3 Ikony na pulpicie


(Budzikus) #1

Witam, mam/mialem problem z jakims robactwem na kompie, oczywiscie standardowo HijackThis i Combofix polecialy w obroty, ale nie wiem czy do konca wszystko usunely, niby narazie nic wiecej sie nie dzieje zlego, ale chcial bym miec pewnosc. Przed rozpoczeciem zabawy w usuwanie byly 3 pliki na pulpicie"Spyware Protection (cos tam)", "Antyvirus scaner" oraz jakis jeszcze, nie pamietam, a nie zapisalem niestety.

Daje logi:

Logfile of HijackThis v1.99.1

Scan saved at 21:13:50, on 2007-11-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\system32\spoolsv.exe

F:\Alwil Software\Avast4\aswUpdSv.exe

F:\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\ZONELABS\vsmon.exe

F:\Alwil Software\Avast4\ashMaiSv.exe

F:\Alwil Software\Avast4\ashWebSv.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Documents and Settings\Zbigniew\Pulpit\a\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - c:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204

O17 - HKLM\System\CCS\Services\Tcpip..{6B72AE87-4593-4732-B285-05DE8B1B1E06}: NameServer = 192.168.0.1,82.160.204.3

O17 - HKLM\System\CCS\Services\Tcpip..{AF87A5DF-8C1D-452B-98E9-35C33AD1184B}: NameServer = 192.168.0.1,82.160.204.2

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: ddkret - {423C0B15-72E8-4598-BBB6-E13721CD95A7} - D:\WINDOWS\ddkret.dll

O21 - SSODL: nopctrl - {AC67FD10-DCF3-4E25-AAB2-7CF1EFD3201E} - D:\WINDOWS\nopctrl.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Avant Service (AvantService) - Unknown owner - C:\Program Files\Avant Browser\asvc.exe

O23 - Service: avast! Antivirus - Unknown owner - F:\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - F:\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - F:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (P) (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZONELABS\vsmon.exe

ComboFix 07-11-08.1 - Zbigniew 2007-11-16 21:20:46.3 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.432 [GMT 1:00]

Running from: D:\Documents and Settings\Zbigniew\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\WINDOWS\main_uninstaller.exe

D:\WINDOWS\msmdev.dll

D:\WINDOWS\msmhost.dll

D:\WINDOWS\nsduo.dll

.

((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 )))))))))))))))))))))))))))))))

.

2007-11-15 21:23 51,200 --a------ D:\WINDOWS\NirCmd.exe

2007-11-15 21:09

2007-11-15 20:13

2007-11-15 20:13

2007-11-15 20:13

2007-11-15 20:13

2007-11-15 20:13

2007-11-15 20:13

2007-11-15 20:13

2007-11-15 20:13

2007-11-15 14:47 344,064 --a------ D:\WINDOWS\nopctrl.dll

2007-11-15 14:47 266,240 --a------ D:\WINDOWS\ddkret.dll

2007-11-15 14:47 114,688 --a------ D:\WINDOWS\sawkip.exe

2007-11-15 14:45

2007-11-14 20:21

2007-11-10 01:35

2007-11-09 13:45

2007-11-09 13:44

2007-11-09 13:44

2007-11-01 12:35

2007-11-01 00:42

2007-11-01 00:42

2007-10-31 20:42

2007-10-24 10:42

2007-10-21 23:58

2007-10-17 18:56

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-15 14:34 21,840 ----a-w D:\WINDOWS\system32\SIntfNT.dll

2007-11-15 14:34 17,212 ----a-w D:\WINDOWS\system32\SIntf32.dll

2007-11-15 14:34 12,067 ----a-w D:\WINDOWS\system32\SIntf16.dll

2007-10-25 16:44 8,488,960 ----a-w D:\WINDOWS\system32\dllcache\shell32.dll

2007-08-22 13:58 96,768 ----a-w D:\WINDOWS\system32\dllcache\inseng.dll

2007-08-22 13:58 668,160 ----a-w D:\WINDOWS\system32\dllcache\wininet.dll

2007-08-22 13:58 619,008 ----a-w D:\WINDOWS\system32\dllcache\urlmon.dll

2007-08-22 13:58 55,808 ----a-w D:\WINDOWS\system32\dllcache\extmgr.dll

2007-08-22 13:58 532,480 ----a-w D:\WINDOWS\system32\dllcache\mstime.dll

2007-08-22 13:58 474,112 ----a-w D:\WINDOWS\system32\dllcache\shlwapi.dll

2007-08-22 13:58 449,024 ----a-w D:\WINDOWS\system32\dllcache\mshtmled.dll

2007-08-22 13:58 39,424 ----a-w D:\WINDOWS\system32\dllcache\pngfilt.dll

2007-08-22 13:58 357,888 ----a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-08-22 13:58 3,085,824 ----a-w D:\WINDOWS\system32\dllcache\mshtml.dll

