Alert o Spyware!

Vilhelmas · 7 Sierpień 2007 11:04

Usunąłem za pomocą programów anti-spyware kilka plików, lecz nadal wyskakuje mi alert o “szpiegach”! Prosił bym o pomoc w przeczyszczeniu loga z “robali”! Dziękuje

Logfile of HijackThis v1.99.1 Scan saved at 12:56:07, on 2007-08-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: H:\WINDOWS\System32\smss.exe H:\WINDOWS\system32\winlogon.exe H:\WINDOWS\system32\services.exe H:\WINDOWS\system32\lsass.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\svchost.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\system32\Ati2evxx.exe H:\WINDOWS\system32\spoolsv.exe H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe H:\WINDOWS\System32\FTRTSVC.exe H:\WINDOWS\System32\svchost.exe H:\WINDOWS\Explorer.EXE H:\Program Files\Winamp\winampa.exe H:\Program Files\D-Tools\daemon.exe H:\WINDOWS\system32\wscntfy.exe H:\WINDOWS\RTHDCPL.EXE H:\WINDOWS\system32\rundll32.exe H:\Program Files\Java\jre1.6.0_01\bin\jusched.exe H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE H:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe J:\prog\nokia\Nokia PC Suite 6\LaunchApplication.exe H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe H:\WINDOWS\system32\ctfmon.exe H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe H:\Program Files\PC Connectivity Solution\ServiceLayer.exe H:\WINDOWS\system32\wuauclt.exe H:\Program Files\neostrada tp\neostradatp.exe H:\Program Files\neostrada tp\ComComp.exe H:\PROGRA~1\NEOSTR~1\Toaster.exe H:\PROGRA~1\NEOSTR~1\Inactivity.exe H:\PROGRA~1\NEOSTR~1\PollingModule.exe H:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE H:\Program Files\neostrada tp\Watch.exe H:\Program Files\Mozilla Firefox\firefox.exe H:\Documents and Settings\asdsa\Pulpit\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - H:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - H:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - H:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - H:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar1.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - H:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar1.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - H:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [WinampAgent] H:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU “H:\WINDOWS\TEMP\E_S8A.tmp” /EF “HKLM” O4 - HKLM…\Run: [DAEMON Tools-1033] “H:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM…\Run: [WOOWATCH] H:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] H:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe O4 - HKLM…\Run: [startCCC] H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “H:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] J:\prog\nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [WindowsServicesStartup] H:\DOCUME~1\asdsa\USTAWI~1\Temp\svchost.exe 1 O4 - HKLM…\Run: [AVP] “H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” O4 - HKCU…\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “H:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [steam] “h:\program files\steam\steam.exe” -silent O4 - HKCU…\Run: [EPSON Stylus DX4000 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU “H:\DOCUME~1\asdsa\USTAWI~1\Temp\E_SB5.tmp” /EF “HKCU” O4 - HKCU…\Run: [ares] “H:\Program Files\Ares\Ares.exe” -h O4 - HKCU…\Run: [NBJ] “J:\prog\Nero BackItUp\nbj.exe” O4 - HKCU…\Run: [Gadu-Gadu] “H:\Program Files\Gadu-Gadu\gg.exe” /tray O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - H:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_50.cab O17 - HKLM\System\CCS\Services\Tcpip…{2C3FB120-B0EE-4A41-9B20-A99B7B9CFA60}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - H:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - H:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ServiceLayer - Nokia. - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - J:\prog\Alcohol 120\StarWind\StarWindServiceAE.exe

adam9870 · 7 Sierpień 2007 11:37

W logu:

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Czy sam instalowałeś AskTBar?

Po wykonaniu wklej log z ComboFix.

