Jakos nigdy nie mialem czasu skanowac kompa (nie znam sie na tym :/) Chcialbym zebyscie obejzyli logi.
Logfile of HijackThis v1.99.1 Scan saved at 16:25:44, on 2007-03-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\windows\services.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\SmartCom\RTEGPRS.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Tibia\Tibia.exe C:\Program Files\Tibia\Tibia.exe C:\Documents and Settings\K\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing) O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [services] C:\windows\services.exe O4 - HKLM…\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [Dbsl] “C:\PROGRA~1\STEM~1\wuauclt.exe” -vt ndrv O4 - HKCU…\Run: [AXVenore] “C:\Program Files\AXVenore\AXVenore.exe” O4 - HKCU…\Run: [PECarlin] “C:\Program Files\PECarlin\PECarlin.exe” O4 - HKCU…\Run: [Jrqfen] C:\WINDOWS\system32\s?stem32\i?xplore.exe O4 - HKCU…\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe O4 - HKCU…\Run: [288f2d44.exe] C:\Documents and Settings\K\Ustawienia lokalne\Dane aplikacji\288f2d44.exe O4 - HKCU…\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU…\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [RTEGPRS] “C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: ClearIP.lnk = C:\Program Files\ClearIP\IpMon.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-738B1E346E99} - C:\Program Files\SDVita\SDVita.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
3 linikja od góry
C:\WINDOWS\system32\services.exe
W internecie patrzylem ze to grozny wirus … Pomozcie!
PS.Mam firefox mozille.Znacie ta gr http://www.tibia.com nie chce mi sie otwierac
Logfile of HijackThis v1.99.1 Scan saved at 17:21:38, on 2007-03-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\windows\services.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Common Files\SmartCom\RTEGPRS.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\K\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [services] C:\windows\services.exe O4 - HKLM…\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [Dbsl] “C:\PROGRA~1\STEM~1\wuauclt.exe” -vt ndrv O4 - HKCU…\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [RTEGPRS] “C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Proszę o przejrzenie loga.
Gutek
10 Maj 2007 17:22
#4
Użyj Pocket Killbox Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki
C:\WINDOWS\System32\0mcamcap.exe
C:\windows\services.exe i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
Logfile of HijackThis v1.99.1 Scan saved at 19:57:15, on 2007-03-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\SmartCom\RTEGPRS.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\K\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [services] C:\windows\services.exe O4 - HKLM…\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [Dbsl] “C:\PROGRA~1\STEM~1\wuauclt.exe” -vt ndrv O4 - HKCU…\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [RTEGPRS] “C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Proszę o sprawdzenie.
Skasowalem to szajstwo.
Czy mogbys mi powiedziec co to byl za pliczek? Wirus czy co
Złączono Posta : 10.05.2007 (Czw) 20:01
Logfile of HijackThis v1.99.1 Scan saved at 19:57:15, on 2007-03-24 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\SmartCom\RTEGPRS.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\K\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [services] C:\windows\services.exe O4 - HKLM…\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [Dbsl] “C:\PROGRA~1\STEM~1\wuauclt.exe” -vt ndrv O4 - HKCU…\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [RTEGPRS] “C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Proszę o sprawdzenie.
Skasowalem to szajstwo.
Czy mogbys mi powiedziec co to byl za pliczek? Wirus czy co
Gutek
10 Maj 2007 18:52
#6
2004-08-21 10:57 122880 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll.vir
2006-04-21 02:29 29 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\simtest\svchostsys.bat.vir
2006-05-10 17:17 32177 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1220OinUninstaller.exe.vir
2006-05-10 17:18 33012 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tpuninstall.exe.vir
2006-05-23 18:20 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ImaS3r.vir
2006-05-24 20:03 1635 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cfg32.exe.vir
2006-06-09 14:38 3 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\svchostsys\Version.txt.vir
2006-06-09 14:38 576 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\svchostsys\svchostsys.exe.config.vir
2006-06-09 14:38 622 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\svchostsys\svchostupdate.exe.config.vir
2006-06-09 14:38 85869 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\svchostsys\sysid.exe.vir
Zmienna PATH folderu
Numer seryjny woluminu: 71F5E346 5409:BE7B
C:\QOOBOX
+---purity
| \---C
| +---DOCUME~1
| | \---K
| | \---DANEAP~1
| | \---MCROSO~1
| +---Program Files
| | \---STEM~1
| \---WINDOWS
| \---system32
| \---TSKS~1
\---Quarantine
+---C
| +---Program Files
| | \---Common Files
| | | Yazzle1220OinUninstaller.exe.vir
| | |
| | +---simtest
| | | svchostsys.bat.vir
| | |
| | \---svchostsys
| | ICSharpCode.SharpZipLib.dll.vir
| | svchostsys.exe.config.vir
| | svchostupdate.exe.config.vir
| | sysid.exe.vir
| | Version.txt.vir
| |
| \---WINDOWS
| | cfg32.exe.vir
| |
| \---system32
| ImaS3r.vir
| tpuninstall.exe.vir
|
\---Registry_backups
chodzilo o cos takiego? ;/
Pojawily sie nowe pliki.
Ponawiam swoje pytanie.
Gutek
10 Maj 2007 19:24
#8
Widzę że masz log z ComboFix więcgo wklej
To są wpisy po działniu Combo - masz dać log
Użyj też http://www.outerinfo.com/OiUninstaller.exe
@up
Jak włanczam ten antywir pokazuje sie cos takiego.
ComboFix 07-05.09.V - Running from: “C:\Documents and Settings\K\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\cfg32.exe C:\Program Files\Common Files\Yazzle1220OinUninstaller.exe C:\Program Files\Common Files\simtest\svchostsys.bat C:\Program Files\Common Files\simtest\sysstall.exe C:\Program Files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll C:\Program Files\Common Files\svchostsys\svchostsys.exe.config C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config C:\Program Files\Common Files\svchostsys\sysid.exe C:\Program Files\Common Files\svchostsys\Version.txt C:\WINDOWS\system32\imas3r C:\WINDOWS\system32\thematrixhasyou.exe C:\WINDOWS\system32\tpuninstall.exe C:\Program Files\Common Files\misc001 C:\Program Files\Common Files\simtest C:\Program Files\Common Files\svchostsys ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\DOCUME~1 C:\qoobox\purity\C\DOCUME~1\K C:\qoobox\purity\C\DOCUME~1\K\DANEAP~1 C:\qoobox\purity\C\DOCUME~1\K\DANEAP~1\MCROSO~1 C:\qoobox\purity\C\Program Files\STEM~1 C:\qoobox\purity\C\WINDOWS\system32\TSKS~1 ((((((((((((((((((((((((((((((( Files Created from 2007-02-03 to 2007-03-24 )))))))))))))))))))))))))))))))))) 2007-03-24 19:51 2007-03-24 19:29 116,736 --a------ C:\WINDOWS\system32\RestoratorContextMenu.dll 2007-03-24 19:29 2007-03-21 21:12 2007-03-12 09:24 2007-03-12 09:21 2007-03-10 17:28 2007-03-07 18:20 2007-03-02 16:33 2007-02-28 18:55 2007-02-26 20:54 2007-02-26 17:55 2007-02-26 17:55 2007-02-26 17:53 2007-02-26 17:16 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-03-23 19:35:29 -------- d-----w C:\Program Files\tibiaaaaa 2007-03-23 16:41:12 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-03-23 16:40:12 -------- d-----w C:\DOCUME~1\K\DANEAP~1\Dev-Cpp 2007-03-21 19:38:49 -------- d-----w C:\DOCUME~1\K\DANEAP~1\MegauploadToolbar 2007-03-19 19:08:56 -------- d-----w C:\Program Files\Gadu-Gadu 2007-03-19 18:29:38 10 ----a-w C:\WINDOWS\popcinfo.dat 2007-03-01 19:28:01 -------- d-----w C:\DOCUME~1\K\DANEAP~1\AdobeUM 2007-02-26 19:54:09 249,856 ------w C:\WINDOWS\Setup1.exe 2007-02-26 19:54:08 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-02-17 17:58:13 -------- d-----w C:\Program Files\Incadia 2007-01-22 19:04:22 -------- d-----w C:\Program Files\Silkroad 2007-01-05 20:05:45 -------- d-----w C:\Program Files\eMule 2007-01-03 19:20:26 -------- d-----w C:\Program Files\Winamp 2006-12-28 16:41:33 12,101 ----a-w C:\WINDOWS\mozver.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll” “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}”=“C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” “{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}”=“C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll” “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=“C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” “{AA58ED58-01DD-4d91-8333-CF10577473F7}”=“c:\program files\google\googletoolbar4.dll” “{B56A7D7D-6927-48C8-A975-17DF180C71AC}”=“C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll” “{C08DF07A-3E49-4E25-9AB0-D3882835F153}”=“C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “NVRaidService”=“C:\WINDOWS\System32\nvraidservice.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “RemoteControl”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”" “WellPhone DirectSync - ScheduleSync”=“C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE” “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” “services”=“C:\windows\services.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" “Komunikator”="“C:\Program Files\Tlen.pl\tlen.exe” --confdir=home" “Dbsl”="“C:\PROGRA~1\STEM~1\wuauclt.exe” -vt ndrv" “EdHTML”=“C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none” “BitTorrent”="“C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized" “RTEGPRS”="“C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray" “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{f6fc92a9-b607-11da-ac7f-806d6172696f}] Shell\AutoRun\command E:\BookMedia.exe Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Gadu-Gadu.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-03-24 21:07:20 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-03-24 21:07:37 C:\ComboFix-quarantined-files.txt … 2007-03-24 21:07
Gutek
10 Maj 2007 20:22
#10
Użyj Pocket Killbox Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę
C:\windows\services.exe
i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
Po tym nowy log z Combo
Logfile of HijackThis v1.99.1 Scan saved at 16:10:12, on 2007-03-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\SmartCom\RTEGPRS.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\K\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [services] C:\windows\services.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [Dbsl] “C:\PROGRA~1\STEM~1\wuauclt.exe” -vt ndrv O4 - HKCU…\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [RTEGPRS] “C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Za cholere tego nie da sie usunac.
Mozesz mi powiedziec co to za plik?..
adam9870
11 Maj 2007 14:19
#12
Pliki usuń ręcznie w trybie awaryjnym (jeśli będą) natomiast wpisy HijackThis.
Opróżnij zawartość kwarantanny ComboFix, w której znajdują się usunięte pliki -> C:\qoobox
Użyj Windows Worms Doors Cleanera
Proponuję usunąć Megaupload Toolbar ponieważ jest to Toolbar wątpliwej reputacji. Bowiem zbiera dane o użytkowniki i gdzieś je wysyła, nie wiadomo gdzie.
Po wykonaniu pokaż nowy log z Hijacka i ComboFix.
Windows Worms Doors Cleanera
Jak otworzylem program bylo cos takiego.
Patrzyłem w trybie awaryjnym.Nie było takich plików.Nawet wlnczalem żeby pokazywało ukryte pliki i foldery.
wyszukało takie coś.
Logi:
Logfile of HijackThis v1.99.1 Scan saved at 16:44:28, on 2007-03-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\nvraidservice.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\Program Files\Common Files\SmartCom\RTEGPRS.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Documents and Settings\K\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [RTEGPRS] “C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
znów jakiś plik…
ComboFix 07-05.09.V - Running from: “C:\Documents and Settings\K\Pulpit\Antywiry” ((((((((((((((((((((((((((((((( Files Created from 2007-02-03 to 2007-03-25 )))))))))))))))))))))))))))))))))) 2007-03-24 21:07 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-03-24 19:51 2007-03-24 19:29 116,736 --a------ C:\WINDOWS\system32\RestoratorContextMenu.dll 2007-03-24 19:29 2007-03-21 21:12 2007-03-12 09:24 2007-03-12 09:21 2007-03-10 17:28 2007-03-07 18:20 2007-03-02 16:33 2007-02-28 18:55 2007-02-26 20:54 2007-02-26 17:55 2007-02-26 17:55 2007-02-26 17:53 2007-02-26 17:16 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-03-23 19:35:29 -------- d-----w C:\Program Files\tibiaaaaa 2007-03-23 16:41:12 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-03-23 16:40:12 -------- d-----w C:\DOCUME~1\K\DANEAP~1\Dev-Cpp 2007-03-19 19:08:56 -------- d-----w C:\Program Files\Gadu-Gadu 2007-03-19 18:29:38 10 ----a-w C:\WINDOWS\popcinfo.dat 2007-03-01 19:28:01 -------- d-----w C:\DOCUME~1\K\DANEAP~1\AdobeUM 2007-02-26 19:54:09 249,856 ------w C:\WINDOWS\Setup1.exe 2007-02-26 19:54:08 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-02-17 17:58:13 -------- d-----w C:\Program Files\Incadia 2007-01-22 19:04:22 -------- d-----w C:\Program Files\Silkroad 2007-01-05 20:05:45 -------- d-----w C:\Program Files\eMule 2007-01-03 19:20:26 -------- d-----w C:\Program Files\Winamp 2006-12-28 16:41:33 12,101 ----a-w C:\WINDOWS\mozver.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll” “{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}”=“C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll” “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=“C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” “{AA58ED58-01DD-4d91-8333-CF10577473F7}”=“c:\program files\google\googletoolbar4.dll” “{B56A7D7D-6927-48C8-A975-17DF180C71AC}”=“C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll” “{C08DF07A-3E49-4E25-9AB0-D3882835F153}”=“C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “NVRaidService”=“C:\WINDOWS\System32\nvraidservice.exe” “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “RemoteControl”="“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”" “NeroCheck”=“C:\WINDOWS\system32\NeroCheck.exe” “HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”" “WellPhone DirectSync - ScheduleSync”=“C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE” “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “Spyware Doctor”="“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q" “Komunikator”="“C:\Program Files\Tlen.pl\tlen.exe” --confdir=home" “EdHTML”=“C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none” “BitTorrent”="“C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized" “RTEGPRS”="“C:\Program Files\Common Files\SmartCom\RTEGPRS.exe” tray" “AQQ”=“C:\PROGRA~1\Wapster\AQQ\AQQ.exe” “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{f6fc92a9-b607-11da-ac7f-806d6172696f}] Shell\AutoRun\command E:\BookMedia.exe Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\Gadu-Gadu.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-03-25 16:49:20 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-03-25 16:49:41 C:\ComboFix-quarantined-files.txt … 2007-03-25 16:49 C:\ComboFix2.txt … 2007-03-24 21:07
Ok.Dziękuję ci.
Jak będzie jakiś problem napisze na forum
