Czy usuwac cos oprocz svcchosst.exe? [log]

mack1 · 11 Czerwiec 2007 19:14

witam

mam pewien problem. przekopalem pare tematow i wiem jak usunac svcchosst.exe, ale moje pytanie jest nastepujace: czy oprocz tego cos jeszcze bruzdzi mi na kompie? oto log:

Logfile of HijackThis v1.99.1 Scan saved at 21:10:04, on 2007-06-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\system32\svcchosst.exe D:\Programy\uzytki\ZoneAlarm\zlclient.exe D:\Programy\uzytki\gadu-gadu\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Maciek\4.exe C:\Documents and Settings\Maciek\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [msvccc66] svcchosst.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [ZoneAlarm Client] “D:\Programy\uzytki\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\RunServices: [msvccc66] svcchosst.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Programy\uzytki\gadu-gadu\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU…\Run: [uniblue SpyEraser] “C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe” -m O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{FA349B39-6854-41B0-9BE4-7B3A073CA7F7}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

dzieki

pozdrawiam

qrczak13 · 11 Czerwiec 2007 19:25

Usuń w trybie awaryjnym.

Usuń w HJT.

Po tym daj log z ComboFix.

Romek · 11 Czerwiec 2007 19:25

log jest czysty oprócz wyżej wspomnianego pliku

system · 11 Czerwiec 2007 19:48

W log jeszcze:

Usuń plik 4.exe. Zaś fałszywy program anty SpyEraser za pomocą RogueRemover.

mack1 · 11 Czerwiec 2007 20:12

zrobilem to co poradzil qrczak13 i usunalem 4.exe

spyeraser to program ktory sciagnalem z http://www.pctools.com specjalnie z mysla o rozwiazaniu tego problemu, jednak nie poradzil sobie z nim

