Siemka mam sytem Vista Home x64 ,prawdopoodbnie mam jakiegoś typu wirus na komputerze ponieważ Security Alert ciągle pokazuje mi informacje :spyware found (trojan).Niemniej próbowałem przeskanować różnego typu programami i nic nie znalazło poproszę o pomoc umieszczam log.
Logfile of HijackThis v1.99.1 Scan saved at 05:02:50, on 2008-02-17 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Running processes: C:\Program Files (x86)\NetProject\scit.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files (x86)\Hewlett-Packard\HP Software Update\hpwuSchd.exe C:\Program Files (x86)\epson\Creativity Suite\Event Manager\EEventManager.exe C:\Program Files (x86)\NetProject\scm.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe D:\Program Files (x86)\PesLauncher\PesLauncher.exe C:\Program Files (x86)\Internet Explorer\IEUser.exe C:\Users\Tomek\Desktop\Nowy folder (2)\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: e404 helper - {8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} - (no file) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WinampAgent] “C:\Program Files (x86)\Winamp\winampa.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files (x86)\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [HP Software Update] “C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime O4 - HKLM…\Run: [EEventManager] “C:\Program Files (x86)\EPSON\Creativity Suite\Event Manager\EEventManager.exe” O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” O4 - HKLM…\Run: [AntiSpyKit 5.2] “C:\Program Files (x86)\AntiSpyKit 5.2\AntiSpyKit 5.2.exe” /h O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files (x86)\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe” /automount O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {1E53EA77-34F2-474E-9046-B2B0C86F1821} (OggX Control) - http://www.eska.pl/streamplayers/OggX.ocx O16 - DPF: {1ED954DE-6B99-41D6-BEAC-93ECA3313BB6} (CheckVer Control) - file:///F:/CheckVer.ocx O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ … 586-jc.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{DF782895-FD89-47EC-B4C0-E2E0B42F4F89}: NameServer = 217.30.129.149,217.30.137.200 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - Unknown owner - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe" -service (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ##Id_String1 .6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: @dfsrres.dll ,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll ,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll ,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
system
(system)
17 Luty 2008 08:05
#2
to sproboj moze przeskanowac skanerem online np. panda lub mks
Robiłem to , czy log jest czysty?
jessica
(jessica)
17 Luty 2008 10:43
#4
Infekcję na pewno masz, bo w logu widać niektóre jej elementy.
Normalnie usuwa się ją przy pomocy SmitfraudFixa, ale Ty masz “Vista Home x64”, więc nie wiem, czy u Ciebie SmitfraudFix będzie działał. (na “VISTA x32” działa).
Spróbuj użyć -->SmitfraudFix .
Użyj go z opcji “Clean”, czyli wpisz 2 i naciśnij ENTER.
Daj z niego raport z C:\Repport.txt .
Jeśli SmitfraudFix nie będzie działał na Twoim Systemie, to sformatujesz dysk.
jessi
Nie działa … nie chciałbym aż formatować dysk czy nie ma innego wyjścia?
jessica
(jessica)
17 Luty 2008 13:56
#6
Spróbuj przynajmniej usunąć te zaznaczone na czerwono, np. ręcznie w Trybie Awaryjnym.
Nie wiem, czy to coś pomoże, bo przecież nie usuwasz całej infekcji, bo nie wiemy, jakie są pozostałe elementy tej infekcji u Ciebie. U każdego ma ona inne elementy.
jessi