witam

Na komputerach sie tak znam jak faceci na szydelkowaniu Być może tu znajde rozwiazanie mojego problemu. Wiec przechodze do rzeczy. Mam Windows XP

Oto objawy:

• nie działa klawisz backspace (a nie jest uszkodzony )

-kiedy wpisuje tekst (gdziekolwiek - GG, Google,notatnik,WordPad,itd) to moge pisac normalnie tylko do momentu gdy chce uzyc liter “i, o” lub cyfr 0,2,5,7, Po wcisnieciu któregokolwiek z tych znaków uruchamia sie tak jakby automatycznie backspace i zaczyna kasowac caly napisany tekst. Kasowanie tekstu moge przerwac wciskajac spacje .Problem moge obejsc uzywajac klawiatury ekranowej do wpisania tych znakow

• czasem jak otwieram jakikolwiek folder, system automatycznie cofa mnie do folderu “moj komputer”

• czasem komputer wydaje ciągly dzwiek tak jakby zablokowal sie klawisz

• ostatnio ale rzadko, kiedy wchodze na internet otwiera sie kilka tych samych stron startowych, albo kiedy uzywam netu to cofa mnie do strony startowej.

przeskanowalam komp antywirusami, jeden znalazl trojana , ktorego usunelam ale problem nie zniknął.

Pomocy, bo trace juz cierpliwosc. Dziekuje z gory za wszystkie odpowiedzi.

Agnieszka

Daj log z -----> ComboFix.

jestem w tym zielona , jak mam to zrobic? potrzebuje instrukcji krok po kroku

Logfile of HijackThis v1.99.1

Scan saved at 14:23:38, on 2008-08-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\utilman.exe

C:\WINDOWS\system32\osk.exe

C:\WINDOWS\system32\MSSWCHX.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temporary Internet Files\Content.IE5\V4TTWJMZ\hijackthis[1]\HijackThis.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM…\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” -scheduler

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [osCheck] “C:\Program Files\Norton Internet Security\osCheck.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU…\Run: [Veoh] “C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” /VeohHide

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: WirelessSelector.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan … stubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 9988385897

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL … 586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked

Zrób to co Ci podałem wyżej.Masz tam wszystko dokładnie opisane.

no wiec zrobilam wedle instrukcji i te 3 rzeczy zostaly usuniete . Powinno juz byc wszystko w porzadku? Jak tak to nie jest. No chyba ze musze komputer zrestartowac…Jest jeszcze cos co musze zrobic?

Tak.Daj log z ComboFixa…

nie moge uruchomic comboFix . mam komunkat , "you cannot rename combofix as combofix [1]… i dalej ze mam uzyc nnej nazwy

Zapisz ComboFixa tak:

Combo-Fix.exe z kreseczką pomiędzy.

Wyłącz wszystkie programy.

ComboFix 08-07-31.06 - Właściciel 2008-08-01 15:02:51.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1177 [GMT 2:00]

Running from: C:\Documents and Settings\Właściciel\Pulpit\Combo-Fix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Gość\Dane aplikacji\macromedia\Flash Player#SharedObjects\SCTZ8KQU\interclick.com

C:\Documents and Settings\Gość\Dane aplikacji\macromedia\Flash Player#SharedObjects\SCTZ8KQU\interclick.com\ud.sol

C:\Documents and Settings\Gość\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#interclick.com

C:\Documents and Settings\Gość\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#interclick.com\settings.sol

C:\Documents and Settings\Właściciel\Dane aplikacji\macromedia\Flash Player#SharedObjects\3TRH33UM\iforex.com

C:\Documents and Settings\Właściciel\Dane aplikacji\macromedia\Flash Player#SharedObjects\3TRH33UM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Właściciel\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#iforex.com

C:\Documents and Settings\Właściciel\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#iforex.com\settings.sol

C:\WINDOWS\system32\MSINET.oca

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))

.

2008-08-01 10:36 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll

2008-08-01 10:36 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB

2008-08-01 10:35 . 2008-08-01 10:35 0 --a------ C:\WINDOWS\Irremote.ini

2008-07-30 23:20 . 2008-07-30 23:20

2008-07-30 23:19 .

2008-07-30 23:19 . 2008-07-30 23:19

2008-07-27 11:52 . 2008-07-27 11:56

2008-07-26 23:03 . 2008-07-27 00:00

2008-07-25 15:56 . 2008-07-25 15:56

2008-07-25 15:35 . 2008-07-25 15:35

2008-07-25 15:35 . 2008-07-25 15:35

2008-07-25 15:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-25 15:33 . 2008-07-25 15:35

