wirus matrix 1.3

[strongmen]

Witam wczoraj zrobilem skan na komputerze i anty wirus wykryl i usunol mi wirusa jakiegos matrix 1.3 (Trojan !) Nie wiem czy zainfekowal juz komputer bo nie widac zadnych zamulen ani innych problemow przy uzytkowaniu.
Pomyslalem ze dobrze by bylo zrobienie loga i pokazac fachowcom od tych zeczy.
Prosze o fochowa porade czy log jest czysty czy moze musze cos usunac
z gory wielkie dzieki.

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 09:30:50, on 2008-02-27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\DARMOWE PROGRAMY\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner.exe" /S
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Startup: UniSpiker-2.6.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202489552763
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Dzi@dek]

Daj log z Combofix

[strongmen]

Juz daje

Kod: Zaznacz wszystko

ComboFix 08-02-25.3 - Staszek 2008-02-27 12:42:06.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.230 [GMT 1:00]
Running from: C:\Documents and Settings\Staszek\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-01-27 to 2008-02-27  )))))))))))))))))))))))))))))))
.

2008-02-26 23:58 . 2006-05-25 14:52   162,304   --a------   C:\WINDOWS\system32\ztvunrar36.dll
2008-02-26 23:58 . 2003-02-02 19:06   153,088   --a------   C:\WINDOWS\system32\UNRAR3.dll
2008-02-26 23:58 . 2005-08-26 00:50   77,312   --a------   C:\WINDOWS\system32\ztvunace26.dll
2008-02-26 23:58 . 2002-03-06 00:00   75,264   --a------   C:\WINDOWS\system32\unacev2.dll
2008-02-26 23:58 . 2006-06-19 12:01   69,632   --a------   C:\WINDOWS\system32\ztvcabinet.dll
2008-02-26 23:57 . 2008-02-27 12:35   <DIR>   d--------   C:\Program Files\Trojan Remover
2008-02-26 23:57 . 2008-02-26 23:57   <DIR>   d--------   C:\Documents and Settings\Staszek\Dane aplikacji\Simply Super Software
2008-02-26 23:57 . 2008-02-26 23:57   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-02-24 17:14 . 2008-02-24 17:14   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-02-24 17:14 . 2005-12-08 13:56   65,536   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2008-02-24 17:14 . 2005-12-08 13:56   49,152   --a------   C:\WINDOWS\system32\QuickTime.qts
2008-02-24 17:13 . 2008-02-24 17:13   <DIR>   d--------   C:\Program Files\K-Lite Codec Pack
2008-02-24 13:39 . 2008-02-27 00:08   <DIR>   d-a------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-02-24 12:27 . 2008-02-24 12:27   <DIR>   d--------   C:\Documents and Settings\Staszek\Dane aplikacji\ESET
2008-02-24 12:26 . 2008-02-24 12:31   <DIR>   d--------   C:\Program Files\ESET
2008-02-24 12:26 . 2008-02-24 12:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-02-20 20:00 . 2008-02-20 20:01   22,328   --a------   C:\Documents and Settings\Staszek\Dane aplikacji\PnkBstrK.sys
2008-02-17 16:07 . 2008-02-17 16:07   <DIR>   d--------   C:\Program Files\Friend-Soft IT Solutions
2008-02-17 02:18 . 2008-02-23 16:17   <DIR>   d--------   C:\Program Files\BitComet
2008-02-17 02:18 . 2008-02-22 21:18   <DIR>   d--------   C:\Downloads
2008-02-13 19:22 . 2008-02-13 19:22   32   --a------   C:\WINDOWS\hip
2008-02-13 19:13 . 2008-02-13 19:13   32   --a------   C:\WINDOWS\go
2008-02-09 09:36 . 2007-07-30 19:19   271,224   --a------   C:\WINDOWS\system32\mucltui.dll
2008-02-09 09:36 . 2007-07-30 19:18   30,072   --a------   C:\WINDOWS\system32\mucltui.dll.mui
2008-02-08 02:08 . 2003-12-26 21:22   40,960   --a------   C:\WINDOWS\system\AvatarComm.dll
2008-01-31 17:54 . 2008-02-09 18:27   315   --a------   C:\WINDOWS\SkymaxES.INI
2008-01-30 21:41 . 1999-03-23 10:12   299,520   --a------   C:\WINDOWS\uninst.exe
2008-01-28 00:27 . 2008-01-28 00:27   <DIR>   d--------   C:\WINDOWS\WinAVI Video Converter 9.0
2008-01-28 00:27 . 2008-01-28 00:27   <DIR>   d--------   C:\Program Files\WinAVI Video Converter 9.0

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 22:54   ---------   d-----w   C:\Documents and Settings\Staszek\Dane aplikacji\Skype
2008-02-24 10:45   ---------   d-----w   C:\Program Files\Common Files\Kaspersky Lab
2008-02-24 09:56   ---------   d-----w   C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-22 16:03   ---------   d-----w   C:\Program Files\English Translator 3
2008-02-20 19:01   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-02-20 19:01   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-20 19:01   103,736   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-02-10 19:01   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-30 20:49   ---------   d-----w   C:\Program Files\ZodiacEdit
2008-01-25 16:04   ---------   d-----w   C:\Program Files\HHD Software
2008-01-24 17:26   ---------   d-----w   C:\Program Files\Semco Editor 1.03.2
2008-01-23 19:05   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-01-23 18:07   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-01-23 12:23   ---------   d-----w   C:\Documents and Settings\Staszek\Dane aplikacji\Wildfire
2008-01-16 10:55   ---------   d-----w   C:\Program Files\SetEditOctagon
2008-01-16 10:48   ---------   d-----w   C:\Documents and Settings\Staszek\Dane aplikacji\TransAng3
2008-01-08 18:51   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\NFS Underground
2008-01-08 18:50   ---------   d-----w   C:\Program Files\Common Files\DirectX
2007-12-31 13:05   ---------   d-----w   C:\Program Files\Ulead SmartSaver Pro 3.0
2007-12-07 02:14   824,832   ----a-w   C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42   550,912   ----a-w   C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04 1415824]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 11:09 46592 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-05-25 18:35 35328]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 20:43 7630848]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 20:43 86016 C:\WINDOWS\system32\nvmctray.dll]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 RC 16.1\RivaTuner.exe" [2006-10-23 08:00 2555904]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-01 17:51 469504]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-11-23 21:51 1410304]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-02 15:18 524368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

C:\Documents and Settings\Staszek\Menu Start\Programy\Autostart\
UniSpiker-2.6.lnk - C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe [2005-07-20 10:23:45 86016]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Documents and Settings\\All Users\\Dokumenty\\SBCL PREMIERE tomek.wysoka\\SBCL vPlug1.6.7\\SBCL v1.1b.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"E:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"E:\\Program Files\\Call of Duty 4 Modern Warfare\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26448:TCP"= 26448:TCP:BitComet 26448 TCP
"26448:UDP"= 26448:UDP:BitComet 26448 UDP

R2 amdfix;amdfix;C:\WINDOWS\system32\drivers\amdfix.sys [2007-05-22 17:17]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2006-03-02 13:00]
R2 xinstall;xinstall;C:\WINDOWS\system32\drivers\xinstall.sys [2007-05-22 17:17]
S3 UsbSagCom;Mobile Device Full USB Driver;C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys [2007-06-29 14:20]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 16:58:36 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:43:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 12:44:12
.
2008-02-15 23:53:08   --- E O F ---

[Dzi@dek]

Nic nie widać. Czysto.

Autor postu otrzymał pochwałę

[strongmen]

Nic nie widać. Czysto.

Dzieki