Zwisy,błedy w necie,security alert - log do spr

Megadriano7 · 30 Sierpień 2007 06:46

Jak w temacie. Ogólnie problem polega na tym że komp strasznie sie muli, otwierają sie same jakieś strony w internecie, podczas uruchomienia tapeta zmienia mi sie na taką czerwoną ostrzegającą…

Mój log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:32:16, on 2007-08-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\svchosts.exe

C:\Program Files\Network Monitor\netmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Ipwindows\ipwins.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\RACLE~1\msdtc.exe

C:\WINDOWS\??crosoft\??chost.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {9116D9B7-397F-3BDE-7718-6B7494A27EB9} - C:\WINDOWS\system32\yzxuzkf.dll (file missing)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - {53EC21EC-9973-9FD9-7958-CFCE6F9DEDB2} - C:\WINDOWS\system32\jgaeghb.dll (file missing)

R3 - URLSearchHook: (no name) - {63E40141-E086-BB29-84F2-B56934DE87B5} - C:\WINDOWS\system32\aod.dll (file missing)

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: (no name) - {53EC21EC-9973-9FD9-7958-CFCE6F9DEDB2} - C:\WINDOWS\system32\jgaeghb.dll (file missing)

O2 - BHO: (no name) - {63E40141-E086-BB29-84F2-B56934DE87B5} - C:\WINDOWS\system32\aod.dll (file missing)

O2 - BHO: Domain Helper - {B8A5DE1C-BC13-4DD2-BF00-7BE3C603F9F2} - C:\WINDOWS\system32\DomainHelper.dll

O2 - BHO: (no name) - {E294F87E-1FB9-1D49-BF54-4F76151803B3} - C:\WINDOWS\system32\zqcqqaay.dll

O2 - BHO: (no name) - {E3682F6C-C7AF-CB07-F9D5-C7DEBFC10EE5} - C:\WINDOWS\system32\nfybpnxd.dll (file missing)

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [defender] C:\\dfndrff_15.exe

O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_15.exe

O4 - HKLM\..\Run: [pcweeb60] RUNDLL32.EXE w1b1e072.dll,n 003eeb5d0000000a1b1e072

O4 - HKLM\..\Run: [newname] C:\\nwnmff_15.exe

O4 - HKLM\..\Run: [enc remote bags gram] C:\Documents and Settings\All Users\Dane aplikacji\settings find enc remote\ITCHBARB.exe

O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe

O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [{50101D21-0C01-1045-1108-040408150030}] "C:\Program Files\Common Files\{50101D21-0C01-1045-1108-040408150030}\Update.exe" mc-110-12-0000272

O4 - HKLM\..\Run: [{50101D21-0C02-1045-1108-040408150030}] "C:\Program Files\Common Files\{50101D21-0C02-1045-1108-040408150030}\Update.exe" mc-110-12-0000272

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [oowo] C:\PROGRA~1\COMMON~1\oowo\oowom.exe

O4 - HKCU\..\Run: [mathbags] C:\DOCUME~1\W\DANEAP~1\OPENFI~1\Jugs Way.exe

O4 - HKCU\..\Run: [Esrr] "C:\WINDOWS\RACLE~1\msdtc.exe" -vt ndrv

O4 - HKCU\..\Run: [Yamxub] C:\WINDOWS\??crosoft\??chost.exe

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [PCSecureSystem] C:\Program Files\PCSecureSystem\pgs.exe /min

O4 - HKCU\..\Policies\Explorer\Run: [{50101D21-0C01-1045-1108-040408150030}] "C:\Program Files\Common Files\{50101D21-0C01-1045-1108-040408150030}\Update.exe" mc-110-12-0000272

O4 - HKCU\..\Policies\Explorer\Run: [{50101D21-0C02-1045-1108-040408150030}] "C:\Program Files\Common Files\{50101D21-0C02-1045-1108-040408150030}\Update.exe" mc-110-12-0000272

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_28.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E89992CE-646B-4ABA-8A0C-966EAB976A8B}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\kt4ml7h11.dll (file missing)

O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing)

O21 - SSODL: wmphost - {F5BB0102-9C6A-47CB-AE18-E15EA0CED1D1} - C:\WINDOWS\wmphost.dll

O21 - SSODL: wmpdev - {B8B92161-67A4-4455-B5E3-8F596A94B64D} - C:\WINDOWS\wmpdev.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 0: (no name) - http://i37.photobucket.com/albums/e85/taki_album/dodatki2-szablon.jpg


--

End of file - 10543 bytes

Monczkin · 30 Sierpień 2007 07:06

Nazwij temat konkretnie.

jessica · 30 Sierpień 2007 07:22

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R3 - URLSearchHook: (no name) - {9116D9B7-397F-3BDE-7718-6B7494A27EB9} - C:\WINDOWS\system32\yzxuzkf.dll (file missing) R3 - URLSearchHook: (no name) - {53EC21EC-9973-9FD9-7958-CFCE6F9DEDB2} - C:\WINDOWS\system32\jgaeghb.dll (file missing) R3 - URLSearchHook: (no name) - {63E40141-E086-BB29-84F2-B56934DE87B5} - C:\WINDOWS\system32\aod.dll (file missing) O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - C:\WINDOWS\mxduo.dll O2 - BHO: (no name) - {53EC21EC-9973-9FD9-7958-CFCE6F9DEDB2} - C:\WINDOWS\system32\jgaeghb.dll (file missing) O2 - BHO: (no name) - {63E40141-E086-BB29-84F2-B56934DE87B5} - C:\WINDOWS\system32\aod.dll (file missing) O2 - BHO: Domain Helper - {B8A5DE1C-BC13-4DD2-BF00-7BE3C603F9F2} - C:\WINDOWS\system32\DomainHelper.dll O2 - BHO: (no name) - {E294F87E-1FB9-1D49-BF54-4F76151803B3} - C:\WINDOWS\system32\zqcqqaay.dll O2 - BHO: (no name) - {E3682F6C-C7AF-CB07-F9D5-C7DEBFC10EE5} - C:\WINDOWS\system32\nfybpnxd.dll (file missing) O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM…Run: [defender] C:\dfndrff_15.exe O4 - HKLM…Run: [keyboard] C:\kybrdff_15.exe O4 - HKLM…\Run: [pcweeb60] RUNDLL32.EXE w1b1e072.dll,n 003eeb5d0000000a1b1e072 O4 - HKLM…Run: [newname] C:\nwnmff_15.exe O4 - HKLM…\Run: [enc remote bags gram] C:\Documents and Settings\All Users\Dane aplikacji\settings find enc remote\ITCHBARB.exe O4 - HKLM…\Run: [ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe O4 - HKLM…\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe O4 - HKLM…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe O4 - HKLM…\Run: [{50101D21-0C01-1045-1108-040408150030}] “C:\Program Files\Common Files{50101D21-0C01-1045-1108-040408150030}\Update.exe” mc-110-12-0000272 O4 - HKLM…\Run: [{50101D21-0C02-1045-1108-040408150030}] “C:\Program Files\Common Files{50101D21-0C02-1045-1108-040408150030}\Update.exe” mc-110-12-0000272 O4 - HKCU…\Run: [oowo] C:\PROGRA~1\COMMON~1\oowo\oowom.exe O4 - HKCU…\Run: [mathbags] C:\DOCUME~1\W\DANEAP~1\OPENFI~1\Jugs Way.exe O4 - HKCU…\Run: [Esrr] “C:\WINDOWS\RACLE~1\msdtc.exe” -vt ndrv O4 - HKCU…\Run: [Yamxub] C:\WINDOWS??crosoft??chost.exe O4 - HKCU…\Run: [PCSecureSystem] C:\Program Files\PCSecureSystem\pgs.exe /min O4 - HKCU…\Policies\Explorer\Run: [{50101D21-0C01-1045-1108-040408150030}] “C:\Program Files\Common Files{50101D21-0C01-1045-1108-040408150030}\Update.exe” mc-110-12-0000272 O4 - HKCU…\Policies\Explorer\Run: [{50101D21-0C02-1045-1108-040408150030}] “C:\Program Files\Common Files{50101D21-0C02-1045-1108-040408150030}\Update.exe” mc-110-12-0000272 O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\kt4ml7h11.dll (file missing) O20 - Winlogon Notify: winrnt32 - winrnt32.dll (file missing) O21 - SSODL: wmphost - {F5BB0102-9C6A-47CB-AE18-E15EA0CED1D1} - C:\WINDOWS\wmphost.dll O21 - SSODL: wmpdev - {B8B92161-67A4-4455-B5E3-8F596A94B64D} - C:\WINDOWS\wmpdev.dll O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Aż mi się nie chce wierzyć, że Twój komputer jeszcze jakoś działa przy tak wielu ciężkich infekcjach!.!

Na początek użyj SDFix

Uwaga: działa tylko w Trybie Awaryjnym!

Potem użyj SmitfraudFix

Potem ComboFix (na dole tej strony z linku) -

Potem daj tu:

1)raport z C:\SmitfraudFix.txt

raport z SDFix znajdujący się w jego folderze
log z Hijacka
log z ComboFixa.

Log wklej na http://wklej.org/, a w poście daj tylko link.

Zobaczymy, ile się usunęło, a co trzeba będzie usuwać inaczej.

jessi