2007-08-22 13:58 251,904 ----a-w D:\WINDOWS\system32\dllcache\iepeers.dll

2007-08-22 13:58 205,824 ----a-w D:\WINDOWS\system32\dllcache\dxtrans.dll

2007-08-22 13:58 16,384 ----a-w D:\WINDOWS\system32\dllcache\jsproxy.dll

2007-08-22 13:58 151,552 ----a-w D:\WINDOWS\system32\dllcache\cdfview.dll

2007-08-22 13:58 146,432 ----a-w D:\WINDOWS\system32\dllcache\msrating.dll

2007-08-22 13:58 1,498,112 ----a-w D:\WINDOWS\system32\dllcache\shdocvw.dll

2007-08-22 13:58 1,055,744 ----a-w D:\WINDOWS\system32\dllcache\danim.dll

2007-08-22 13:58 1,022,976 ----a-w D:\WINDOWS\system32\dllcache\browseui.dll

2007-08-21 11:19 18,432 ----a-w D:\WINDOWS\system32\dllcache\iedw.exe

2007-08-21 07:18 683,520 ----a-w D:\WINDOWS\system32\inetcomm.dll

2007-08-21 07:18 683,520 ----a-w D:\WINDOWS\system32\dllcache\inetcomm.dll

2006-09-21 09:23 4,766 ----a-w D:\Program Files\INSTALL.LOG

2001-05-24 11:59 162,304 ----a-w D:\Program Files\UNWISE.EXE

.

((((((((((((((((((((((((((((( snapshot@2007-11-15_21.42.13.31 )))))))))))))))))))))))))))))))))))))))))

.

  • 2007-03-13 09:57:12 163,328 ----a-w D:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

  • 2007-11-14 19:27:04 4,212 ---h--w D:\WINDOWS\system32\zllictbl.dat

  • 2007-11-16 20:08:34 4,212 ---h--w D:\WINDOWS\system32\zllictbl.dat

  • 2007-11-14 19:05:42 6,706,762 ------w D:\WINDOWS\system32\ZoneLabs\spyware.dat

  • 2007-11-16 20:09:54 6,735,429 ------w D:\WINDOWS\system32\ZoneLabs\spyware.dat

  • 2007-11-14 19:05:42 6,706,762 ------w D:\WINDOWS\system32\ZoneLabs\zlasdbup.dat

  • 2007-11-16 20:09:54 6,735,429 ------w D:\WINDOWS\system32\ZoneLabs\zlasdbup.dat

  • 2007-11-16 20:24:44 16,384 ----a-w D:\WINDOWS\TEMP\Perflib_Perfdata_e8.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2004-10-29 22:50]

"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 19:09]

"HPDJ Taskbar Utility"="D:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-15 14:30]

"AtiPTA"="atiptaxx.exe" [2006-02-22 02:05 D:\WINDOWS\system32\atiptaxx.exe]

"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoBandCustomize"=0 (0x0)

"NoToolbarCustomize"=0 (0x0)

R1 atitray;atitray;\??\C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys

S3 AvantService;Avant Service;C:\Program Files\Avant Browser\asvc.exe

S3 usbscan;Sterownik skanera USB;D:\WINDOWS\system32\DRIVERS\usbscan.sys

S3 USBSTOR;Sterownik magazynu masowego USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ba87f9b7-38d9-11db-b9c2-806d6172696f}]

\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fc124090-84a0-11db-86a8-806d6172696f}]

\Shell\AutoRun\command - G:\SH-S182D(TS-H652D).exe

.

Contents of the 'Scheduled Tasks' folder

"2007-11-09 20:49:04 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

  • D:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-16 21:25:17

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-16 21:26:12 - machine was rebooted

D:\ComboFix3.txt ... 2007-11-15 21:42

D:\ComboFix2.txt ... 2007-11-16 20:52

.

--- E O F ---

Z gory dzieki za pomoc :slight_smile:

Pozdrawiam


(Gutek) #2

usuń wpisy HJT, ale najpierw automat

Pobierz program SDFix

-