Pomocy, wyskakuje mi ciągle jedna i ta sama strona internet

Dla specjalistów Bezpieczeństwo
#1

Pomocy, nie moge zupełnie korzystac z internetu, po kliknięciu na link wskakuje mi ciągle jakaś stronka,

wklejam logi i bardzo prosze o pomoc

#2

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Klient DNS DnscacheThemes Usuń wpisy HJT, a pliki ręcznie

Daj log z Combofix

#3

[“K i A rulez” - 2007-05-20 0:40:26 Dodatek Service Pack 2

ComboFix 07-05.20.3.V - Running from: “C:\Documents and Settings\K i A rulez\Pulpit”

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\vxgamet1.exe

C:\WINDOWS\system32\kernels64.exe

C:\WINDOWS\x.exe

C:\WINDOWS\y.exe

C:\WINDOWS\svhost.exe

C:\WINDOWS\system32\kdqqf.exe

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-20 ))))))))))))))))))))))))))))))))))

2007-05-18 20:44 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-05-18 20:44 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-05-18 20:44 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-05-18 20:44

2007-05-18 20:43

2007-05-18 20:29

2007-05-18 20:29

2007-05-18 20:28 4,109,584 --a------ C:\Program Files\gg77.exe

2007-05-18 20:17

2007-05-14 20:24 31,204 -r-hs---- C:\WINDOWS\system32\adsldpb.exe

2007-05-12 17:33

2007-05-09 17:41 32,660 -r-hs---- C:\WINDOWS\system32\12520850x.exe

2007-04-30 17:13 29,188 -r-hs---- C:\WINDOWS\system32\1041b.exe

2007-04-30 08:26 427 --ahs---- C:\WINDOWS\system32\1625399423.dat

2007-04-30 08:26 28,516 -r-hs---- C:\WINDOWS\system32\acctresv.exe

2007-04-27 20:02

2007-04-20 19:33

2007-04-20 19:18 71,168 --------- C:\WINDOWS\system32\3dviewer.dll

2007-04-20 19:18 532,240 -ra------ C:\WINDOWS\system32\MSEXCH35.DLL

2007-04-20 19:18 403,216 -ra------ C:\WINDOWS\system32\MSREPL35.DLL

2007-04-20 19:18 37,136 -ra------ C:\WINDOWS\system32\MSJINT35.DLL

2007-04-20 19:18 368,912 -ra------ C:\WINDOWS\system32\VBAR332.DLL

2007-04-20 19:18 290,816 -ra------ C:\WINDOWS\system32\MSXBSE35.DLL

2007-04-20 19:18 254,976 -ra------ C:\WINDOWS\system32\MSEXCL35.DLL

2007-04-20 19:18 253,952 -ra------ C:\WINDOWS\system32\MSPDOX35.DLL

2007-04-20 19:18 251,664 -ra------ C:\WINDOWS\system32\MSRD2X35.DLL

2007-04-20 19:18 24,336 -ra------ C:\WINDOWS\system32\MSJTER35.DLL

2007-04-20 19:18 169,984 -ra------ C:\WINDOWS\system32\MSLTUS35.DLL

2007-04-20 19:18 166,912 -ra------ C:\WINDOWS\system32\MSTEXT35.DLL

2007-04-20 19:18 1,039,360 -ra------ C:\WINDOWS\system32\MSJET35.DLL

2007-04-20 19:17 960,000 --------- C:\WINDOWS\system32\evysh7.dll

2007-04-20 19:17 553,984 --------- C:\WINDOWS\system32\rave.dll

2007-04-20 19:17 411,136 --------- C:\WINDOWS\system32\scint78.dll

2007-04-20 19:17 32,768 --------- C:\WINDOWS\system32\cmgr32.dll

2007-04-20 19:17 108,032 --------- C:\WINDOWS\system32\sh33w32.dll

2007-04-20 19:16 909,312 --------- C:\WINDOWS\system32\qd3d.dll

2007-04-20 19:16 39,095 --------- C:\WINDOWS\iccsigs.dat

2007-04-20 19:16 345,600 --------- C:\WINDOWS\system32\qtim32.dll

2007-04-20 19:15 90,112 --------- C:\WINDOWS\system32\evysh7us.dll

2007-04-20 19:11

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-19 22:42:41 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Skype

2007-05-17 12:03:08 -------- d-----w C:\Program Files\Google

2007-05-12 15:41:45 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-05-12 15:41:30 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-04-18 13:38:28 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-14 16:33:05 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Google

2007-04-14 16:20:28 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-04-14 16:20:21 -------- d-----w C:\Program Files\BitComet

2007-03-31 19:18:01 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Autodesk

2007-03-31 19:17:12 -------- d-----w C:\Program Files\Common Files\WexTech Shared

2007-03-31 19:17:11 -------- d-----w C:\Program Files\WexTech

2007-03-31 19:17:11 -------- d-----w C:\Program Files\Common Files\LHSPF

2007-03-31 19:16:55 47 ----a-w C:\AUTOEXEC.BAT

2007-03-31 19:16:55 -------- d-----w C:\Program Files\Common Files\Autodesk Shared

2007-03-25 17:42:04 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-03-25 17:42:04 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-03-24 19:01:35 -------- d-----w C:\Program Files\Elaborate Bytes

2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-02-13 19:03:32 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll

2007-02-13 19:03:25 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll

2007-02-13 19:03:04 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll

2007-02-13 19:03:01 45,056 ----a-w C:\WINDOWS\system32\ogg.dll

2007-02-13 19:03:00 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll

2007-02-13 19:02:28 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll

2007-02-13 19:02:24 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll

2007-02-13 19:02:00 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll

2007-02-13 18:00:07 1,493,863 ----a-w C:\Program Files\ALLPlayer.exe

2007-02-12 20:54:26 4 ----a-w C:\WINDOWS\system32\stfv.bin

2007-02-12 12:05:04 29,184 ----a-w C:\WINDOWS\system32\perfont.exe

2007-02-12 12:05:04 24,064 ----a-w C:\WINDOWS\system32\msmsn.exe

2007-02-12 12:05:04 22,784 ----a-w C:\WINDOWS\system32\netstat2.exe

2007-02-12 12:05:04 10,240 ----a-w C:\WINDOWS\system32\winmuse.exe

2007-02-12 12:05:03 9,472 ----a-w C:\WINDOWS\system32\mpsegment.exe

2007-02-12 12:05:03 8,704 ----a-w C:\WINDOWS\system32\performent202.dll

2007-02-12 12:05:03 32,256 ----a-w C:\WINDOWS\system32\anti_troj.exe

2007-02-12 12:05:03 20,736 ----a-w C:\WINDOWS\system32\POPCORN72.EXE

2007-02-12 12:05:03 18,432 ----a-w C:\WINDOWS\system32\dload.exe

2007-02-12 12:05:03 15,616 ----a-w C:\WINDOWS\system32\proqlaim.exe

2007-02-12 12:05:03 15,360 ----a-w C:\WINDOWS\system32\iewd.exe

2007-02-12 12:05:02 20,736 ----a-w C:\WINDOWS\system32\win32hp.dll

2007-02-12 12:05:02 19,968 ----a-w C:\WINDOWS\system32\VXH8JKDQ6.EXE

2007-02-12 12:05:02 12,288 ----a-w C:\WINDOWS\system32\VXH8JKDQ2.EXE

2007-02-12 12:05:00 25,600 ----a-w C:\WINDOWS\spp3.dll

2007-02-12 12:04:57 8,960 ----a-w C:\WINDOWS\wininet32.exe

2007-02-12 12:04:57 29,184 ----a-w C:\WINDOWS\dialup.exe

2007-02-12 12:04:57 14,848 ----a-w C:\WINDOWS\xplugin.dll

2007-02-12 12:04:57 10,752 ----a-w C:\WINDOWS\runwin32.exe

2007-02-12 12:04:56 32,768 ----a-w C:\WINDOWS\win32e.exe

2007-02-12 12:04:56 27,904 ----a-w C:\WINDOWS\systemcritical.exe

2007-02-12 12:04:56 19,456 ----a-w C:\WINDOWS\time.exe

2007-02-12 12:04:56 15,360 ----a-w C:\WINDOWS\win64.exe

2007-02-12 12:04:56 14,336 ----a-w C:\WINDOWS\users32.exe

2007-02-12 12:04:56 13,568 ----a-w C:\WINDOWS\waol.exe

2007-02-12 12:04:56 11,520 ----a-w C:\WINDOWS\winajbm.dll

2007-02-12 12:04:56 10,752 ----a-w C:\WINDOWS\winmgnt.exe

2007-02-12 12:04:56 10,496 ----a-w C:\WINDOWS\window.exe

2007-02-12 12:04:55 30,208 ----a-w C:\WINDOWS\cpan.dll

2007-02-12 12:04:55 27,648 ----a-w C:\WINDOWS\olehelp.exe

2007-02-12 12:04:55 23,552 ----a-w C:\WINDOWS\avpcc.dll

2007-02-12 12:04:55 14,080 ----a-w C:\WINDOWS\notepad32.exe

2007-02-12 12:04:55 13,568 ----a-w C:\WINDOWS\clrssn.exe

2007-02-12 12:04:55 13,056 ----a-w C:\WINDOWS\systeem.exe

2007-02-12 12:04:55 11,776 ----a-w C:\WINDOWS\mtwirl32.dll

2007-02-12 12:04:54 17,664 ----a-w C:\WINDOWS\accesss.exe

2007-02-12 12:04:54 13,312 ----a-w C:\WINDOWS\system32\ace16win.dll

2007-02-12 12:04:54 13,056 ----a-w C:\WINDOWS\inetdctr.dll

2007-02-12 12:03:51 12 ----a-w C:\WINDOWS\system32\oiso.bin

2007-02-12 12:03:51 0 ----a-w C:\WINDOWS\system32\lfd.dat

2007-02-11 12:06:23 9,453,630 ----a-w C:\Program Files\vlc-0.8.6a-win32.exe

2007-02-10 11:41:19 20,888 ----a-w C:\DOCUME~1\KIARUL~1\DANEAP~1\GDIPFONTCACHEV1.DAT

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-12-18 18:30]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-06-01 11:22]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22]

“SkyTel”=“SkyTel.EXE” []

“RTHDCPL”=“RTHDCPL.EXE” []

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 21:24]

“nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“VoipStunt”=“C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” []

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-12-18 18:32]

“BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-04-03 20:04]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]

“eMuleAutoStart”=“D:\eMule\emule.exe” [2006-09-14 16:15]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070520-003832-459

O23 - Service: Klient DNS DnscacheThemes (DnscacheThemes) - Unknown owner - C:\WINDOWS\system32\adsldpb.exe

backup-20070520-003832-936

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86

backup-20070520-003832-441

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86

backup-20070520-003832-448

O17 - HKLM\System\CS1\Services\Tcpip…{1365A766-A3C5-4EF1-9EB6-52BC6A236214}: NameServer = 85.255.116.50,85.255.112.86

backup-20070520-003832-313

O17 - HKLM\System\CCS\Services\Tcpip…{946D2946-0389-4F5B-886E-E3B90FBD1555}: NameServer = 85.255.116.50,85.255.112.86

backup-20070520-003832-281

O4 - HKLM…\Run: [net32] C:\WINDOWS\svhost.exe

backup-20070520-003832-491

O17 - HKLM\System\CCS\Services\Tcpip…{90B6712C-62FE-4795-9E46-1742F8A97D7B}: NameServer = 85.255.116.50,85.255.112.86

backup-20070520-003832-501

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

backup-20070520-003832-580

O17 - HKLM\System\CCS\Services\Tcpip…{EB30B5CD-3776-4C16-A1CA-414AA06FEDD9}: NameServer = 85.255.116.50,85.255.112.86

backup-20070520-003832-676

O17 - HKLM\System\CCS\Services\Tcpip…{1365A766-A3C5-4EF1-9EB6-52BC6A236214}: NameServer = 85.255.116.50,85.255.112.86

backup-20070520-003832-779

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.50 85.255.112.86

backup-20070520-003832-856

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

backup-20070520-003832-196

O17 - HKLM\System\CS2\Services\Tcpip…{1365A766-A3C5-4EF1-9EB6-52BC6A236214}: NameServer = 85.255.116.50,85.255.112.86

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-20 00:42:14

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

********************************************************************

Completion time: 2007-05-20 0:43:21 - machine was rebooted

C:\ComboFix-quarantined-files.txt … 2007-05-20 00:43

— E O F —]

nie wiem tylko jak mam usunąć te pliki recznie?

sorki ale nie bardzo znam sie :frowning:

#4

w sumie tego nie znam?

w try bie awaryjnym szukasz plików i usuwasz ręcznie wskazane pliki

#5

dzięki za pomoc,

usunęłam ręcznie pliki, ale svhost.exe i adsldpb.exe komputer nie odnalazł !!

mam nadzieję, że teraz będzie dobrze działał.

wielkie dzięki! !!

#6

Daj nowe logi z Combo :slight_smile:

#7

[“K i A rulez” - 2007-05-20 18:49:47 Dodatek Service Pack 2

ComboFix 07-05.20.3.V - Running from: “C:\Documents and Settings\K i A rulez\Pulpit\dobre programy”

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-20 ))))))))))))))))))))))))))))))))))

2007-05-20 11:58 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 00:43 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-18 20:44 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-05-18 20:44 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-05-18 20:44 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-05-18 20:44

2007-05-18 20:43

2007-05-18 20:29

2007-05-18 20:29

2007-05-18 20:28 4,109,584 --a------ C:\Program Files\gg77.exe

2007-05-18 20:17

2007-05-14 20:24 31,204 -r-hs---- C:\WINDOWS\system32\adsldpb.exe

2007-05-12 17:33

2007-05-09 17:41 32,660 -r-hs---- C:\WINDOWS\system32\12520850x.exe

2007-04-30 17:13 29,188 -r-hs---- C:\WINDOWS\system32\1041b.exe

2007-04-30 08:26 427 --ahs---- C:\WINDOWS\system32\1625399423.dat

2007-04-30 08:26 28,516 -r-hs---- C:\WINDOWS\system32\acctresv.exe

2007-04-27 20:02

2007-04-20 19:33

2007-04-20 19:18 71,168 --------- C:\WINDOWS\system32\3dviewer.dll

2007-04-20 19:18 532,240 -ra------ C:\WINDOWS\system32\MSEXCH35.DLL

2007-04-20 19:18 403,216 -ra------ C:\WINDOWS\system32\MSREPL35.DLL

2007-04-20 19:18 37,136 -ra------ C:\WINDOWS\system32\MSJINT35.DLL

2007-04-20 19:18 368,912 -ra------ C:\WINDOWS\system32\VBAR332.DLL

2007-04-20 19:18 290,816 -ra------ C:\WINDOWS\system32\MSXBSE35.DLL

2007-04-20 19:18 254,976 -ra------ C:\WINDOWS\system32\MSEXCL35.DLL

2007-04-20 19:18 253,952 -ra------ C:\WINDOWS\system32\MSPDOX35.DLL

2007-04-20 19:18 251,664 -ra------ C:\WINDOWS\system32\MSRD2X35.DLL

2007-04-20 19:18 24,336 -ra------ C:\WINDOWS\system32\MSJTER35.DLL

2007-04-20 19:18 169,984 -ra------ C:\WINDOWS\system32\MSLTUS35.DLL

2007-04-20 19:18 166,912 -ra------ C:\WINDOWS\system32\MSTEXT35.DLL

2007-04-20 19:18 1,039,360 -ra------ C:\WINDOWS\system32\MSJET35.DLL

2007-04-20 19:17 960,000 --------- C:\WINDOWS\system32\evysh7.dll

2007-04-20 19:17 553,984 --------- C:\WINDOWS\system32\rave.dll

2007-04-20 19:17 411,136 --------- C:\WINDOWS\system32\scint78.dll

2007-04-20 19:17 32,768 --------- C:\WINDOWS\system32\cmgr32.dll

2007-04-20 19:17 108,032 --------- C:\WINDOWS\system32\sh33w32.dll

2007-04-20 19:16 909,312 --------- C:\WINDOWS\system32\qd3d.dll

2007-04-20 19:16 39,095 --------- C:\WINDOWS\iccsigs.dat

2007-04-20 19:16 345,600 --------- C:\WINDOWS\system32\qtim32.dll

2007-04-20 19:15 90,112 --------- C:\WINDOWS\system32\evysh7us.dll

2007-04-20 19:11

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-20 12:52:23 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Skype

2007-05-17 12:03:08 -------- d-----w C:\Program Files\Google

2007-05-12 15:41:45 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-05-12 15:41:30 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-04-18 13:38:28 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-14 16:33:05 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Google

2007-04-14 16:20:28 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-04-14 16:20:21 -------- d-----w C:\Program Files\BitComet

2007-03-31 19:18:01 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Autodesk

2007-03-31 19:17:12 -------- d-----w C:\Program Files\Common Files\WexTech Shared

2007-03-31 19:17:11 -------- d-----w C:\Program Files\WexTech

2007-03-31 19:17:11 -------- d-----w C:\Program Files\Common Files\LHSPF

2007-03-31 19:16:55 47 ----a-w C:\AUTOEXEC.BAT

2007-03-31 19:16:55 -------- d-----w C:\Program Files\Common Files\Autodesk Shared

2007-03-25 17:42:04 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-03-25 17:42:04 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-03-24 19:01:35 -------- d-----w C:\Program Files\Elaborate Bytes

2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-02-13 19:03:32 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll

2007-02-13 19:03:25 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll

2007-02-13 19:03:04 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll

2007-02-13 19:03:01 45,056 ----a-w C:\WINDOWS\system32\ogg.dll

2007-02-13 19:03:00 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll

2007-02-13 19:02:28 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll

2007-02-13 19:02:24 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll

2007-02-13 19:02:00 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll

2007-02-13 18:00:07 1,493,863 ----a-w C:\Program Files\ALLPlayer.exe

2007-02-12 20:54:26 4 ----a-w C:\WINDOWS\system32\stfv.bin

2007-02-12 12:05:04 29,184 ----a-w C:\WINDOWS\system32\perfont.exe

2007-02-12 12:05:04 24,064 ----a-w C:\WINDOWS\system32\msmsn.exe

2007-02-12 12:05:04 22,784 ----a-w C:\WINDOWS\system32\netstat2.exe

2007-02-12 12:05:04 10,240 ----a-w C:\WINDOWS\system32\winmuse.exe

2007-02-12 12:05:03 9,472 ----a-w C:\WINDOWS\system32\mpsegment.exe

2007-02-12 12:05:03 8,704 ----a-w C:\WINDOWS\system32\performent202.dll

2007-02-12 12:05:03 32,256 ----a-w C:\WINDOWS\system32\anti_troj.exe

2007-02-12 12:05:03 20,736 ----a-w C:\WINDOWS\system32\POPCORN72.EXE

2007-02-12 12:05:03 18,432 ----a-w C:\WINDOWS\system32\dload.exe

2007-02-12 12:05:03 15,616 ----a-w C:\WINDOWS\system32\proqlaim.exe

2007-02-12 12:05:03 15,360 ----a-w C:\WINDOWS\system32\iewd.exe

2007-02-10 11:41:19 20,888 ----a-w C:\DOCUME~1\KIARUL~1\DANEAP~1\GDIPFONTCACHEV1.DAT

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-12-18 18:30]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-06-01 11:22]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22]

“SkyTel”=“SkyTel.EXE” []

“RTHDCPL”=“RTHDCPL.EXE” []

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 21:24]

“nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“VoipStunt”=“C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” []

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-12-18 18:32]

“BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-04-03 20:04]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]

“eMuleAutoStart”=“D:\eMule\emule.exe” [2006-09-14 16:15]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-20 18:50:14

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

********************************************************************

Completion time: 2007-05-20 18:50:30

C:\ComboFix-quarantined-files.txt … 2007-05-20 18:50

C:\ComboFix2.txt … 2007-05-20 00:43

— E O F —

]

#8

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Po tym nowy log z Combo

#9

[“K i A rulez” - 2007-05-20 19:52:54 Dodatek Service Pack 2

ComboFix 07-05.20.3.V - Running from: “C:\Documents and Settings\K i A rulez\Pulpit\dobre programy”

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-20 ))))))))))))))))))))))))))))))))))

2007-05-20 19:50

2007-05-20 11:58 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 11:58

2007-05-20 00:43 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-18 20:44 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-05-18 20:44 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-05-18 20:44 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-05-18 20:44

2007-05-18 20:43

2007-05-18 20:29

2007-05-18 20:29

2007-05-18 20:28 4,109,584 --a------ C:\Program Files\gg77.exe

2007-05-18 20:17

2007-05-14 20:24 31,204 -r-hs---- C:\WINDOWS\system32\adsldpb.exe

2007-05-12 17:33

2007-05-09 17:41 32,660 -r-hs---- C:\WINDOWS\system32\12520850x.exe

2007-04-30 17:13 29,188 -r-hs---- C:\WINDOWS\system32\1041b.exe

2007-04-30 08:26 427 --ahs---- C:\WINDOWS\system32\1625399423.dat

2007-04-30 08:26 28,516 -r-hs---- C:\WINDOWS\system32\acctresv.exe

2007-04-27 20:02

2007-04-20 19:33

2007-04-20 19:18 71,168 --------- C:\WINDOWS\system32\3dviewer.dll

2007-04-20 19:18 532,240 -ra------ C:\WINDOWS\system32\MSEXCH35.DLL

2007-04-20 19:18 403,216 -ra------ C:\WINDOWS\system32\MSREPL35.DLL

2007-04-20 19:18 37,136 -ra------ C:\WINDOWS\system32\MSJINT35.DLL

2007-04-20 19:18 368,912 -ra------ C:\WINDOWS\system32\VBAR332.DLL

2007-04-20 19:18 290,816 -ra------ C:\WINDOWS\system32\MSXBSE35.DLL

2007-04-20 19:18 254,976 -ra------ C:\WINDOWS\system32\MSEXCL35.DLL

2007-04-20 19:18 253,952 -ra------ C:\WINDOWS\system32\MSPDOX35.DLL

2007-04-20 19:18 251,664 -ra------ C:\WINDOWS\system32\MSRD2X35.DLL

2007-04-20 19:18 24,336 -ra------ C:\WINDOWS\system32\MSJTER35.DLL

2007-04-20 19:18 169,984 -ra------ C:\WINDOWS\system32\MSLTUS35.DLL

2007-04-20 19:18 166,912 -ra------ C:\WINDOWS\system32\MSTEXT35.DLL

2007-04-20 19:18 1,039,360 -ra------ C:\WINDOWS\system32\MSJET35.DLL

2007-04-20 19:17 960,000 --------- C:\WINDOWS\system32\evysh7.dll

2007-04-20 19:17 553,984 --------- C:\WINDOWS\system32\rave.dll

2007-04-20 19:17 411,136 --------- C:\WINDOWS\system32\scint78.dll

2007-04-20 19:17 32,768 --------- C:\WINDOWS\system32\cmgr32.dll

2007-04-20 19:17 108,032 --------- C:\WINDOWS\system32\sh33w32.dll

2007-04-20 19:16 909,312 --------- C:\WINDOWS\system32\qd3d.dll

2007-04-20 19:16 39,095 --------- C:\WINDOWS\iccsigs.dat

2007-04-20 19:16 345,600 --------- C:\WINDOWS\system32\qtim32.dll

2007-04-20 19:15 90,112 --------- C:\WINDOWS\system32\evysh7us.dll

2007-04-20 19:11

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-20 12:52:23 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Skype

2007-05-17 12:03:08 -------- d-----w C:\Program Files\Google

2007-05-12 15:41:45 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-05-12 15:41:30 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-04-18 13:38:28 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-14 16:33:05 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Google

2007-04-14 16:20:28 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll

2007-04-14 16:20:21 -------- d-----w C:\Program Files\BitComet

2007-03-31 19:18:01 -------- d-----w C:\DOCUME~1\KIARUL~1\DANEAP~1\Autodesk

2007-03-31 19:17:12 -------- d-----w C:\Program Files\Common Files\WexTech Shared

2007-03-31 19:17:11 -------- d-----w C:\Program Files\WexTech

2007-03-31 19:17:11 -------- d-----w C:\Program Files\Common Files\LHSPF

2007-03-31 19:16:55 47 ----a-w C:\AUTOEXEC.BAT

2007-03-31 19:16:55 -------- d-----w C:\Program Files\Common Files\Autodesk Shared

2007-03-25 17:42:04 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-03-25 17:42:04 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-03-24 19:01:35 -------- d-----w C:\Program Files\Elaborate Bytes

2007-03-07 23:51:00 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2007-02-13 19:03:32 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll

2007-02-13 19:03:25 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll

2007-02-13 19:03:04 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll

2007-02-13 19:03:01 45,056 ----a-w C:\WINDOWS\system32\ogg.dll

2007-02-13 19:03:00 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll

2007-02-13 19:02:28 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll

2007-02-13 19:02:24 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll

2007-02-13 19:02:00 765,952 ----a-w C:\WINDOWS\system32\xvidcore.dll

2007-02-13 18:00:07 1,493,863 ----a-w C:\Program Files\ALLPlayer.exe

2007-02-12 20:54:26 4 ----a-w C:\WINDOWS\system32\stfv.bin

2007-02-12 12:05:04 29,184 ----a-w C:\WINDOWS\system32\perfont.exe

2007-02-12 12:05:04 24,064 ----a-w C:\WINDOWS\system32\msmsn.exe

2007-02-12 12:05:04 22,784 ----a-w C:\WINDOWS\system32\netstat2.exe

2007-02-12 12:05:04 10,240 ----a-w C:\WINDOWS\system32\winmuse.exe

2007-02-12 12:05:03 9,472 ----a-w C:\WINDOWS\system32\mpsegment.exe

2007-02-12 12:05:03 8,704 ----a-w C:\WINDOWS\system32\performent202.dll

2007-02-12 12:05:03 32,256 ----a-w C:\WINDOWS\system32\anti_troj.exe

2007-02-12 12:05:03 20,736 ----a-w C:\WINDOWS\system32\POPCORN72.EXE

2007-02-12 12:05:03 18,432 ----a-w C:\WINDOWS\system32\dload.exe

2007-02-12 12:05:03 15,616 ----a-w C:\WINDOWS\system32\proqlaim.exe

2007-02-12 12:05:03 15,360 ----a-w C:\WINDOWS\system32\iewd.exe

2007-02-10 11:41:19 20,888 ----a-w C:\DOCUME~1\KIARUL~1\DANEAP~1\GDIPFONTCACHEV1.DAT

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56]

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}=C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL [2006-12-18 18:30]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}=C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll [2007-03-29 16:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-06-01 11:22]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-06-01 11:22]

“SkyTel”=“SkyTel.EXE” []

“RTHDCPL”=“RTHDCPL.EXE” []

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 21:24]

“nwiz”=“nwiz.exe” [2006-06-01 11:22 C:\WINDOWS\system32\nwiz.exe]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-05-15 00:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“VoipStunt”=“C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” []

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-12-18 18:32]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36]

“BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2007-04-03 20:04]

“eMuleAutoStart”=“D:\eMule\emule.exe” [2006-09-14 16:15]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK

backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]

“C:\Program Files\BitComet\BitComet.exe” /tray

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

*Newly Created Service* -WRGRYMFU

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-20 19:53:32

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

********************************************************************

Completion time: 2007-05-20 19:53:48

C:\ComboFix-quarantined-files.txt … 2007-05-20 19:53

C:\ComboFix2.txt … 2007-05-20 18:50

C:\ComboFix3.txt … 2007-05-20 00:43

— E O F —

]

#10

te pliki maja polecieć coś źle zrobiłaś są nadal

#11

za pierwszym razem wyskoczyło mi

[//////////////////////////////////////////

Avenger Pre-Processor log

//////////////////////////////////////////

Error]

nastepnym razem poszło lepiej, komputer sie zrestartował i wyskoczyło

[Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\bjjrwwrv


*******************


Script file located at: \??\C:\Documents and Settings\luparhft.txt

Script file opened successfully.


Script file read successfully


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:


File C:\WINDOWS\system32\adsldpb.exe deleted successfully.

File C:\WINDOWS\system32\12520850x.exe deleted successfully.

File C:\WINDOWS\system32\1041b.exe deleted successfully.

File C:\WINDOWS\system32\1625399423.dat deleted successfully.

File C:\WINDOWS\system32\acctresv.exe deleted successfully.

File C:\WINDOWS\system32\perfont.exe deleted successfully.

File C:\WINDOWS\system32\msmsn.exe deleted successfully.

File C:\WINDOWS\system32\netstat2.exe deleted successfully.

File C:\WINDOWS\system32\winmuse.exe deleted successfully.


Completed script processing.


*******************


Finished! Terminate.]

wklejam log z combofix

#12

Już jest Ok

#13

dziękuję Tobie bardzo! !!