Czy to pozostalosc po wirusie?


(Aga Mysia) #1

witam

Na komputerach sie tak znam jak faceci na szydelkowaniu :slight_smile: Być może tu znajde rozwiazanie mojego problemu. Wiec przechodze do rzeczy. Mam Windows XP

Oto objawy:

  • nie działa klawisz backspace (a nie jest uszkodzony )

-kiedy wpisuje tekst (gdziekolwiek - GG, Google,notatnik,WordPad,itd) to moge pisac normalnie tylko do momentu gdy chce uzyc liter "i, o" lub cyfr 0,2,5,7, Po wcisnieciu któregokolwiek z tych znaków uruchamia sie tak jakby automatycznie backspace i zaczyna kasowac caly napisany tekst. Kasowanie tekstu moge przerwac wciskajac spacje .Problem moge obejsc uzywajac klawiatury ekranowej do wpisania tych znakow

  • czasem jak otwieram jakikolwiek folder, system automatycznie cofa mnie do folderu "moj komputer"

  • czasem komputer wydaje ciągly dzwiek tak jakby zablokowal sie klawisz

  • ostatnio ale rzadko, kiedy wchodze na internet otwiera sie kilka tych samych stron startowych, albo kiedy uzywam netu to cofa mnie do strony startowej.

przeskanowalam komp antywirusami, jeden znalazl trojana , ktorego usunelam ale problem nie zniknął.

Pomocy, bo trace juz cierpliwosc. Dziekuje z gory za wszystkie odpowiedzi.

Agnieszka


(Kambor4) #2

Daj log z -----> ComboFix.

:slight_smile:


(Aga Mysia) #3

jestem w tym zielona , jak mam to zrobic? potrzebuje instrukcji krok po kroku


(Aga Mysia) #4

Logfile of HijackThis v1.99.1

Scan saved at 14:23:38, on 2008-08-01

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\utilman.exe

C:\WINDOWS\system32\osk.exe

C:\WINDOWS\system32\MSSWCHX.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temporary Internet Files\Content.IE5\V4TTWJMZ\hijackthis[1]\HijackThis.exe

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O4 - Global Startup: WirelessSelector.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9988385897

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe


(Kambor4) #5

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked

Zrób to co Ci podałem wyżej.Masz tam wszystko dokładnie opisane. :slight_smile:


(Aga Mysia) #6

no wiec zrobilam wedle instrukcji i te 3 rzeczy zostaly usuniete . Powinno juz byc wszystko w porzadku? Jak tak to nie jest. No chyba ze musze komputer zrestartowac....Jest jeszcze cos co musze zrobic?


(Kambor4) #7

Tak.Daj log z ComboFixa... :slight_smile:


(Aga Mysia) #8

nie moge uruchomic comboFix . mam komunkat , "you cannot rename combofix as combofix [1]... i dalej ze mam uzyc nnej nazwy


(Kambor4) #9

Zapisz ComboFixa tak:

Combo-Fix.exe z kreseczką pomiędzy.

Wyłącz wszystkie programy.


(Aga Mysia) #10

ComboFix 08-07-31.06 - Właściciel 2008-08-01 15:02:51.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1177 [GMT 2:00]

Running from: C:\Documents and Settings\Właściciel\Pulpit\Combo-Fix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Gość\Dane aplikacji\macromedia\Flash Player#SharedObjects\SCTZ8KQU\interclick.com

C:\Documents and Settings\Gość\Dane aplikacji\macromedia\Flash Player#SharedObjects\SCTZ8KQU\interclick.com\ud.sol

C:\Documents and Settings\Gość\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#interclick.com

C:\Documents and Settings\Gość\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#interclick.com\settings.sol

C:\Documents and Settings\Właściciel\Dane aplikacji\macromedia\Flash Player#SharedObjects\3TRH33UM\iforex.com

C:\Documents and Settings\Właściciel\Dane aplikacji\macromedia\Flash Player#SharedObjects\3TRH33UM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol

C:\Documents and Settings\Właściciel\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#iforex.com

C:\Documents and Settings\Właściciel\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#iforex.com\settings.sol

C:\WINDOWS\system32\MSINET.oca

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))

.

2008-08-01 10:36 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll

2008-08-01 10:36 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB

2008-08-01 10:35 . 2008-08-01 10:35 0 --a------ C:\WINDOWS\Irremote.ini

2008-07-30 23:20 . 2008-07-30 23:20

2008-07-30 23:19 .

2008-07-30 23:19 . 2008-07-30 23:19

2008-07-27 11:52 . 2008-07-27 11:56

2008-07-26 23:03 . 2008-07-27 00:00

2008-07-25 15:56 . 2008-07-25 15:56

2008-07-25 15:35 . 2008-07-25 15:35

2008-07-25 15:35 . 2008-07-25 15:35

2008-07-25 15:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-25 15:33 . 2008-07-25 15:35

2008-07-25 15:33 . 2008-07-25 15:33

2008-07-25 15:30 . 2008-07-25 15:32

2008-07-25 02:16 . 2008-07-25 02:16

2008-07-24 23:51 . 2008-07-24 23:51

2008-07-24 23:51 . 2008-07-24 23:51

2008-07-24 01:18 . 2008-07-24 01:18

2008-07-24 01:17 . 2008-07-24 02:19

2008-07-24 01:16 . 2008-07-27 11:43

2008-07-24 01:16 . 2008-08-01 14:53

2008-07-24 01:16 . 2008-07-27 11:43 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-07-24 01:16 . 2008-07-27 11:43 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-07-24 01:16 . 2008-07-27 11:43 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-07-24 01:16 . 2008-07-27 11:43 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-07-24 01:15 . 2008-08-01 15:04

2008-07-24 00:48 . 2008-07-24 02:19

2008-07-23 23:54 . 2008-07-23 23:54

2008-07-23 23:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-23 22:59 . 2008-07-30 22:53 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-23 21:35 . 2008-08-01 10:37

2008-07-23 21:35 . 2008-08-01 10:37

2008-07-22 00:17 . 2008-07-22 00:18

2008-07-22 00:13 . 2008-07-24 01:07

2008-07-19 22:30 . 2008-07-30 02:45

2008-07-04 03:19 . 2008-07-04 03:33

2008-07-04 03:04 . 2008-07-04 03:05

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-18 13:58 --------- d-----w C:\Program Files\Gadu-Gadu

2008-07-04 01:33 --------- d-----w C:\Program Files\hasła

2008-06-26 20:39 --------- d-----w C:\Program Files\napisy do filmów

2008-06-25 14:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 20:05 --------- d-----w C:\Program Files\Picasa2

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys

2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2008-06-07 23:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus

2008-06-07 23:15 --------- d-----w C:\Program Files\AskSBar

2008-06-04 01:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Admin Inter 1 Mags

2008-05-05 10:38 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 17:01 68856]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 19:22 864256]

"TouchPadHotKey"="C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 13:47 364544]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 17:31 630784]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"SiSPower"="SiSPower.dll" [2007-08-03 16:07 53248 C:\WINDOWS\system32\SiSPower.dll]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-05-05 11:31:02 262144]

WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2008-05-05 11:31:52 650752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\Messenger\msmsgs.exe"=

"C:\Program Files\LimeWire\LimeWire.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

.

  • ORPHANS REMOVED - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/

R1 -: HKCU-Internet Settings,ProxyOverride = *.local

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 15:06:26

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2008-08-01 15:09:03 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-01 13:08:58

Pre-Run: 34,653,241,344 bajtów wolnych

Post-Run: 35,083,558,912 bajt˘w wolnych

173 --- E O F --- 2008-07-25 00:16:32


(Kambor4) #11

Jest prawie czysto.

Wklej do Notatnika :

Folder::

C:\Program Files\AskSBar

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->CFScript3.gif

Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:**** Qoobox.


(Leon$) #12

usuń folder

poza tym czysto

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html pokaż raport stronę uruchomić przez IE

:slight_smile:


(Aga Mysia) #13

ComboFix 08-07-31.06 - Właściciel 2008-08-01 15:24:20.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1201 [GMT 2:00]

Running from: C:\Documents and Settings\Właściciel\Pulpit\Combo-Fix.exe

Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\AskSBar

C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR

C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST

C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE

C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR

C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST

C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL

C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL

C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL

C:\Program Files\AskSBar\bar\Cache\01EF52AC

C:\Program Files\AskSBar\bar\Cache\01EF6E52

C:\Program Files\AskSBar\bar\Cache\01EF9207.bin

C:\Program Files\AskSBar\bar\Cache\01EF9BCB.bin

C:\Program Files\AskSBar\bar\Cache\01EFA7B2.bin

C:\Program Files\AskSBar\bar\Cache\files.ini

C:\Program Files\AskSBar\bar\History\search2

C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm

.

((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))

.

2008-08-01 15:09 .

2008-08-01 15:09 . 2008-08-01 15:09

2008-08-01 10:36 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll

2008-08-01 10:36 . 2008-06-23 17:36 773,120 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB

2008-08-01 10:35 . 2008-08-01 10:35 0 --a------ C:\WINDOWS\Irremote.ini

2008-07-30 23:20 . 2008-07-30 23:20

2008-07-30 23:19 . 2008-07-30 23:19

2008-07-30 23:19 . 2008-07-30 23:19

2008-07-30 23:19 . 2008-07-30 23:19

2008-07-27 11:55 . 2008-07-27 11:55

2008-07-27 11:55 . 2008-07-27 11:55

2008-07-27 11:52 . 2008-07-27 11:56

2008-07-27 01:17 . 2008-07-27 01:17

2008-07-27 01:17 . 2008-07-27 01:17

2008-07-26 23:03 . 2008-07-27 00:00

2008-07-25 15:56 . 2008-07-25 15:56

2008-07-25 15:56 . 2008-07-25 16:07

2008-07-25 15:36 . 2008-07-30 14:43

2008-07-25 15:35 . 2008-07-25 15:35

2008-07-25 15:35 . 2008-07-25 15:35

2008-07-25 15:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-07-25 15:33 . 2008-07-25 15:35

