Błagam o sprawdzenie loga! wirusy!


(Betty54) #1

mój komputer ma wirusy, choć avast ani nod32 nic nie wykrył. Największy problem mam z przeglądarka internetową, Exploter wariuje, włącza się 8 razy pod rząd z pustymi stronami, w 25 minutowych odstępach, oprócz tego na pulpicie zostają jakby "resztki", "okna" po otwieranych stronach,które zasłaniają mi wszytkie ikony!............. :cry:

błagam nich kto sprawdzi log , ja sie na tym kompletnie nie znam!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:48:50, on 2008-03-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Advanced Registry Doctor\RegManServ.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\Spyware Terminator\SpywareTerminator.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\Betty\USTAWI~1\Temp\dt3OQ83X.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {64865bc4-ee0a-48ea-be1e-76b7151bce77} - (no file)

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - (no file)

O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip..{2EDAC623-B3DD-45A9-9669-3C283FEC97E1}: NameServer = 194.204.152.34 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip..{2EDAC623-B3DD-45A9-9669-3C283FEC97E1}: NameServer = 194.204.152.34 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: dsdcan - dsdcan.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--

End of file - 5378 bytes


(Leon$) #2

wpisy

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {64865bc4-ee0a-48ea-be1e-76b7151bce77} - (no file)

O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - (no file)

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O20 - AppInit_DLLs:

O20 - Winlogon Notify: dsdcan - dsdcan.dll (file missing)

usuń HijackThisem >> Fix checked

pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 przeskanuj system daj log

:slight_smile:


(Betty54) #3

wielkie dzięki Leon$ :slight_smile:

usunełam to co trzeba, przeskanowałam tym Combobfix…

mam nadzieje, że o to chodziło, ja jestem zielona w tych sprawach :confused:

log:

ComboFix 08-03-05.3 - Betty 2008-03-06 20:52:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.107 [GMT 1:00]

Running from: C:\Documents and Settings\Betty\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\msnmsgr.exe

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\Cache\007AFCE1

C:\Program Files\myglobalsearch\bar\Cache\007B02C0.bin

C:\Program Files\myglobalsearch\bar\Cache\007B0536.bin

C:\Program Files\myglobalsearch\bar\Cache\007B06B3.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\WINDOWS\cookies.ini

C:\WINDOWS\msettings.ini

C:\WINDOWS\system32\147c27rw.dll

C:\WINDOWS\system32\42sbQ5j1.dll

C:\WINDOWS\system32\475LTSJB.dll

C:\WINDOWS\system32\4dSAq8AB.dll

C:\WINDOWS\system32\6Lk0SeqJ.dll

C:\WINDOWS\system32\8A732yg8.dll

C:\WINDOWS\system32\8N0jvB5k.dll

C:\WINDOWS\system32\b4su6K7J.dll

C:\WINDOWS\system32\boa.dat

C:\WINDOWS\system32\CA3MxY36.dll

C:\WINDOWS\system32\commands.xml

C:\WINDOWS\system32\cookie.dat

C:\WINDOWS\system32\cshEmwR5.dll

C:\WINDOWS\system32\d4RE8gtH.dll

C:\WINDOWS\system32\DYQ647V1.dll

C:\WINDOWS\system32\eM2gAyT4.dll

C:\WINDOWS\system32\g1CCGmo6.dll

C:\WINDOWS\system32\He11O0Vn.dll

C:\WINDOWS\system32\idsDnpr5.dll

C:\WINDOWS\system32\kC44nCq1.dll

C:\WINDOWS\system32\l3WvJ2b0.dll

C:\WINDOWS\system32\m3dGi1xW.dll

C:\WINDOWS\system32\MXUm17FC.dll

C:\WINDOWS\system32\O3J2tuN3.dll

C:\WINDOWS\system32\OJAM1Ka0.dll

C:\WINDOWS\system32\P8G4v4QB.dll

C:\WINDOWS\system32\po1bxlMN.dll

C:\WINDOWS\system32\ps.dat

C:\WINDOWS\system32\T48AAXXJ.dll

C:\WINDOWS\system32\tmp88A.tmp.dll

C:\WINDOWS\system32\wsnpoem

C:\WINDOWS\system32\wsnpoem\01FEF27F.uf

C:\WINDOWS\system32\X86T8K4t.dll

C:\WINDOWS\system32\xbHd5WRM.dll

C:\WINDOWS\system32\XgcDl3x2.dll

C:\WINDOWS\system32\ycq4RNBb.dll

C:\WINDOWS\WebAssist.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))

.


(Leon$) #4

To nie jest cały log tylko początek ale już tu widać ile syfu usunoł

zrób jeszcze raz log

:slight_smile:


(Betty54) #5

zrobiłam drugi raz :slight_smile: hmm narazie juz nic nie wariuje czyzby pomogło :slight_smile: albo tylko tak narazie komp robi mi nadzieje ze wszystko ok…

cały log teraz?

ComboFix 08-03-05.3 - Betty 2008-03-06 22:07:59.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.131 [GMT 1:00]

Running from: C:\Documents and Settings\Betty\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\msnmsgr.exe

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\Cache\007AFCE1

C:\Program Files\myglobalsearch\bar\Cache\007B02C0.bin

C:\Program Files\myglobalsearch\bar\Cache\007B0536.bin

C:\Program Files\myglobalsearch\bar\Cache\007B06B3.bin

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\WINDOWS\cookies.ini

C:\WINDOWS\msettings.ini

C:\WINDOWS\system32\147c27rw.dll

C:\WINDOWS\system32\42sbQ5j1.dll

C:\WINDOWS\system32\475LTSJB.dll

C:\WINDOWS\system32\4dSAq8AB.dll

C:\WINDOWS\system32\6Lk0SeqJ.dll

C:\WINDOWS\system32\8A732yg8.dll

C:\WINDOWS\system32\8N0jvB5k.dll

C:\WINDOWS\system32\b4su6K7J.dll

C:\WINDOWS\system32\boa.dat

C:\WINDOWS\system32\CA3MxY36.dll

C:\WINDOWS\system32\commands.xml

C:\WINDOWS\system32\cookie.dat

C:\WINDOWS\system32\cshEmwR5.dll

C:\WINDOWS\system32\d4RE8gtH.dll

C:\WINDOWS\system32\DYQ647V1.dll

C:\WINDOWS\system32\eM2gAyT4.dll

C:\WINDOWS\system32\g1CCGmo6.dll

C:\WINDOWS\system32\He11O0Vn.dll

C:\WINDOWS\system32\idsDnpr5.dll

C:\WINDOWS\system32\kC44nCq1.dll

C:\WINDOWS\system32\l3WvJ2b0.dll

C:\WINDOWS\system32\m3dGi1xW.dll

C:\WINDOWS\system32\MXUm17FC.dll

C:\WINDOWS\system32\O3J2tuN3.dll

C:\WINDOWS\system32\OJAM1Ka0.dll

C:\WINDOWS\system32\P8G4v4QB.dll

C:\WINDOWS\system32\po1bxlMN.dll

C:\WINDOWS\system32\ps.dat

C:\WINDOWS\system32\T48AAXXJ.dll

C:\WINDOWS\system32\tmp88A.tmp.dll

C:\WINDOWS\system32\wsnpoem

C:\WINDOWS\system32\wsnpoem\01FEF27F.uf

C:\WINDOWS\system32\X86T8K4t.dll

C:\WINDOWS\system32\xbHd5WRM.dll

C:\WINDOWS\system32\XgcDl3x2.dll

C:\WINDOWS\system32\ycq4RNBb.dll

C:\WINDOWS\WebAssist.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))

.

2008-03-06 20:46 . 2004-08-04 00:44 788,480 --a------ C:\CF23137.exe

2008-03-06 19:12 . 2008-03-06 19:12

2008-03-06 14:59 . 2008-03-06 14:59

2008-03-06 12:44 . 2008-03-06 12:44

2008-03-06 12:38 . 2008-03-06 13:15

2008-03-06 11:47 . 2008-03-06 11:47

2008-03-06 11:46 . 2008-03-06 11:46

2008-03-04 15:54 . 2008-03-06 11:46

2008-03-04 13:33 . 2008-03-04 13:33

2008-03-04 13:33 . 2008-03-06 11:47

2008-03-02 12:19 . 2008-03-06 11:47

2008-02-10 16:36 . 2008-02-11 20:28

2008-02-10 16:36 . 2008-02-10 16:36

2008-02-10 16:36 . 2004-05-26 06:37 719,872 --a------ C:\WINDOWS\system32\devil.dll

2008-02-10 16:36 . 2006-09-16 04:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll

2008-02-10 16:36 . 2008-02-10 16:36 81,920 --a------ C:\Documents and Settings\Betty\Dane aplikacji\ezpinst.exe

2008-02-10 16:36 . 2008-02-10 16:36 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-02-10 16:36 . 2008-02-10 16:36 47,360 --a------ C:\Documents and Settings\Betty\Dane aplikacji\pcouffin.sys

2008-02-08 21:00 . 2008-02-08 21:00 166 --a------ C:\key.shm

2008-02-06 13:50 . 2008-03-05 12:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-06 13:50 . 2008-02-06 13:50 1,409 --a------ C:\WINDOWS\QTFont.for

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-06 18:03 --------- d-----w C:\Program Files\Spyware Terminator

