Prosze o sprawdzenie loga... spyware

12.04.2008

11:03

[1]

Klaustrofobik [ Pretorianin ]

Prosze o sprawdzenie loga... spyware

Witam, chyba zalapalem spyware, bo mam napisane w dymku " your computer is infected by spyware" Usuwalem ad-awarem i avastem, troche znalazl ad-aware i usunal. Ale nie moge dostac sie do menedzera zadan, jest zablokowany.

Moj log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:31, on 2008-04-12
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAMY\Sygate Firewall\smc.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRAMY\Avast\aswUpdSv.exe
D:\PROGRAMY\Avast\ashServ.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
D:\PROGRAMY\Avast\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Razer\Copperhead\razertra.exe
D:\PROGRAMY\Volume Control\volctrl.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
D:\PROGRAMY\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAMY\Avast\ashMaiSv.exe
D:\PROGRAMY\Avast\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dafehohm.exe
C:\Documents and Settings\All Users\Dane aplikacji\najoruve\lgpezave.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRAMY\Ad-Aware\aawservice.exe
D:\PROGRAMY\MOZILL~1\FIREFOX.EXE
D:\PROGRAMY\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: Megaupload Toolbar - ‹4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C› - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: vnbptxlf - ‹D212F823-17B0-470A-832F-86D3B30EE0D1› - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SmcService] D:\PROGRAMY\SYGATE~1\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] D:\PROGRAMY\Avast\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\PROGRAMY\Nero\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\PROGRAMY\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ecb02939] rundll32.exe "C:\WINDOWS\system32\hjuovfep.dll",b
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_‹79662E04-7C6C-4d9f-84C7-88D8A56B10AA›] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swtpirtw] C:\WINDOWS\system32\dafehohm.exe
O4 - HKLM\..\Policies\Explorer\Run: [yro7AgJmhc] C:\Documents and Settings\All Users\Dane aplikacji\najoruve\lgpezave.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VolumeControl.lnk = D:\PROGRAMY\Volume Control\volctrl.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - ‹FB5F1910-F110-11d2-BB9E-00C04F795683› - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - ‹FB5F1910-F110-11d2-BB9E-00C04F795683› - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ‹6414512B-B978-451D-A0D8-FCFDF33E833C› (WUWebControl Class) -
O16 - DPF: ‹D27CDB6E-AE6D-11CF-96B8-444553540000› (Shockwave Flash Object) -
O18 - Protocol: skype4com - ‹FFC8B962-9B40-4DFF-9458-1830C7DD7F5D› - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\PROGRAMY\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\PROGRAMY\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\PROGRAMY\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\PROGRAMY\Avast\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\PROGRAMY\Nero\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\PROGRAMY\Sygate Firewall\smc.exe

--
End of file - 7363 bytes

12.04.2008

11:11

[2]

wysiak [ Senator ]

C:\Documents and Settings\All Users\Dane aplikacji\najoruve\lgpezave.exe
O3 - Toolbar: Megaupload Toolbar - ‹4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C› - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Policies\Explorer\Run: [yro7AgJmhc] C:\Documents and Settings\All Users\Dane aplikacji\najoruve\lgpezave.exe

Na przyszlosc - loga do sprawdzenia wkleja sie na strone programu.

"Rozumiem, ze te podane przez Ciebie wpisy mam usunac ?"
To zostalo sklasyfikowane jako 'Nasty', wiec chyba tak?:)