2008-07-25 15:33 . 2008-07-25 15:33

2008-07-25 15:30 . 2008-07-25 15:32

2008-07-25 02:16 . 2008-07-25 02:16

2008-07-24 23:51 . 2008-07-24 23:51

2008-07-24 23:51 . 2008-07-24 23:51

2008-07-24 01:18 . 2008-07-24 01:18

2008-07-24 01:17 . 2008-07-24 02:19

2008-07-24 01:16 . 2008-07-27 11:43

2008-07-24 01:16 . 2008-08-01 14:53

2008-07-24 01:16 . 2008-07-27 11:43 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-07-24 01:16 . 2008-07-27 11:43 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-07-24 01:16 . 2008-07-27 11:43 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-07-24 01:16 . 2008-07-27 11:43 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-07-24 01:15 . 2008-08-01 15:04

2008-07-24 00:48 . 2008-07-24 02:19

2008-07-23 23:54 . 2008-07-23 23:54

2008-07-23 23:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-23 22:59 . 2008-07-30 22:53 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-23 21:35 . 2008-08-01 10:37

2008-07-23 21:35 . 2008-08-01 10:37

2008-07-22 00:17 . 2008-07-22 00:18

2008-07-22 00:13 . 2008-07-24 01:07

2008-07-19 22:30 . 2008-07-30 02:45

2008-07-04 03:19 . 2008-07-04 03:33

2008-07-04 03:04 . 2008-07-04 03:05

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-18 13:58 --------- d-----w C:\Program Files\Gadu-Gadu

2008-07-04 01:33 --------- d-----w C:\Program Files\hasła

2008-06-26 20:39 --------- d-----w C:\Program Files\napisy do filmów

2008-06-25 14:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 20:05 --------- d-----w C:\Program Files\Picasa2

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys

2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2008-06-07 23:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus

2008-06-07 23:15 --------- d-----w C:\Program Files\AskSBar

2008-06-04 01:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Admin Inter 1 Mags

2008-05-05 10:38 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-05-08 17:01 68856]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-04-30 17:17 22058792]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2008-02-26 03:23 443968]

“Veoh”=“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” [2008-06-19 15:15 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-05-10 19:22 864256]

“TouchPadHotKey”=“C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe” [2007-08-13 13:47 364544]

“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2006-11-22 17:31 630784]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-07-09 23:33 36352]

“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2006-05-16 11:58 213936]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]

“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2008-02-14 11:01 51048]

“osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe” [2007-08-24 22:53 714608]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]

“SiSPower”=“SiSPower.dll” [2007-08-03 16:07 53248 C:\WINDOWS\system32\SiSPower.dll]

“RTHDCPL”=“RTHDCPL.EXE” [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-05-05 11:31:02 262144]

WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2008-05-05 11:31:52 650752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.ffds”= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

“C:\Program Files\LimeWire\LimeWire.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - COMHOST

.

Contents of the ‘Scheduled Tasks’ folder

.

• • • • ORPHANS REMOVED - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 15:06:26

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2008-08-01 15:09:03 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-01 13:08:58

Pre-Run: 34,653,241,344 bajtów wolnych

Post-Run: 35,083,558,912 bajt˘w wolnych

173 — E O F — 2008-07-25 00:16:32

Jest prawie czysto.

Wklej do Notatnika :

Folder::

C:\Program Files\AskSBar

>>Plik>>Zapisz jako… >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

–>

Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:** Qoobox.**

usuń folder

poza tym czysto

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

ComboFix 08-07-31.06 - Właściciel 2008-08-01 15:24:20.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1201 [GMT 2:00]

Running from: C:\Documents and Settings\Właściciel\Pulpit\Combo-Fix.exe

Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\AskSBar

C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR

C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST

C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE

C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR

C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST

C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL

C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL

C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL

C:\Program Files\AskSBar\bar\Cache\01EF52AC

C:\Program Files\AskSBar\bar\Cache\01EF6E52

C:\Program Files\AskSBar\bar\Cache\01EF9207.bin

C:\Program Files\AskSBar\bar\Cache\01EF9BCB.bin

C:\Program Files\AskSBar\bar\Cache\01EFA7B2.bin

C:\Program Files\AskSBar\bar\Cache\files.ini

C:\Program Files\AskSBar\bar\History\search2

C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm

.

((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))

.

2008-08-01 15:09 .

2008-08-01 15:09 . 2008-08-01 15:09

2008-08-01 10:36 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll

2008-08-01 10:36 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB

2008-08-01 10:35 . 2008-08-01 10:35 0 --a------ C:\WINDOWS\Irremote.ini

2008-07-30 23:20 . 2008-07-30 23:20

2008-07-30 23:19 . 2008-07-30 23:19

2008-07-30 23:19 . 2008-07-30 23:19

2008-07-30 23:19 . 2008-07-30 23:19

2008-07-27 11:55 . 2008-07-27 11:55

2008-07-27 11:55 . 2008-07-27 11:55

2008-07-27 11:52 . 2008-07-27 11:56

2008-07-27 01:17 . 2008-07-27 01:17

2008-07-27 01:17 . 2008-07-27 01:17

2008-07-26 23:03 . 2008-07-27 00:00

2008-07-25 15:56 . 2008-07-25 15:56

2008-07-25 15:56 . 2008-07-25 16:07

2008-07-25 15:36 . 2008-07-30 14:43

2008-07-25 15:35 . 2008-07-25 15:35

2008-07-25 15:35 . 2008-07-25 15:35

2008-07-25 15:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-25 15:33 . 2008-07-25 15:35

2008-07-25 15:33 . 2008-07-25 15:33

2008-07-25 15:30 . 2008-07-25 15:32

2008-07-25 02:16 . 2008-07-25 02:16

2008-07-24 23:51 . 2008-07-24 23:51

2008-07-24 23:51 . 2008-07-24 23:51

2008-07-24 01:25 . 2008-07-24 01:25

2008-07-24 01:18 . 2008-07-24 01:18

2008-07-24 01:17 . 2008-07-24 02:19

2008-07-24 01:16 . 2008-07-27 11:43

2008-07-24 01:16 . 2008-08-01 14:53

2008-07-24 01:16 . 2008-07-27 11:43 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-07-24 01:16 . 2008-07-27 11:43 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-07-24 01:16 . 2008-07-27 11:43 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-07-24 01:16 . 2008-07-27 11:43 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-07-24 01:15 . 2008-08-01 15:04

2008-07-24 00:48 . 2008-07-24 02:19

2008-07-23 23:54 . 2008-07-23 23:54

2008-07-23 23:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-23 22:59 . 2008-07-30 22:53 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-23 21:37 . 2008-07-23 21:37

2008-07-23 21:35 . 2008-08-01 10:37

2008-07-23 21:35 . 2008-08-01 10:37

2008-07-22 00:48 . 2008-07-22 00:48

2008-07-22 00:17 . 2008-07-22 00:18

2008-07-22 00:13 . 2008-07-24 01:07

2008-07-19 22:30 . 2008-07-30 02:45

2008-07-04 03:19 . 2008-07-04 03:33

2008-07-04 03:04 . 2008-07-04 03:05

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-01 13:08 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Skype

2008-08-01 13:07 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\skypePM

2008-07-18 13:58 --------- d-----w C:\Program Files\Gadu-Gadu

2008-06-26 20:39 --------- d-----w C:\Program Files\napisy do filmów

2008-06-25 14:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 20:05 --------- d-----w C:\Program Files\Picasa2

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll

2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll

2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys

2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2008-06-07 23:39 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Azureus

2008-06-07 23:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus

2008-06-04 01:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Admin Inter 1 Mags

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 10:38 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-05-08 17:01 68856]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2008-03-20 12:04 2127296]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-04-30 17:17 22058792]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24 1694208]

“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2008-02-26 03:23 443968]

“Veoh”=“C:\Program Files\Veoh Networks\Veoh\VeohClient.exe” [2008-06-19 15:15 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-05-10 19:22 864256]

“TouchPadHotKey”=“C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe” [2007-08-13 13:47 364544]

“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2006-11-22 17:31 630784]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-07-09 23:33 36352]

“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe” [2006-05-16 11:58 213936]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]

“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2008-02-14 11:01 51048]

“osCheck”=“C:\Program Files\Norton Internet Security\osCheck.exe” [2007-08-24 22:53 714608]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]

“SiSPower”=“SiSPower.dll” [2007-08-03 16:07 53248 C:\WINDOWS\system32\SiSPower.dll]

“RTHDCPL”=“RTHDCPL.EXE” [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-05-05 11:31:02 262144]

WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2008-05-05 11:31:52 650752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.ffds”= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Messenger\msmsgs.exe”=

“C:\Program Files\LimeWire\LimeWire.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - COMHOST

.

Contents of the ‘Scheduled Tasks’ folder

2008-07-23 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Właściciel.job

• C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 15:25:30

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-01 15:26:14

ComboFix-quarantined-files.txt 2008-08-01 13:26:07

ComboFix2.txt 2008-08-01 13:09:04

Pre-Run: 35,067,904,000 bajtów wolnych

Post-Run: 35,060,416,512 bajtów wolnych

184 — E O F — 2008-07-25 00:16:32

musze wyjsc z domu, reszte zalecanych rzeczy zrobie p o powrocie.dziekuje serdecznie za poswiecony czas i do uslyszenia pozniej

Ja nie widzę teraz nic podejrzanego.

Usuń ręcznie folder C:** Qoobox**,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!.

Zrób co napisałem wcześniej bez usuwania folderu

a swoją drogą nie musiałaś używać Combofixa

wystarczyło usunąć ręcznie jak pisałem

ok, przeskanowalam kasperskym on line, znalazl 1 wirusa i dwa zarazone obiekty ale nie wygenerowal raportu. Wlasnie instaluje wersje trial moze wtedy po zeskanowaniu pokaze sie raport.

nie musisz pokazywać raportu wersja trial po prostu wyleczy lub usunie te pliki

przeskanowalam on line i nawet nie znam lokalizacji tych zarazonych plikow. Jest jakis sposob zeby zobaczyc raport? wersja trial mi go pokaze?

powinno pokazać co wyleczy jak i co usunie