Wczoraj wtargnął do mojego komputera jakiś trojan ?
jareczek101 - 11 Lut 2007 19:34
Wczoraj wtargnął do mojego komputera jakiś trojan ?
Witam...wczoraj wtargnął do mojego komputera jakiś trojan...
Usunąłem wszystkie pliki zarażone Avastem, ale ciągle jest coś nie tak.
Przy kursorze myszki ciągle widnieje ikonka że coś jakby się wgrywało czy wczytywało...poniżej przedstawiam mój log...proszę o pomoc...z góry wielkie dzięki...
Logfile of HijackThis v1.99.1
Scan saved at 18:35:13, on 2007-02-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DOCUME~1\ADMINI~1\Pulpit\SPEEDX~1.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Instalki\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 195.122.131.45 dl22l32.rapidshare.com
O1 - Hosts: 195.122.131.45 dl22cg.rapidshare.com
O1 - Hosts: 195.122.131.45 dl22cg2.rapidshare.com
O1 - Hosts: 195.122.131.45 dl22tl.rapidshare.com
O1 - Hosts: 195.122.131.45 dl22tl2.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23l32.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23cg.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23cg2.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23tl.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23tl2.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24l32.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24cg.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24cg2.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24tl.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24tl2.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30l32.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30cg.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30cg2.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30tl.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30tl2.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31l32.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31cg.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31cg2.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31tl.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31tl2.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32l32.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32cg.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32cg2.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32tl.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32tl2.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33l32.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33cg.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33cg2.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33tl.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33tl2.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34l32.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34cg.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34cg2.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34tl.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34tl2.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40l32.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40cg.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40cg2.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40tl.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40tl2.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41l32.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41cg.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41cg2.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41tl.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41tl2.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42l32.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42cg.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42cg2.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42tl.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42tl2.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43l32.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43cg.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43cg2.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43tl.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43tl2.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44l32.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44cg.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44cg2.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44tl.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44tl2.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50l32.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50cg.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50cg2.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50tl.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50tl2.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51l32.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51cg.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51cg2.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51tl.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51tl2.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52l32.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52cg.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52cg2.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52tl.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52tl2.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53l32.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53cg.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53cg2.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53tl.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53tl2.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54l32.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54cg.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54cg2.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54tl.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54tl2.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60l32.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60cg.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60cg2.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60tl.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60tl2.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61l32.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61cg.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61cg2.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61tl.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61tl2.rapidshare.com
O1 - Hosts: 195.122.131.125 dl62l32.rapidshare.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [SpeedX] C:\DOCUME~1\ADMINI~1\Pulpit\SPEEDX~1.EXE
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C84F209-D764-44C8-ACB2-F8016CE69378}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{C88EBE3D-76E4-4353-9949-5B7AFC438115}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{E90D76A5-909B-4983-ABD1-46EE53388D6F}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C84F209-D764-44C8-ACB2-F8016CE69378}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C84F209-D764-44C8-ACB2-F8016CE69378}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O17 - HKLM\System\CS3\Services\Tcpip\..\{1C84F209-D764-44C8-ACB2-F8016CE69378}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Zmieniłem temat postu!
... nie krzycz , nie używaj Caps Locka !
Wybrałeś zły dział forum dla swego problemu!
Kolobos - 11 Lut 2007 20:21
Naucz sie obslugi forum. Posty pisz we wlasciwym dziale, a nie w pierwszym lepszym.
Uzyj: siri.urz.free.fr/Fix/SmitfraudFix_En.php zrob to co masz
opisane pod "Clean" po uzyciu utworzy sie log, ktory wklej na forum.
http://downloads.subratam.org/Fixwareout.exe <- po uzyciu utworzy sie log - wklej go na forum.
Przeskanuj system przy pomocy ewido.
W menadzerze zadan zakoncz:
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\ctpmon.exe
W hjt usun:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
O1 - Hosts: 195.122.131.45 dl22l32.rapidshare.com
O1 - Hosts: 195.122.131.45 dl22cg.rapidshare.com
O1 - Hosts: 195.122.131.45 dl22cg2.rapidshare.com
O1 - Hosts: 195.122.131.45 dl22tl.rapidshare.com
O1 - Hosts: 195.122.131.45 dl22tl2.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23l32.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23cg.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23cg2.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23tl.rapidshare.com
O1 - Hosts: 195.122.131.47 dl23tl2.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24l32.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24cg.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24cg2.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24tl.rapidshare.com
O1 - Hosts: 195.122.131.49 dl24tl2.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30l32.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30cg.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30cg2.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30tl.rapidshare.com