2008-07-25 15:33 . 2008-07-25 15:33

2008-07-25 15:30 . 2008-07-25 15:32

2008-07-25 02:16 . 2008-07-25 02:16

2008-07-24 23:51 . 2008-07-24 23:51

2008-07-24 23:51 . 2008-07-24 23:51

2008-07-24 01:25 . 2008-07-24 01:25

2008-07-24 01:18 . 2008-07-24 01:18

2008-07-24 01:17 . 2008-07-24 02:19

2008-07-24 01:16 . 2008-07-27 11:43

2008-07-24 01:16 . 2008-08-01 14:53

2008-07-24 01:16 . 2008-07-27 11:43 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-07-24 01:16 . 2008-07-27 11:43 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-07-24 01:16 . 2008-07-27 11:43 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-07-24 01:16 . 2008-07-27 11:43 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-07-24 01:15 . 2008-08-01 15:04

2008-07-24 00:48 . 2008-07-24 02:19

2008-07-23 23:54 . 2008-07-23 23:54

2008-07-23 23:54 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys

2008-07-23 22:59 . 2008-07-30 22:53 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-07-23 21:37 . 2008-07-23 21:37

2008-07-23 21:35 . 2008-08-01 10:37

2008-07-23 21:35 . 2008-08-01 10:37

2008-07-22 00:48 . 2008-07-22 00:48

2008-07-22 00:17 . 2008-07-22 00:18

2008-07-22 00:13 . 2008-07-24 01:07

2008-07-19 22:30 . 2008-07-30 02:45

2008-07-04 03:19 . 2008-07-04 03:33

2008-07-04 03:04 . 2008-07-04 03:05

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-01 13:08 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Skype

2008-08-01 13:07 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\skypePM

2008-07-18 13:58 --------- d-----w C:\Program Files\Gadu-Gadu

2008-06-26 20:39 --------- d-----w C:\Program Files\napisy do filmów

2008-06-25 14:57 --------- d-----w C:\Program Files\Common Files\Adobe

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-06-19 20:05 --------- d-----w C:\Program Files\Picasa2

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll

2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll

2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys

2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2008-06-07 23:39 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Azureus

2008-06-07 23:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus

2008-06-04 01:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Admin Inter 1 Mags

2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-05 10:38 315,392 ----a-w C:\WINDOWS\HideWin.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-08 17:01 68856]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 19:22 864256]

"TouchPadHotKey"="C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 13:47 364544]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 17:31 630784]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 23:33 36352]

"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"SiSPower"="SiSPower.dll" [2007-08-03 16:07 53248 C:\WINDOWS\system32\SiSPower.dll]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2008-05-05 11:31:02 262144]

WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2008-05-05 11:31:52 650752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\Messenger\msmsgs.exe"=

"C:\Program Files\LimeWire\LimeWire.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

2008-07-23 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Właściciel.job

  • C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-01 15:25:30

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-01 15:26:14

ComboFix-quarantined-files.txt 2008-08-01 13:26:07

ComboFix2.txt 2008-08-01 13:09:04

Pre-Run: 35,067,904,000 bajtów wolnych

Post-Run: 35,060,416,512 bajtów wolnych

184 --- E O F --- 2008-07-25 00:16:32


(Aga Mysia) #14

musze wyjsc z domu, reszte zalecanych rzeczy zrobie p o powrocie.dziekuje serdecznie za poswiecony czas i do uslyszenia pozniej


(Kambor4) #15

Ja nie widzę teraz nic podejrzanego.

Usuń ręcznie folder C:**** Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!.

:slight_smile:


(Leon$) #16

Zrób co napisałem wcześniej bez usuwania folderu

a swoją drogą nie musiałaś używać Combofixa

wystarczyło usunąć ręcznie jak pisałem

:slight_smile:


(Aga Mysia) #17

ok, przeskanowalam kasperskym on line, znalazl 1 wirusa i dwa zarazone obiekty ale nie wygenerowal raportu. Wlasnie instaluje wersje trial moze wtedy po zeskanowaniu pokaze sie raport.


(Leon$) #18

nie musisz pokazywać raportu wersja trial po prostu wyleczy lub usunie te pliki

:slight_smile:


(Aga Mysia) #19

przeskanowalam on line i nawet nie znam lokalizacji tych zarazonych plikow. Jest jakis sposob zeby zobaczyc raport? wersja trial mi go pokaze?


(Leon$) #20

powinno pokazać co wyleczy jak i co usunie

:slight_smile: