verdis
(Scloud)
11 Listopad 2007 20:57
#1
Witam!
W prawym dolnym rogu w trau pojawiła się ikonka fałszywego programu anti spyware.Usunąem już kilka zagrożeń Spybotem.Próbowałem także Hijackthis,dzięki niemu przywróciłem strone główną,ale nadal nie mogę usunać tej ikony.Proszę o pomoc.Dodaję loga:
Logfile of HijackThis v1.99.1 Scan saved at 21:56:35, on 2007-11-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Hacjenda\Pulpit\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi … ch/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi … .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi … .yahoo.com O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing) O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [WheelMouse] “C:\Program Files\A4Tech\Mouse\Amoumain.exe” O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [spybotSD TeaTimer] “C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/programs/ … canner.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ … 586-jc.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Gutek
(Gutek)
11 Listopad 2007 21:02
#2
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix
verdis
(Scloud)
11 Listopad 2007 21:30
#3
Dzięki za pomoc.Ten dymek już nie wyskakuje dla pewnosci zamieszczam log z Combofix o który prosiłeś.
ComboFix 07-11-08.1 - Hacjenda 2007-11-11 22:23:31.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.221 [GMT 1:00] Running from: C:\Documents and Settings\Hacjenda\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 ))))))))))))))))))))))))))))))) . 2007-11-11 22:22 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-11 22:10 1,506 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-11 22:09 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-11 22:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-11 22:09 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-11 22:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-11 22:09 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-11 21:19 2007-11-11 21:17 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-10-25 20:30 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-10-25 20:30 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-10-25 20:30 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-21 19:55 2007-10-21 19:54 2007-10-21 19:54 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-11 20:37 --------- d-----w C:\Program Files\SkanerOnline 2007-11-11 19:23 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-11-09 22:26 --------- d-----w C:\Program Files\eMule 2007-11-02 22:26 --------- d-----w C:\Documents and Settings\Hacjenda\Dane aplikacji\OpenOffice.ux.pl2 2007-10-28 10:27 12,800 --s-a-w C:\WINDOWS\system32\bubbj.dll 2007-10-25 19:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\avg7 2007-10-25 19:25 --------- d-----w C:\Documents and Settings\Hacjenda\Dane aplikacji\AVG7 2007-10-25 19:25 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Grisoft 2007-10-23 20:03 --------- d-----w C:\Program Files\Winamp 2007-09-29 22:53 684,377 ----a-w C:\WINDOWS\unins000.exe 2007-09-26 13:47 --------- d-----w C:\Documents and Settings\Hacjenda\Dane aplikacji\Skype 2007-09-19 19:31 --------- d-----w C:\Program Files\Java 2007-09-19 19:28 --------- d-----w C:\Program Files\Common Files\Java 2007-09-18 19:45 --------- d-----w C:\Program Files\Yahoo! 2007-09-18 19:45 --------- d-----w C:\Program Files\Common Files\Scanner 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2005-09-20 03:35] “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2005-09-20 03:32] “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2005-09-20 03:36] “Cmaudio”=“cmicnfg.cpl” [] “WheelMouse”=“C:\Program Files\A4Tech\Mouse\Amoumain.exe” [2006-03-14 09:49] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 16:17] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 03:00] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-25 20:29] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-11-11 21:24] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 13:00] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2007-06-18 14:58] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hacjenda^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.2.0.lnk] path=C:\Documents and Settings\Hacjenda\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “WinampAgent”=C:\Program Files\Winamp\winampa.exe R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-11 22:25:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-11 22:25:54 . — E O F —