Logfile of HijackThis v1.99.1
Scan saved at 19:39:23, on 2007-11-14
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Tomek\USTAWI~1\Temp\Rar$EX00.515\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ACE0F1E-00A4-49D6-BE68-08262888BDC0}: NameServer = 194.204.152.34 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{2ACE0F1E-00A4-49D6-BE68-08262888BDC0}: NameServer = 194.204.152.34 217.98.63.164
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Złączono Posta : 14.11.2007 (Sro) 19:45
about:blank to jest ta strona ktora odpala sie automatyczie, przestawiam startowa na inna a ta swoje
Gutek
(Gutek)
14 Listopad 2007 19:34
#2
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym daj log z ComboFix
ComboFix 07-11-08.1 - Tomek 2007-11-15 6:43:46.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.711 [GMT 1:00] Running from: D:\internet\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))) . 2007-11-14 21:39 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 21:35 3,404 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-14 21:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-14 21:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-14 21:30 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-14 21:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-14 21:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-14 06:15 2007-11-14 06:11 2007-11-14 06:09 2007-11-12 20:22 2007-11-12 20:22 2,431,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-12 20:22 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-11-12 20:22 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-11-12 20:22 17,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-10 05:53 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-11-09 19:33 2007-10-26 19:02 2007-10-26 19:02 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL 2007-10-26 19:02 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-10-26 19:02 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-10-26 19:02 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-10-25 18:46 2007-10-23 21:19 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 05:40 --------- d-----w C:\Program Files\neostrada tp 2007-11-14 21:01 4,652 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-14 21:01 36,608 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-12 19:26 --------- d-----w C:\Program Files\Google 2007-11-12 19:22 12,800 --s-a-w C:\WINDOWS\system32\fftktmk.dll 2007-11-11 08:46 --------- d-----w C:\Program Files\BitComet 2007-10-26 18:02 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-12 16:36 --------- d-----w C:\Program Files\Kaspersky Lab 2007-10-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-10-09 16:27 --------- d-----w C:\Program Files\DivX 2007-10-08 17:00 --------- d-----w C:\Program Files\MarBit 2007-10-06 18:40 --------- d-----w C:\Program Files\ekAzek Download 2007-10-05 18:15 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-10-05 18:15 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Media Player Classic 2007-10-03 20:23 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\CyberLink 2007-10-03 05:01 --------- d-----w C:\Program Files\Ares 2007-10-02 21:16 --------- d-----w C:\Program Files\Alwil Software 2007-10-02 15:20 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-10-02 15:20 --------- d-----w C:\Program Files\SAGEM 2007-10-02 14:13 --------- d-----w C:\Program Files\Java 2007-10-02 06:27 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-02 05:55 --------- d-----w C:\Program Files\Microsoft.NET 2007-10-02 05:55 --------- d-----w C:\Program Files\Microsoft Works 2007-09-28 06:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-09-28 05:57 --------- d-----w C:\Program Files\CyberLink 2007-09-28 05:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-28 05:55 --------- d-----w C:\Program Files\Common Files\Ahead 2007-09-28 05:55 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Ahead 2007-09-28 05:54 --------- d-----w C:\Program Files\Nero 2007-09-28 05:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-09-27 12:39 --------- d-----w C:\Program Files\Operacja Pustynny Grom 2007-09-27 10:28 --------- d-----w C:\Program Files\AGEIA Technologies 2007-09-27 09:51 --------- d-----w C:\Program Files\Realtek 2007-09-27 09:48 --------- d-----w C:\Program Files\Analog Devices 2007-09-27 09:44 --------- d-----w C:\Program Files\Intel 2007-09-27 09:36 --------- d-----w C:\Program Files\microsoft frontpage 2007-09-27 09:34 --------- d-----w C:\Program Files\Usługi online 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{23B760D6-C98B-450B-9B32-26C7775CDF83}] 2007-11-15 06:40 13824 --a------ C:\Program Files\Video Add-on\isfmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 14:34] “SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2006-07-13 06:12] “JMB36X IDE Setup”=“C:\WINDOWS\JM\JMInsIDE.exe” [2006-10-30 13:44] “JMB36X Configure”=“C:\WINDOWS\System32\JMRaidSetup.exe” [2006-10-30 13:44] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-04-12 22:44] “nwiz”=“nwiz.exe” [2007-04-12 22:44 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-04-12 22:44] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 14:40] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 14:10] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 21:55] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 13:49] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 15:55] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2007-06-28 12:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-11-12 17:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] “C:\Program Files\Ares\Ares.exe” -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 06:44:22 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 6:44:38 . — E O F —
Złączono Posta : 15.11.2007 (Czw) 16:11
:?
Gutek
(Gutek)
15 Listopad 2007 15:20
#6
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
juz jesyt dobrze. dzieki. a co to było