Dreczas
(Piotr Dreczewski)
27 Październik 2007 20:29
#1
Helo, bardzo proszę o pomoc nie wiem co się dzieje ale napewno coś siedzi sobie u mnie na kompie… Co jakiś czas około 2 min, wyskakują okienka mówiące o tym że komputer jest zagrożony i jeszcze jakieś inne komunikaty…
Logfile of HijackThis v1.99.1 Scan saved at 21:24:22, on 2007-10-27 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe D:\Gadu-Gadu\gg.exe D:\Mozilla Firefox\firefox.exe C:\Documents and Settings\lalal\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\BitComet\tools\BitCometBHO.dll O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM…\Run: [Acrobat Assistant 7.0] “D:\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” O4 - HKLM…\Run: [CloneCDTray] “d:\CloneCD\CloneCDTray.exe” /s O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [QuickTime Task] “D:\QuickTime\QTTask.exe” -atboottime O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKCU…\Run: [Gadu-Gadu] “D:\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm O8 - Extra context menu item: Download all links using BitComet - res://D:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://D:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://D:\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O21 - SSODL: bxsbang - {32CF7E83-E553-4630-AD8F-77C152240CC0} - C:\WINDOWS\bxsbang.dll O21 - SSODL: ocgrep - {847EFB33-CE33-4D24-BEDD-3CE37AFFBA17} - C:\WINDOWS\ocgrep.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Z góry dziękuję za pomoc.
Pozdrawiam.
Kaka2
(Kaka_117827603)
27 Październik 2007 20:57
#3
NO_NAME , proszę na przyszłość dokładniej sprawdzać logi. W przeciwnym wypadku, zostaną wyciągnięte surowe konsekwencje.
Agaton
(Agatonster)
28 Październik 2007 05:12
#4
Dreczas
Ważny komunikat dotyczący tytułowania tematów
Proszę poprawić tytuł tematu na konkretny, mówiący o problemie.
Na Forum używamy polskich znaków.
Proszę poprawić pisownię w opisie problemu.
W celu dokonania korekty proszę użyć przycisku
Zignorowanie prośby będzie skutkowało usunięciem tematu do Kosza.
Dreczas
(Piotr Dreczewski)
28 Październik 2007 07:51
#5
Witam,
Chciałbym tylko powiedzieć iż poprawki dotyczące mojego postu zostały wykonane, mam nadzieje że teraz post jest prawidłowy co do regulaminu.
Co do całej tej naprawy to dziękuję bardzo gdyż z tego co widze to komputer działa poprawnie nie wyskakują żadne ostrzeżenia jest OK. Dla pewności przesyłam tego loga o którego prosiłeś, po zrobieniu wszystkiego…
Jeszcze raz dziękuje za pomoc…
SDFix: Version 1.112 Run by lalal on 2007-10-28 at 07:33 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\Documents and Settings\lalal\Pulpit\Error Cleaner.url - Deleted C:\Documents and Settings\lalal\Ulubione\Error Cleaner.url - Deleted C:\Documents and Settings\lalal\Pulpit\Privacy Protector.url - Deleted C:\Documents and Settings\lalal\Ulubione\Privacy Protector.url - Deleted C:\Documents and Settings\lalal\Pulpit\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\lalal\Ulubione\Spyware&Malware Protection.url - Deleted C:\WINDOWS\privacy_danger\index.htm - Deleted C:\WINDOWS\privacy_danger\images\capt.gif - Deleted C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted C:\WINDOWS\privacy_danger\images\down.gif - Deleted C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted C:\Program Files\VideoAccessCodec\install.ico - Deleted C:\Program Files\VideoAccessCodec\Uninstall.exe - Deleted C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx - Deleted C:\U.exe - Deleted C:\WINDOWS\bxsbang.dll - Deleted C:\WINDOWS\dat.txt - Deleted C:\WINDOWS\kthemup.exe - Deleted C:\WINDOWS\movctrlswd.dll - Deleted C:\WINDOWS\nssfrch.dll - Deleted C:\WINDOWS\ocgrep.dll - Deleted C:\WINDOWS\rs.txt - Deleted C:\WINDOWS\system32\wsnpoem\audio.dll - Deleted C:\WINDOWS\system32\wsnpoem\video.dll - Deleted C:\WINDOWS\system32\ntos.exe - Deleted Folder C:\Program Files\VideoAccessCodec - Removed Folder C:\WINDOWS\privacy_danger - Removed Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “D:\Gadu-Gadu\gg.exe”=“D:\Gadu-Gadu\gg.exe:*:Enabled:Gadu-Gadu - program glowny” “D:\palmOne\Hotsync.exe”=“D:\palmOne\Hotsync.exe:*:Enabled:HotSyncR Manager Application” “D:\totalcmd\TOTALCMD.EXE”=“D:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows” “D:\BitComet\BitComet.exe”=“D:\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client” “D:\BearShare\BearShare.exe”=“D:\BearShare\BearShare.exe:*:Enabled:BearShare” “d:\BitTorrent\bittorrent.exe”=“d:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent” “D:\eMule\emule.exe”=“D:\eMule\emule.exe:*:Enabled:eMule” “D:\oDC\oDC.exe”=“D:\oDC\oDC.exe:*:Enabled:oDC” “D:\Quake III Arena\quake3.exe”=“D:\Quake III Arena\quake3.exe:*:Enabled:quake3” “D:\Real\RealPlayer\realplay.exe”=“D:\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer” “D:\QuickTime\QuickTimePlayer.exe”=“D:\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player” “D:\Kaspersky Anti-Virus 6.0\avp.exe”=“D:\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus” “D:\G6 FTP Server\G6FTPSrv.exe”=“D:\G6 FTP Server\G6FTPSrv.exe:*:Enabled:G6 FTP Server for Internet.” “D:\DC++\DCPlusPlus.exe”=“D:\DC++\DCPlusPlus.exe:*:Enabled:DC++” “d:\AQQ\AQQ.exe”=“d:\AQQ\AQQ.exe:*:Enabled:P2P AQQ” “D:\SopCast\SopCast.exe”=“D:\SopCast\SopCast.exe:*:Enabled:SopCast Main Application” “C:\Documents and Settings\Gosc\Dane aplikacji\SopCast\adv\SopAdver.exe”=“C:\Documents and Settings\Gosc\Dane aplikacji\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver” “D:\Miranda IM\miranda32.exe”=“D:\Miranda IM\miranda32.exe:*:Enabled:Miranda IM” “D:\DAP\DAP.exe”=“D:\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)” “D:\DAP\DAPFireFox\SpeedBit Video Accelerator\VideoAccelerator.exe”=“D:\DAP\DAPFireFox\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator” “D:\DAP\DAPFireFox\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe”=“D:\DAP\DAPFireFox\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine” “C:\Program Files\Tlen.pl\tlen.exe”=“C:\Program Files\Tlen.pl\tlen.exe:*:Enabled:Komunikator Tlen.pl” “E:\CABAL Online\launcher\update\ESTdnheadless.exe”=“E:\CABAL Online\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine” “C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger” “C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes” “C:\Program Files\MSN Messenger\msnmsgr.exe”=“C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1” “C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)” “C:\Program Files\FlashFXP\FlashFXP.exe”=“C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3” “C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll ,-22019" “C:\Program Files\MSN Messenger\msnmsgr.exe”=“C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1” “C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)” “C:\Program Files\FlashFXP\FlashFXP.exe”=“C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3” Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Tue 13 Mar 2007 4,348 …SH. — “C:\Documents and Settings\All Users\DRM\DRMv1.bak” Finished!
Pozdrawiam.
LostWorld
(LostWorld)
28 Październik 2007 09:46
#6
daj log Combofix
Opis użycia ComboFix jest na tej stronie z linku.
Log może być długi, więc zapisz go sobie gdzieś, a potem wklej na http://wklej.org/ , a tu daj tylko link.
Do tego jeszcze nowy log z SDfix