system
(system)
10 Lipiec 2007 20:46
#1
witam!
zrobiłem co mi kazaliście i przyznaję że jest duuuużo lepiej. skanowanie SuperAntiSpyware nic nie pokazuje, AVG Anti Spyware chodzi w tle, internet bajki. na wszelki wypadek daję logi z HJ i Combo (już wiem o co chodzi z tymi tagami!). zerknijcie na nie czy wszystko ok, bo nadal nic z tego nie rozumiem.
Logfile of HijackThis v1.99.1 Scan saved at 22:27:46, on 2007-07-10 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\ctfmon.exe D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Documents and Settings\Maniek\Pulpit\BEZPIOECZNOŚĆ\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM…\Run: [LanzarP2006] “C:\DOCUME~1\Maniek\USTAWI~1\Temp{EFECE691-E414-4024-8979-4BB358E2DC7D}{EEBA9416-3207-47E0-9022-116440599DBC}…\P2006tmp\Install.exe” /SETUP:"/l0x0015" O4 - HKLM…\Run: [systemTray] SysTray.Exe O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [internat.exe] internat.exe O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” O4 - HKLM…\Run: [AT-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe O4 - HKLM…\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe O4 - HKLM…\Run: [Winamp Agent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM…\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [PcSync] D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra ‘Tools’ menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: lxcf_device - - C:\WINDOWS\System32\lxcfcoms.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
i combo
“Maniek” - 2007-07-10 22:28:42 - ComboFix 07-07-04.4 - Dodatek Service Pack. 1 FAT32 ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 ))))))))))))))))))))))))))))))) 2007-07-10 09:20 2007-07-08 10:22 2007-07-08 10:22 2007-07-08 10:22 2007-07-08 09:28 2007-07-07 20:51 2007-07-07 20:51 2007-07-07 20:50 2007-07-07 20:50 2007-07-07 20:50 2007-07-07 20:50 2007-07-04 20:59 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-04 20:39 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2007-07-02 19:43 2007-06-16 01:44 2007-06-16 01:00 2007-06-16 00:59 2007-06-16 00:59 2007-06-16 00:58 1,006,592 --a------ C:\WINDOWS\explorer.exe 2007-06-16 00:57 577,536 --a------ C:\WINDOWS\SYSTEM32\mlang.dll 2007-06-16 00:57 112 --a------ C:\DOCUME~1\Maniek\DANEAP~1\fusioncache.dat 2007-06-16 00:57 2007-06-16 00:57 2007-06-16 00:56 2007-06-16 00:54 2007-06-16 00:48 40,960 --a------ C:\WINDOWS\SYSTEM32\SSUBTMR6.DLL 2007-06-16 00:48 10,752 --a------ C:\WINDOWS\SYSTEM32\aamd532.dll 2007-06-16 00:47 2007-06-11 21:00 2007-06-11 18:41 3,932,160 --a------ C:\DOCUME~1\Maniek\ntuser.dat 2007-06-10 20:30 98,304 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll 2007-06-10 20:30 135,168 --a------ C:\WINDOWS\SYSTEM32\UAService7.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-15 22:56:22 64,342 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-15 22:56:22 429,946 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-08 10:11:28 -------- d-----w C:\Program Files\Play 2007-05-15 17:28:30 -------- d-----w C:\DOCUME~1\Maniek\DANEAP~1\Nokia Multimedia Player 2007-05-15 17:26:04 -------- d-----w C:\DOCUME~1\Maniek\DANEAP~1\DataLayer 2007-05-15 17:26:02 -------- d-----w C:\DOCUME~1\Maniek\DANEAP~1\Nokia 2007-05-15 17:14:12 -------- d-----w C:\DOCUME~1\Maniek\DANEAP~1\PC Suite 2007-05-15 17:12:16 -------- d-----w C:\Program Files\Common Files\PCSuite 2007-05-15 17:12:14 -------- d-----w C:\Program Files\Common Files\Nokia 2007-05-13 15:13:18 -------- d-----w C:\DOCUME~1\Maniek\DANEAP~1\Skype 2007-05-13 15:11:44 -------- d-----w C:\Program Files\Skype 2007-05-13 15:11:44 -------- d-----w C:\Program Files\Common Files\Skype 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “LanzarP2006”=“C:\DOCUME~1\Maniek\USTAWI~1\Temp{EFECE691-E414-4024-8979-4BB358E2DC7D}{EEBA9416-3207-47E0-9022-116440599DBC}…\P2006tmp\Install.exe” [] “SystemTray”=“SysTray.Exe” [2001-10-26 18:30 C:\WINDOWS\SYSTEM32\systray.exe] “RTHDCPL”=“RTHDCPL.EXE” [2006-03-14 11:01 C:\WINDOWS\RTHDCPL.exe] “internat.exe”=“internat.exe” [] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-08-05 21:05] “AT-Watch”=“C:\Program Files\Anti-Trojan-55\ATWatch.exe” [] “Anti-Trojan-Watch”=“C:\Program Files\Anti-Trojan-55\ATWatch.exe” [] “Winamp Agent”=“C:\Program Files\Winamp\winampa.exe” [2006-08-10 22:16] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 03:10] “Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” [2005-06-06 23:46] “PCSuiteTrayApplication”=“D:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2005-03-22 09:39] “DataLayer”=“C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [2005-03-31 09:30] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-05-07 10:32] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-20 18:05] “PcSync”=“D:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2005-04-20 09:57] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=“C:\Program Files\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 13:55] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages :\WINDOW [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] “IrMon”=irmon.exe “LoadPowerProfile”=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{CA0A4247-44BE-11d1-A005-00805F8ABE06} RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf Contents of the ‘Scheduled Tasks’ folder 2007-06-06 12:00:02 C:\WINDOWS\tasks\Rozpoczęcie aplikacji dostrajania.job 2007-07-10 07:47:22 C:\WINDOWS\tasks\Harmonogram programu PCHealth dla zbierania danych.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 22:30:05 Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-10 22:30:34 C:\ComboFix2.txt … 2007-07-04 21:02 C:\ComboFix-quarantined-files.txt … 2007-07-10 22:30 — E O F —
jeszcze raz dzięki za pomoc i cierpliwość
qrczak13
(qrczak13)
10 Lipiec 2007 21:21
#2
Już kosmetyka.
Usuń w HijackThis.
narzędzia > opcje folderów > widok > zaznacz pokaż ukryte pliki i foldery oraz odznacz ukryj chronione pliki systemu operacyjnego
I usuń pliki.
Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350
Poczytaj o zbędnikach w autostarcie.
Użyj ATF Cleaner w trybie awaryjnym.
system
(system)
11 Lipiec 2007 06:58
#3
ściągnołem jvs ale mi nie odpala.
pozdrawiam, lece na urlop
Monczkin
(Monczkin)
11 Lipiec 2007 07:43
#4
Na przyszłość proszę kontynuować poprzedni temat.