pytak
(Pytak666)
25 Lipiec 2007 16:08
#1
Problem jak w temacie a pozatym wydaje mi się jak by komp tracil polączenie z netem co jakis czas tak na kilka sekund!!
Logfile of HijackThis v1.99.1 Scan saved at 18:08, on 2007-07-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\SYSTEM32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\ctfmon.exe C:\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe C:\NVIDIA\NETWOR~1\bin\nSvcIp.exe C:\NVIDIA\NETWOR~1\bin\nSvcLog.exe D:\WINDOWS\system32\svchost.exe C:\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Microsoft ActiveSync\wcescomm.exe D:\PROGRA~1\MICROS~4\rapimgr.exe D:\WINDOWS\system32\drwtsn32.exe D:\WINDOWS\system32\drwtsn32.exe D:\WINDOWS\explorer.exe D:\Program Files\internet explorer\iexplore.exe E:\Bartek\programy różńe\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - D:\Program Files\Multi_Media\tbMult.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - D:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll (file missing) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - D:\Program Files\Multi_Media\tbMult.dll O4 - HKLM…\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [ATICCC] “D:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime O4 - HKLM…\Run: [RemoteControl] “D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [CloneCDTray] “D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [statusClient] D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM…\Run: [TomcatStartup] D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM…\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM…\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Globe7] “D:\Program Files\Globe7\Globe7.exe” /hide O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [spamihilator] “D:\Program Files\Spamihilator\spamihilator.exe” O4 - HKCU…\Run: [Komunikator] D:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [H/PC Connection Agent] “D:\Program Files\Microsoft ActiveSync\wcescomm.exe” O4 - HKCU…\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\Gadu-Gadu\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: ATI CATALYST System Tray.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: STK016 PNP Monitor.lnk = ? O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - D:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra ‘Tools’ menuitem: Utwórz 31cze Ulubione dla urz1dzenia przenoonego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Program Files\CDPoker\casino.exe (file missing) O9 - Extra ‘Tools’ menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - D:\Program Files\CDPoker\casino.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe (file missing) O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe (file missing) O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_64.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab O17 - HKLM\System\CCS\Services\Tcpip…{2DA128D7-7C4C-497E-955B-DBE1B487FFD6}: NameServer = 194.204.159.1,192.168.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NETWOR~1\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NETWOR~1\bin\nSvcLog.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
Gutek
(Gutek)
25 Lipiec 2007 17:08
#2
usuń wpisy HJT i odinstaluj Multi_Media a folder usuń
Daj log z ComboFix
pytak
(Pytak666)
25 Lipiec 2007 17:32
#3
Wszystko zrobiłem jak zaleciłeś
“slawek_” - 2007-07-25 19:28:22 - ComboFix 07-07-12.3 - Dodatek Service Pack 2 FAT32 ((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 ))))))))))))))))))))))))))))))) 2007-07-24 17:47 2007-07-24 17:43 2007-07-24 17:43 2007-07-24 17:43 2007-07-24 13:24 2007-07-23 19:17 2007-07-23 14:10 2007-07-23 13:47 2007-07-22 19:52 2007-07-22 19:34 2007-07-22 12:32 2007-07-22 10:15 2007-07-21 18:04 2007-07-21 18:04 2007-07-18 18:02 95,872 --a------ D:\WINDOWS\system32\AvastSS.scr 2007-07-18 18:02 94,552 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys 2007-07-18 18:02 85,952 --a------ D:\WINDOWS\system32\drivers\aswmon.sys 2007-07-18 18:02 745,600 --a------ D:\WINDOWS\system32\aswBoot.exe 2007-07-18 18:02 43,176 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys 2007-07-18 18:02 26,888 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys 2007-07-18 18:02 23,416 