2008-03-06 18:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator

2008-03-06 13:44 --------- d-----w C:\Program Files\WinClamAVShield

2008-03-06 10:47 --------- d-----w C:\Program Files\MyPhoneExplorer

2008-03-06 10:46 --------- d-----w C:\Program Files\SendFile

2008-03-03 17:10 --------- d-----w C:\Program Files\eMule

2008-02-08 19:42 28,224 ----a-w C:\WINDOWS\system32\7SdW5dMs.exe

2008-02-05 14:38 --------- d-----w C:\Program Files\FDRLab

2008-02-02 14:05 --------- d-----w C:\Program Files\Video-AVI to GIF-JPEG

2008-02-02 13:07 --------- d-----w C:\Documents and Settings\Betty\Dane aplikacji\Jasc

2008-02-02 12:59 --------- d-----w C:\Program Files\GIF Movie Gear

2007-11-14 16:48 76,360 ----a-w C:\Documents and Settings\Betty\Dane aplikacji\GDIPFONTCACHEV1.DAT

.

------- Sigcheck -------

50eac3737d52d500bfa72bdde1d7d97d C:\WINDOWS\system32\wininet.dll

-c----w 596,480 2001-10-26 17:29:46 C:\WINDOWS$NtServicePackUninstall$\wininet.dll

----a-w 1,218,560 2004-08-03 23:44:16 C:\WINDOWS\ServicePackFiles\i386\wininet.dll

----a-w 1,218,560 2004-08-03 23:44:16 C:\WINDOWS\system32\wininet.dll

9a675b49106fd252bb9a35be0dbb3eb8 C:\WINDOWS\explorer.exe

----a-w 1,882,112 2004-08-03 23:44:20 C:\WINDOWS\explorer.exe

-c----w 1,002,496 2001-10-26 17:29:52 C:\WINDOWS$NtServicePackUninstall$\explorer.exe

----a-w 1,882,112 2004-08-03 23:44:20 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

----a-w 81,920 2004-08-22 16:05:02 C:\Program Files\D-Tools\bak\daemon.exe

----a-w 917,504 2007-01-10 00:05:59 C:\Program Files\ESET\bak\nod32kui.exe

----a-w 917,504 2007-04-18 12:33:10 C:\Program Files\ESET\nod32kui.exe

----a-w 1,716,224 2007-01-30 14:58:28 C:\Program Files\Gadu-Gadu\bak\gg.exe

----a-w 2,119,104 2007-07-09 07:39:12 C:\Program Files\Gadu-Gadu\gg.exe

----a-w 278,528 2006-02-23 14:45:20 C:\Program Files\iTunes\bak\iTunesHelper.exe

----a-w 155,648 2007-01-11 12:01:53 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 1,359,872 2005-08-18 13:15:26 C:\Program Files\TGTSoft\StyleXP\bak\StyleXP.exe

----a-w 1,372,160 2006-05-24 18:31:39 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

----a-w 866,816 2004-01-26 10:38:38 C:\Program Files\Thomson\SpeedTouch USB\bak\Dragdiag.exe

----a-w 885,760 2002-01-28 12:48:50 C:\WINDOWS\system32\bak\LXSUPMON.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-03 23:29 165784]

“STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 19:31 1372160]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39 2119104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-04-18 13:33 917504]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 09:50 163840]

“SpywareTerminator”=“C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe” [2007-12-20 16:25 2834432]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\Betty\Menu Start\Programy\Autostart\

Y’z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00 90112]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-11 19:35:29 113664]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\iTunes\iTunes.exe”=

“D:\emule\emule.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

“C:\Program Files\BearShare\BearShare.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“24793:TCP”= 24793:TCP:BitComet 24793 TCP

“24793:UDP”= 24793:UDP:BitComet 24793 UDP

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-12-20 16:25]

.

Contents of the ‘Scheduled Tasks’ folder

“2007-12-06 08:01:00 C:\WINDOWS\Tasks\At10.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-01-31 09:01:02 C:\WINDOWS\Tasks\At11.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 10:00:02 C:\WINDOWS\Tasks\At12.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 11:00:08 C:\WINDOWS\Tasks\At13.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 12:00:02 C:\WINDOWS\Tasks\At14.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 13:00:02 C:\WINDOWS\Tasks\At15.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 14:00:05 C:\WINDOWS\Tasks\At16.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 15:00:06 C:\WINDOWS\Tasks\At17.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 16:00:09 C:\WINDOWS\Tasks\At18.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 17:00:07 C:\WINDOWS\Tasks\At19.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-02-24 00:00:07 C:\WINDOWS\Tasks\At2.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 18:00:06 C:\WINDOWS\Tasks\At20.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 19:00:04 C:\WINDOWS\Tasks\At21.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-05 20:00:02 C:\WINDOWS\Tasks\At22.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 21:00:02 C:\WINDOWS\Tasks\At23.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-05 22:00:02 C:\WINDOWS\Tasks\At24.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-05 23:00:00 C:\WINDOWS\Tasks\At25.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-02-24 00:00:01 C:\WINDOWS\Tasks\At26.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-02-24 01:00:00 C:\WINDOWS\Tasks\At27.job”

  • C:\WINDOWS\system32\winmds.exe

“2007-08-30 08:45:36 C:\WINDOWS\Tasks\At28.job”

  • C:\WINDOWS\system32\winmds.exe

“2007-08-30 08:45:37 C:\WINDOWS\Tasks\At29.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-02-24 01:00:02 C:\WINDOWS\Tasks\At3.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2007-08-30 08:45:37 C:\WINDOWS\Tasks\At30.job”

  • C:\WINDOWS\system32\winmds.exe

“2007-08-30 08:45:37 C:\WINDOWS\Tasks\At31.job”

  • C:\WINDOWS\system32\winmds.exe

“2007-08-30 08:45:37 C:\WINDOWS\Tasks\At32.job”

  • C:\WINDOWS\system32\winmds.exe

“2007-12-06 07:00:00 C:\WINDOWS\Tasks\At33.job”

  • C:\WINDOWS\system32\winmds.exe

“2007-12-06 08:00:00 C:\WINDOWS\Tasks\At34.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-01-31 09:00:01 C:\WINDOWS\Tasks\At35.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 10:00:00 C:\WINDOWS\Tasks\At36.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 11:00:04 C:\WINDOWS\Tasks\At37.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 12:00:00 C:\WINDOWS\Tasks\At38.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 13:00:00 C:\WINDOWS\Tasks\At39.job”

  • C:\WINDOWS\system32\winmds.exe

“2007-08-21 21:54:15 C:\WINDOWS\Tasks\At4.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2008-03-06 14:00:01 C:\WINDOWS\Tasks\At40.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 15:00:01 C:\WINDOWS\Tasks\At41.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 16:00:01 C:\WINDOWS\Tasks\At42.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 17:00:00 C:\WINDOWS\Tasks\At43.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 18:00:01 C:\WINDOWS\Tasks\At44.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 19:00:00 C:\WINDOWS\Tasks\At45.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-05 20:00:00 C:\WINDOWS\Tasks\At46.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-06 21:00:00 C:\WINDOWS\Tasks\At47.job”

  • C:\WINDOWS\system32\winmds.exe

“2008-03-05 22:00:00 C:\WINDOWS\Tasks\At48.job”

  • C:\WINDOWS\system32\winmds.exe

“2007-08-21 21:54:15 C:\WINDOWS\Tasks\At5.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2007-08-21 21:54:15 C:\WINDOWS\Tasks\At6.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2007-08-21 21:54:15 C:\WINDOWS\Tasks\At7.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2007-08-21 21:54:15 C:\WINDOWS\Tasks\At8.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

“2007-12-06 07:01:00 C:\WINDOWS\Tasks\At9.job”

  • C:\WINDOWS\system32\7SdW5dMs.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-06 22:13:04

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-06 22:14:09

ComboFix-quarantined-files.txt 2008-03-06 21:14:06

edit:

teraz mi ciągle wyskakuje to:

http://img179.imageshack.us/img179/4605/beznazwyqj7.jpg

szczegulnie ta z tyłu strona poker.com


(Leon$) #6

otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

dodatkowo nowy log HijackThis

:slight_smile:


(Betty54) #7

zrobiłam :slight_smile: narazie nic niewłasciwego mi sie nie wyświetla :slight_smile:

oj bardzo dziękuje za wszystko co ja bym zrobiła bez ciebie :wink: :wink:

nowy log Hijackthis:

dobry jest?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:05:30, on 2008-03-07

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Advanced Registry Doctor\RegManServ.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\Ad Muncher\AdMunch.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [spywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”

O4 - HKLM…\Run: [Ad Muncher] “C:\Program Files\Ad Muncher\AdMunch.exe” /bt

O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: Y’z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_b … u_ie_frame

O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_b … u_ie_image

O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_b … nu_ie_link

O8 - Extra context menu item: Don’t filter page with Ad Muncher - http://www.admuncher.com/request_will_b … ie_exclude

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_b … _ie_report

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

End of file - 5492 bytes

edit:!

aa tylko ta przeklęta strona “pkr.com” sie co jakiś czas otwiera w jeba**m exploterze ( choć nigdy go nie używam Explore, samoczynnie tam sie ładuje)


(Leon$) #8

Wyłącz przywracanie systemu na wszystkich dyskach

usuń wpis

HijackThisem

otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

Po restarcie jeśli wszystko będzie OK usuń ręcznie folder C: \Qoobox

:slight_smile:


(Gutek) #9

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350