O1 - Hosts: 195.122.131.61 dl30tl2.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31l32.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31cg.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31cg2.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31tl.rapidshare.com
O1 - Hosts: 195.122.131.63 dl31tl2.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32l32.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32cg.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32cg2.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32tl.rapidshare.com
O1 - Hosts: 195.122.131.65 dl32tl2.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33l32.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33cg.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33cg2.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33tl.rapidshare.com
O1 - Hosts: 195.122.131.67 dl33tl2.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34l32.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34cg.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34cg2.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34tl.rapidshare.com
O1 - Hosts: 195.122.131.69 dl34tl2.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40l32.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40cg.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40cg2.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40tl.rapidshare.com
O1 - Hosts: 195.122.131.81 dl40tl2.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41l32.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41cg.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41cg2.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41tl.rapidshare.com
O1 - Hosts: 195.122.131.83 dl41tl2.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42l32.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42cg.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42cg2.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42tl.rapidshare.com
O1 - Hosts: 195.122.131.85 dl42tl2.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43l32.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43cg.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43cg2.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43tl.rapidshare.com
O1 - Hosts: 195.122.131.87 dl43tl2.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44l32.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44cg.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44cg2.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44tl.rapidshare.com
O1 - Hosts: 195.122.131.89 dl44tl2.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50l32.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50cg.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50cg2.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50tl.rapidshare.com
O1 - Hosts: 195.122.131.101 dl50tl2.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51l32.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51cg.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51cg2.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51tl.rapidshare.com
O1 - Hosts: 195.122.131.103 dl51tl2.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52l32.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52cg.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52cg2.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52tl.rapidshare.com
O1 - Hosts: 195.122.131.105 dl52tl2.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53l32.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53cg.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53cg2.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53tl.rapidshare.com
O1 - Hosts: 195.122.131.107 dl53tl2.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54l32.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54cg.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54cg2.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54tl.rapidshare.com
O1 - Hosts: 195.122.131.109 dl54tl2.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60l32.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60cg.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60cg2.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60tl.rapidshare.com
O1 - Hosts: 195.122.131.121 dl60tl2.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61l32.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61cg.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61cg2.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61tl.rapidshare.com
O1 - Hosts: 195.122.131.123 dl61tl2.rapidshare.com
O1 - Hosts: 195.122.131.125 dl62l32.rapidshare.com
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll (file missing)
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized <- odinstaluj i usun katalog FreeCall.com
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe <- plik usun z dysku.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\..\{C88EBE3D-76E4-4353-9949-5B7AFC438115}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{E90D76A5-909B-4983-ABD1-46EE53388D6F}: NameServer = 85.255.114.104,85.255.112.103
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.104 85.255.112.103
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll <- plik usun z dysku, w razie problemow uzyj killbox z opcja delete on reboot.
jareczek101 - 11 Lut 2007 21:29
Log z Fixwareout:
Fixwareout
Last edited 1/30/2007
Post this report in the forums please
...
Prerun check
»»»»» HKLM run and Winlogon System values
C:\WINDOWS\System32\kdyzt.exe will be moved to C:\WINDOWS\temp\kdyzt.ren at reboot.
»»»»» System restarted
Reg Entries that were deleted
...
Random Runs removed from HKLM
...
»»»»» Misc files.
»»»»» Checking for older varients.
»»»»» Postrun check
»»»»» HKLM run
»»»»» Winlogon System value
"system"=""
»»»»»
PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION.
This WILL/CAN also list Legit Files, Submit them at Virustotal
Search five digit cs, dm kd and jb files.
»»»»»
»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\\Program Files\\AutoConnect\\AutoConnect.exe"
"SpeedX"="C:\\DOCUME~1\\ADMINI~1\\Pulpit\\SPEEDX~1.EXE"
"FreeCall"="\"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe\" -nosplash -minimized"
"ctpmon"="ctpmon.exe"
"RegClean Expert Scheduler"="\"C:\\Program Files\\Registry Clean Expert\\RCHelper.exe\" /startup"
Hosts file was reset, If you use a custom hosts file please replace it
Dodano po 1 [minuty]:
Log z SmitFraudFix :
SmitFraudFix v2.141
Scan done at 20:09:52,90, 2007-02-11
Run from C:\Documents and Settings\Administrator\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Ulubione
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Moja bieľĄca strona gˆ˘wna"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\systqti.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Kolobos - 11 Lut 2007 21:44
Miales zrobic Clean w Smitfraud, a nie Scan.
C:\WINDOWS\system32\systqti.dll <- plik usun z dysku.
Wklej tez nowy log z hijackthis.
jareczek101 - 11 Lut 2007 22:04
Logfile of HijackThis v1.99.1
Scan saved at 21:03:52, on 2007-02-11
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\DOCUME~1\ADMINI~1\Pulpit\SPEEDX~1.EXE
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
E:\Instalki\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [SpeedX] C:\DOCUME~1\ADMINI~1\Pulpit\SPEEDX~1.EXE
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_43.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C84F209-D764-44C8-ACB2-F8016CE69378}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C84F209-D764-44C8-ACB2-F8016CE69378}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS3\Services\Tcpip\..\{1C84F209-D764-44C8-ACB2-F8016CE69378}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\systqti.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Gdy daje Clean w Smitfraud wyskakuje mi coś takiego....patrz.załącznik
Kliknij aby powiększyć
Kolobos - 11 Lut 2007 22:23
Dlaczego nie usunales tego co podalem?
W hjt kasujesz to:
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\systqti.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll (file missing)
Wymienione dwa pliki usuwasz z dysku.
Wyskakuje wiec nacisnij Y.
TONI_2003 - 11 Lut 2007 22:23
Do kolegi jareczek101
Proszę tylko zamieszczać fotki tak jak w linku poniżej!
Sądzę że jest to zrozumiale dla wszystkich.
Ogłoszenie: Wklejanie zdjęć.
Przypomnę jeszcze koledze jareczek101 że nie interesuje nas co kolega ma na pulpicie
Fotka przed zamieszczeniem na forum powinna być jeszcze odpowiednio skadrowana !
Następnie zaś dopiero umieszczona na forum
jankolo - 11 Lut 2007 22:38
Usunąłem wszystkie pliki zarażone Avastem
Z tego, co kolega napisał wynika, że to Avast zaraził koledze pliki. Kłaniają się zasady składni w języku Polskim.
jareczek101 - 11 Lut 2007 22:48
Zrobiłem ten Clean i po jakimś czasie wyskoczył plik tekstowy...oto on:
SmitFraudFix v2.141
Scan done at 21:43:42,82, 2007-02-11
Run from C:\Documents and Settings\Administrator\Pulpit\SmitfraudFix
OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End