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys 2007-07-18 18:02 2007-07-12 17:46 51,200 --a------ D:\WINDOWS\nircmd.exe 2007-07-09 23:31 2007-07-09 23:26 2007-07-09 00:06 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-24 13:20:48 7,136 ----a-w D:\WINDOWS\mozver.dat 2007-07-21 16:31:44 67,078 ----a-w D:\WINDOWS\system32\perfc015.dat 2007-07-21 16:31:44 435,978 ----a-w D:\WINDOWS\system32\perfh015.dat 2007-06-15 19:01:16 -------- d-----w D:\Program Files\SmartSound Software 2007-06-15 19:00:44 -------- d-----w D:\Program Files\Windows Media Components 2007-06-09 22:05:30 -------- d-----w D:\Program Files\QuickTime 2007-06-09 20:45:00 -------- d-----w D:\DOCUME~1\slawek_\DANEAP~1\Ulead Systems 2007-06-09 20:44:48 74 —ha-w D:\WINDOWS\syslife.dat 2007-06-09 19:49:42 86,016 ----a-w D:\WINDOWS\system32\OpenAL32.dll 2007-06-09 19:49:42 262,144 ----a-w D:\WINDOWS\system32\wrap_oal.dll 2007-06-08 15:02:06 -------- d-----w D:\Program Files\Common Files\ACD Systems 2006-03-05 08:19:52 1,682 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys 2006-03-05 08:19:52 56 --sh–r D:\WINDOWS\system32\0D2FA2D32D.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2001-04-16 16:39 37808 --------- D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [HKEY_LOCAL_MACHINE~\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] 2007-02-19 16:10 751144 --a------ D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-09-29 07:15] “ATICCC”=“D:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2004-09-29 10:37] “RemoteControl”=“D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 19:42] “CloneCDTray”=“D:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” [2004-06-28 04:33] “WooCnxMon”=“D:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07] “WOOWATCH”=“D:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07] “WOOTASKBARICON”=“D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07] “@”="" [] “StatusClient”=“D:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe” [2002-12-16 16:51] “TomcatStartup”=“D:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe” [2003-03-31 19:28] “Easy-PrintToolBox”=“D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe” [] “Picasa Media Detector”=“E:\Picasa2\PicasaMediaDetector.exe” [2007-06-16 01:15] “SoundMan”=“SOUNDMAN.EXE” [2004-07-01 12:23 D:\WINDOWS\SOUNDMAN.EXE] “Globe7”=“D:\Program Files\Globe7\Globe7.exe” [] “QuickTime Task”=“D:\Program Files\QuickTime\qttask.exe” [2007-06-10 00:06] “avast!”=“D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Spamihilator”=“D:\Program Files\Spamihilator\spamihilator.exe” [] “Komunikator”=“D:\Program Files\Tlen.pl\tlen.exe” [] “H/PC Connection Agent”=“D:\Program Files\Microsoft ActiveSync\wcescomm.exe” [2006-06-27 01:54] “ctfmon.exe”=“D:\WINDOWS\system32\ctfmon.exe” [2004-08-03 22:44] “Skype”=“D:\Program Files\Skype\Phone\Skype.exe” [2007-02-19 16:27] “Gadu-Gadu”=“D:\Program Files\Gadu-Gadu\Gadu-Gadu\Gadu-Gadu\gg.exe” [2007-04-19 17:43] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “”= “ATICCC”=“D:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] AutoRun\command- G:\atisetup.exe launch\command- G:\atisetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e7c661c5-e674-11d8-b827-806d6172696f}] AutoRun\command- G:\AUTORUN\AUTORUN.EXE ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-25 19:29:10 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-25 19:29:34 D:\ComboFix2.txt … 2007-07-20 23:23 D:\ComboFix-quarantined-files.txt … 2007-07-20 21:34 D:\ComboFix3.txt … 2007-07-20 21:45 — E O F —
Gutek
(Gutek)
25 Lipiec 2007 17:39
#4
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
Skan AVG Anti-Spyware 7.5 po update + raport
pytak
(Pytak666)
25 Lipiec 2007 19:12
#5
nie moge wrzucic tego raportu jest strasznie długi może meilem prześle??
Zrobilem gruntowny skan i troche syfu wykryło!!
pytak
(Pytak666)
25 Lipiec 2007 19:23
#7
http://wklej.org/id/0e725cda63
Tam też nbiechce się wszystko zmieścic to nie jest nawet 1/4 tego raportu!!
Gutek
(Gutek)
25 Lipiec 2007 19:30
#8
pytak - nie dziwię się że strony i komp zamulony piracie :evil:
wszystko na ten temat.
Rada nie szukaj i nie wchodź na strony z crackami. Jest na vortalu wiele softów, które są darmowe.
Temat Zamykam