Mozilla Wyskakujace STRONY!

jony8988 · 8 Sierpień 2009 14:56

Witam , kiedys korzystałem z Internet explorer i miałem problem z wyskakujacymi “stronami” ! tzn wlanczam np google cos tam jeszcze i nagle włanczaja sie PORNOSY wylanczam za chwile tak samo i tak pare razy dziennie sie działo , postanowiłem ze przeide na mozille i ustawiłem ja jako domyślna(głowna) przegladarkę i myślalem ze kiedy zmienie przegladarke na mozille to problem ustapi ale po paru dniach znowu to samo i jeszcze gorzej wlanczam system i wlancza sie mozilla i jakies na niej pornole i zaraz sie wylancza ;/ zaraz znowu sie wlancza i wylancza i tak kilka dziesiat razy , jak daje na menadżer zadan to widze w procesach Firefox.exe i usuwam i zaraz sie znowu pojawia w procesach i mi sie pojawia na ekranie i nietylko kiedy wlanczam system ale gdy np gram w cos albo chodze po necie i zaraz to co napisalem szlak trafia bo wrzystko sie wlancza i wylancza nawed teraz kiedy to pisałem zaczelo mi skakac po ekranie i wylonczylo wrzystkie strony ale jak usunolem z procesow i wlonczylem mozille od nowa SAM to tekst sie nieskasowal )) chociaz to … a i gdy włanczam system pojawia sie komunikat avmon.exe i czy go uruchomic czy anulowac , JAK ZNA KTOS ROZWIAZANIE TO PROSZE O ODP

PascalHP · 8 Sierpień 2009 15:05

Daj logi z Combofix i HiJack This

chat · 8 Sierpień 2009 15:07

Rozwiązanie: Uruchom program antywirusowy. Nałapałeś świństw.

jony8988 · 8 Sierpień 2009 15:23

mam avasta … i caly czas chodzi a zrobiles to co kazał pascalHP i niema ani tych okienek ani jeszcze okna przy starcie avmon.com … bo było a oto logi

Combofix:

ComboFix 09-08-07.09 - Admin 2009-08-08 17:13.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.959.465 [GMT 2:00]

Uruchomiony z: d:\pobrane pliki

AV: avast! antivirus 4.8.1335 [VPS 090807-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\documents and settings\Admin\Dane aplikacji\BITS

c:\documents and settings\Admin\Dane aplikacji\BITS\BITS.ini

c:\documents and settings\Admin\Dane aplikacji\BITS\DHTTable.dat

c:\documents and settings\Admin\Dane aplikacji\BITS\ProxyList.ini

c:\documents and settings\Admin\Dane aplikacji\BITS\UPnP.ini

c:\program files\FlashGet Network

c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log

c:\program files\FlashGet Network\FlashGet universal\fgoption.ini

c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini

c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini

c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini

c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat

c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat

c:\program files\FlashGet Network\FlashGet universal\transaction.log

D:\autorun.inf

.

((((((((((((((((((((((((( Pliki utworzone od 2009-07-08 do 2009-08-08 )))))))))))))))))))))))))))))))

.

2009-08-08 15:09 . 2009-08-08 15:09 -------- d-----w- c:\program files\Trend Micro

2009-08-07 16:22 . 2009-08-07 16:22 737280 ----a-w- c:\windows\iun6002.exe

2009-08-07 16:22 . 2009-08-07 16:33 -------- d-----w- c:\program files\Tweak-XP Pro 4

2009-08-07 16:02 . 2009-08-07 16:02 -------- d-----w- C:\PULPIT

2009-08-07 12:32 . 2009-08-07 12:32 -------- d-----w- c:\program files\AMT

2009-08-06 11:54 . 2009-08-06 11:54 -------- d-----w- c:\program files\Microsoft Games

2009-08-06 11:33 . 2009-07-06 20:44 937984 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\o4b6hj7v.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2009-08-06 11:33 . 2009-07-06 20:44 65536 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\o4b6hj7v.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2009-08-06 11:33 . 2009-07-06 20:44 4722688 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\o4b6hj7v.default\extensions\piclens@cooliris.com\libs\cooliris19.dll

2009-08-06 11:33 . 2009-07-06 20:44 106496 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\o4b6hj7v.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2009-08-06 11:33 . 2009-07-06 20:44 103424 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\o4b6hj7v.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2009-08-06 11:33 . 2009-07-06 20:44 344064 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\o4b6hj7v.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2009-08-05 21:27 . 2009-08-05 21:27 -------- d-----w- c:\program files\Ares

2009-08-02 16:47 . 2009-08-02 17:01 -------- d-----w- c:\program files\Counter-Strike 1.6

2009-08-01 14:42 . 2009-08-08 14:47 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Hamachi

2009-08-01 14:42 . 2009-08-01 14:42 -------- d-----w- c:\program files\Hamachi

2009-08-01 14:42 . 2009-08-01 14:42 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-07-31 07:46 . 2009-07-31 07:46 -------- d-----w- c:\program files\Defraggler

2009-07-31 07:09 . 2009-07-31 07:09 -------- d-----w- c:\program files\Lavalys

2009-07-30 14:34 . 2000-02-08 07:44 172032 ----a-w- c:\windows\system32\cncs32.dll

2009-07-30 14:34 . 2009-07-30 14:35 -------- d-----w- C:\GFactory

2009-07-30 13:53 . 2009-07-31 07:31 -------- d-----w- c:\program files\Selteco

2009-07-30 13:01 . 2002-01-01 01:28 860211 --s-a-w- c:\windows\system32\XSIFtk-3.6.2.1.dll

2009-07-30 13:01 . 2009-07-30 13:01 -------- d-----w- c:\program files\NaturalMotion

2009-07-30 12:25 . 2009-08-02 09:39 75776 --sh–r- C:\vshost.exe

2009-07-29 21:42 . 2009-07-30 20:50 -------- d-----w- c:\program files\Scratch

2009-07-29 18:56 . 2009-07-29 18:56 -------- d-----w- c:\documents and settings\NetworkService\Dane aplikacji\Xfire

2009-07-29 12:28 . 2009-07-29 12:28 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Kamuse

2009-07-29 10:01 . 2009-07-15 15:17 941568 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Qrix\GG8+\v1\gg8.exe

2009-07-29 10:01 . 2009-06-22 18:37 205 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Qrix\GG8+\v1\ok.bat

2009-07-29 10:01 . 2009-07-29 10:01 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Qrix

2009-07-28 22:19 . 2009-07-28 22:19 -------- d-----w- C:\toolbar

2009-07-28 22:19 . 2009-07-28 22:19 -------- d-----w- C:\rssnews

2009-07-28 22:06 . 2009-07-29 09:45 -------- d-----w- c:\program files\Gadu-Gadu

2009-07-28 18:26 . 2009-07-28 18:26 -------- d–h--w- c:\windows\PIF

2009-07-28 16:41 . 2009-08-07 16:21 -------- d-----w- C:\Downloads

2009-07-28 16:39 . 2009-07-28 16:39 -------- d-----w- C:\profiles

2009-07-28 14:28 . 2009-07-28 14:28 -------- d–h--w- c:\windows\system32\GroupPolicy

2009-07-28 14:20 . 2009-07-28 14:20 65109 ----a-w- c:\windows\BricoPackUninst.cmd

2009-07-28 14:18 . 2009-07-28 14:20 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd

2009-07-28 14:18 . 2009-07-28 14:18 -------- d-----w- c:\windows\BricoPacks

2009-07-28 13:22 . 2004-04-22 08:57 62848 ----a-w- c:\windows\system32\drivers\rt2400.sys

2009-07-28 13:22 . 2003-12-17 10:10 110592 ----a-w- c:\windows\system32\AegisI5.exe

2009-07-28 13:22 . 2003-09-03 08:12 86016 ----a-w- c:\windows\system32\install.dll

2009-07-28 13:22 . 2003-08-29 13:55 28672 ----a-w- c:\windows\system32\CCS24.exe

2009-07-28 13:22 . 2003-06-24 09:22 32768 ----a-w- c:\windows\system32\SmartInstallCfg2.dll

2009-07-28 13:22 . 2003-05-21 08:17 45056 ----a-w- c:\windows\system32\DEDriverDLL.dll

2009-07-28 13:22 . 2002-05-24 07:44 36864 ----a-w- c:\windows\system32\WRLSetup.exe

2009-07-28 13:18 . 2009-07-28 13:18 -------- d-----w- c:\program files\Network Stumbler

2009-07-27 15:36 . 2009-07-27 15:37 -------- d-----w- c:\program files\SubEdit-Player

2009-07-26 16:05 . 2009-07-26 16:05 -------- d-----w- c:\program files\Common Files\xing shared

2009-07-26 16:05 . 2009-07-26 16:05 -------- d-----w- c:\program files\Real

2009-07-26 16:05 . 2009-07-26 16:05 -------- d-----w- c:\program files\Common Files\Real

2009-07-26 15:57 . 2009-07-30 20:51 -------- d-----w- c:\program files\Total Video Converter

2009-07-26 13:59 . 2004-08-03 22:44 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-07-25 22:36 . 2009-08-08 12:17 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\Ares

2009-07-25 16:23 . 2008-07-18 13:23 732888 ----a-r- c:\windows\system32\drivers\cfosspeed.sys

2009-07-25 16:23 . 2009-08-08 15:16 -------- d-----w- c:\program files\cFosSpeed

2009-07-25 16:23 . 2008-07-18 13:23 290008 ----a-w- c:\windows\system32\cfosspeed.dll

2009-07-25 14:37 . 2009-07-25 14:37 -------- d-----w- c:\windows\system32\LogFiles

2009-07-22 11:46 . 2009-07-22 11:46 -------- d-----w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\ApplicationHistory

2009-07-22 11:46 . 2009-07-22 11:46 130 ----a-w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2009-07-22 11:42 . 2009-07-22 11:42 -------- d-----w- c:\program files\San Andreas Mod Installer

2009-07-22 11:42 . 2009-07-22 11:42 -------- d-----w- c:\windows\San Andreas Mod Installer

2009-07-22 11:02 . 2009-07-22 11:02 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2009-07-17 16:39 . 2009-07-17 16:39 -------- d-----w- C:\NVIDIA

2009-07-17 16:05 . 2009-07-17 16:05 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-07-14 08:40 . 2009-07-14 08:40 11264 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu_userdata\npgg.1.dll

2009-07-13 18:04 . 2009-07-13 18:04 -------- d-----w- c:\windows\Sun

2009-07-13 17:56 . 2009-07-13 17:56 -------- d-----w- c:\program files\CCleaner

2009-07-13 16:51 . 2009-07-13 16:51 1439792 --sh–w- C:\avmon.com

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-31 07:37 . 2009-06-15 11:47 -------- d-----w- c:\program files\Google

2009-07-31 07:32 . 2009-07-05 20:43 -------- d-----w- c:\program files\Ganymede

2009-07-31 07:24 . 2007-08-29 16:40 -------- d-----w- c:\program files\Realtek

2009-07-29 18:39 . 2007-08-29 16:30 -------- d–h--w- c:\program files\InstallShield Installation Information

2009-07-29 10:02 . 2009-06-11 19:20 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu

2009-07-28 20:50 . 2007-08-29 16:27 92576 ----a-w- c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-07-28 14:20 . 2004-08-03 22:44 219648 ----a-w- c:\windows\system32\uxtheme.dll

2009-07-28 13:53 . 2007-10-25 09:01 -------- d-----w- c:\program files\Winamp

2009-07-26 17:15 . 2009-07-05 20:46 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\GanymedeNet

2009-07-25 12:43 . 2001-10-26 18:15 80444 ----a-w- c:\windows\system32\perfc015.dat

2009-07-25 12:43 . 2001-10-26 18:15 461026 ----a-w- c:\windows\system32\perfh015.dat

2009-07-24 18:45 . 2007-10-25 09:49 -------- d-----w- c:\program files\Image-Line

2009-07-24 18:44 . 2007-10-25 09:49 -------- d-----w- c:\program files\VstPlugins

2009-07-22 11:25 . 2007-10-25 09:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-07-09 10:00 . 2009-07-07 10:28 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji.ABC

2009-07-05 15:44 . 2009-07-05 15:44 232846 ----a-w- c:\windows\Little_Fighter_2_Toolbar_Uninstaller_5343.exe

2009-07-03 20:09 . 2009-07-03 20:09 223601 ----a-w- c:\windows\Little_Fighter_2_Toolbar_Uninstaller_7187.exe

2009-06-29 10:36 . 2009-06-29 10:36 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\AdobeUM

2009-06-21 06:46 . 2007-08-29 16:37 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-06-13 13:27 . 2009-06-13 13:27 -------- d-----w- c:\documents and settings\Admin\Dane aplikacji\Apple Computer

2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll

2009-06-10 04:03 . 2009-06-10 04:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll

2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin

2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-06-10 04:03 . 2007-08-29 16:38 457248 ----a-w- c:\windows\system32\nvudisp.exe

2009-06-10 04:03 . 2006-10-31 06:35 9998336 ----a-w- c:\windows\system32\nvoglnt.dll

2009-06-10 04:03 . 2006-10-31 06:35 815104 ----a-w- c:\windows\system32\nvapi.dll

2009-06-10 04:03 . 2006-10-31 06:35 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2009-06-10 04:03 . 2006-10-31 06:35 5908608 ----a-w- c:\windows\system32\nv4_disp.dll

2009-06-10 04:03 . 2006-10-31 06:35 151552 ----a-w- c:\windows\system32\nvcodins.dll

2009-06-10 04:03 . 2006-10-31 06:35 151552 ----a-w- c:\windows\system32\nvcod.dll

2009-05-28 09:23 . 2009-05-28 09:23 42088 ----a-w- c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll

2008-07-25 08:31 . 2009-07-28 16:43 28672 ----a-w- c:\program files\mozilla firefox\components\flashgetXpi.dll

.

------- Sigcheck -------

[-] 2004-08-03 22:44 693248 7D46293106E58CA7878509CCC4071F2F c:\windows\system32\wininet.dll

[-] 2004-08-03 22:44 693248 7D46293106E58CA7878509CCC4071F2F c:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 22:44 975872 196C130D31317FE53DE984220B5E13B9 c:\windows\explorer.exe

[-] 2004-08-03 22:44 975872 196C130D31317FE53DE984220B5E13B9 c:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:44 101888 6DB9EBC8D26603F3B04C7C2809AAF935 c:\windows\system32\wuauclt.exe

[-] 2004-08-03 22:44 101888 6DB9EBC8D26603F3B04C7C2809AAF935 c:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 22:44 3444224 D1CB75D30E0FFA5E1A378CDE9A8FA442 c:\windows\system32\mshtml.dll

[-] 2004-08-03 22:44 3444224 D1CB75D30E0FFA5E1A378CDE9A8FA442 c:\windows\system32\dllcache\mshtml.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-07-26 39408]

“ares”=“c:\program files\Ares\Ares.exe” [2009-02-03 1004544]

“BlockAds”=“c:\program files\Tweak-XP Pro 4\AdBlocker.exe” [2004-09-28 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]

“QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2007-04-27 282624]

“cFosSpeed”=“c:\program files\cFosSpeed\cFosSpeed.exe” [2008-07-18 867544]

“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2009-07-26 198160]

“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2007-08-20 16384512]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]

c:\documents and settings\Admin\Menu Start\Programy\Autostart\

hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-8-1 625952]

RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Acrobat Speed Launcher.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Acrobat Speed Launcher.lnk

backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Bonjour\mDNSResponder.exe”=

“c:\Program Files\Electric Rain\Swift 3D\Version 4.50\Program\Swift3D.exe”=

“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“d:\Metin2_PL\metin2.bin”=

“c:\Program Files\Counter-Strike 1.6\hl.exe”=

“c:\Program Files\Counter-Strike 1.6\cstrike.exe”=

“d:\Piotrek\gry\LF2_v1.9c\lf2.exe”=

“d:\Piotrek\gry\LF2_v1.9c1\lf2.exe”=

“c:\Program Files\ABC\abc.exe”=

“d:\Bartek\lf3\Little Fighter 3 v3.6.exe”=

“d:\Bartek\LF2_v2.0\lf2.exe”=

“c:\Program Files\Ares\Ares.exe”=

“c:\WINDOWS\system32\ftp.exe”=

“c:\Program Files\Microsoft Games\Age of Empires II\empires2.exe”=

“c:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe”=

“c:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Kamuse\KCSTrayDownloader\KCSTrayDownloaderEngine.exe”=

“c:\WINDOWS\system32\dplaysvr.exe”=

“c:\Program Files\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“27015:TCP”= 27015:TCP:cs

“27016:TCP”= 27016:TCP:cs

“4:UDP”= 4:UDP:ss

“56991:TCP”= 56991:TCP:asdasdasd

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2007-12-18 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2007-12-18 20560]

R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [2002-01-25 20480]

S3 vtany;vtany;??\c:\windows\vtany.sys – c:\windows\vtany.sys [?]

S3 xhunter1;xhunter1;??\c:\windows\xhunter1.sys – c:\windows\xhunter1.sys [?]

.

------- Skan uzupełniający -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=proxy.faith.pl:8080;https=proxy.faith.pl:8080

uInternet Settings,ProxyOverride = ;*.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Pobierz wszystko przez FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

IE: Pobrane przez FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Konwertuj do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konwertuj miejsce docelowe łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konwertuj wybrane łącza do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konwertuj wybrane łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Konwertuj zaznaczenie do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj zaznaczenie do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\o4b6hj7v.default\

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: network.proxy.http - proxy.faith.pl

FF - prefs.js: network.proxy.http_port - 8080

FF - prefs.js: network.proxy.type - 1

FF - component: c:\program files\Mozilla Firefox\components\flashgetXpi.dll

FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

FF - plugin: c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu_userdata\npgg.1.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.enforce_same_site_origin”, false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.cache_size”, 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.ogg.enabled”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.wave.enabled”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.autoplay.enabled”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.urlbar.autocomplete.enabled”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“capability.policy.mailnews.*.wholeText”, “noAccess”);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.storage.default_quota”, 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“content.sink.event_probe_rate”, 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.http.prompt-temp-redirect”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“layout.css.dpi”, -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“layout.css.devPixelsPerPx”, -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“gestures.enable_single_finger_input”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.max_chrome_script_run_time”, 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.tcp.sendbuffer”, 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“geo.enabled”, true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.remember_cert_checkbox_default_setting”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr”, “moz35”);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-cjkt”, “moz35”);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.blocklist.level”, 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.restrict.typed”, “~”);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.default.behavior”, 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.history”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.formdata”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.passwords”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.downloads”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.cookies”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.cache”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.sessions”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.offlineApps”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.siteSettings”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.history”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.formdata”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.passwords”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.downloads”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.cookies”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.cache”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.sessions”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.offlineApps”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.siteSettings”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.sanitize.migrateFx3Prefs”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.ssl_override_behavior”, 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“security.alternate_certificate_error_page”, “certerror”);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.privatebrowsing.autostart”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.privatebrowsing.dont_prompt_on_enter”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“geo.wifi.uri”, “https://www.google.com/loc/json”);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-08 17:16

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

“ImagePath”=“c:\apache\mysql\bin\mysqld-nt MySQL”

.

Czas ukończenia: 2009-08-08 17:17

ComboFix-quarantined-files.txt 2009-08-08 15:17

Przed: 4 407 422 976 bajtów wolnych

Po: 4 391 866 368 bajtów wolnych

306

ORAZ HIja cos tam :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:11:28, on 2009-08-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\cFosSpeed\cFosSpeed.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\DOCUME~1\Admin\USTAWI~1\Temp\svchost32.exe

C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

c:\apache\Apache.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\cFosSpeed\spd.exe

c:\apache\Apache.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\apache\mysql\bin\mysqld-nt.exe

c:\apache\APACHE.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\system32\CF15378.exe

C:\ComboFix\ComboFix-Download.cfexe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.faith.pl:8080;https=proxy.faith.pl:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Admin\USTAWI~1\Temp\vshost32.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [1] c:\avmon.com

O4 - HKLM…\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [Windows Workstation] C:\DOCUME~1\Admin\USTAWI~1\Temp\svchost32.exe

O4 - HKCU…\Run: [ares] “C:\Program Files\Ares\Ares.exe” -h

O4 - HKCU…\Run: [blockAds] “C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe”

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe

O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe

O8 - Extra context menu item: Pobierz wszystko przez FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm

O8 - Extra context menu item: Pobrane przez FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm

O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Apache - Unknown owner - c:\apache\Apache.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MySQL - Unknown owner - C:\apache\mysql\bin\mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE

–

End of file - 8784 bytes

Leon1 · 8 Sierpień 2009 19:50

usuń HijackThisem >> Fix checked

Wyłącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

JNJN · 9 Sierpień 2009 08:10

Popraw błędy i używaj polskich znaków, opcja EDYTUJ. JNJN