Komp wolno chodzi, wyświetla mi się jakaś strona


(Skate994) #1

Komp wolno chodzi, wolno się włącza, przy każdym włączeniu pokazuje się sporo wirusów, trojanów i nie wiem jak się ich pozbyć, a poza tym kilka razy dziennie wyświela mi się strona http://www.pl.errorsafe.com czy coś takiego...

proszę o sprawdzenie mi loga z hijackthis:


(qrczak13) #2

Start > uruchom > cmd > wpisz:

sc stop DirectRirm

sc stop "Windows Log"

sc delete DirectRirm

sc delete "Windows Log"

DEL c:\windows\system32\directx.exe

DEL C:\WINDOWS\system32\nvsvcd.exe

W trybie awaryjnym użyj VundoFix, FixVundo, VirtmundoBeGone

Daj log z ComboFix.


(Gutek) #3

(Skate994) #4

Sory ze tak dlugo. Oto moj log z combofix :

"Pisiorki" - 2007-07-18 11:38:03 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 FAT32

((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))

2007-07-18 11:07 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-15 17:56 964 --a------ C:\WINDOWS\system32\occackef.dat

2007-07-15 17:56 964 --a------ C:\WINDOWS\system32\icmuq.dat

2007-07-15 17:56 964 --a------ C:\WINDOWS\system32\GLIDA3XC.dat

2007-07-15 17:56 680 --a------ C:\WINDOWS\system32\spxcoinf.dat

2007-07-15 17:56 680 --a------ C:\WINDOWS\system32\inetchmm.dat

2007-07-15 17:56 680 --a------ C:\WINDOWS\system32\iassjobe.dat

2007-07-15 17:56 299 --a------ C:\WINDOWS\system32\samsrxd.dat

2007-07-15 17:56 0 --a------ C:\WINDOWS\system32\wpdste.dat

2007-07-15 17:56 0 --a------ C:\WINDOWS\system32\browselk.dat

2007-06-30 21:34

2007-06-18 19:33

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-13 17:40:48 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE

2007-06-18 17:33:14 886 ----a-w C:\WINDOWS\eReg.dat

2007-06-11 14:14:28 13,844 ----a-w C:\WINDOWS\system32\ttmlwqwh.exe

2007-06-09 19:19:48 2,579 ----a-w C:\winupd.bat

2007-06-05 14:41:50 -------- d-----w C:\Program Files\Common Files\Invictus

2007-06-03 15:48:08 1,156 ----a-w C:\WINDOWS\mozver.dat

2007-06-03 15:44:48 0 ----a-w C:\WINDOWS\nsreg.dat

2007-06-02 18:58:58 737,280 ----a-w C:\WINDOWS\iun6002.exe

2007-05-13 07:34:36 470,229 --sh--w C:\WINDOWS\system32\rtvwa.ini2

2007-05-12 18:57:46 584,160 --sh--w C:\WINDOWS\system32\rtvwa.bak2

2007-05-12 10:07:48 583,883 --sh--w C:\WINDOWS\system32\rtvwa.bak1

2007-04-21 17:56:10 47,104 ----a-w C:\WINDOWS\system32\KMVIDC32.DLL

2006-10-07 18:54:40 390,023 --sha-r C:\Program Files\wunauclt.zip

2006-10-07 18:54:40 390,023 --sha-r C:\Program Files\wunauclt.tbe

2006-10-06 12:08:34 76 ---ha-w C:\Program Files\Desktop.ini

2006-08-27 13:38:28 1,015,973 --sha-r C:\Program Files\serial.zip

2006-08-27 13:38:28 1,015,973 --sha-r C:\Program Files\serial.tde

2006-08-27 13:19:52 56,239 ----a-w C:\Program Files\svchosts.tbe

2006-04-29 18:58:28 56 --sh--r C:\WINDOWS\system32\307E0A2C73.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

2006-12-18 17:30 726568 --a------ C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]

2007-01-11 16:05 386624 --a------ H:\BitComet\tools\BitCometBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{59FFC617-F9DC-4436-A1AB-7DBDF34295C8}]

C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]

2007-01-19 23:55 2403392 -ra------ c:\program files\google\googletoolbar4.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

2007-05-28 09:03 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{C333CF63-767F-4831-94AC-E683D962C63C}]

2004-08-24 23:18 49152 --a------ C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-16 15:31]

"Cmaudio"="cmicnfg.cpl" []

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05]

"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 12:53]

"DAEMON Tools"="H:\Daemonn Tools\daemon.exe" [2005-12-10 16:57]

"RegistryMechanic"="" []

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 09:22]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"WinampAgent"="D:\Winamp\winampa.exe" [2007-02-13 19:29]

"NWEReboot"="" []

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]

"TalkAndWrite"="C:\Documents and Settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe" [2007-03-28 20:47]

"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 16:40]

"I downloaded pirated Software from P2P"="Rayman Raving Rabbids" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]

"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2004-10-04 20:35]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:46]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 09:03]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]

"Gadu-Gadu"="D:\Gadu-Gadu\Gadu-Gadu\gg.exe" [2007-04-17 23:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtr]

C:\WINDOWS\system32\awvtr.dll

Contents of the 'Scheduled Tasks' folder

2007-05-23 12:03:08 C:\WINDOWS\tasks\At1.job

2007-05-23 12:03:10 C:\WINDOWS\tasks\At2.job

2007-05-23 12:03:10 C:\WINDOWS\tasks\At3.job

2007-05-23 12:06:24 C:\WINDOWS\tasks\At4.job

2007-05-23 12:06:24 C:\WINDOWS\tasks\At5.job

2007-05-23 12:06:26 C:\WINDOWS\tasks\At6.job

2007-05-23 12:07:44 C:\WINDOWS\tasks\At7.job

2007-05-23 12:07:44 C:\WINDOWS\tasks\At8.job

2007-05-23 12:07:44 C:\WINDOWS\tasks\At9.job

2007-05-23 12:08:26 C:\WINDOWS\tasks\At10.job

2007-05-23 12:08:26 C:\WINDOWS\tasks\At11.job

2007-05-23 12:08:26 C:\WINDOWS\tasks\At12.job

2007-05-23 12:13:14 C:\WINDOWS\tasks\At13.job

2007-05-23 12:13:16 C:\WINDOWS\tasks\At14.job

2007-05-23 12:13:16 C:\WINDOWS\tasks\At15.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-18 11:39:53

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-18 11:40:37

C:\ComboFix-quarantined-files.txt ... 2007-07-18 11:40

--- E O F ---


(Gutek) #5

Usuń wszystki C:\WINDOWS\tasks\At........ ale użyj w trybie awaryjnym VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone + nowy log z Combofix-a