Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    LOG - spyware(masakra)

    IP: *.netis.net.pl 21.02.06, 19:11
    dostaje co chwile reklamy i nie dziala mi wiekszosc programow :(
    prosze o pomoc, nie jestem doswiadczony i nie chce usunac przypadkowo
    potrzebnych pliczkow

    L2mfix

    L2MFIX find log 010406
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\avpe32]
    "DllName"=hex(2):61,00,76,00,70,00,65,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,\
    00,00
    "Startup"="MmPageFree"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    "MaxWait"=dword:00000001
    "secureUID"="[40033121921322852471]"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\Dynamic Directory]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\k4no0e53eh.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\hpprintx]
    "DllName"=hex(2):68,00,70,00,70,00,72,00,69,00,6e,00,74,00,78,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Startup"="hpprintx"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
    "MaxWait"=dword:00000001
    "nk453id"="[236392189469795-NG-uzyszkodnik]"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
    Settings\User Agent\Post Platform]
    "{C00164A8-786C-8FB1-01F4-8C7DF9D42516}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
    Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Karta wˆa˜ciwo˜ci pliku multimedialnego"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ZarzĄdzanie skanerem ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Strona zabezpieczeä NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Strona wˆa˜ciwo˜ci OLE Docfile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Rozszerzenia powˆoki dla
    udost©pniania zasob˘w"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL karty graficznej"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL monitora wy˜wietlania"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Rozszerzenie CPL kadrowania
    wy˜wietlania"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Strona zabezpieczeä usˆugi DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Strona zgodno˜ci"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Program obsˆugi danych wycinkowych
    powˆoki"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Rozszerzenie Disc Copy"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Rozszerzenia powˆoki dla obiekt˘w
    Microsoft Windows Network"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ZarzĄdzanie monitorem ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ZarzĄdzanie drukarkĄ ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Rozszerzenia powˆoki dla kompresji
    plik˘w"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Rozszerzenie powˆoki drukarek sieci Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu kontekstowe szyfrowania"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Akt˘wka"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Rozszerzenie ikony HyperTerminalu"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Strona zabezpieczeä drukarek"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Rozszerzenia powˆoki dla
    udost©pniania zasob˘w"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Rozszerzenie Crypto Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="PoˆĄczenia sieciowe"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="PoˆĄczenia sieciowe"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Skanery i aparaty fotograficzne"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Skanery i aparaty fotograficzne"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Skanery i aparaty fotograficzne"
    "{83b
    Obserwuj wątek
      • Gość: matek Re: LOG - spyware(masakra) IP: *.netis.net.pl 21.02.06, 19:14
        ups nie zmiscilo sie cale, sorry

        C:\WINDOWS\SYSTEM32\
        comdlg64.dll Tue 2006-02-21 1:30:38 A.... 5 067 4,95 K
        dpl100.dll Fri 2006-01-06 17:35:00 A.... 86 016 84,00 K
        dpu11.dll Fri 2006-01-06 17:34:58 A.... 294 912 288,00 K
        dpugui11.dll Fri 2006-01-06 17:35:00 A.... 593 920 580,00 K
        dpus11.dll Fri 2006-01-06 17:34:58 A.... 339 968 332,00 K
        dpv11.dll Fri 2006-01-06 17:34:58 A.... 57 344 56,00 K
        dtu100.dll Fri 2006-01-06 17:35:00 A.... 200 704 196,00 K
        dulay.dll Tue 2006-02-21 18:48:14 ..... 235 545 230,02 K
        en8ml1~1.dll Tue 2006-02-21 11:49:14 ..S.R 235 038 229,53 K
        hpprintx.dll Tue 2006-02-21 1:19:04 A.... 22 041 21,52 K
        jtpu07~1.dll Tue 2006-02-21 17:58:56 ..S.R 235 545 230,02 K
        k4no0e~1.dll Tue 2006-02-21 9:42:54 ..S.R 235 545 230,02 K
        libdivx.dll Fri 2006-01-06 17:17:36 A.... 1 044 480 1020,00 K
        lwcalsec.dll Tue 2006-02-21 11:49:02 ..S.R 234 456 228,96 K
        m0640a~1.dll Tue 2006-02-21 1:20:48 ..... 234 456 228,96 K
        msupda~1.dll Tue 2006-02-21 1:22:08 A.... 37 376 36,50 K
        msvcrl.dll Tue 2006-02-21 1:30:52 A.... 5 120 5,00 K
        nylsapi.dll Tue 2006-02-21 1:30:16 ..S.R 234 456 228,96 K
        o4role~1.dll Tue 2006-02-21 1:31:16 ..... 234 456 228,96 K
        px.dll Fri 2006-01-06 17:52:44 ..... 372 736 364,00 K
        pxdrv.dll Fri 2006-01-06 17:52:44 ..... 421 888 412,00 K
        pxmas.dll Fri 2006-01-06 17:52:44 ..... 172 032 168,00 K
        pxwave.dll Fri 2006-01-06 17:52:44 ..... 339 968 332,00 K
        q4860e~1.dll Tue 2006-02-21 1:39:10 ..... 235 545 230,02 K
        qt-dx331.dll Fri 2006-01-06 17:35:00 A.... 3 596 288 3,43 M
        rewire.dll Wed 2006-02-01 22:19:30 A.... 225 280 220,00 K
        rexsha~1.dll Wed 2006-02-01 22:19:30 A.... 233 472 228,00 K
        shc_os.dll Tue 2006-02-21 1:56:14 ..... 235 545 230,02 K
        ssldivx.dll Fri 2006-01-06 17:17:36 A.... 200 704 196,00 K
        ssldr32.dll Tue 2006-02-21 1:18:48 A.... 12 085 11,80 K
        vxblock.dll Fri 2006-01-06 17:52:44 ..... 28 672 28,00 K
        wancp.dll Tue 2006-02-21 1:18:48 A.... 44 516 43,47 K

        32 items found: 32 files (5 H/S), 0 directories.
        Total of file sizes: 10 685 176 bytes 10,19 M
        Locate .tmp files:

        C:\WINDOWS\SYSTEM32\
        40.tmp Tue 2006-02-21 1:18:52 A.... 57 344 56,00 K
        guard.tmp Tue 2006-02-21 18:49:14 ..S.R 235 545 230,02 K

        2 items found: 2 files (1 H/S), 0 directories.
        Total of file sizes: 292 889 bytes 286,02 K
        **********************************************************************************
        Directory Listing of system files:
        Wolumin w stacji C to Rŕ˝NE
        Numer seryjny woluminu: DCCA-14DD

        Katalog: C:\WINDOWS\System32

        2006-02-21 18:49 235˙545 guard.tmp
        2006-02-21 17:58 235˙545 jtpu0779e.dll
        2006-02-21 11:49 235˙038 en8ml1l11.dll
        2006-02-21 11:49 234˙456 lwcalsec.dll
        2006-02-21 09:42 235˙545 k4no0e53eh.dll
        2006-02-21 01:30 234˙456 nylsapi.dll
        2006-02-17 11:22 <DIR> dllcache
        6 plik(˘w) 1˙410˙585 bajt˘w
        1 katalog(˘w) 1˙117˙011˙456 bajt˘w wolnych
        • Gość: matek Re: LOG - spyware(masakra) IP: *.netis.net.pl 21.02.06, 19:14
          smieci dostalem wczoraj o 1:30

