Miałem spyware - pozostałości

kaczor0 · 7 Lipiec 2007 18:12

Witam

Miałem wysoki ping w grach i ogólnie net zamulał, więc przeskanowałem kompa kilkoma programami a mianowicie: Avira Antivir, AVG Antispyware Free, Ad-Aware 2k7 i SpyCatcher - każdy po trochu usunął, ale chcę mieć pewność, że nie mam żadnych pozostałości po trojanach i spyware.

Daje więc logi:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 20:01:17, on 2007-07-07 Platform: Windows XP (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\System32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\Ati2evxx.exe C:\windows\system32\spoolsv.exe D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\windows\System32\ctfmon.exe D:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\windows\System32\ircomm2k.exe C:\windows\System32\svchost.exe D:\program files\Konnekt\konnekt.exe D:\program files\SpyCatcher\Scheduler daemon.exe D:\program files\AVG Anti-Spyware 7.5\guard.exe D:\program files\BitComet\BitComet.exe C:\windows\explorer.exe C:\windows\system32\notepad.exe C:\Documents and Settings\Kaczy\Pulpit\HiJackThis_v2.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - D:\Program Files\SpyCatcher\SCActiveBlock.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\program files\BitComet\tools\BitCometBHO_1.1.4.29.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O4 - HKLM…\Run: [avgnt] “D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKCU…\Run: [bitComet] “D:\program files\BitComet\BitComet.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: Download all links using BitComet - res://D:\program files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\program files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\program files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra ‘Tools’ menuitem: @D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://85.128.90.130/activex/AxisCamControl.cab O20 - AppInit_DLLs: secuload.dll O20 - Winlogon Notify: mszsrn32 - C:\windows\system32\mszsrn32.dll (file missing) O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\program files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\DiskeeperLite\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\windows\System32\ircomm2k.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe – End of file - 5355 bytes

ComboFix:

