Na pulpicie pojawiłó mi się okno Warning!


(Lordkoka) #1

Na pulpicie pojawiło mi się okno Warning! Spyware detected on your computer.

Zauważyłem nietypowe zachowanie IE , gdzie czytam komunikaty o błędach i wyłącza się także exlplorator Windows wyłącza się, komputer zawiesza się. Przeskanowałem avaste i Defenderem, bez rezultatu. Xp HE


(Spandau) #2

Pobierz Combofix przeskanuj system i daj log na forum


(Lordkoka) #3

ComboFix 08-09-14.02 - MARIA 2008-09-15 9:20:27.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.553 [GMT 2:00]

Uruchomiony z: E:\FILMY\ComboFix.exe

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

.

((((((((((((((((((((((((( Pliki utworzone od 2008-08-15 do 2008-09-15 )))))))))))))))))))))))))))))))

.

2008-09-15 09:03 . 2008-09-15 09:03

2008-09-14 22:35 . 2008-09-14 22:35 22,016 --a------ C:\WINDOWS\system32\gxpta.dll

2008-09-14 22:35 . 2008-09-14 22:35 4,710 --a------ C:\WINDOWS\system32\c.ico

2008-09-12 19:10 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-09-12 19:10 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-09-12 19:09 . 2008-09-12 20:13

2008-09-12 10:06 . 2008-09-12 10:06

2008-09-12 10:06 . 2008-09-12 10:07

2008-09-12 10:05 . 2008-09-12 10:05

2008-09-12 10:03 . 2008-09-12 10:03

2008-09-12 10:02 . 2008-09-12 10:03

2008-09-12 10:02 . 2008-09-12 10:02

2008-09-12 10:02 . 2008-09-12 10:02

2008-09-12 10:02 . 2008-09-12 10:02

2008-09-12 10:02 . 2008-09-12 10:03

2008-09-12 10:02 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-09-12 10:02 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-09-12 10:02 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys

2008-09-12 10:02 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-09-12 10:02 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-09-12 10:02 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-09-12 10:02 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-09-12 10:01 . 2008-09-12 10:01

2008-09-12 09:52 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-09-12 09:52 . 2008-04-13 20:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-09-12 09:49 . 2008-09-12 09:49 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-09-12 09:49 . 2008-09-12 09:49 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-09-10 18:21 . 2008-09-10 18:21

2008-09-09 23:39 . 2008-09-09 23:39

2008-09-09 23:08 . 2008-09-09 23:08

2008-09-09 23:08 . 2008-09-09 23:08 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS

2008-09-09 23:07 . 2008-09-09 23:09

2008-09-09 23:06 . 2008-09-09 23:06

2008-09-09 23:06 . 2008-09-09 23:06 34 --a------ C:\WINDOWS\hpfsched.ini

2008-09-09 23:05 . 2002-11-22 21:49 356,352 --------- C:\WINDOWS\system32\hphc3204.dll

2008-09-09 23:05 . 2002-11-22 21:49 50,896 -ra------ C:\WINDOWS\system32\drivers\hphid411.sys

2008-09-09 23:05 . 2002-11-22 21:49 50,276 -ra------ C:\WINDOWS\system32\drivers\hphs2k11.sys

2008-09-09 23:05 . 2002-11-22 21:49 18,928 -ra------ C:\WINDOWS\system32\drivers\hphius11.sys

2008-09-09 23:05 . 2002-11-22 21:49 16,112 -ra------ C:\WINDOWS\system32\drivers\hphipr11.sys

2008-09-09 23:05 . 2002-11-22 21:49 4,760 --------- C:\WINDOWS\hphmdl11.dat

2008-09-09 22:36 . 2008-09-09 22:36 381,460 --a------ C:\WINDOWS\system32\ll

2008-09-09 22:36 . 2008-09-09 22:36 4,343 --a------ C:\WINDOWS\system32\DOT4_002

2008-09-09 22:04 . 2008-09-15 08:55 564 --a------ C:\hpfr5550.xml

2008-09-09 21:39 . 2008-09-09 23:02

2008-09-09 21:22 . 2008-09-09 21:48

2008-09-09 21:22 . 2008-09-09 21:22

2008-09-09 21:22 . 2006-01-06 21:07 270,336 --a------ C:\WINDOWS\system32\hpzcon07.dll

2008-09-09 21:22 . 2006-01-06 21:07 208,896 --a------ C:\WINDOWS\system32\hpzcoi07.dll

2008-09-09 20:53 . 2008-04-13 20:39 206,976 --a------ C:\WINDOWS\system32\drivers\Dot4.sys

2008-09-09 20:53 . 2008-04-13 20:39 206,976 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys

2008-09-09 20:53 . 2001-10-26 16:46 23,936 --a------ C:\WINDOWS\system32\drivers\Dot4usb.sys

2008-09-09 20:53 . 2001-10-26 16:46 23,936 --a--c--- C:\WINDOWS\system32\dllcache\dot4usb.sys

2008-09-09 20:53 . 2001-08-17 21:47 12,928 --a------ C:\WINDOWS\system32\drivers\Dot4Prt.sys

2008-09-09 20:53 . 2001-08-17 21:47 12,928 --a--c--- C:\WINDOWS\system32\dllcache\dot4prt.sys

2008-09-08 18:43 . 2008-09-15 08:02

2008-09-08 18:43 . 2008-09-08 18:43 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-09-08 18:41 . 2008-09-08 18:41

2008-09-08 18:41 . 2008-09-08 18:41

2008-09-08 18:41 . 2008-09-15 09:15

2008-09-08 18:41 . 2008-09-08 18:41

2008-09-08 18:40 . 2008-09-08 18:40

2008-09-08 18:37 . 2008-09-08 18:47

2008-09-08 18:37 . 2008-09-08 18:44

2008-09-05 21:18 . 2008-09-07 19:42 424 --a------ C:\WINDOWS\zipgenius.xml

2008-09-05 21:14 . 2008-09-05 21:14

2008-09-05 07:17 . 2008-09-05 07:19

2008-09-05 07:17 . 2008-09-05 07:17

2008-09-04 20:02 . 2008-09-04 20:02

2008-09-04 20:02 . 2008-09-04 20:02

2008-09-04 20:02 . 2008-09-04 20:02

2008-09-04 20:00 . 2008-09-04 20:03

2008-09-04 19:51 . 2008-09-04 19:51

2008-09-04 19:15 . 2008-06-23 18:42 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-09-04 19:15 . 2008-06-23 18:42 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-09-04 19:14 . 2008-09-04 20:02

2008-09-04 19:14 . 2008-06-23 18:42 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-09-04 19:14 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-09-04 19:14 . 2007-03-08 07:11 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-09-04 19:14 . 2008-06-23 18:42 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-09-04 19:14 . 2008-06-23 18:42 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-09-04 19:14 . 2008-06-23 18:42 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2008-09-04 19:14 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-09-04 18:27 . 2004-08-04 00:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

2008-09-03 09:28 . 2008-09-03 09:28

2008-09-03 09:27 . 2008-09-03 09:27

2008-09-03 09:27 . 2008-09-03 09:27

2008-09-03 08:35 . 2008-09-03 08:42

2008-09-03 04:04 . 2008-09-04 12:07

2008-09-03 04:04 . 2008-09-07 18:17

2008-09-03 03:58 . 2008-09-03 03:58

2008-09-03 03:58 . 2008-09-03 03:58

2008-09-03 03:58 . 2008-09-03 03:58

2008-09-03 03:54 . 2008-09-06 07:29

2008-09-03 03:53 . 2008-09-04 06:52

2008-09-02 22:13 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-09-02 22:13 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-09-02 22:13 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-09-02 22:13 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-09-02 22:11 . 2007-08-10 20:53 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-09-02 22:11 . 2008-09-02 22:11 13,646 --a------ C:\WINDOWS\system32\wpa.bak

2008-09-02 21:59 . 2008-09-02 21:59

2008-09-02 21:59 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-09-02 21:59 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll

2008-09-02 21:59 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll

2008-09-02 21:36 . 2008-09-02 21:54 27,893,944 --a------ C:\setuppol.exe

2008-09-02 21:24 . 2008-09-12 10:05

2008-09-02 21:24 . 2008-09-02 21:24

2008-09-02 21:23 . 2008-09-02 21:33

2008-09-02 21:05 . 2001-10-26 16:57 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2008-09-02 21:05 . 2001-10-26 16:57 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys

2008-09-02 21:05 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-10 16:20 --------- d-----w C:\Program Files\Common Files\Adobe

2008-09-09 21:08 --------- d-----w C:\Documents and Settings\MARIA\Dane aplikacji\Folder przesyłania Share-to-Web

2008-09-04 19:13 --------- d-----w C:\Program Files\Google

2008-08-10 07:49 --------- d-----w C:\Program Files\microsoft frontpage

2008-08-10 07:47 --------- d-----w C:\Program Files\Usługi online

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{D80C8DC6-A525-4AE5-AAF3-A4B13105A700}]

2008-09-14 22:35 22016 --a------ C:\WINDOWS\system32\gxpta.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-10 171448]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]

"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 348160]

"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 49152]

"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AGRSMMSG"="AGRSMMSG.exe" [2005-04-19 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= msaud32_divx.acm

"vidc.tscc"= C:\PROGRA~1\MpcStar\Codecs\tscc\tsccvid.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\BitComet\BitComet.exe"=

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"16605:TCP"= 16605:TCP:BitComet 16605 TCP

"16605:UDP"= 16605:UDP:BitComet 16605 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-02-17 449344]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Zawartość folderu 'Zaplanowane zadania'

.

.

------- Skan uzupełniający -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}sourceid=ie7rls=com.microsoft:en-USie=utf8oe=utf8

R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

O8 -: Download with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 -: Download all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 -: Download all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-15 09:21:44

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2008-09-15 9:22:23

ComboFix-quarantined-files.txt 2008-09-15 07:22:20

ComboFix2.txt 2008-09-15 07:16:31

Przed: 40,125,632,512 bajt˘w wolnych

Po: 40,116,011,008 bajt˘w wolnych

213 --- E O F --- 2008-09-10 03:57:07


(Spandau) #4

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.


(Lordkoka) #5

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:30:04, on 2008-09-15

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\HPHipm11.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: GPI.ex - {D80C8DC6-A525-4AE5-AAF3-A4B13105A700} - C:\WINDOWS\system32\gxpta.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7431 bytes


(Spandau) #6

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Usuń ręcznie folder C:\Qoobox , usuń instalkę Combofix z dysku.


(Lordkoka) #7

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:01:54, on 2008-09-15

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\WINDOWS\system32\hphmon04.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\HPHipm11.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: GPI.ex - {D80C8DC6-A525-4AE5-AAF3-A4B13105A700} - C:\WINDOWS\system32\gxpta.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 7431 bytes


(Spandau) #8

Ale ja prosiłem o log z usuwania Combofix skrypt masz w poście powyżej.

Loga wklej na www.wklejto.pl a w poście daj linka


(Patryk94) #9

Sporo było już takich tematów i bez sensu zakładać kolejny!

viewtopic.php?f=16&t=238563&start=0&st=0&sk=t&sd=a


(Lordkoka) #10

http://www.wklejto.pl/10094


(Lordkoka) #11

http://www.wklejto.pl/10094


(Spandau) #12

Usuń ten plik

Jeśli nie pójdzie normalnie to w trybie awaryjnym windows

Log wygląda na czysty.

usuń folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum

lub Dr.WEB CureIt!


(Lordkoka) #13

http://www.wklejto.pl/10115


(Lordkoka) #14

http://www.wklejto.pl/10115


(huber2t) #15

Czysto

:slight_smile:


(Lordkoka) #16

Wielkie dzięki dla Spandaupol.