CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Virus Alert – Sprawdzałem juź HitJack'iem

Virus Alert – Sprawdzałem juź HitJack'iem

Witam,
Mam problem z Virus Alert'em oraz pojawiającym się komunikatem "Your computer is infected"
Zgodnie ze wskazówkami wygenerowałem log hitjack'iem, przeprowadziłem analizę na stronie http://www.hijackthis.de/en#anl, usunąłem niepoźądane wpisy (o których wiedziałem). Komunikat pojawia się dalej. Proszę o wsparcie. Poniźej log:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:54:44, on 2006–04–25
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ComputerLand\VPN Client\cvpnd.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\system32\nutsrv4.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\D–Tools\daemon.exe
    C:\PROGRA~1\NEWMEN~1\Mouse\Amoumain.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Gadu–Gadu\gg.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MICROS~4\rapimgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Norton AntiVirus\OPScan.exe
    C:\Install\hijackthis\HijackThis.exe

    R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
    R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
    R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ComputerLand S.A.
    R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O3 – Toolbar: Adobe PDF – {47833539–D0C5–4125–9FA8–0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 – Toolbar: Yahoo! Toolbar – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\program files\google\googletoolbar1.dll
    O4 – HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 – HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 – HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 – HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 – HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 – HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 – HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 – HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 – HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 – HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
    O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\NEWMEN~1\Mouse\Amoumain.exe
    O4 – HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe"
    O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 – HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 – HKLM\..\Run: [SoDA Startup] C:\Program Files\Rational\SoDAWord\Wizards\SodaStartup.exe StartUp
    O4 – HKLM\..\Run: [NuTCSetupEnviron] C:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
    O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
    O4 – HKCU\..\Run: [BgMonitor_{79662E04–7C6C–4d9f–84C7–88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 – HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
    O4 – HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
    O4 – Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 – Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 – Global Startup: BTTray.lnk = ?
    O4 – Global Startup: ComputerLand VPN Client.lnk = C:\Program Files\ComputerLand\VPN Client\vpngui.exe
    O4 – Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 – Extra context menu item: &Translate English Word – res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 – Extra context menu item: Translate Page into English – res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O8 – Extra context menu item: Wyślij do interfejsu &Bluetooth – C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 – Extra button: Create Mobile Favorite – {2EAF5BB1–070F–11D3–9307–00C04FAE2D4F} – C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 – Extra button: (no name) – {2EAF5BB2–070F–11D3–9307–00C04FAE2D4F} – C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 – Extra 'Tools' menuitem: Utwórz łącze Ulubione dla urządzenia przenośnego... – {2EAF5BB2–070F–11D3–9307–00C04FAE2D4F} – C:\PROGRA~1\MICROS~4\INetRepl.dll
    O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
    O14 – IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131574024740
    O17 – HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cl.ad
    O17 – HKLM\Software\..\Telephony: DomainName = cl.ad
    O17 – HKLM\System\CCS\Services\Tcpip\..\{77443F8F–46AC–4825–B1A1–86A76CC2E279}: NameServer = 194.204.159.1,194.204.152.34
    O17 – HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cl.ad
    O17 – HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cl.ad
    O20 – AppInit_DLLs: ASAPHook
    O20 – Winlogon Notify: OneCard – C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O20 – Winlogon Notify: WgaLogon – C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 – Service: Bluetooth Service (btwdins) – Broadcom Corporation. – C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 – Service: Cisco Systems, Inc. VPN Service (CVPND) – Cisco Systems, Inc. – C:\Program Files\ComputerLand\VPN Client\cvpnd.exe
    O23 – Service: HP WMI Interface (hpqwmi) – Hewlett–Packard Development Company, L.P. – C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 – Service: Rational ClearQuest Mail Service (MailService) – IBM Corporation – C:\Program Files\Rational\ClearQuest\mailservice.exe
    O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 – Service: NuTCRACKERService – DataFocus, Inc. – C:\WINDOWS\system32\nutsrv4.exe
    O23 – Service: OracleOUIHomeClientCache – Unknown owner – C:\OraHome1\BIN\ONRSD.EXE
    O23 – Service: ProxyServer Service (ProxyServerService) – Rational Software – C:\Program Files\Rational\Rational Test\rtpxsr.exe
    O23 – Service: Rational Test Agent Service (RationalTestAgentService) – Rational Software – C:\Program Files\Rational\Rational Test\rtpsvc.exe
    O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe

Odpowiedzi: 3

Dziękuję!!! pomogło. rawdopdobnie ewido oczyścił mi kompa.
rafalg
Dodano
02.05.2006 22:08:52
O20 – AppInit_DLLs: ASAPHook


Oprócz tego nic nie widze. Usuń ten wpis w hijackthis.

Sciągnij ewido zrób update i przeskanuj http://www.ewido.net/en/download/

Przydał by się log z silent runners info masz w przyklejonych.

Poza tym masz bogaty autostart. Troche przydało by się go uszczuplić
Wiewia
Dodano
29.04.2006 13:13:14
Baaaaaardzo proszę o sprawdzenie loga i pomoc !
rafalg
Dodano
28.04.2006 22:55:04
rafalg
Dodano:
25.04.2006 20:59:08
Komentarzy:
3
Strona 1 / 1