Prosba O Sprawdzenie Loga

[DziubekR1]

http://forum.purepc.pl/index.php?showtopic...p;#entry2647946 - tu jest opisany moj problem. Wklejam wiec loga, moze cos siedzi w systemie.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:09:25, on 2007-06-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\cFosSpeed\spd.exe

C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe

F:\Konnekt\konnekt.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\AcroRd32.exe

C:\Documents and Settings\Robi (net)\Pulpit\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Internet ADSL.lnk = ?

O4 - Startup: RivaTuner.lnk = C:\Program Files\RivaTuner v2.0 Final Release\RivaTuner.exe

O4 - Startup: Skrót do konnekt.lnk = F:\Konnekt\konnekt.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://mks.com.pl

O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E45B7BF2-5D00-4DF1-B96D-0FB8E990F1B5}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe

[CatchMe]

Kosmetycznie w HijackThis usuń ten wpis:

O20 - AppInit_DLLs:

- Wklej 2 logi: Silent Runners i ComboFix. 8O

[DziubekR1]

http://wklej.org/id/a01d48560c Edytowane 14 Czerwca 2007 przez CatchMe

[Rikki]

Uwaga techniczna, jeżeli wklejasz logi to albo w spoilerze albo w http://wklej.org/ - będzie czytelniej 8O

[CatchMe]

Nie udało Ci się wygenerować loga z ComboFix. Spróbuj jeszcze raz albo daj log z ComboScan.

[DziubekR1]

ComboScan - http://wklej.org/id/81b06af4b7

Tamten ComboFix cos raz robil loga, pozniej juz nie. Nie wiem co z nim bylo grane.

[CatchMe]

Zastosuj: http://cybertrash.pl/images/tata/SDFix.html i wklej ponownie nowy log.

[DziubekR1]

Czekaj, bo nie kminie. Wlaczylem tego SDFix, cos sobie skanowal przez chwile i wyszlo, wszystko po 0 (Hidden Files itp.), ale zadnego loga nie zrobil. Czy chodzilo Ci o to, zeby tym przeleciec system, a pozniej znowu loga z ktorego z wczesniejszych programow ?

[CatchMe]

TAK 8O

[DziubekR1]

No wiec tak jak mowiles, wlaczylem tego SDFix i pozniej reszte:

 

SDFix - http://wklej.org/id/5fa0452121

ComboFix - http://wklej.org/id/155f4083c9

Deckard's System Scanner - http://wklej.org/id/78d52b3423

HijackThis - http://wklej.org/id/7b5efe0c59

Silent Runners - http://wklej.org/id/83fa5f1229

[CatchMe]

Wpisy skasuj w HijackThis a pogrubione usuń z dysku:

38. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

39. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

40. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\WINDOWS\7BDD69ACCA3B4BE18D7397271DD7B689.TMP

C:\WINDOWS\system32\DVCState-{00000001-00000000-00000009-00001102-00000004-00511102}.dat

C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000007-00001102-00000004-00511102}.dat

 

- Ten plik przeskanuj na www.virustotal.com :

C:\WINDOWS\system32\ktlibeay32_0.9.8.2.dll

[DziubekR1]

Wszystko wywalone, ten skaner nic w tym pliku nie znalazl. Mam rozumiec, ze system czysty ?

[CatchMe]

Jeżeli wywaliłeś ustrojstwo tamto to tak 8O

[DziubekR1]

Dzieki w takim razie ogromne, za zainteresowanie 8O Kurde, czyli moj problem z Neo, to nie wina syfu w systemie :/ Nie wiem, czy sie cieszyc, czy plakac.