Komp wolno chodzi, wyświetla mi się jakaś strona

Skate994 · 10 Czerwiec 2007 15:08

Komp wolno chodzi, wolno się włącza, przy każdym włączeniu pokazuje się sporo wirusów, trojanów i nie wiem jak się ich pozbyć, a poza tym kilka razy dziennie wyświela mi się strona http://www.pl.errorsafe.com czy coś takiego…

proszę o sprawdzenie mi loga z hijackthis:

Logfile of HijackThis v1.99.1 Scan saved at 17:00:17, on 2007-06-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\wt\wcmdmgr.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\VIA\RAID\raid_tool.exe H:\Daemonn Tools\daemon.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe D:\Winamp\winampa.exe C:\Documents and Settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\UAService7.exe C:\WINDOWS\system32\wscntfy.exe H:\BitComet\BitComet.exe C:\DOCUME~1\Pisiorki\USTAWI~1\Temp\Katalog tymczasowy 2 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM…\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM…\Run: [DAEMON Tools] “H:\Daemonn Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [TalkAndWrite] C:\Documents and Settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM…\Run: [mav_startupmon] “C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe” O4 - HKLM…\Run: [intel system tool] C:\WINDOWS\system32\svehost.exe O4 - HKLM…\Run: [clcl6] C:\WINDOWS\system32\clcl6.exe O4 - HKLM…\Run: [i downloaded pirated Software from P2P] Rayman Raving Rabbids O4 - HKLM…\Run: [j3201237] rundll32 C:\WINDOWS\system32\j3201237.dll sook O4 - HKLM…\Run: [ApachInc] rundll32.exe “C:\WINDOWS\system32\xieygert.dll”,realset O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [Gadu-Gadu] “D:\Gadu-Gadu\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: Download all links using BitComet - res://H:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://H:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://H:\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: DirectX Service (DirectRirm) - Unknown owner - c:\windows\system32\directx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

qrczak13 · 10 Czerwiec 2007 16:39

Start > uruchom > cmd > wpisz:

sc stop DirectRirm

sc stop "Windows Log"

sc delete DirectRirm

sc delete "Windows Log"

DEL c:\windows\system32\directx.exe

DEL C:\WINDOWS\system32\nvsvcd.exe

W trybie awaryjnym użyj VundoFix, FixVundo, VirtmundoBeGone

Daj log z ComboFix.

Gutek · 10 Czerwiec 2007 18:32

Skate994 · 18 Lipiec 2007 15:46

Sory ze tak dlugo. Oto moj log z combofix :

“Pisiorki” - 2007-07-18 11:38:03 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 FAT32

((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))

2007-07-18 11:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-15 17:56 964 --a------ C:\WINDOWS\system32\occackef.dat

2007-07-15 17:56 964 --a------ C:\WINDOWS\system32\icmuq.dat

2007-07-15 17:56 964 --a------ C:\WINDOWS\system32\GLIDA3XC.dat

2007-07-15 17:56 680 --a------ C:\WINDOWS\system32\spxcoinf.dat

2007-07-15 17:56 680 --a------ C:\WINDOWS\system32\inetchmm.dat

2007-07-15 17:56 680 --a------ C:\WINDOWS\system32\iassjobe.dat

2007-07-15 17:56 299 --a------ C:\WINDOWS\system32\samsrxd.dat

2007-07-15 17:56 0 --a------ C:\WINDOWS\system32\wpdste.dat

2007-07-15 17:56 0 --a------ C:\WINDOWS\system32\browselk.dat

2007-06-30 21:34

2007-06-18 19:33

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-13 17:40:48 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE

2007-06-18 17:33:14 886 ----a-w C:\WINDOWS\eReg.dat

2007-06-11 14:14:28 13,844 ----a-w C:\WINDOWS\system32\ttmlwqwh.exe

2007-06-09 19:19:48 2,579 ----a-w C:\winupd.bat

2007-06-05 14:41:50 -------- d-----w C:\Program Files\Common Files\Invictus

2007-06-03 15:48:08 1,156 ----a-w C:\WINDOWS\mozver.dat

2007-06-03 15:44:48 0 ----a-w C:\WINDOWS\nsreg.dat

2007-06-02 18:58:58 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-05-13 07:34:36 470,229 --sh–w C:\WINDOWS\system32\rtvwa.ini2

2007-05-12 18:57:46 584,160 --sh–w C:\WINDOWS\system32\rtvwa.bak2

2007-05-12 10:07:48 583,883 --sh–w C:\WINDOWS\system32\rtvwa.bak1

2007-04-21 17:56:10 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL

2006-10-07 18:54:40 390,023 --sha-r C:\Program Files\wunauclt.zip

2006-10-07 18:54:40 390,023 --sha-r C:\Program Files\wunauclt.tbe

2006-10-06 12:08:34 76 —ha-w C:\Program Files\Desktop.ini

2006-08-27 13:38:28 1,015,973 --sha-r C:\Program Files\serial.zip

2006-08-27 13:38:28 1,015,973 --sha-r C:\Program Files\serial.tde

2006-08-27 13:19:52 56,239 ----a-w C:\Program Files\svchosts.tbe

2006-04-29 18:58:28 56 --sh–r C:\WINDOWS\system32\307E0A2C73.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

2006-12-18 17:30 726568 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

2007-01-11 16:05 386624 --a------ H:\BitComet\tools\BitCometBHO.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{59FFC617-F9DC-4436-A1AB-7DBDF34295C8}]

C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

2007-05-28 09:03 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{C333CF63-767F-4831-94AC-E683D962C63C}]

2004-08-24 23:18 49152 --a------ C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2005-01-16 15:31]

“Cmaudio”=“cmicnfg.cpl” []

“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-05-24 21:05]

“RaidTool”=“C:\Program Files\VIA\RAID\raid_tool.exe” [2005-06-20 12:53]

“DAEMON Tools”=“H:\Daemonn Tools\daemon.exe” [2005-12-10 16:57]

“RegistryMechanic”="" []

“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe” [2007-04-21 09:22]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]

“WinampAgent”=“D:\Winamp\winampa.exe” [2007-02-13 19:29]

“NWEReboot”="" []

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 16:40]

“TalkAndWrite”=“C:\Documents and Settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe” [2007-03-28 20:47]

“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2006-02-08 16:40]

“I downloaded pirated Software from P2P”=“Rayman Raving Rabbids” []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]

“STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2004-10-04 20:35]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-12-18 17:46]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-05-28 09:03]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-06-01 13:32]

“Gadu-Gadu”=“D:\Gadu-Gadu\Gadu-Gadu\gg.exe” [2007-04-17 23:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtr]

C:\WINDOWS\system32\awvtr.dll

Contents of the ‘Scheduled Tasks’ folder

2007-05-23 12:03:08 C:\WINDOWS\tasks\At1.job

2007-05-23 12:03:10 C:\WINDOWS\tasks\At2.job

2007-05-23 12:03:10 C:\WINDOWS\tasks\At3.job

2007-05-23 12:06:24 C:\WINDOWS\tasks\At4.job

2007-05-23 12:06:24 C:\WINDOWS\tasks\At5.job

2007-05-23 12:06:26 C:\WINDOWS\tasks\At6.job

2007-05-23 12:07:44 C:\WINDOWS\tasks\At7.job

2007-05-23 12:07:44 C:\WINDOWS\tasks\At8.job

2007-05-23 12:07:44 C:\WINDOWS\tasks\At9.job

2007-05-23 12:08:26 C:\WINDOWS\tasks\At10.job

2007-05-23 12:08:26 C:\WINDOWS\tasks\At11.job

2007-05-23 12:08:26 C:\WINDOWS\tasks\At12.job

2007-05-23 12:13:14 C:\WINDOWS\tasks\At13.job

2007-05-23 12:13:16 C:\WINDOWS\tasks\At14.job

2007-05-23 12:13:16 C:\WINDOWS\tasks\At15.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-18 11:39:53

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-18 11:40:37

C:\ComboFix-quarantined-files.txt … 2007-07-18 11:40

— E O F —

Gutek · 18 Lipiec 2007 17:58

Usuń wszystki C:\WINDOWS\tasks\At… ale użyj w trybie awaryjnym VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone + nowy log z Combofix-a