Pomocy, co wywalic

Walken · 6 Listopad 2008 12:16

Prosze o pomoc.

Logi z HiJack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:06:11, on 2008-11-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\ibmpmsvc.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\windows\system32\spoolsv.exe

C:\WINDOWS\system32\Drivers\trcboot.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\IBM\Mobility Client\artstartsvc.exe

C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe

C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe

C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\iPlus\Drivers\driver2k\GTMax3.6\GtDetectSc.exe

C:\Program Files\iPlus\Drivers\driver2k\GTMax3.6\GtFlashSwitch.exe

C:\Program Files\c4ebreg\c4ebreg.exe

C:\windows\system32\cmd.exe

c:\sdwork\issimsvc.exe

C:\notes\ntmulti.exe

C:\Program Files\AT&T Network Client\NetCfgSv.EXE

C:\windows\System32\QCONSVC.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\Program Files\IBM\tivoli\dcd\client\ISSI_jvm\jre\bin\java.exe

c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

C:\windows\system32\svchost.exe

C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

C:\windows\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\Drivers\ldlcserv.exe

C:\windows\system32\Ati2evxx.exe

C:\windows\Explorer.EXE

C:\windows\TEMP\4AA1.tmp

C:\Program Files\IBM\Personal Communications\tpam.exe

C:\Program Files\c4ebreg\isamtray.exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\windows\system32\RunDll32.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\TpShocks.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe

C:\windows\system32\rundll32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\IBM\Sametime Connect\sametime.exe

C:\PROGRA~1\IBM\SAMETI~1\jre\bin\sametime75.exe

C:\Program Files\IBM\Mobility Client\artcore.exe

C:\Program Files\IBM\Mobility Client\artifdown.exe

C:\Program Files\IBM\Mobility Client\toolbar.exe

C:\Program Files\IBM\Mobility Client\artbcast.exe

C:\notes\NLNOTES.EXE

C:\notes\ntaskldr.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = newproxy.diageo.com:80

F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM…\Run: [Tpam.exe] “C:\Program Files\IBM\Personal Communications\tpam.exe”

O4 - HKLM…\Run: [iSAMTray] “C:\Program Files\c4ebreg\isamtray.exe”

O4 - HKLM…\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM…\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM…\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM…\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM…\Run: [bLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [TP4EX] tp4ex.exe

O4 - HKLM…\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM…\Run: [TpShocks] TpShocks.exe

O4 - HKLM…\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM…\Run: [iSSI EZUpdate Service] “c:\sdwork\issimsvc.exe”

O4 - HKLM…\Run: [RescueRecoverySetPW] c:\sdwork\Rescue&RecoverySetPW.lnk

O4 - HKLM…\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe “c:\Program Files\IBM\IPM Client Migration Utility”

O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent

O4 - HKLM…\Run: [defergui] c:/sdwork/defergui.exe

O4 - HKLM…\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup

O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [C4EBReg] “C:\Program Files\c4ebreg\c4ebreg.exe” /q

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace…\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe

O4 - HKLM…\Run: [iPlusManager] C:\Program Files\iPlus\iPlusChecker.exe

O4 - HKLM…\Run: [rs32net] C:\windows\System32\rs32net.exe

O4 - HKLM…\Run: [Ad Muncher] “C:\Program Files\Ad Muncher\AdMunch.exe” /bt

O4 - HKCU…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” -onlytray

O4 - HKCU…\Run: [assistant2] “C:\Program Files\VoiceRite\Client\Viewer.exe” /minimize

O4 - HKUS\S-1-5-18…\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm

O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://pccheckup.dellfix.com/sdccommon/ … gctlcm.cab

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/acce … /AcpIR.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://193.69.140.40/activex/AMC.cab

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-95dd781fd1053707.spaces.live … nPUpld.cab

O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab

O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab

O17 - HKLM\System\CCS\Services\Tcpip…{24B8749E-6097-4E2E-9296-FEBF66F3FE23}: NameServer = 85.255.116.71,85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip…{C6EB7AB0-6A1E-492F-AC55-761951376B41}: NameServer = 85.255.116.71,85.255.112.63

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com,

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.71 85.255.112.63

O17 - HKLM\System\CS1\Services\Tcpip…{24B8749E-6097-4E2E-9296-FEBF66F3FE23}: NameServer = 85.255.116.71,85.255.112.63

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com,

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.71 85.255.112.63

O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe

O23 - Service: Mobility Client (ArtourService) - IBM - C:\Program Files\IBM\Mobility Client\artsvc.exe

O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe

O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\windows\system32\aspimgr.exe (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Serwer apletów JDBC DB2 (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe

O23 - Service: Serwer ochrony DB2 (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe

O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: GtDetectSc Service (GtDetectSc) - OptionNV - C:\Program Files\iPlus\Drivers\driver2k\GTMax3.6\GtDetectSc.exe

O23 - Service: GtFlashSwitch Service (GtFlashSwitch) - Option - C:\Program Files\iPlus\Drivers\driver2k\GTMax3.6\GtFlashSwitch.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\c4ebreg\c4ebreg.exe

O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe

O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe

O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe (file missing)

O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE

O23 - Service: QCONSVC - IBM Corp. - C:\windows\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\windows\System32\TPHDEXLG.EXE

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

–

End of file - 14706 bytes

co wywalic??

Leon1 · 6 Listopad 2008 14:31

F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe O4 - HKLM…\Run: [Tpam.exe] “C:\Program Files\IBM\Personal Communications\tpam.exe” O4 - HKLM…\Run: [iSAMTray] “C:\Program Files\c4ebreg\isamtray.exe” O4 - HKLM…\Run: [iSSI EZUpdate Service] “c:\sdwork\issimsvc.exe” O4 - HKLM…\Run: [RescueRecoverySetPW] c:\sdwork\Rescue&RecoverySetPW.lnk O4 - HKLM…\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe “c:\Program Files\IBM\IPM Client Migration Utility” O4 - HKLM…\Run: [defergui] c:/sdwork/defergui.exe O4 - HKLM…\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup O4 - HKLM…\Run: [C4EBReg] “C:\Program Files\c4ebreg\c4ebreg.exe” /q O4 - HKLM…\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace…\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe O4 - HKLM…\Run: [rs32net] C:\windows\System32\rs32net.exe O4 - HKCU…\Run: [PC Suite Tray] “C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe” -onlytray O4 - HKCU…Run: [assistant2] “C:Program FilesVoiceRiteClient\Viewer.exe” /minimize O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://www-1.ibm.com/qp2.cab O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/acce … /AcpIR.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-95dd781fd1053707.spaces.live … nPUpld.cab O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab O17 - HKLM\System\CCS\Services\Tcpip…{24B8749E-6097-4E2E-9296-FEBF66F3FE23}: NameServer = 85.255.116.71,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip…{C6EB7AB0-6A1E-492F-AC55-761951376B41}: NameServer = 85.255.116.71,85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.71 85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip…{24B8749E-6097-4E2E-9296-FEBF66F3FE23}: NameServer = 85.255.116.71,85.255.112.63 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.71 85.255.112.63

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj.

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix