Komputer muli

Dla specjalistów Bezpieczeństwo
#1 
Logfile of HijackThis v1.99.1

Scan saved at 14:11, on 2007-09-02

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Screamer Radio\screamer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

E:\Programy instalacyjne\Programy antywirusowe\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1045

O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe

O4 - Startup: uni_spiker-2.6.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll

O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll

O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll

O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll

O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

ComboFix 07-06-13.3 - C:\Documents and Settings\Staszek\Pulpit\Programy Antywirusowe\ComboFix.exe

“Staszek” - 2007-09-02 14:19:04 NTFS

((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))

2007-08-31 16:39

2007-08-27 10:54 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2007-08-27 10:54 361,472 --a------ C:\WINDOWS\system32\drivers\Netfwdsl.sys

2007-08-27 10:54 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-08-27 10:54 31,232 --a------ C:\WINDOWS\system32\i2errDeu.dll

2007-08-27 10:54 28,160 --a------ C:\WINDOWS\system32\drivers\Aadev.sys

2007-08-27 10:54 11,264 --a------ C:\WINDOWS\system32\drivers\NETDSL.SYS

2007-08-27 10:54

2007-08-27 10:54

2007-08-27 10:48 53,760 -ra------ C:\WINDOWS\system32\avmadd32.dll

2007-08-26 18:48

2007-08-26 18:48

2007-08-23 16:06

2007-08-23 16:06

2007-08-17 10:35

2007-08-17 10:34 15,104 --a------ C:\WINDOWS\system32\drivers\avmunet.sys

2007-08-17 10:34

2007-08-17 10:34

2007-08-14 12:24

2007-08-14 12:23 328,704 --a------ C:\WINDOWS\IsUn0407.exe

2007-08-12 14:34

2007-08-03 23:37

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 12:18:57 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\Skype

2007-09-02 09:52:26 -------- d-----w C:\Program Files\eMule

2007-09-01 20:56:37 -------- d-----w C:\Program Files\Odkurzacz

2007-09-01 20:43:19 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\BitTorrent

2007-09-01 20:31:28 -------- d-----w C:\Program Files\RegCleaner

2007-09-01 16:51:19 -------- d-----w C:\Program Files\ArcaMicroScan

2007-09-01 00:37:54 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\DeepBurner

2007-08-28 22:57:18 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\foobar2000

2007-08-23 10:09:42 -------- d-----w C:\Program Files\Picasa2

2007-08-17 09:40:28 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\JustVoip

2007-08-15 12:38:18 -------- d-----w C:\Program Files\SkanerOnline

2007-07-30 21:03:41 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\vlc

2007-07-29 17:10:13 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\Ahead

2007-07-29 15:10:48 -------- d-----w C:\Program Files\Trend Micro

2007-07-27 22:07:21 783,224 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-07-27 22:02:49 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-27 22:02:34 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-27 22:00:39 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 21:59:57 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 21:58:36 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 21:57:49 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-07-23 22:24:55 -------- d-----w C:\Program Files\Screamer Radio

2007-07-22 18:31:37 4 ----a-w C:\WINDOWS\system32\proc233803746.bin

2007-07-22 18:31:37 1,704 ----a-w C:\WINDOWS\mozver.dat

2007-07-22 18:31:37 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\GanymedeNet

2007-07-18 22:51:14 89,984 ----a-w C:\WINDOWS\system32\drivers\sptd6845.sys

2007-07-16 12:55:28 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-07-14 15:11:56 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-07-14 15:11:56 -------- d-----w C:\Program Files\Vimicro

2007-07-14 14:50:17 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\uTorrent

2007-07-14 14:50:17 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\EssentialPIM

2007-07-08 23:17:07 -------- d-----w C:\Program Files\MarBit

2007-07-08 22:31:47 -------- d-----w C:\Program Files\Secured_eMule

2007-07-08 11:58:02 -------- d-----w C:\Program Files\ShoppingReport

2007-07-08 11:58:01 -------- d-----w C:\DOCUME~1\Staszek\DANEAP~1\ShoppingReport

2007-07-05 20:24:29 -------- d-----w C:\Program Files\Skype

2007-07-01 11:10:05 2 ----a-w C:\WINDOWS\system32\wcpicomsv.exe

2007-06-16 22:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe

2007-06-15 21:46:46 535,040 ----a-w C:\WINDOWS\flashax.exe

2007-06-15 21:46:46 12,288 ----a-w C:\WINDOWS\impborl.dll

2007-06-15 15:11:44 50,352 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-15 15:11:44 358,108 ----a-w C:\WINDOWS\system32\perfh015.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 07:12]

{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]

{85F685C3-20D9-4943-95E4-EB4224056C3F}=C:\Program Files\ivo\Expressivo Demo\IH_iexplore.dll [2007-01-26 14:35]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-03-19 03:07]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-08-15 23:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-12-10 16:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“Messenger”=2 (0x2)

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-02 14:19:48

Windows 5.1.2600 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-09-02 14:20:19

— E O F —

#2

Tylko to znalazłam do usunięcia.

Jeśli nie masz jakiegoś narzędzia usuwającego, to ściągnij OTMoveIt

Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:

Następnie wciśnij przycisk MoveIt!

Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes.

Po restarcie usuń ręcznie folder C:** _OTMoveIt** (Prawoklik >>> Usuń >>> Opróżnij Kosz).

Jeśli chcesz, to możesz jeszcze użyć SDFix

Uwaga: Da się go uruchomić tylko w Trybie Awaryjnym.

Pokaż Report.txt znajdujący się w folderze SDFix.

jessi

#3

Dzięki za sprawdzenie.Spróbuję z tym “powalczyc”.Może mi się uda.Wczoraj walczyłem z trojanami.Było sporo syfu.Skanowałem Spybotem;Ad-aware;Odkurzaczem;Reg cleanerem.Jest trochę lepiej,ale muszę jeszcze dokonać czyszcenie zgodnie z Twoim zaleceniem.Jeszcze raz dziękuję.Pozdrowionka.

#4

po wszystkim nowy log z Combo + SDFix