Vilhelmas · 7 Sierpień 2007 14:16

ComboFix 07-08-04.3 - “asdsa” 2007-08-07 15:55:15.1 [GMT 2:00] - NTFS Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) H:\Program Files\drantispy H:\Program Files\drantispy\Uninstall.exe ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 ))))))))))))))))))))))))))))))) 2007-08-07 15:54 51,200 --a------ H:\WINDOWS\nircmd.exe 2007-08-07 15:42 2,218 --a------ H:\WINDOWS\system32\tmp.reg 2007-08-07 12:37 2007-08-07 12:01 82,258 --a------ H:\WINDOWS\system32\drivers\klin.dat 2007-08-07 12:01 82,258 --a------ H:\WINDOWS\system32\drivers\klick.dat 2007-08-07 12:01 453,408 --ahs---- H:\WINDOWS\system32\drivers\fidbox.dat 2007-08-07 12:01 12,576 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.dat 2007-08-07 12:01 2007-08-07 12:01 2007-08-07 12:00 2007-08-07 11:50 2007-08-07 00:12 2007-08-05 15:39 611,709 --a------ H:\WINDOWS\system32\Ekwador screensaver 2.scr 2007-08-05 15:39 19,456 --a------ H:\WINDOWS\system32\jesterss.dll 2007-08-05 12:39 2007-08-05 12:39 2007-08-05 12:39 2007-08-05 12:39 2007-08-05 12:38 90,624 --a------ H:\WINDOWS\system32\nmwcdcls.dll 2007-08-05 12:38 8,320 --a------ H:\WINDOWS\system32\drivers\nmwcdc.sys 2007-08-05 12:38 65,536 --a------ H:\WINDOWS\system32\nmwcdcocls.dll 2007-08-05 12:38 137,216 --a------ H:\WINDOWS\system32\drivers\nmwcd.sys 2007-08-05 12:38 12,288 --a------ H:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-08-05 12:38 12,288 --a------ H:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-08-05 12:38 2007-08-05 12:38 2007-08-05 12:38 2007-08-05 12:38 2007-08-05 12:37 2007-08-01 13:01 5,888 --------- H:\WINDOWS\system32\drivers\imagedrv.sys 2007-08-01 13:01 127,488 --------- H:\WINDOWS\system32\drivers\imagesrv.sys 2007-08-01 12:59 2007-07-28 17:15 2007-07-27 21:00 5,824 --a------ H:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2007-07-27 20:31 306,688 --a------ H:\WINDOWS\IsUninst.exe 2007-07-26 20:25 740 --a------ H:\WINDOWS\eReg.dat 2007-07-22 18:36 2007-07-22 18:35 2007-07-22 18:35 2007-07-22 18:35 2007-07-22 18:35 2007-07-20 17:56 2007-07-20 17:55 2007-07-13 21:37 2007-07-13 21:20 4 --a------ H:\WINDOWS\system32\micr0st.dll 2007-07-13 21:20 2007-07-13 21:17 2007-07-13 21:17 2007-07-11 16:16 2007-07-10 21:55 2007-07-10 21:46 60,273 --a------ H:\WINDOWS\system32\pthreadGC2.dll 2007-07-10 21:46 499,712 --a------ H:\WINDOWS\system32\msvcp71.dll 2007-07-10 21:46 348,160 --a------ H:\WINDOWS\system32\msvcr71.dll 2007-07-10 21:46 10,752 --a------ H:\WINDOWS\system32\ff_vfw.dll 2007-07-10 21:46 2007-07-10 18:34 108,144 --a------ H:\WINDOWS\system32\CmdLineExt.dll 2007-07-10 18:32 68,888 --a------ H:\WINDOWS\system32\xinput1_3.dll 2007-07-10 18:32 62,744 --a------ H:\WINDOWS\system32\xinput1_2.dll 2007-07-10 18:32 3,426,072 --a------ H:\WINDOWS\system32\d3dx9_32.dll 2007-07-10 18:32 251,672 --a------ H:\WINDOWS\system32\xactengine2_5.dll 2007-07-10 18:32 237,848 --a------ H:\WINDOWS\system32\xactengine2_4.dll 2007-07-10 18:32 236,824 --a------ H:\WINDOWS\system32\xactengine2_3.dll 2007-07-10 18:32 2,414,360 --a------ H:\WINDOWS\system32\d3dx9_31.dll 2007-07-10 18:32 15,128 --a------ H:\WINDOWS\system32\x3daudio1_1.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 15:52 --------- d-------- H:\Program Files\neostrada tp 2007-08-07 15:49 --------- d-------- H:\Program Files\Steam 2007-08-07 15:49 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\Skype 2007-08-07 15:44 9128 --ahs---- H:\WINDOWS\system32\drivers\fidbox.idx 2007-08-07 15:44 2960 --ahs---- H:\WINDOWS\system32\drivers\fidbox2.idx 2007-08-07 12:49 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\uTorrent 2007-08-06 13:13 --------- d–h----- H:\Program Files\InstallShield Installation Information 2007-08-05 23:49 --------- d-------- H:\Program Files\eMule 2007-07-27 21:41 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\Azureus 2007-07-21 20:08 --------- d-------- H:\Program Files\Gadu-Gadu 2007-07-21 14:17 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\EPSON 2007-07-13 21:43 --------- d-------- H:\Program Files\Elaborate Bytes 2007-07-13 21:24 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\Ahead 2007-07-05 16:03 --------- d-------- H:\Program Files\Winamp 2007-07-04 17:57 --------- d-------- H:\Program Files\Common Files\Ahead 2007-07-04 16:57 --------- d-------- H:\Program Files\Ahead 2007-07-02 00:09 4 --a------ H:\WINDOWS\system32\proc-1037709799.bin 2007-07-02 00:09 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\GanymedeNet 2007-07-01 17:42 685816 --a------ H:\WINDOWS\system32\drivers\sptd.sys 2007-07-01 10:58 --------- d-------- H:\Program Files\Common Files\Adobe Systems Shared 2007-06-30 20:50 --------- d-------- H:\Program Files\Google 2007-06-30 20:50 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\Google 2007-06-29 12:56 --------- d-------- H:\Program Files\ATI Technologies 2007-06-29 12:54 --------- d-------- H:\Program Files\7-6_xp_dd_ccc_wdm_enu_48640 2007-06-29 12:16 1165 --a------ H:\WINDOWS\mozver.dat 2007-06-29 12:11 --------- d-------- H:\Program Files\uTorrent 2007-06-29 12:02 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\Gadu-Gadu 2007-06-29 11:32 0 --a------ H:\WINDOWS\nsreg.dat 2007-06-29 11:32 --------- d-------- H:\Program Files\Azureus 2007-06-29 11:21 --------- d-------- H:\Program Files\Skype 2007-06-29 11:21 --------- d-------- H:\Program Files\Common Files\Skype 2007-06-29 10:06 4109584 --a------ H:\Program Files\gg77.exe 2007-06-22 21:13 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\Sports Interactive 2007-06-22 15:20 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\ATI 2007-06-22 12:52 --------- d-------- H:\Program Files\ABBYY FineReader 6.0 Sprint 2007-06-22 12:50 --------- d-------- H:\Program Files\Gigabyte 2007-06-22 12:49 --------- d-------- H:\Program Files\Realtek 2007-06-22 12:30 --------- d-------- H:\Program Files\7-3_xp_dd_ccc_wdm_enu_43737 2007-06-22 01:22 163644 --a------ H:\WINDOWS\system32\drivers\secdrv.sys 2007-06-22 01:08 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\InterTrust 2007-06-22 01:02 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\Help 2007-06-22 00:16 --------- d-------- H:\Program Files\Common Files\InstallShield 2007-06-22 00:00 --------- d-------- H:\Program Files\D-Tools 2007-06-21 23:22 --------- d-------- H:\Program Files\GameSpy Arcade 2007-06-21 23:10 --------- d-------- H:\Program Files\epson 2007-06-21 21:18 --------- d-------- H:\Program Files\UselessCreations 2007-06-21 20:45 --------- d-------- H:\Program Files\ACD Systems 2007-06-21 20:44 --------- d-------- H:\Program Files\CyberLink 2007-06-20 21:33 74450 --a------ H:\WINDOWS\system32\perfc015.dat 2007-06-20 21:33 448348 --a------ H:\WINDOWS\system32\perfh015.dat 2007-06-20 21:33 --------- d-------- H:\DOCUME~1\asdsa\DANEAP~1\InstallShield 2007-06-20 21:31 --------- d-------- H:\Program Files\Intel 2007-06-20 21:21 --------- d-------- H:\Program Files\Movie Maker 2007-06-20 21:21 --------- d-------- H:\Program Files\Messenger 2007-06-20 21:20 --------- d-------- H:\Program Files\Windows NT 2007-06-20 20:51 --------- d-------- H:\Program Files\Common Files\ATI Technologies 2007-06-20 20:13 --------- d-------- H:\Program Files\Common Files\SpeechEngines 2007-06-20 20:13 --------- d-------- H:\Program Files\Common Files\ODBC 2007-06-20 19:57 --------- d-------- H:\Program Files\microsoft frontpage 2007-06-20 19:55 --------- d-------- H:\Program Files\Common Files\MSSoap 2007-06-20 19:54 21856 --a------ H:\WINDOWS\system32\emptyregdb.dat 2007-06-20 19:54 --------- d–h----- H:\Program Files\WindowsUpdate 2007-06-20 19:54 --------- d-------- H:\Program Files\MSN Gaming Zone 2007-06-13 21:50 43152 --a------ H:\WINDOWS\system32\drivers\ativvpxx.vp 2007-06-13 21:25 339968 --a------ H:\WINDOWS\system32\ATIDEMGX.dll 2007-06-13 21:24 268288 --a------ H:\WINDOWS\system32\ati2dvag.dll 2007-06-13 21:24 2155520 --a–c— H:\WINDOWS\system32\dllcache\ati2mtag.sys 2007-06-13 21:24 2155520 --a------ H:\WINDOWS\system32\drivers\ati2mtag.sys 2007-06-13 21:23 307200 --a------ H:\WINDOWS\system32\atiiiexx.dll 2007-06-13 21:17 42496 --a------ H:\WINDOWS\system32\ati2edxx.dll 2007-06-13 21:17 26112 --a------ H:\WINDOWS\system32\Ati2mdxx.exe 2007-06-13 21:17 139264 --a------ H:\WINDOWS\system32\atipdlxx.dll 2007-06-13 21:17 118784 --a------ H:\WINDOWS\system32\Oemdspif.dll 2007-06-13 21:16 118784 --a------ H:\WINDOWS\system32\ati2evxx.dll 2007-06-13 21:15 483328 --a------ H:\WINDOWS\system32\ati2evxx.exe 2007-06-13 21:14 53248 --a------ H:\WINDOWS\system32\ATIDDC.DLL 2007-06-13 21:10 8097792 --a------ H:\WINDOWS\system32\atioglx2.dll 2007-06-13 21:07 2922208 --a------ H:\WINDOWS\system32\ati3duag.dll 2007-06-13 20:57 972072 --a------ H:\WINDOWS\system32\ativva6x.dat 2007-06-13 20:57 3107788 --a------ H:\WINDOWS\system32\ativva5x.dat 2007-06-13 20:57 1512960 --a------ H:\WINDOWS\system32\ativvaxx.dll 2007-06-13 20:46 5431296 --a------ H:\WINDOWS\system32\atioglxx.dll 2007-06-13 20:43 262144 --a------ H:\WINDOWS\system32\atikvmag.dll 2007-06-13 20:42 17408 --a------ H:\WINDOWS\system32\atitvo32.dll 2007-06-13 20:41 50176 --a------ H:\WINDOWS\system32\atiok3x2.dll 2007-06-13 20:41 49152 --a------ H:\WINDOWS\system32\drivers\ati2erec.dll 2007-06-13 20:36 368640 --a------ H:\WINDOWS\system32\ati2cqag.dll 2007-06-13 14:29 520192 --------- H:\WINDOWS\system32\ati2sgag.exe 2007-05-19 22:37 206352 --a------ H:\WINDOWS\system32\klogon.dll --------- H:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 H:\WINDOWS\SkyTel.exe] “WinampAgent”=“H:\Program Files\Winamp\winampa.exe” [2004-12-20 20:41] “DAEMON Tools-1033”=“H:\Program Files\D-Tools\daemon.exe” [2004-08-22 17:05] “RTHDCPL”=“RTHDCPL.EXE” [2006-11-14 11:21 H:\WINDOWS\RTHDCPL.exe] “Alcmtr”=“ALCMTR.EXE” [2005-05-03 12:43 H:\WINDOWS\Alcmtr.exe] “AdslTaskBar”=“stmctrl.dll” [2006-06-02 13:01 H:\WINDOWS\system32\stmctrl.dll] “WOOWATCH”=“H:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 13:49] “WOOTASKBARICON”=“H:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 15:55] “StartCCC”=“H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35] “SunJavaUpdateSched”=“H:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “NeroFilterCheck”=“H:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 16:40] “PCSuiteTrayApplication”=“J:\prog\nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-06-18 15:10] “AVP”=“H:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe” [2007-05-19 22:36] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“H:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Skype”=“H:\Program Files\Skype\Phone\Skype.exe” [2007-06-08 15:18] “Steam”=“h:\program files\steam\steam.exe” [2007-06-29 11:38] “ares”=“H:\Program Files\Ares\Ares.exe” [] “NBJ”=“J:\prog\Nero BackItUp\nbj.exe” [2006-09-15 14:27] “Gadu-Gadu”=“H:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 09:39] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Nokia.PCSync”=J:\prog\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog R3 klim5;Kaspersky Anti-Virus NDIS Filter;H:\WINDOWS\system32\DRIVERS\klim5.sys R3 Stmatm;ATM/ADSL miniport;H:\WINDOWS\system32\DRIVERS\stmatm.sys R3 TaurusUsb;ADSL Modem USB Service;H:\WINDOWS\system32\DRIVERS\torususb.sys S3 nmwcd;Nokia USB Phone Parent;H:\WINDOWS\system32\drivers\nmwcd.sys S3 nmwcdc;Nokia USB Generic;H:\WINDOWS\system32\drivers\nmwcdc.sys S3 nmwcdcj;Nokia USB Port;H:\WINDOWS\system32\drivers\nmwcdcj.sys S3 nmwcdcm;Nokia USB Modem;H:\WINDOWS\system32\drivers\nmwcdcm.sys S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;??\H:\WINDOWS\system32\PCAMPR5.SYS S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver;H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\blank.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\blank.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe Open(&O)\command- H:\Recycled\Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- J:\Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{139abbd6-1f61-11dc-9a89-806d6172696f}] AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{73d2fa9d-2044-11dc-b5e7-001a4d6c4fef}] AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b105f6ce-20f1-11dc-b5ef-001a4d6c4fef}] AutoRun\command- H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe Open(&0)\command- C:\Recycled\ctfmon.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-07 15:57:06 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] “H:\Documents and Settings\asdsa\Pulpit\Nowy folder\TOM TOM 6 POCKET PC - - Espa\x144ol - spanish - Craked -mapa europa V650 - (SEPTIEMBRE 2006) Funciona tmb N35\2577\AutoRun.exe”=“AutoRun” “H:\Documents and Settings\asdsa\Pulpit\Nowy folder (2)\TOM TOM 6 POCKET PC - - Espa\x144ol - spanish - Craked -mapa europa V650 - (SEPTIEMBRE 2006) Funciona tmb N35\2577\AutoRun.exe”=“AutoRun” “J:\Nowy folder\Nowy folder (2)\TOM TOM 6 POCKET PC - - Espa\x144ol - spanish - Craked -mapa europa V650 - (SEPTIEMBRE 2006) Funciona tmb N35\2577\AutoRun.exe”=“AutoRun” scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-07 15:57:53 H:\ComboFix-quarantined-files.txt … 2007-08-07 15:57 — E O F —

Nie

Alert już mi nie wyskakuje, ale teraz wyskakuje mi raport (Wyślij raport o błędach\Nie wysyłaj) o treści "Wystąpił problem z aplikacją Generic Host Procces for Win32 Service i zastanie ona zamknięta. Przepraszamy za kłopoty. " I co jaki czas zmienia się skin WinXP na skin z Windows 98 czy 2000.

jessica · 8 Sierpień 2007 12:05

Jeśli nie instalowałeś “Ask”, to sfiksuj te w/w wpisy w Hijacku (o ile jeszcze są):

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Spróbuj to po prostu usunąć poprzez “Dodaj/Usuń programy”.

Jeśli się nie uda, to spróbuj ręcznie w Trybie Awaryjnym.

Nie wiem, czy usuwałeś już tego poniższego (oprócz sfiksowania w Hijacku!)?

H:\DOCUME~1\asdsa\USTAWI~1\Temp\svchost.exe 1

Te dwa poniższe wygaszacze to trojany, ale pewnie sam je sobie zainstalowałeś?

H:\WINDOWS\system32\ Ekwador screensaver 2.scr

H:\WINDOWS\system32\ jesterss.dll

Masz też infekcję na pendrive. Na to Ci nic nie poradzę, poza zmianami w rejestrze:

>>Start >>> Uruchom >>> wybierz (lub wpisz) REGEDIT >>OK>

>>rozwiń ten klucz:

(+)HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

>>zaznacz: “H” >>prawoklik>>usuń

>>zaznacz: “I” >>prawoklik>>usuń

>>zaznacz: “J”" >>prawoklik>>usuń

>>zaznacz: {139abbd6-1f61-11dc-9a89-806d6172696f} >>prawoklik>>usuń

>>zaznacz: {73d2fa9d-2044-11dc-b5e7-001a4d6c4fef}>>prawoklik>>usuń

>>zaznacz: {b105f6ce-20f1-11dc-b5ef-001a4d6c4fef}>>prawoklik>>usuń

Potem daj nowe logi.

.

Vilhelmas · 8 Sierpień 2007 20:04

Lecz to są moje partycje!

jessica · 8 Sierpień 2007 20:14

Tak, masz rację. Szkoda, że są zarażone tym samym, co pendrive.

Dlaczego Twoje partycje umieszczone są w kluczu pendrive?

.Jak to się stało, że partycje i pendrive są we wspólnym kluczu?

.

Vilhelmas · 9 Sierpień 2007 03:17

Nie mam zielonego pojęcia Teraz to już powoli myślę o formacie!