Mam problem z moim systemem. Złapałem jakieś świństwo i nie mogę się go pozbyć
Skanowałem i czyściłem komputer: Ad-Aware 2007, AntiVir PersonalEdition Classic, avast! Antivirus, Spy Sweeper, Spybot - Search & Destroy, Spyware Doctor. Każdy z nich coś tam znalazł. Najwięcej ten ostatni, ale dymek jak był tak niestety jest. Pojawia się on w prawym rogu koło zegara na pasku zadań Menu Start. Proszę o pomoc. Dzięki z góry.Dymek odsyła mnie do strony:
http://www.virusprotectpro.com/?aff=1012
Na dymku jest napis:
System Alert !
System has detected a number of active spyware aplications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up-to-date antispyware solution.
W załączeniu dwa logi. Jeden z HijackHis, drugi z ComboFix.
- Kod: Zaznacz wszystko
Logfile of HijackThis v1.99.1
Scan saved at 19:46:54, on 2007-07-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Fast.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fast.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Maciek\Pulpit\INSTALKI\Antyspyware\Hijackhis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Internet Receiver] C:\Program Files\Netropa\Internet Receiver\Traymon\Traymon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\Run: [lnternet Update] lExplorehelp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svdhost.exe
O4 - HKLM\..\RunServices: [lnternet Update] lExplorehelp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144705248531
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Maciek\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
___________________________________________________________
"Maciek" - 2007-07-24 19:52:57 - ComboFix 07-07-23.6 - Dodatek Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\Maciek\Pulpit\internet.lnk
C:\WINDOWS\system32\vgibz.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\Iprip
((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))
2007-07-24 19:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-23 21:31 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-23 21:31 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-23 21:31 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-23 21:31 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-23 21:31 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-23 21:29 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-23 21:29 <DIR> d-------- C:\DOCUME~1\Maciek\DANEAP~1\PC Tools
2007-07-23 21:28 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-22 23:01 164 --a------ C:\install.dat
2007-07-21 22:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Lavasoft
2007-07-21 20:13 <DIR> d-------- C:\Program Files\BitComet
2007-07-21 14:55 <DIR> d-------- C:\DOCUME~1\Maciek\DANEAP~1\Lavasoft
2007-07-20 00:25 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-07-08 11:38 <DIR> d-------- C:\DOCUME~1\Adik\DANEAP~1\Ahead
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-24 18:03:01 -------- d-----w C:\DOCUME~1\Maciek\DANEAP~1\Skype
2007-07-24 00:03:41 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-11 18:30:57 72,452 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-07-11 18:30:57 410,668 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-23 09:53:07 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-06 22:14:00 -------- d-----w C:\Program Files\Ahead
2007-06-01 22:30:37 -------- d-----w C:\Program Files\Sunbelt Software
2007-05-29 21:40:23 -------- d-----w C:\DOCUME~1\Maciek\DANEAP~1\Ahead
2007-05-26 04:58:15 811 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-05-26 04:11:17 -------- d-----w C:\Program Files\Common Files\AVSMedia
2007-05-26 04:10:59 -------- d-----w C:\Program Files\AVSMedia
2007-05-25 21:31:14 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-05-25 21:22:11 -------- d-----w C:\Program Files\Common Files\Nero
2007-05-25 21:15:44 -------- d-----w C:\Program Files\Common Files\Ahead
2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"nwiz"="nwiz.exe" [2006-03-09 15:29 C:\WINDOWS\system32\nwiz.exe]
"Synchronization Manager"="%SystemRoot%\system32\mobsync.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-02-26 23:21]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2002-12-27 16:48]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Internet Receiver"="C:\Program Files\Netropa\Internet Receiver\Traymon\Traymon.exe" []
"Microsoft Updates"="svdhost.exe" []
"lnternet Update"="lExplorehelp.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-07-23 21:37]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:33]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\nbj.exe" [2006-09-15 13:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svdhost.exe
"lnternet Update"=lExplorehelp.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Nowy klucz #1]
"Nowa wartość #1"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
Contents of the 'Scheduled Tasks' folder
2006-12-21 22:41:15 C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 20:01:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,62,00,00,00,01,00,00,00,01,00,00,00,56,..
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-24 20:04:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-24 20:04
--- E O F ---
Wielkie Dzięki.
msconfig 