oto log z combofix’a

ComboFix 07-06-11.3 - C:\Documents and Settings\Maciek\Pulpit\ComboFix.exe “Maciek” - 2007-06-11 22:03:28 - Dodatek Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 ))))))))))))))))))))))))))))))) 2007-06-11 22:01 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-11 21:57 2007-06-11 21:39 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-06-11 21:39 2007-06-11 21:39 2007-06-11 21:39 2007-06-11 21:39 2007-06-11 21:39 2007-06-11 21:39 2007-06-11 21:39 2007-06-11 21:08 2,560 —hs---- C:\WINDOWS\system32\helpermdmdd.exe 2007-06-11 21:01 2007-06-11 20:34 2007-06-11 20:09 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-06-11 20:09 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-06-11 20:09 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-06-11 20:09 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-06-11 20:09 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-06-11 20:09 2007-06-11 20:09 2007-06-11 19:42 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-06-11 19:42 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-06-11 19:42 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-06-11 18:46 2007-06-11 18:45 2007-06-11 18:45 2007-06-11 18:39 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys 2007-06-11 18:39 937,984 --------- C:\WINDOWS\system32\winbrand.dll 2007-06-11 18:39 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2007-06-11 18:39 896,512 --------- C:\WINDOWS\system32\wmspdmoe.dll 2007-06-11 18:39 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll 2007-06-11 18:39 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll 2007-06-11 18:39 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll 2007-06-11 18:39 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll 2007-06-11 18:39 81,920 --------- C:\WINDOWS\system32\ieencode.dll 2007-06-11 18:39 81,408 --------- C:\WINDOWS\system32\wscsvc.dll 2007-06-11 18:39 8,192 --------- C:\WINDOWS\system32\smbinst.exe 2007-06-11 18:39 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-06-11 18:39 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-06-11 18:39 75,776 --------- C:\WINDOWS\system32\strmfilt.dll 2007-06-11 18:39 73,832 --------- C:\WINDOWS\system32\slcoinst.dll 2007-06-11 18:39 73,796 --------- C:\WINDOWS\system32\slserv.exe 2007-06-11 18:39 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-06-11 18:39 71,680 --------- C:\WINDOWS\system32\blastcln.exe 2007-06-11 18:39 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll 2007-06-11 18:39 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll 2007-06-11 18:39 7,168 --------- C:\WINDOWS\system32\kbdukx.dll 2007-06-11 18:39 7,168 --------- C:\WINDOWS\system32\kbdno1.dll 2007-06-11 18:39 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll 2007-06-11 18:39 7,168 --------- C:\WINDOWS\system32\hccoin.dll 2007-06-11 18:39 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-06-11 18:39 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-06-11 18:39 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys 2007-06-11 18:39 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-06-11 18:39 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-06-11 18:39 60,416 --------- C:\WINDOWS\system32\fwcfg.dll 2007-06-11 18:39 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll 2007-06-11 18:39 6,656 --------- C:\WINDOWS\system32\kbdinben.dll 2007-06-11 18:39 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll 2007-06-11 18:39 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll 2007-06-11 18:39 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll 2007-06-11 18:39 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys 2007-06-11 18:39 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-06-11 18:39 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-06-11 18:39 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-06-11 18:39 526,848 --------- C:\WINDOWS\system32\p2psvc.dll 2007-06-11 18:39 52,736 --------- C:\WINDOWS\system32\mspmsnsv.dll 2007-06-11 18:39 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-06-11 18:39 50,688 --------- C:\WINDOWS\system32\btpanui.dll 2007-06-11 18:39 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll 2007-06-11 18:39 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll 2007-06-11 18:39 49,152 --------- C:\WINDOWS\system32\powercfg.exe 2007-06-11 18:39 484,864 --------- C:\WINDOWS\system32\wmspdmod.dll 2007-06-11 18:39 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll 2007-06-11 18:39 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-06-11 18:39 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-06-11 18:39 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-06-11 18:39 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys 2007-06-11 18:39 44,032 --------- C:\WINDOWS\system32\twext.dll 2007-06-11 18:39 431,616 --------- C:\WINDOWS\system32\wuapi.dll 2007-06-11 18:39 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys 2007-06-11 18:39 427,008 --------- C:\WINDOWS\system32\xpob2res.dll 2007-06-11 18:39 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys 2007-06-11 18:39 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys 2007-06-11 18:39 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys 2007-06-11 18:39 41,472 --------- C:\WINDOWS\system32\drivers\amdk7.sys 2007-06-11 18:39 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys 2007-06-11 18:39 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys 2007-06-11 18:39 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys 2007-06-11 18:39 40,320 --------- C:\WINDOWS\system32\drivers\intelppm.sys 2007-06-11 18:39 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll 2007-06-11 18:39 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-06-11 18:39 4,096 --------- C:\WINDOWS\system32\dsprpres.dll 2007-06-11 18:39 397,056 --------- C:\WINDOWS\system32\s3gnb.dll 2007-06-11 18:39 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll 2007-06-11 18:39 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-06-11 18:39 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll 2007-06-11 18:39 36,864 --------- C:\WINDOWS\system32\wups.dll 2007-06-11 18:39 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-06-11 18:39 351,232 --------- C:\WINDOWS\system32\winhttp.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-11 17:09:22 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-11 17:09:22 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-10 18:43:48 -------- d-----w C:\Program Files\Usługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {A5366673-E8CA-11D3-9CD9-0090271D075B}=C:\PROGRA~1\FLASHGET\jccatch.dll [2002-01-16 19:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WheelMouse”=“C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe” [2004-08-25 18:39] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2003-09-05 06:59] “Cmaudio”=“cmicnfg.cpl” [] “ZoneAlarm Client”=“D:\Programy\uzytki\ZoneAlarm\zlclient.exe” [2007-03-09 00:02] “Lexmark X1100 Series”=“C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” [2003-08-19 17:09] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-05-29 15:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“D:\Programy\uzytki\gadu-gadu\Gadu-Gadu\gg.exe” [2007-01-30 15:58] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:44] “Uniblue RegistryBooster2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” [] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background Contents of the ‘Scheduled Tasks’ folder 2007-06-11 18:52:40 C:\WINDOWS\tasks\Uniblue SpyEraser.job 2007-06-11 19:51:40 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-11 22:04:33 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Files hidden from API: C:\WINDOWS\BĄbelki.bmp C:\WINDOWS\Indiaäski pled.bmp C:\WINDOWS\system32\Pokaľ kanaˆy.scf Completion time: 2007-06-11 22:06:09 — E O F —

wszystko gra?

Gutek · 11 Czerwiec 2007 20:33

to syf. Ja już nic nie widzę

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

EDIY: pośpiech i zgubiłem syf: