Automatycznie przestawia mi sie strona główna internetu

tomek1234123412 · 14 Listopad 2007 18:43

Logfile of HijackThis v1.99.1

Scan saved at 19:39:23, on 2007-11-14

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Video Add-on\isfmntr.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Video Add-on\isfmm.exe

C:\Program Files\neostrada tp\neostradatp.exe

C:\Program Files\neostrada tp\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Toaster.exe

C:\PROGRA~1\NEOSTR~1\Inactivity.exe

C:\PROGRA~1\NEOSTR~1\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\neostrada tp\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\Tomek\USTAWI~1\Temp\Rar$EX00.515\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidSetup.exe boot

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O17 - HKLM\System\CCS\Services\Tcpip\..\{2ACE0F1E-00A4-49D6-BE68-08262888BDC0}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{2ACE0F1E-00A4-49D6-BE68-08262888BDC0}: NameServer = 194.204.152.34 217.98.63.164

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll

O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

Złączono Posta : 14.11.2007 (Sro) 19:45

about:blank to jest ta strona ktora odpala sie automatyczie, przestawiam startowa na inna a ta swoje

Gutek · 14 Listopad 2007 19:34

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym daj log z ComboFix

tomek1234123412 · 14 Listopad 2007 21:00

SmitFraudFix v2.253

Scan done at 21:35:19,26, 2007-11-14 Run from D:\internet\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Video Add-on\isfmntr.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Video Add-on\isfmm.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\System32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tomek »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tomek\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tomek\Ulubione C:\DOCUME~1\Tomek\Ulubione\Online Security Test.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video Add-on\ FOUND ! C:\Program Files\VirusProtect 3.8\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Moja bieľĄca strona g˘wna” »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] “{3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea}”=“doglike” »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”=“C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll” »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End

Gutek · 14 Listopad 2007 21:05

Daj log z ComboFix

tomek1234123412 · 15 Listopad 2007 05:46

ComboFix 07-11-08.1 - Tomek 2007-11-15 6:43:46.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.711 [GMT 1:00] Running from: D:\internet\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))) . 2007-11-14 21:39 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 21:35 3,404 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-14 21:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-14 21:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-14 21:30 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-14 21:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-14 21:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-14 06:15 2007-11-14 06:11 2007-11-14 06:09 2007-11-12 20:22 2007-11-12 20:22 2,431,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-12 20:22 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-11-12 20:22 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-11-12 20:22 17,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-10 05:53 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-11-09 19:33 2007-10-26 19:02 2007-10-26 19:02 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL 2007-10-26 19:02 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-10-26 19:02 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-10-26 19:02 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-10-25 18:46 2007-10-23 21:19 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 05:40 --------- d-----w C:\Program Files\neostrada tp 2007-11-14 21:01 4,652 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-14 21:01 36,608 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-12 19:26 --------- d-----w C:\Program Files\Google 2007-11-12 19:22 12,800 --s-a-w C:\WINDOWS\system32\fftktmk.dll 2007-11-11 08:46 --------- d-----w C:\Program Files\BitComet 2007-10-26 18:02 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-12 16:36 --------- d-----w C:\Program Files\Kaspersky Lab 2007-10-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-10-09 16:27 --------- d-----w C:\Program Files\DivX 2007-10-08 17:00 --------- d-----w C:\Program Files\MarBit 2007-10-06 18:40 --------- d-----w C:\Program Files\ekAzek Download 2007-10-05 18:15 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-10-05 18:15 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Media Player Classic 2007-10-03 20:23 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\CyberLink 2007-10-03 05:01 --------- d-----w C:\Program Files\Ares 2007-10-02 21:16 --------- d-----w C:\Program Files\Alwil Software 2007-10-02 15:20 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-10-02 15:20 --------- d-----w C:\Program Files\SAGEM 2007-10-02 14:13 --------- d-----w C:\Program Files\Java 2007-10-02 06:27 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-02 05:55 --------- d-----w C:\Program Files\Microsoft.NET 2007-10-02 05:55 --------- d-----w C:\Program Files\Microsoft Works 2007-09-28 06:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-09-28 05:57 --------- d-----w C:\Program Files\CyberLink 2007-09-28 05:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-28 05:55 --------- d-----w C:\Program Files\Common Files\Ahead 2007-09-28 05:55 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Ahead 2007-09-28 05:54 --------- d-----w C:\Program Files\Nero 2007-09-28 05:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-09-27 12:39 --------- d-----w C:\Program Files\Operacja Pustynny Grom 2007-09-27 10:28 --------- d-----w C:\Program Files\AGEIA Technologies 2007-09-27 09:51 --------- d-----w C:\Program Files\Realtek 2007-09-27 09:48 --------- d-----w C:\Program Files\Analog Devices 2007-09-27 09:44 --------- d-----w C:\Program Files\Intel 2007-09-27 09:36 --------- d-----w C:\Program Files\microsoft frontpage 2007-09-27 09:34 --------- d-----w C:\Program Files\Usługi online 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{23B760D6-C98B-450B-9B32-26C7775CDF83}] 2007-11-15 06:40 13824 --a------ C:\Program Files\Video Add-on\isfmdl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 14:34] “SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2006-07-13 06:12] “JMB36X IDE Setup”=“C:\WINDOWS\JM\JMInsIDE.exe” [2006-10-30 13:44] “JMB36X Configure”=“C:\WINDOWS\System32\JMRaidSetup.exe” [2006-10-30 13:44] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-04-12 22:44] “nwiz”=“nwiz.exe” [2007-04-12 22:44 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-04-12 22:44] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 14:40] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 14:10] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 21:55] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 13:49] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 15:55] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2007-06-28 12:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-11-12 17:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] “C:\Program Files\Ares\Ares.exe” -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 06:44:22 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 6:44:38 . — E O F —

Złączono Posta : 15.11.2007 (Czw) 16:11

:?

Gutek · 15 Listopad 2007 15:20

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

tomek1234123412 · 15 Listopad 2007 19:26

ComboFix 07-11-08.1 - Tomek 2007-11-15 20:20:59.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.654 [GMT 1:00] Running from: D:\internet\ComboFix.exe Command switches used :: C:\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\fftktmk.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Video Add-on C:\Program Files\Video Add-on\isfmdl.dll C:\Program Files\Video Add-on\isfmm.exe C:\Program Files\Video Add-on\isfmntr.exe C:\Program Files\Video Add-on\isfun.exe C:\Program Files\Video Add-on\ot.ico C:\Program Files\Video Add-on\ts.ico C:\Program Files\VirusProtect 3.8 C:\Program Files\VirusProtect 3.8\ignored.lst C:\Program Files\VirusProtect 3.8\VirusProtect 3.8.exe C:\Program Files\VirusProtect 3.8\vpp.ini C:\WINDOWS\system32\fftktmk.dll . ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))) . 2007-11-14 21:39 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 21:35 3,404 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-14 21:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-11-14 21:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-11-14 21:30 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-11-14 21:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-11-14 21:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-11-14 06:15 2007-11-12 20:22 2007-11-12 20:22 2,569,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-12 20:22 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-11-12 20:22 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-11-12 20:22 21,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-10 05:53 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll 2007-11-09 19:33 2007-10-26 19:02 2007-10-26 19:02 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL 2007-10-26 19:02 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll 2007-10-26 19:02 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll 2007-10-26 19:02 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll 2007-10-25 18:46 2007-10-23 21:19 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 19:23 --------- d-----w C:\Program Files\neostrada tp 2007-11-15 19:22 5,156 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-15 19:22 38,624 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-12 19:26 --------- d-----w C:\Program Files\Google 2007-11-11 08:46 --------- d-----w C:\Program Files\BitComet 2007-10-26 18:02 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-12 16:36 --------- d-----w C:\Program Files\Kaspersky Lab 2007-10-12 16:36 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2007-10-09 16:27 --------- d-----w C:\Program Files\DivX 2007-10-08 17:00 --------- d-----w C:\Program Files\MarBit 2007-10-06 18:40 --------- d-----w C:\Program Files\ekAzek Download 2007-10-05 18:15 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-10-05 18:15 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Media Player Classic 2007-10-03 20:23 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\CyberLink 2007-10-03 05:01 --------- d-----w C:\Program Files\Ares 2007-10-02 21:16 --------- d-----w C:\Program Files\Alwil Software 2007-10-02 15:20 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2007-10-02 15:20 --------- d-----w C:\Program Files\SAGEM 2007-10-02 14:13 --------- d-----w C:\Program Files\Java 2007-10-02 06:27 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-02 05:55 --------- d-----w C:\Program Files\Microsoft.NET 2007-10-02 05:55 --------- d-----w C:\Program Files\Microsoft Works 2007-09-28 06:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink 2007-09-28 05:57 --------- d-----w C:\Program Files\CyberLink 2007-09-28 05:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-09-28 05:55 --------- d-----w C:\Program Files\Common Files\Ahead 2007-09-28 05:55 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Ahead 2007-09-28 05:54 --------- d-----w C:\Program Files\Nero 2007-09-28 05:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2007-09-27 12:39 --------- d-----w C:\Program Files\Operacja Pustynny Grom 2007-09-27 10:28 --------- d-----w C:\Program Files\AGEIA Technologies 2007-09-27 09:51 --------- d-----w C:\Program Files\Realtek 2007-09-27 09:48 --------- d-----w C:\Program Files\Analog Devices 2007-09-27 09:44 --------- d-----w C:\Program Files\Intel 2007-09-27 09:36 --------- d-----w C:\Program Files\microsoft frontpage 2007-09-27 09:34 --------- d-----w C:\Program Files\Usługi online 2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe . ((((((((((((((((((((((((((((( snapshot@2007-11-15_ 6.44.24.43 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-15 05:43:44 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat + 2007-11-15 19:20:56 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 14:34] “SoundMAX”=“C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” [2006-07-13 06:12] “JMB36X IDE Setup”=“C:\WINDOWS\JM\JMInsIDE.exe” [2006-10-30 13:44] “JMB36X Configure”=“C:\WINDOWS\System32\JMRaidSetup.exe” [2006-10-30 13:44] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2007-04-12 22:44] “nwiz”=“nwiz.exe” [2007-04-12 22:44 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2007-04-12 22:44] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 14:40] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2006-11-23 14:10] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-12-05 21:55] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 13:49] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 15:55] “AVP”=“C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2007-06-28 12:51] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-11-12 17:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] “C:\Program Files\Ares\Ares.exe” -h [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\System32\DRIVERS\e4usbaw.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\System32\Drivers\e4ldr.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 20:23:06 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 20:23:41 - machine was rebooted C:\ComboFix2.txt … 2007-11-15 06:44 . — E O F —

Gutek · 15 Listopad 2007 19:49

Już powinno być Ok

tomek1234123412 · 18 Listopad 2007 10:12

juz jesyt dobrze. dzieki. a co to było