Rozłącza mi się net

kolacz17 · 28 Czerwiec 2007 11:50

czy ten log jest czysty??

Logfile of HijackThis v1.99.1 Scan saved at 13:45:25, on 2007-06-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe D:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\crypserv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\WINDOWS\system32\PnkBstrA.exe D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\PnkBstrB.exe D:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ping.exe C:\Documents and Settings\Jar3k\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Program Files\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Condor - Unknown owner - D:\Condor\bin\condor_master.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

sry za double topic ale net akurat się zwiesił

qrczak13 · 28 Czerwiec 2007 19:00

R3 - URLSearchHook: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll O2 - BHO: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O3 - Toolbar: Share_Accelerator_MM toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.21\ShoppingReport.dll

Foldery na czerwono usuń, a wpisy w HJT.

Po wykonaniu w/w daj log z ComboFix.

kolacz17 · 28 Czerwiec 2007 20:01

dzięki

“Jar3k” - 2007-06-28 21:59:35 Dodatek Service Pack 2 ComboFix 07-05.17.6.V - Running from: “C:\Documents and Settings\Jar3k\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-28 )))))))))))))))))))))))))))))))))) 2007-06-21 17:15 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys 2007-06-21 17:15 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2007-06-21 17:15 2007-06-17 10:32 2007-06-15 22:50 2007-06-15 14:49 2007-06-08 12:31 2007-06-08 08:51 2007-06-07 22:53 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2007-06-07 22:53 2007-06-07 22:32 6,852 --a------ C:\WINDOWS\system32\drivers\Vcs.sys 2007-06-04 16:18 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-06-04 16:08 2007-05-28 17:47 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-28 11:05:39 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-06-21 15:14:55 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-15 20:40:10 -------- d-----w C:\DOCUME~1\Jar3k\DANEAP~1\Azureus 2007-06-15 12:49:54 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-06-15 12:13:09 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-06-10 17:29:04 5,187 ----a-w C:\WINDOWS\mozver.dat 2007-06-09 18:34:34 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-06-07 21:23:37 -------- d-----w C:\DOCUME~1\Jar3k\DANEAP~1\Skype 2007-05-12 10:22:19 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-05-11 06:44:03 -------- d-----w C:\Program Files\America’s Army Server Manager 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-15 09:14:15 -------- d-----w C:\DOCUME~1\Jar3k\DANEAP~1\BinarySense 2007-04-13 19:15:23 -------- d-----w C:\DOCUME~1\Jar3k\DANEAP~1\GanymedeNet 2007-04-10 10:12:16 4 ----a-w C:\WINDOWS\vx86036.dat 2007-04-09 15:46:49 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2007-04-09 14:51:15 -------- d-----w C:\Program Files\Common Files\ESRI 2007-04-09 14:51:03 249,856 ------w C:\WINDOWS\Setup1.exe 2007-04-09 14:51:02 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-04-07 14:40:41 -------- d-----w C:\Program Files\Common Files\SWF Studio 2007-04-01 11:43:23 36,734 -c–a-w C:\WINDOWS\system32\OggDSuninst.exe 2007-03-30 13:56:58 65,024 ----a-w C:\WINDOWS\IFinst26.exe 2007-03-28 09:43:28 28,880 ----a-w C:\WINDOWS\antyvirk.exe 2007-03-25 06:55:29 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 06:55:29 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 01:17] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-12-12 12:31] “avast!”=“D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-18 18:13] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Gadu-Gadu”=“D:\Program Files\Gadu-Gadu\gg.exe” [2006-10-10 17:51] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “SetVisualStyle”=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,\ 65,73,5c,54,68,65,6d,65,73,5c,43,72,79,73,74,61,6c,20,43,6c,65,61,72,20,41,\ 65,72,6f,5c,43,72,79,73,74,61,6c,20,43,6c,65,61,72,20,41,65,72,6f,2e,6d,73,\ 73,74,79,6c,65,73,00 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=dword:00000001 “ClearRecentDocsOnExit”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=dword:00000001 “NoSaveSettings”=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages msv1_0 Security Packages kerberos msv1_0 schannel wdigest Notification Packages scecli [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trioService] “D:\Program Files\3D-Relax\Living 3D Sharks Trial\trioService.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HTTPFilter HTTPFilter LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV NetworkService DnsCache DcomLaunch DcomLaunch TermService rpcss RpcSs imgsvc StiSvc termsvcs TermService WudfServiceGroup WUDFSvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{bdf7dbea-abe3-11db-b7fd-00508df5bff6}] Shell\AutoRun\command F:\vcd_play.exe ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-28 22:00:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-28 22:00:46 C:\ComboFix-quarantined-files.txt … 2007-06-28 22:00 C:\ComboFix2.txt … 2007-05-18 08:18 — E O F —

qrczak13 · 28 Czerwiec 2007 20:23

Usuń foldery.

Do notatnika wklej:

Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na

pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.

Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350

I będzie ok.

kolacz17 · 29 Czerwiec 2007 06:52

Gotowe dzięki