processes:

  2. D:\WINDOWS\System32\smss.exe

  3. D:\WINDOWS\system32\csrss.exe

  4. D:\WINDOWS\system32\winlogon.exe

  5. D:\WINDOWS\system32\services.exe

  6. D:\WINDOWS\system32\lsass.exe

  7. D:\WINDOWS\System32\Ati2evxx.exe

  8. D:\WINDOWS\system32\svchost.exe

  9. D:\WINDOWS\System32\svchost.exe

  10. D:\WINDOWS\System32\svchost.exe

  11. D:\WINDOWS\System32\svchost.exe

  12. D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

  13. D:\WINDOWS\system32\spoolsv.exe

  14. D:\WINDOWS\Explorer.EXE

  15. D:\WINDOWS\SOUNDMAN.EXE

  16. D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

  17. D:\Program Files\Common Files\Symantec Shared\ccApp.exe

  18. D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

  19. D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

  20. D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

  21. D:\Program Files\Winamp\Winampa.exe

  22. D:\Program Files\QuickTime\qttask.exe

  23. D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  24. D:\Program Files\Spyware Doctor\pctsTray.exe

  25. D:\Program Files\mks_vir_2007\bin\mksregmon.exe

  26. D:\Program Files\mks_vir_2007\bin\mks_mail.exe

  27. D:\Program Files\mks_vir_2007\bin\mkstray.exe

  28. D:\Program Files\Messenger\msmsgs.exe

  29. D:\WINDOWS\System32\alg.exe

  30. D:\WINDOWS\System32\inetsrv\inetinfo.exe

  31. D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

  32. D:\Program Files\OczyszczaczKomputerza\GDC.exe

  33. D:\Program Files\mks_vir_2007\bin\MksFwall.exe

  34. D:\Program Files\mks_vir_2007\bin\MksPC.exe

  35. D:\Program Files\mks_vir_2007\bin\mksupdate.exe

  36. D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

  37. D:\Program Files\Norton AntiVirus\navapsvc.exe

  38. D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

  39. D:\Program Files\Spyware Doctor\pctsAuxs.exe

  40. D:\Program Files\Spyware Doctor\pctsSvc.exe

  41. D:\Program Files\Mozilla Firefox\firefox.exe

  42. D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

  43. D:\Program Files\mks_vir_2007\bin\mks_scan.exe

50.

  1. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

  2. R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

  3. O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

  4. O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  5. O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll

  6. O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

  7. O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll

  8. O3 - Toolbar: ekvgsnw - {BBE2B433-33B2-4953-BC77-0669D2E9B748} - D:\WINDOWS\ekvgsnw.dll (file missing)

  9. O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

  10. O4 - HKLM..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

  11. O4 - HKLM..\Run: [ccApp] D:\Program Files\Common Files\Symantec Shared\ccApp.exe

  12. O4 - HKLM..\Run: [ccRegVfy] D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe

  13. O4 - HKLM..\Run: [Advanced Tools Check] D:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

  14. O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe

  15. O4 - HKLM..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

  16. O4 - HKLM..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

  17. O4 - HKLM..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

  18. O4 - HKLM..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

  19. O4 - HKLM..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

  20. O4 - HKLM..\Run: [Tray Temperature] D:\PROGRA~1\AWS\MiniBug.exe 1

  21. O4 - HKLM..\Run: [sunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

  22. O4 - HKLM..\Run: [iSTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"

  23. O4 - HKLM..\Run: [MKSRegmon] D:\Program Files\mks_vir_2007\bin\mksregmon.exe

  24. O4 - HKLM..\Run: [mks_mail] D:\Program Files\mks_vir_2007\bin\mks_mail.exe

  25. O4 - HKLM..\Run: [mkstray] D:\Program Files\mks_vir_2007\bin\mkstray.exe

  26. O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

  27. O4 - HKCU..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background

  28. O4 - HKUS\S-1-5-21-1614895754-1336601894-725345543-1005..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (User '?')

  29. O4 - S-1-5-21-1614895754-1336601894-725345543-1005 Startup: PowerReg Scheduler.exe (User '?')

  30. O4 - Startup: PowerReg Scheduler.exe

  31. O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

  32. O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

  33. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  34. O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

  35. O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

  36. O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

  37. O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\mkslsp.dll

  38. O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\mkslsp.dll

  39. O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\mkslsp.dll

  40. O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2007\bin\mkslsp.dll

  41. O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - G:\Player__CDS2.dll (file missing)

  42. O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

  43. O20 - Winlogon Notify: mszsrn32 - D:\WINDOWS\system32\mszsrn32.dll

  44. O21 - SSODL: alofkmn - {9E6EB395-1ECE-4BAA-8E38-943B422D91B6} - D:\WINDOWS\alofkmn.dll

  45. O21 - SSODL: bxlrvps - {26097507-369E-4B00-B08E-17C36DA5E5FE} - D:\WINDOWS\bxlrvps.dll

  46. O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe

  47. O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

  48. O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

  49. O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

  50. O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

  51. O23 - Service: MksFwall - MKS Sp z o.o. - D:\Program Files\mks_vir_2007\bin\MksFwall.exe

  52. O23 - Service: MksPC - Unknown owner - D:\Program Files\mks_vir_2007\bin\MksPC.exe

  53. O23 - Service: MksUpdate - MKS Sp. z o. o. - D:\Program Files\mks_vir_2007\bin\mksupdate.exe

  54. O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

  55. O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\mks_vir_2007\bin\mks_scan.exe

  56. O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe

  57. O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

  58. O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

  59. O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe

  60. O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe

  61. O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

112.

  1. --

  2. End of file - 8127 bytes

115.

116.

wklejam loga z Hijacka nie za bardzo się na tym znam więc proszę o pomoc

Pozdrawiam


(Leon$) #2

Wyłącz przywracanie systemu na wszystkich dyskach

wpisy

O3 - Toolbar: ekvgsnw - {BBE2B433-33B2-4953-BC77-0669D2E9B748} - D:\WINDOWS\ekvgsnw.dll (file missing)

O4 - HKLM\..\Run: [Tray Temperature] D:\PROGRA~1\AWS\MiniBug.exe 1

O4 - S-1-5-21-1614895754-1336601894-725345543-1005 Startup: PowerReg Scheduler.exe (User '?')

O4 - Startup: PowerReg Scheduler.exe

O20 - Winlogon Notify: mszsrn32 - D:\WINDOWS\system32\mszsrn32.dll

O21 - SSODL: alofkmn - {9E6EB395-1ECE-4BAA-8E38-943B422D91B6} - D:\WINDOWS\alofkmn.dll

O21 - SSODL: bxlrvps - {26097507-369E-4B00-B08E-17C36DA5E5FE} - D:\WINDOWS\bxlrvps.dll

O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm

usuń HijackThisem >> Fix checked

Pobierz LSP-Fix http://www.searchengines.pl/index.php?showtopic=87200 usń szkodlowe pliki

potem pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 ale nie włączaj

otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(Gutek) #3

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350