Witam tak jak w temacie jakoś dziwnie spowolnił mi się komputer nie wiem dlaczego. Dodaje moje logi hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 10:36:13, on 2007-10-07 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Gadu-Gadu\gg.exe D:\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe D:\Instaly\antyvire,błędy\błedy\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing) R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKCU…\Run: [tonserror] C:\DOCUME~1\Tomek\DANEAP~1\OWNSCA~1\mp3tray.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{8D552B07-5019-4959-8618-460FC91D7679}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
adam9870
(adam9870)
7 Październik 2007 08:41
#2
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.
Folder zaznaczony na czerwono usuń ręcznie z dysku natomiast wpis HijackThis. Jeśli nie masz już zainstalowanej aplikacji dostępowej neostrady, to usuń dodatkowo także ten wpis:
Użyj narzędzia NoLop .
Po wykonaniu wykonaj i wklej log z ComboFix .
Po usunięciu szkodników, gdy ktoś napisze już, że już jest wszystko w porządku zainstaluj koniecznie oprogramowanie zabezpieczające typu firewall, czy antyvirus. Pomocny w wyborze odpowiedniego oprogramowania zabezpieczającego może być ten temat:
Walka z wirusami, spyware i innymi
“Component ‘mscomctl.ocx’ or one of its dependencies not correctly registered: a file is missing or valid” taki błąd mi wyskakuje jak chcę uruchomić program NoLop.
Złączono Posta : 07.10.2007 (Nie) 11:01
Logi ComboFix:
ComboFix 07-10-07.1 - Tomek 2007-10-07 10:57:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.104 [GMT 2:00] Running from: C:\Documents and Settings\Tomek\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 ))))))))))))))))))))))))))))))) . 2007-10-07 10:57 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-05 19:38 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-10-05 19:37 2007-10-05 19:32 2007-10-05 01:43 2007-10-03 23:19 2007-10-02 17:29 2007-10-01 16:11 2007-09-30 20:23 2007-09-30 20:22 2007-09-27 19:25 2007-09-27 07:42 2007-09-27 07:32 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-09-27 07:31 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys 2007-09-27 07:31 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-09-27 07:30 2007-09-21 19:34 2007-09-21 19:33 2007-09-21 19:33 2007-09-21 19:33 2007-09-21 14:21 2007-09-21 14:21 2007-09-19 09:09 2007-09-17 13:52 52,736 -ra------ C:\WINDOWS\system32\drivers\CnxTgNW.sys 2007-09-17 13:51 618,112 -ra------ C:\WINDOWS\system32\drivers\CnxEtU.sys 2007-09-17 13:51 2,719,744 -ra------ C:\WINDOWS\system32\cnxci.dll 2007-09-17 13:51 131,072 -ra------ C:\WINDOWS\system32\drivers\CnxEtP.sys 2007-09-17 13:48 2007-09-16 14:03 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-07 10:35 --------- d-------- C:\Program Files\Neostrada TP 2007-10-07 10:23 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-10-07 10:23 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-10-05 14:29 --------- d-------- C:\Program Files\Gadu-Gadu 2007-10-02 19:26 --------- d-------- C:\Program Files\K-Lite Codec Pack 2007-10-02 19:26 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-10-01 13:43 --------- d-------- C:\Program Files\ICQToolbar 2007-09-05 00:47 --------- d-------- C:\Program Files\D-Tools 2007-09-05 00:47 --------- d-------- C:\Program Files\Alcohol Soft 2007-09-05 00:46 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-04 21:09 --------- d-------- C:\Program Files\Ahead 2007-09-01 13:34 --------- d-------- C:\Program Files\Common Files\InstallShield 2007-08-31 21:36 --------- d-------- C:\Documents and Settings\Tomek\Dane aplikacji\Ventrilo 2007-08-30 08:36 --------- d-------- C:\Documents and Settings\Tomek\Dane aplikacji\ICQ Toolbar 2007-08-29 07:41 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-08-26 08:58 --------- d-------- C:\Documents and Settings\Tomek\Dane aplikacji\teamspeak2 2007-08-26 00:12 --------- d-------- C:\Documents and Settings\Tomek\Dane aplikacji\Gadu-Gadu 2007-08-25 23:52 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-08-25 23:51 --------- d-------- C:\Program Files\ICQLite 2007-08-25 23:50 --------- d-------- C:\Documents and Settings\Tomek\Dane aplikacji\ICQLite 2007-08-25 22:44 --------- d-------- C:\Program Files\BearShare 2007-08-25 16:33 --------- d-------- C:\Documents and Settings\Tomek\Dane aplikacji\Logitech 2007-08-25 16:13 --------- d-------- C:\Program Files\Winamp 2007-08-25 16:12 --------- d-------- C:\Documents and Settings\Tomek\Dane aplikacji\Real 2007-08-25 16:12 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Real 2007-08-25 16:07 --------- d-------- C:\Program Files\Logitech 2007-08-25 16:07 --------- d-------- C:\Program Files\Common Files\Logitech 2007-08-25 09:11 --------- d-------- C:\Documents and Settings\Tomek\Dane aplikacji\Help 2007-08-25 09:09 --------- d-------- C:\Program Files\ATI Technologies 2007-08-25 08:58 --------- d-------- C:\Program Files\Realtek Sound Manager 2007-08-25 08:58 --------- d-------- C:\Program Files\AvRack 2007-08-25 08:50 --------- d-------- C:\Program Files\microsoft frontpage 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll --------- C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2003-01-10 05:39 C:\WINDOWS\SOUNDMAN.EXE] “CnxDslTaskBar”=“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” [2005-07-21 22:52] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-09-12 21:10] “Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-25 16:07:24] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] d:\Winamp\winampa.exe R3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys R3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys R3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-07 10:59:00 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-07 10:59:35 . — E O F —
jessica
(jessica)
7 Październik 2007 09:46
#4
W logu są tylko te szkodniki, które pewnie sam sobie zainstalowałeś, bo to kodeki będące szkodnikami.
Powinny się dać usunąć ręcznie.
jessi