Mam broblem z tymi wszystkimi smiesznymi trojanami itd… czyli z wyskakujacymi okienkami w dolnym prawym rogu. Prosze o sprawdzenie logow i POMOC w usunieciu tego. Z gory dzieki.
Logfile of Browser Hijack Recover(BHR) v2.2
http://www.browser-hijack.com/
Log created on 2007-11-11 11-55-12
Microsoft Windows XP Professional Dodatek Service Pack. 1 (Build 2600)
Internet Explorer v6.0.2800.1106 Update Versions: ;SP1;
[Process Manager] - [Process]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
D:\Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Browser Hijack Recover\bhr.exe
[iE Options] - [Normal]
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/windows/ie_intl/en/start/
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =
[iE Options] - [iE Menu]
[iE Options] - [internet Options]
[iE Options] - [iE Search Hooks]
[iE Add-Ons] - [Toolbars]
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\iqcemqzy.dll
[iE Add-Ons] - [Explorer Bars]
[iE Add-Ons] - [Context Menu]
[iE Add-Ons] - [bHOs]
O2 - BHO: (No Name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (No Name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\xxyyyvv.dll
O2 - BHO: (No Name) - {9687DEBF-D9BF-4693-BB99-888CF1B05392} - C:\WINDOWS\System32\awvvu.dll
O2 - BHO: (No Name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\iqcemqzy.dll
O2 - BHO: {7739e2b9-4c37-ed09-97a4-f1b1e8460e9c} - {c9e0648e-1b1f-4a79-90de-73c49b2e9377} - C:\WINDOWS\System32\nwxweeww.dll
[iE Add-Ons] - [Tools Menu]
O9 - Extra “Tool” Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
[iE Add-Ons] - [Tools Button]
O9 - Extra “Tool” Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
[system Options]
[startUp]
ComboFix 07-11-08.1 - tm 2007-11-11 11:57:30.5 - FAT32 x86
Running from: C:\Documents and Settings\tm\Pulpit\ComboFix.exe
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
C:\Documents and Settings\tm\Pulpit\Live Safety Center.lnk
C:\Documents and Settings\tm\Pulpit\Online Security Guide.lnk
C:\Documents and Settings\tm\Ulubione\Online Security Guide.lnk
C:\WINDOWS\System32\awvvu.dll
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\system32\iqcemqzy.dllbox
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\xxyyyvv.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk
C:\Documents and Settings\tm\Pulpit\Live Safety Center.lnk
C:\Documents and Settings\tm\Pulpit\Online Security Guide.lnk
C:\Documents and Settings\tm\Ulubione\Online Security Guide.lnk
C:\WINDOWS\system32\iqcemqzy.dllbox
C:\WINDOWS\system32\isass.exe
C:\WINDOWS\system32\uvvwa.bak2
C:\WINDOWS\system32\uvvwa.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_FMTR
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.
2007-11-11 11:48
2007-11-11 11:24 79,936 --a------ C:\WINDOWS\system32\nwxweeww.dll
2007-11-11 11:22 2,432 --a------ C:\WINDOWS\system32\unpr.sys
2007-11-10 21:01 58,368 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 19:40 85,056 --a------ C:\WINDOWS\system32\ujbmavfd.dll
2007-11-10 19:40 81,472 --a------ C:\WINDOWS\system32\kcvydqwb.dll
2007-11-10 19:33
2007-11-09 16:09 77,888 --a------ C:\WINDOWS\system32\ewemciqj.dll
2007-11-09 16:06 88,128 --a------ C:\WINDOWS\system32\sdukhqef.dll
2007-11-08 16:55
2007-11-08 15:26
2007-11-08 14:05 86,080 --a------ C:\WINDOWS\system32\pmlodujc.dll
2007-11-08 14:05 80,448 --a------ C:\WINDOWS\system32\hqqpodka.dll
2007-11-07 15:21 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-11-07 15:21 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-07 14:09 79,936 --a------ C:\WINDOWS\system32\oyqpildv.dll
2007-11-07 14:04 145,984 --a------ C:\WINDOWS\system32\yojqobmp.dll
2007-11-07 14:04 145,984 --a------ C:\WINDOWS\system32\iqcemqzy.dll
2007-11-04 15:43
2007-10-29 10:15
2007-10-29 09:39 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-29 09:39 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-10-28 09:10
2007-10-27 23:02
2007-10-26 18:25
2007-10-25 21:01 3,580 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-25 16:34
2007-10-24 15:12
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 20:20 --------- d-----w C:\Program Files\Anti-Blaxx
2007-10-01 21:59 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-01 21:59 --------- d–h--r C:\Documents and Settings\tm\Dane aplikacji\SecuROM
2007-10-01 08:15 310 ----a-w C:\Documents and Settings\tm\Dane aplikacji\regdatels.dat
2007-09-30 21:50 --------- d-----w C:\Program Files\Lomsel Shutdown
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-07 14:04 145984 --a------ C:\WINDOWS\system32\iqcemqzy.dll
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{c9e0648e-1b1f-4a79-90de-73c49b2e9377}]
2007-11-11 11:24 79936 --a------ C:\WINDOWS\System32\nwxweeww.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{11A69AE4-FBED-4832-A2BF-45AF82825583}”= C:\WINDOWS\system32\iqcemqzy.dll [2007-11-07 14:04 145984]
[HKEY_CLASSES_ROOT\CLSID{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoBandCustomize”=0 (0x0)
“NoToolbarCustomize”=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoBandCustomize”=0 (0x0)
“NoToolbarCustomize”=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iqcemqzy]
iqcemqzy.dll 2007-11-07 14:04 145984 C:\WINDOWS\system32\iqcemqzy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzlo32]
winzlo32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
“Notification Packages”=
“Authentication Packages”= msv1_0 C:\WINDOWS\System32\awvvu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\844d82c5]
rundll32.exe “C:\WINDOWS\System32\pmlodujc.dll”,b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
“C:\Program Files\Gadu-Gadu\gg.exe” /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
“D:\Office\Office12\GrooveMonitor.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\System32\LXSUPMON.EXE RUN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
“C:\Program Files\Common Files\BestsellerAntivirus\bm.exe” dm=http://bestsellerantivirus.com;’>http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
.
Contents of the ‘Scheduled Tasks’ folder
“2007-11-10 11:45:02 C:\WINDOWS\Tasks\Lomsel01102007_091625.job”
- C:\Program Files\Lomsel Shutdown\Shutdown.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 12:05:03
Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-11 12:06:04 - machine was rebooted
.
— E O F —