virusy

[kaka22]

mam problem. Otuż wysletlają sie mi komunikaty o wirusach proszę o pomoc jak je usunąć.

[wojtas]

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

potem daj loga z combofixa oraz hijacka :

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

w tagach

[kaka22]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:53, on 2007-10-05
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\DOCUME~1\BIELO~1.DOM\MOJEDO~1\SPEED_~1.3_P\SPEEDX~1.PRO\lekarstwo\SpeedX.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Pulpit\hijackthis.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: LingTools - {7638AB14-B003-49F2-A342-D7BD4F7FD79A} - C:\PROGRA~1\SLOWNI~1\toolbar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpeedX] D:\DOCUME~1\BIELO~1.DOM\MOJEDO~1\SPEED_~1.3_P\SPEEDX~1.PRO\lekarstwo\SpeedX.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8841AB4F-BAC8-4814-89A2-C4563634272D}: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5361 bytes

[wojtas]

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - D:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)

daj loga z combofixa

[kaka22]

Kod: Zaznacz wszystko

ComboFix 07-10-05.3 - bielo 2007-10-05 21:23:24.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.485 [GMT 2:00]
Running from: D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Pulpit\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-09-05 to 2007-10-05  )))))))))))))))))))))))))))))))
.

2007-10-05 21:18   <DIR>   d--h-----   D:\WINDOWS\PIF

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 21:27   6515744   --ahs----   D:\WINDOWS\system32\drivers\fidbox.dat
2007-10-05 21:22   44320   --ahs----   D:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-05 20:35   ---------   d--------   D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2007-10-05 20:33   87824   --ahs----   D:\WINDOWS\system32\drivers\fidbox.idx
2007-10-05 20:33   5984   --ahs----   D:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-04 00:36   25600   --a------   D:\WINDOWS\system32\WS2Fix.exe
2007-09-06 00:22   289144   --a------   D:\WINDOWS\system32\VCCLSID.exe
2007-08-26 19:32   ---------   d-a------   D:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-08-25 22:02   ---------   d--------   D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Dane aplikacji\Skype
2007-08-22 20:30   ---------   d--------   D:\Program Files\ToniArts
2007-08-22 20:30   ---------   d--------   D:\Program Files\Common Files\InstallShield
2007-08-21 13:23   ---------   d--------   D:\Program Files\Winamp
2007-08-19 18:18   82061   --a------   D:\WINDOWS\system32\drivers\klick.dat
2007-08-19 18:18   81549   --a------   D:\WINDOWS\system32\drivers\klin.dat
2007-08-19 18:04   ---------   d--------   D:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-08-19 17:16   ---------   d--------   D:\Program Files\Eurobarre
2007-08-18 17:07   ---------   d--------   D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Dane aplikacji\Azureus
2007-08-18 13:58   ---------   d--------   D:\Program Files\MyPortal
2007-08-18 13:36   ---------   d--------   D:\Program Files\Apple Software Update
2007-08-17 20:05   ---------   d--------   D:\Program Files\Diskeeper Corporation
2007-08-17 18:38   ---------   d--------   D:\Program Files\Attack on Pearl Harbor
2007-08-17 18:20   685816   --a------   D:\WINDOWS\system32\drivers\sptd.sys
2007-08-17 16:05   ---------   d--------   D:\Documents and Settings\All Users\Dane aplikacji\Azureus
2007-08-17 09:37   ---------   d--------   D:\Program Files\Heroes of Might and Magic III - Zlota Edycja
2007-08-15 20:10   ---------   d--------   D:\Program Files\Attack on Pearl Harbor Demo
2007-08-13 08:35   ---------   d--------   D:\Program Files\AudioConvert
2007-08-12 00:54   ---------   d--------   D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Dane aplikacji\Real
2007-08-11 18:43   6126   --a------   D:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-11 18:43   52502   --a------   D:\WINDOWS\BricoPackUninst.cmd
2007-08-11 18:24   ---------   d--------   D:\Program Files\Yahoo!
2007-08-11 18:15   219648   --a------   D:\WINDOWS\system32\uxtheme.dll
2007-08-11 08:09   ---------   d--------   D:\Program Files\Windows Media Connect 2
2007-08-10 20:48   ---------   d--------   D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Dane aplikacji\SopCast
2007-08-10 19:29   ---------   d--------   D:\Program Files\Picasa2
2007-08-10 16:49   15872   ---------   D:\WINDOWS\system32\winskfr.dll
2007-08-10 15:49   ---------   d--------   D:\Documents and Settings\All Users\Dane aplikacji\Bluetooth
2007-08-10 15:44   ---------   d--------   D:\Program Files\FlashGet
2007-08-09 21:55   ---------   d--------   D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Dane aplikacji\Help
2007-08-07 21:04   ---------   d--------   D:\Program Files\Edgard
2007-07-30 19:19   92504   --a------   D:\WINDOWS\system32\cdm.dll
2007-07-30 19:19   68440   --a------   D:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19   549720   --a------   D:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19   43352   --a------   D:\WINDOWS\system32\wups2.dll
2007-07-30 19:19   325976   --a------   D:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19   203096   --a------   D:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19   1712984   --a------   D:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18   33624   --a------   D:\WINDOWS\system32\wups.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7638AB14-B003-49F2-A342-D7BD4F7FD79A}]
2007-01-26 00:06   868424   --a------   C:\PROGRA~1\SLOWNI~1\toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 D:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Amazing3DAquariumWallpaper"="" []
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44]
"SpeedX"="D:\DOCUME~1\BIELO~1.DOM\MOJEDO~1\SPEED_~1.3_P\SPEEDX~1.PRO\crack\SpeedX.exe" [2006-06-09 11:33]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=D:\Program Files\Picasa2\PicasaMediaDetector.exe

D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Menu Start\Programy\Autostart\
RocketDock.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 00:05:02]
TransBar.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 21:41:18]
UberIcon.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 09:43:08]
Y'z Shadow.lnk - D:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 09:43:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk
backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=D:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk
backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^bielo.DOM-A4BEB68EAE9^Menu Start^Programy^Autostart^Eurobarre.lnk]
path=D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Menu Start\Programy\Autostart\Eurobarre.lnk
backup=D:\WINDOWS\pss\Eurobarre.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^bielo.DOM-A4BEB68EAE9^Menu Start^Programy^Autostart^Yahoo! Widget Engine.lnk]
path=D:\Documents and Settings\bielo.DOM-A4BEB68EAE9\Menu Start\Programy\Autostart\Yahoo! Widget Engine.lnk
backup=D:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"D:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"D:\Program Files\Gadu-Gadu\gg.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
D:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
D:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
D:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

R3 klim5;Kaspersky Anti-Virus NDIS Filter;D:\WINDOWS\system32\DRIVERS\klim5.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\D:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 usbscan;Sterownik skanera USB;D:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Sterownik magazynu masowego USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 z520bus;Sony Ericsson 520 driver (WDM);D:\WINDOWS\system32\DRIVERS\z520bus.sys
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\z520mdfl.sys
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;D:\WINDOWS\system32\DRIVERS\z520mdm.sys
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;D:\WINDOWS\system32\DRIVERS\z520mgmt.sys
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;D:\WINDOWS\system32\DRIVERS\z520obex.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-05 21:27:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-05 21:28:50
D:\ComboFix-quarantined-files.txt ... 2007-10-05 21:28
D:\ComboFix2.txt ... 2007-10-05 20:42
.
   --- E O F ---


[wojtas]

czysto

Autor postu otrzymał pochwałę

[kaka22]

wielkie dzięki wojtas