      • neder Re: LOG - spyware(masakra) 21.02.06, 19:15
        a czy możesz zrobić loga z Hijack This jeszcze?
        www.mgregor.republika.pl
        • Gość: matek Re: LOG - spyware(masakra) IP: *.netis.net.pl 21.02.06, 19:20
          Logfile of HijackThis v1.99.1
          Scan saved at 19:19:26, on 2006-02-21
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\System32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\AVPersonal\AVGUARD.EXE
          C:\Program Files\AVPersonal\AVWUPSRV.EXE
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\WINDOWS\system32\NOTEPAD.EXE
          C:\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
          O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
          O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll
          O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\k4no0e53eh.dll
          O20 - Winlogon Notify: hpprintx - C:\WINDOWS\SYSTEM32\hpprintx.dll
          O23 - Service: AlfaCleanerService - Unknown owner - C:\Program
          Files\AlfaCleaner\ACServer.exe (file missing)
          O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
          C:\Program Files\AVPersonal\AVGUARD.EXE
          O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
          O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
          C:\Program Files\AVPersonal\AVWUPSRV.EXE
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
          - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

          • neder Re: LOG - spyware(masakra) 21.02.06, 19:36
            Niezaktualizowany system. Masz jakieogś firewalla?

            > O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
            -> odinstalowujesz to
            > O20 - Winlogon Notify: avpe32 - C:\WINDOWS\SYSTEM32\avpe32.dll ->
            Backdoor.Haxdoor wersja AP, opis usuwania i naprawy tu:
            72.14.207.104/search?q=cache:8rpEo8YwXqIJ:www.searchengines.pl/phpbb203/index.php%3Fshowtopic%3D6745+Backdoor+Haxdoora+AP&hl=pl&gl=pl&ct=clnk&cd=1
            -> robisz co tam napisane a nie tylko czytasz!
            > O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\k4no0e53eh.dll
            -> plik leci z dysku
            > O20 - Winlogon Notify: hpprintx - C:\WINDOWS\SYSTEM32\hpprintx.dll -> to samo
            > O23 - Service: AlfaCleanerService - Unknown owner - C:\Program
            > Files\AlfaCleaner\ACServer.exe (file missing)
            • Gość: matek Re: LOG - spyware(masakra) IP: *.netis.net.pl 21.02.06, 20:20
              zrobilem wszystko idealnie tak jak mi zaleciles
              AlfaCleanera jak usune to znowu powraca



              Logfile of HijackThis v1.99.1
              Scan saved at 20:19:41, on 2006-02-21
              Platform: Windows XP (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\System32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\AVPersonal\AVGUARD.EXE
              C:\Program Files\AVPersonal\AVWUPSRV.EXE
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\rundll32.exe
              C:\Program Files\Gadu-Gadu\gg.exe
              C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
              C:\hijackthis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
              O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
              O20 - Winlogon Notify: hpprintx - hpprintx.dll (file missing)
              O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\jtpu0779e.dll
              O23 - Service: AlfaCleanerService - Unknown owner - C:\Program
              Files\AlfaCleaner\ACServer.exe (file missing)
              O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
              C:\Program Files\AVPersonal\AVGUARD.EXE
              O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
              O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
              C:\Program Files\AVPersonal\AVWUPSRV.EXE
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation
              - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

              • Gość: matek Re: LOG - spyware(masakra) IP: *.netis.net.pl 21.02.06, 20:22
                programy sie juz nie wieszają

                reklamy nadal są
              • barracuda7110 Re: LOG - spyware(masakra) 21.02.06, 20:45
                www.bleepingcomputer.com/forums/index.php?showtopic=43477
              • barracuda7110 Re: LOG - spyware(masakra) 21.02.06, 20:46
                Zapomniałem na Ciebie nawrzeszczeć za nieupdtade'owany system.

                www.windowsupdate.com
                • neder Re: LOG - spyware(masakra) 21.02.06, 21:02
                  Ja to zrobiłam ;) To znaczy nie to, żebym wrzeszczała, ale wspomniałam ;)
                  • Gość: tata1959 Re: LOG - spyware(masakra) IP: *.neoplus.adsl.tpnet.pl 21.02.06, 22:00
                    witam
                    tak...pozostał VX2,www.simplytech.it/L2MRemover/
                    log z l2mfix do kontroli,zfixować w hijacku
                    O20 - Winlogon Notify: hpprintx - hpprintx.dll (file missing)

                    pozdrawiam

                    .
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin