Problem z AdWare.Win32.BHO.jt


(Abadon123) #1

Kaspersky wykrył mi : AdWare.Win32.BHO.jt

Lokalizacja:

C:\Program Files\SearchBar\Search.dll

C:\WINDOWS\system32\DirectX\search.exe/data0002

Próbowałem usunąć to na różne sposoby (w trybie awaryjnym,antywirusem,spod Linuxa wchodząc na partycję z Windows,Hijack'em),bez rezultatu.Po chwili pliki pojawiają się ponownie w powyższych lokalizacjach.Jeśli ktoś ma sposób jak się tego skutecznie pozbyć, to proszę o pomoc.

Załączam log z Hijack'a


Tak ma to wyglądać

Asterisk


(Gutek) #2

usuń wpisy HJT

Daj log z ComboFix


(Abadon123) #3

Usunąłem te pliki.

log z ComboFix:

ComboFix 07-12-15.5 - Adam 2007-12-15 13:43:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.550 [GMT 1:00]

Running from: C:\Documents and Settings\Adam\Pulpit\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-11-15 to 2007-12-15 )))))))))))))))))))))))))))))))

.

2007-12-15 12:55 . 2007-12-15 13:47

2007-12-13 22:40 . 2007-12-13 22:40

2007-12-11 22:55 . 2007-12-11 22:55

2007-12-04 22:20 . 2007-12-04 22:20

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-15 12:48 55,385,376 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat

2007-12-15 12:48 2,048,288 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat

2007-12-15 12:48 --------- d-----w C:\Program Files\PeerGuardian2

2007-12-15 12:48 --------- d-----w C:\Program Files\AutoConnect

2007-12-15 12:46 745,784 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx

2007-12-15 12:46 195,140 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx

2007-12-15 12:46 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\uTorrent

2007-12-15 12:31 --------- d-----w C:\Program Files\eSkiMoS R2

2007-12-12 23:04 --------- d-----w C:\Program Files\Tweak-XP Pro 4

2007-12-12 21:03 --------- d-----w C:\Program Files\Torrent Master

2007-12-09 18:37 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\Skype

2007-12-09 00:48 --------- d-----w C:\Program Files\SuperCow

2007-12-07 17:52 --------- d-----w C:\Program Files\Java

2007-10-19 19:57 --------- d-----w C:\Documents and Settings\Adam\Dane aplikacji\ACD Systems

2007-10-19 19:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ACD Systems

2007-10-19 19:55 --------- d-----w C:\Program Files\Common Files\ACD Systems

2007-10-19 19:55 --------- d-----w C:\Program Files\ACD Systems

2006-12-20 20:02 49,856 ----a-w C:\Documents and Settings\Adam\Dane aplikacji\GDIPFONTCACHEV1.DAT

2004-09-28 02:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{0CB66BA8-5E1F-4963-93D1-E1D6B78F0212}]

2007-09-04 17:00 49152 --a------ C:\Program Files\SearchBar\Search.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BlockAds"="C:\Program Files\Tweak-XP Pro 4\AdBlocker.exe" [2004-09-28 03:00]

"TransTask"="C:\Program Files\Tweak-XP Pro 4\transtask.exe" [2004-09-28 03:00]

"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40]

"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 00:14]

"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [2004-03-04 14:47]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 10:15]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 11:20 C:\WINDOWS\SOUNDMAN.EXE]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-29 21:29]

"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38]

"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

"Anti Mosquito"="F:\Anti Mosquito.exe" [2007-06-13 19:55]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Toddler Keys.lnk - C:\WINDOWS\Installer{7339E7E7-FB6A-46EC-8303-D31E655EF617}_74d4dc8.exe [2007-06-17 17:01:18]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{00212521-4FEF-4AD3-B3AA-E05CDA254123}"= C:\WINDOWS\system32\search.dll [2007-09-05 16:47 95024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-06-06 23:46 57344 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe]

2004-03-04 14:47 266240 --a------ C:\Program Files\NetMeter\NetMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 11:29 49152 --a------ C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-07 22:57 30208 --------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions

R2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys

R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys

S3 GPCIDrv;GPCIDrv;\??\C:\WINDOWS\GPCIDrv.sys

S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys

S3 GVTDrv;GVTDrv;\??\C:\WINDOWS\system32\Drivers\GVTDrv.sys

*Newly Created Service* - PGFILTER

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-15 13:48:53

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe"

.

Completion time: 2007-12-15 13:50:14 - machine was rebooted

Nadal pojawiają się te pliki :frowning:


(Pietrucha60) #4

kup sobie nowy komputer i spokój.


(Abadon123) #5

Nie mam problemów z kompem, tylko z Windą!

Zawsze można zrobić format,ale chciałem tego uniknąć.