jazzik76
(Jazzik76)
18 Listopad 2007 19:19
#1
Witam wszystkich
Mam prośbę o sprawdzenie loga z HJT i poradę co zrobić (jestem zielony więc proszę o wyrozumiałość i “łagodny wymiar kary” )
Proszę także o pomoc jeśli coś zrobiłem żle
dziekuję wszystkim
Gutek
(Gutek)
18 Listopad 2007 21:37
#2
usuń wpis HJT
Daj log z ComboFix
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Pozdrawiam Gutek2222
jazzik76
(Jazzik76)
25 Listopad 2007 15:24
#3
Wita
zgodnie z instrukcjami wklejam loga z Combofix
ComboFix 07-11-19.3 - Agnieszka Komar 2007-11-25 16:06:14.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.222 [GMT 1:00] Running from: C:\Documents and Settings\Agnieszka Komar\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))) . 2007-11-18 20:03 2007-11-18 18:44 2007-11-18 18:44 2007-11-16 09:08 2007-11-16 09:06 2007-11-15 21:01 2007-11-15 21:01 2007-11-11 14:31 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-11 14:31 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-11 14:31 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-11 14:31 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-11 14:31 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-11 14:31 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-11 14:30 2007-11-11 14:30 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-11 14:30 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-11 07:29 2007-11-11 07:29 2007-11-11 07:28 2007-11-01 17:06 2007-10-28 18:20 2007-10-28 18:19 2007-10-28 17:28 2007-10-28 17:27 2007-10-28 17:27 42,672 --a------ C:\WINDOWS\system32\wbsys.dll 2007-10-28 17:08 2007-10-28 17:06 2007-10-28 17:06 2007-10-28 16:44 5,387 --a------ C:\WINDOWS\system32\jupdate-1.6.0_03-b05.log 2007-10-28 16:35 2007-10-28 16:33 2007-10-28 16:32 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 15:06 --------- d-----w C:\Program Files\Neostrada TP 2007-11-25 15:02 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-11-16 06:58 --------- d-----w C:\Program Files\Winamp5 2007-10-28 15:44 --------- d-----w C:\Program Files\Java 2007-10-09 03:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-02-25 16:33 1,037,312 ----a-w C:\Program Files\iview399.exe 2007-02-25 15:59 24,105,472 ----a-w C:\Program Files\Nokia_PC_Suite_682_rel_22_0_pol_web.msi 2005-09-18 17:56 3,751,820 ----a-w C:\Program Files\gg70.exe 2005-04-28 14:53 21,696,576 ----a-w C:\Program Files\AdbeRdr602_pol_full.exe 2006-07-19 17:57 56 --sh–r C:\WINDOWS\system32\1435FB8DAE.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 13:00] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [2006-02-01 16:45] “wsctf.exe”=“wsctf.exe” [] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-31 18:42] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2005-09-15 14:43] “EXPLORER.EXE”=“EXPLORER.EXE” [2007-06-13 14:23 C:\WINDOWS\explorer.exe] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2007-09-28 02:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2004-02-04 03:37 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-04 13:00 C:\WINDOWS\system32\rundll32.exe] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 11:38] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07] “Creative Mouse Software”=“C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe” [2005-01-27 11:24] “Creative Mouse Software 1”=“C:\Program Files\Creative\Input Devices\MOUSE\CTPoint.exe” [2005-02-17 13:17] “Creative Keyboard Software”=“C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe” [2005-01-27 11:24] “Creative Keyboard Software 1”=“C:\Program Files\Creative\Input Devices\Keyboard\CTType.exe” [2005-02-17 13:09] “PinnacleDriverCheck”=“C:\WINDOWS\system32\PSDrvCheck.exe” [2003-11-10 16:06] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 15:40] “iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2006-02-23 14:45] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2006-11-08 13:27] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00] “PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-11-09 17:15] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-11-16 09:06:13] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-09-23 10:10 143360 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=wbsys.dll R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{02801436-02cc-11db-bc36-000e505c10ce}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{48045bb0-53db-11db-bcf6-000e505c10ce}] \Shell\AutoRun\command - EXPLORER.EXE \Shell\explore\Command - EXPLORER.EXE \Shell\open\Command - EXPLORER.EXE *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 16:07:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-25 16:08:05 C:\ComboFix2.txt … 2007-11-25 15:41 . — E O F —
pozdrawiam
dzieki za wszystkie rady
Gutek
(Gutek)
25 Listopad 2007 16:03
#4
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.
jazzik76
(Jazzik76)
25 Listopad 2007 16:30
#5
dzieki za info zaraz sprawdze
jeszcze jedno pytanko
co moze byc przyczyna otwierania sie automatycznie dwoch okien /Moje dokumenty/ jedno na drugim po wlaczeniu kompa
avast wykryl mi wczesniej wira Win32:Detnat-AX[Wrm}
dzieki
Gutek
(Gutek)
25 Listopad 2007 21:45
#6
Ciężko powiedziec. Po wszystkim nowy log