“Kaczy” - 2007-07-07 19:31:02 - ComboFix 07-07-07.3 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) D:\Program Files\ipwindows D:\Program Files\ipwindows\ipwins.dll D:\Program Files\ipwindows\ipwins.exe D:\Program Files\ipwindows\UnInstall.exe ((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 ))))))))))))))))))))))))))))))) 2007-07-07 17:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-07 17:09 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-05 21:54 2007-07-05 21:54 2007-07-04 22:21 2007-07-04 20:29 2007-07-04 20:27 2007-07-03 19:47 2007-07-03 19:38 2007-07-03 19:36 2007-06-29 08:37 2007-06-29 08:37 2007-06-28 14:33 2007-06-21 14:02 2007-06-21 14:01 2007-06-17 17:44 2007-06-17 09:22 5,600 --a------ C:\WINDOWS\system\WINASPI.DLL 2007-06-17 09:22 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-06-17 09:22 4,672 --a------ C:\WINDOWS\system\WOWPOST.EXE 2007-06-17 09:22 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-06-16 13:56 2007-06-13 13:33 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-06-08 23:31 2007-06-08 23:29 2007-06-08 23:19 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll 2007-06-08 23:19 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll 2007-06-08 23:19 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll 2007-06-08 23:19 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll 2007-06-08 23:19 2007-06-07 18:38 2007-06-07 01:08 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-07 15:48:14 -------- d-----w D:\Program Files\AVG Anti-Spyware 7.5 2007-07-06 18:47:05 -------- d-----w D:\Program Files\FlashFXP 2007-07-06 16:54:47 -------- d-----w D:\Program Files\Microsoft Bootvis 2007-07-05 19:57:13 -------- d-----w D:\Program Files\CoreEditor 2007-07-04 21:23:43 74,230 ----a-w C:\windows\system32\perfc015.dat 2007-07-04 21:23:43 448,004 ----a-w C:\windows\system32\perfh015.dat 2007-07-04 19:25:25 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\OpenOffice.ux.pl2 2007-07-03 19:56:49 -------- d-----w D:\Program Files\Ad-Aware 2007 2007-07-03 17:37:52 -------- d-----w D:\Program Files\GIMP-2.0 2007-07-03 17:36:41 -------- d-----w D:\Program Files\GTK 2007-07-02 22:50:14 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\foobar2000 2007-06-29 08:20:04 28,400 ----a-w C:\windows\system32\drivers\secdrv.sys 2007-06-27 17:56:15 -------- d-----w D:\Program Files\DC++ 2007-06-27 16:54:02 -------- d-----w D:\Program Files\UltraISO 2007-06-27 16:53:54 -------- d-----w D:\Program Files\MagicISO 2007-06-26 23:50:23 -------- d-----w D:\Program Files\BitComet 2007-06-26 19:46:11 -------- d–h--w D:\Program Files\InstallShield Installation Information 2007-06-25 19:53:44 -------- d-----w D:\Program Files\LogoManager 2007-06-23 23:15:31 -------- d-----w D:\Program Files\Wink 2007-06-23 13:22:50 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-06-19 10:15:28 -------- d-s—w D:\Program Files\Xfire 2007-06-19 10:15:28 -------- d-----w D:\Program Files\YCIII 2007-06-19 10:15:28 -------- d-----w D:\Program Files\Nvu 2007-06-19 10:15:28 -------- d-----w D:\Program Files\Ad-Aware SE Personal 2007-06-18 11:39:20 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\Xfire 2007-06-17 07:24:55 -------- d-----w D:\Program Files\DVDPean Pro 5.3.6 2007-06-17 07:15:58 -------- d-----w D:\Program Files\Total Video Converter 2007-06-17 07:15:04 -------- d-----w D:\Program Files\Fraps 2007-06-16 12:11:49 -------- d-----w D:\Program Files\Debugging Tools for Windows 2007-06-13 21:38:31 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\Hamachi 2007-06-12 16:54:44 -------- d-----w D:\Program Files\Joost 2007-06-11 12:38:20 -------- d-----w D:\Program Files\Techland 2007-06-09 22:06:37 -------- d-----w D:\Program Files\SpeedFan 2007-06-09 13:40:48 -------- d-----w D:\Program Files\jv16 PowerTools 2007-06-08 21:20:16 -------- d-----w D:\Program Files\SpyCatcher 2007-06-08 19:02:14 -------- d-----w D:\Program Files\WebShot 2007-06-07 16:38:11 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-06 15:22:43 -------- d-----w D:\Program Files\VirtualBox 2007-06-05 23:19:34 28,008 ----a-w C:\windows\system32\drivers\VBoxUSBMon.sys 2007-06-05 23:19:22 33,608 ----a-w C:\windows\system32\drivers\VBoxDrv.sys 2007-06-05 20:21:33 -------- d-----w D:\Program Files\The Bat! 2007-06-05 13:21:21 -------- d-----w D:\Program Files\Fotosik Manager 2007-06-04 13:18:48 9,344 ----a-w C:\windows\system32\drivers\NSDriver.sys 2007-06-04 13:17:02 8,320 ----a-w C:\windows\system32\drivers\AWRTRD.sys 2007-06-04 13:14:56 6,272 ----a-w C:\windows\system32\drivers\AWRTPD.sys 2007-06-03 11:43:47 43,520 ----a-w C:\windows\system32\CmdLineExt03.dll 2007-06-02 20:11:17 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\IrfanView 2007-06-01 11:04:53 -------- d-----w D:\Program Files\EdHTMLv5.0 2007-05-27 14:44:52 -------- d-----w D:\Program Files\DiskeeperLite 2007-05-27 14:04:20 -------- d-----w D:\Program Files\Diskeeper Lite Setup 2007-05-25 18:18:15 -------- d-----w D:\Program Files\Driver Cleaner 2007-05-23 19:52:23 -------- d-----w D:\Program Files\IrfanView 2007-05-20 06:28:45 -------- d-----w D:\Program Files\Logitech 2007-05-19 17:39:45 -------- d-----w D:\Program Files\EaseAudioConverter 2007-05-17 17:09:50 -------- d–h--r C:\DOCUME~1\Kaczy\DANEAP~1\SecuROM 2007-05-16 21:51:33 -------- d-----w D:\Program Files\NetSend 2007-05-16 10:17:44 -------- d-----w D:\Program Files\PSM5 2007-05-15 18:40:10 108,144 ----a-w C:\windows\system32\CmdLineExt.dll 2007-05-15 16:57:27 -------- d-----w C:\Program Files\Common Files\MAGIX Shared 2007-05-15 15:27:29 -------- d-----w D:\Program Files\A-Ray Scanner 2007-05-14 18:05:20 -------- d-----w D:\Program Files\SiMoCo 2007-05-14 16:26:07 -------- d-----w D:\Program Files\Allok MP3 to AMR Converter 2007-05-12 22:37:51 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\Media Player Classic 2007-05-12 22:36:56 -------- d-----w D:\Program Files\Real Alternative 2007-05-12 22:36:51 -------- d-----w D:\Program Files\Media Player Classic 2007-05-12 22:36:49 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\Real 2007-05-11 18:31:41 -------- d-----w D:\Program Files\K-Lite Codec Pack 2007-05-11 18:18:02 -------- d-----w D:\Program Files\ALLPlayer 2007-05-11 12:09:53 2,560 ----a-w C:\windows\system32\BitCometRes.dll 2007-05-09 18:09:03 77,824 ----a-w C:\windows\system32\kdfapi.dll 2007-05-09 18:09:03 53,248 ----a-w C:\windows\system32\Kdfhok.dll 2007-05-09 18:09:03 362,312 ----a-w C:\windows\system32\kdfmgr.exe 2007-05-09 11:21:21 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\LEGO Company 2007-05-09 11:20:56 -------- d-----w D:\Program Files\LEGO Digital Designer 2007-05-07 13:46:53 -------- d-----w C:\DOCUME~1\Kaczy\DANEAP~1\Joost 2007-05-07 11:15:22 706 ----a-w C:\windows\unins000.dat 2007-05-06 07:58:16 3,688 ----a-w C:\windows\system32\d3d9caps.dat 2007-05-05 17:09:30 113,547 ----a-w C:\windows\hpoins07.dat 2007-05-02 12:25:29 479,744 ----a-w C:\windows\system32\kdfinj.dll 2007-05-02 09:31:32 464 ----a-w C:\windows\system32\vorbisenc.dll 2007-05-02 09:31:32 464 ----a-w C:\windows\system32\vorbis.dll 2007-05-02 09:31:32 464 ----a-w C:\windows\system32\OggDS.dll 2007-05-02 09:31:32 464 ----a-w C:\windows\system32\ogg.dll 2007-05-02 09:31:31 464 ----a-w C:\windows\system32\mplvpx.dll 2007-05-02 09:31:31 464 ----a-w C:\windows\system32\cpuinf32.dll 2007-04-30 11:51:20 0 --sha-r C:\MSDOS.SYS 2007-04-30 11:51:20 0 --sha-r C:\IO.SYS 2007-04-30 11:47:03 21,856 ----a-w C:\windows\system32\emptyregdb.dat 2007-04-13 13:19:52 7,680 ----a-w C:\windows\system32\lsdelete.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{0A87E45F-537A-40B4-B812-E2544C21A09F}] 2005-08-22 21:57 118784 --a------ D:\Program Files\SpyCatcher\SCActiveBlock.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] 2007-04-29 11:29 394816 --a------ D:\program files\BitComet\tools\BitCometBHO_1.1.4.29.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avgnt”=“D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” [2007-04-02 10:35] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “BitComet”=“D:\program files\BitComet\BitComet.exe” [2007-05-07 16:45] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoInstrumentation”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“D:\program files\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mszsrn32] C:\windows\system32\mszsrn32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=secuload.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^SpyCatcher Protector.lnk] backup=C:\windows\pss\SpyCatcher Protector.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] “D:\program files\BitComet\BitComet.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\windows\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “D:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML] D:\Program Files\EdHTMLv5.0\EdHTML.exe /none [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\windows\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyCatcher Reminder] D:\Program Files\SpyCatcher\SpyCatcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” *Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER *Newly Created Service* - AVG_ANTI-SPYWARE_GUARD HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} rundll32 iesetup.dll,IEAccessUserInst ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-07 19:33:16 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-07 19:33:45 C:\ComboFix-quarantined-files.txt … 2007-07-07 19:33 — E O F —

anon94597501 · 7 Lipiec 2007 18:47

Z loga Hjack to wg. mnie kosmetyczne usuń to:

Gutek · 8 Lipiec 2007 10:35

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

usuń wpis HJT

Daj nowy log z HJT

kaczor0 · 8 Lipiec 2007 19:59

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:59:17, on 2007-07-08 Platform: Windows XP (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\System32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\windows\System32\ctfmon.exe D:\Program Files\AntiVir PersonalEdition Classic\sched.exe D:\program files\AVG Anti-Spyware 7.5\guard.exe C:\windows\System32\ircomm2k.exe C:\windows\System32\svchost.exe D:\program files\Konnekt\konnekt.exe D:\program files\Opera\Opera.exe C:\Documents and Settings\Kaczy\Pulpit\HiJackThis_v2.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - D:\Program Files\SpyCatcher\SCActiveBlock.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\program files\BitComet\tools\BitCometBHO_1.1.4.29.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O4 - HKLM…\Run: [avgnt] “D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe” /min O4 - HKCU…\Run: [bitComet] “D:\program files\BitComet\BitComet.exe” /tray O4 - HKCU…\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: Download all links using BitComet - res://D:\program files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\program files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\program files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O9 - Extra ‘Tools’ menuitem: @D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - D:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://85.128.90.130/activex/AxisCamControl.cab O20 - AppInit_DLLs: secuload.dll O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\program files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Program Files\DiskeeperLite\DKService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Virtual IR COM Port, Service Program (IrCOMM2kSvc) - Jan Kiszka - C:\windows\System32\ircomm2k.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe – End of file - 5246 bytes

Gutek · 8 Lipiec 2007 20:44

Log czysty

Dokończyć skanerami online - Skanery do wyboru