Problem z Google - reklamy zamiast stron które chcę otworzyć

system · 24 Listopad 2007 20:16

Gdy np. w Google wpisuje frazę “skarby” otwieram pierwszą stronę, niby się ładuje i po chwili przenosi mnie na jakieś strony xxx. Dopiero gdy potwierdzę link w miejscu gdzie wpisujemy adres strony eneterem, to strona zaczyna się poprawnie ładować.

Co z tym zrobić?

r2911 · 24 Listopad 2007 20:36

a jakiej przeglądarki używasz ?? może jej wina

system · 24 Listopad 2007 20:40

Używam Firefoxa, ale w IE ten sam problem.

matio · 24 Listopad 2007 20:49

to może być sprawka jakiegoś syfu. Użyj Combofix i hijackthis a potem daj z nich obydwu logi. http://forum.dobreprogramy.pl/viewtopic.php?t=36654

asterisk · 24 Listopad 2007 20:56

Zapoznaj się proszę z tą stroną i zmień tytuł na konkretny, używając

funkcji

system · 24 Listopad 2007 21:00

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:59:47, on 2007-11-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Windows\ADS.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\NMain.exe C:\PROGRA~1\NORTON~1\navw32.exe D:\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Tlen\tlen.exe C:\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [i/O Controllers] svcnet.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [dmklv.exe] C:\WINDOWS\system32\dmklv.exe O4 - HKLM…\Run: [Detect] D:\iNTERNET Turbo\iDetect.exe /auto O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [EdHTML] D:\Arek\Binboy\EdHTMLv5.0\EdHTML.exe /min O4 - HKCU…\Run: [i/O Controllers] svcnet.exe O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_7 -reboot 1 O4 - HKCU…\Run: [ADS] C:\Windows\ADS.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra ‘Tools’ menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} - http://mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{27DDFB80-3184-4CDB-8F0B-32CF58446435}: NameServer = 85.255.116.27,85.255.112.114 O17 - HKLM\System\CCS\Services\Tcpip…{5740CB56-B604-4F06-A26F-853C53478337}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CCS\Services\Tcpip…{7639FDA1-8311-4CC8-9647-2914F84D71FA}: NameServer = 85.255.116.27,85.255.112.114 O17 - HKLM\System\CCS\Services\Tcpip…{F96D3C82-5A68-4965-BEFA-89F727220598}: NameServer = 85.255.116.27,85.255.112.114 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.27 85.255.112.114 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.27 85.255.112.114 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.27 85.255.112.114 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\STACJA~1\USTAWI~1\Temp\hpdj.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe – End of file - 10700 bytes

btw. Ciekawy i przydatny program.

matio · 24 Listopad 2007 21:19

a gdzie log z combofix? jest on na dysku C:\

system · 24 Listopad 2007 21:39

Po prostu nie dałem loga z niego. To na razie chyba wystarczy?

system · 24 Listopad 2007 21:42

To nie wystarczy! Po co zwracasz się o pomoc, jeżeli sam chcesz decydować o podjęciu odpowiednich działań. HijackThis sam nic nie usuwa i śmieci jak były, tak i są na Twim komputerze.

Rozpocznij od użycia narzędzia Fixwareout, a następnie stosujesz Combofix i zamieszczasz logi.

Narzędzia te usuwają automatycznie infekcje, które posiadasz.

system · 24 Listopad 2007 22:13

Ok, myślę, że Fixwareout rozwiązał problem, ale dla pewności wklejam log:

Username “stacja robocza” - 2007-11-24 23:02:21 [Fixwareout edited 9/01/2007] ~Prerun check HKLM\SOFTWARE~\CurrentVersion\Run\ =“dmklv” HKLM\SOFTWARE~\Winlogon\ “System”=“kdkpu.exe” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters “nameserver”=“85.255.116.27 85.255.112.114” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{27DDFB80-3184-4CDB-8F0B-32CF58446435} “nameserver”=“85.255.116.27,85.255.112.114” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{7639FDA1-8311-4CC8-9647-2914F84D71FA} “nameserver”=“85.255.116.27,85.255.112.114” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{F96D3C82-5A68-4965-BEFA-89F727220598} “nameserver”=“85.255.116.27,85.255.112.114” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{27DDFB80-3184-4CDB-8F0B-32CF58446435} “DhcpNameServer”=“85.255.116.27,85.255.112.114” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{7639FDA1-8311-4CC8-9647-2914F84D71FA} “DhcpNameServer”=“85.255.116.27,85.255.112.114” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{9D772007-F1BE-4159-8F2D-09E5321E9120} “DhcpNameServer”=“85.255.116.27,85.255.112.114” HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces{F96D3C82-5A68-4965-BEFA-89F727220598} “DhcpNameServer”=“85.255.116.27,85.255.112.114” Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS. System was rebooted successfully.~ Postrun check HKLM\SOFTWARE~\Winlogon\ “system”="" … HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins “}7E46F5A53F19-8F3A-2D24-FE40-21C77CA9{” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins “}3F6A51E0FCAB-AEEB-EDC4-FA9D-EB206E3B{” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins “vlkmd” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls “0mdm” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls “1mdm” Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion “jwrsc” Value deleted HKCR\CLSID{7CB1B01E-7A5D-47DD-A4B6-12C44CA7253A}_h\4 Deleted. … ~~~Misc files. …~~~ Checking for older varients. … ~~~Other C:\WINDOWS\Temp\dmklv.ren 0 2007-01-11 C:\WINDOWS\Temp\kdkpu.ren 72277 2007-06-13~~~ Current runs (hklm hkcu “run” Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NVMixerTray”="“C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe”" “NvCplDaemon”=“RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” “nwiz”=“nwiz.exe /install” “HP Software Update”="“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe”" “HP Component Manager”="“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”" “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe” “DeviceDiscovery”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” “NeroCheck”=“C:\WINDOWS\system32\\NeroCheck.exe” “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” “I/O Controllers”=“svcnet.exe” “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe” “ccApp”="“C:\Program Files\Common Files\Symantec Shared\ccApp.exe”" “Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer” “Detect”=“D:\iNTERNET Turbo\iDetect.exe /auto” “NvMediaCenter”=“RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit” “QuickTime Task”="“C:\Program Files\QuickTime\qttask.exe” -atboottime" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “EdHTML”=“D:\Arek\Binboy\EdHTMLv5.0\EdHTML.exe /min” “I/O Controllers”=“svcnet.exe” “updateMgr”="“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_7 -reboot 1" “ADS”=“C:\Windows\ADS.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” … Hosts file was reset, If you use a custom hosts file please replace it… ~~~End report~~~

Za pomoc bardzo dziękuje!

system · 24 Listopad 2007 22:31

W systemie nadal są śmieci!

Po użyciu Fixwareout miałeś zastosować Combofix i wkleić log.

No cóż Twój wybór.

Anathae · 28 Listopad 2007 20:27

Witam, mam ten sam problem co powyżej. Na dokładkę >< krzaczy mi się explorer, ieexplore a w moich dokumentach mam 28000!! plików TMP o nazwach jak ‘pos1A00’ - kiedy usiłuję je usunąć explorer się krzaczy (może ze względu na ilość).

Poszperałam po forum i wyszło na to, że powinnam użyć 3 programów: Hijackthis, ComboFix i Fixwareout.

Pytanie jest takie, w jakiej kolejności się za to zabrać?

EDIT:

System: XP, antywirus: avast.

DeadOrAlive · 28 Listopad 2007 20:32

http://forum.dobreprogramy.pl/viewtopic.php?t=36654 tu masz instrukcję

Anathae · 28 Listopad 2007 22:10

Wiem, czytałam ten temat Chodziło mi o to czy ma jakiez znaczenie w jakiej kolejności używać tych 3 programów.

A tu prosze log z HJ:

Logfile of HijackThis v1.99.1 Scan saved at 23:03:52, on 2005-01-01 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\StorageProtector\strpmon.exe C:\Program Files\Insider\Insider.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\windows C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Karo\Moje dokumenty\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [QuickTime Task] “E:\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM…\Run: [salestart] “C:\Program Files\Common Files\SpyGuardPro\bm.exe” dm=http://spyguardpro.com;’>http://spyguardpro.com; ad=http://spyguardpro.com O4 - HKLM…\Run: [rtasks] C:\Program Files\SpyGuardPro\rtasks.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [salestart(1)] “C:\Program Files\Common Files\StorageProtector\strpmon.exe” dm=http://storageprotector.com ad=http://storageprotector.com sd=http://inspaid.storageprotector.com O4 - HKLM…\Run: [e08075ef] rundll32.exe “C:\WINDOWS\system32\hhqbymft.dll”,b O4 - HKCU…\Run: [insider] C:\Program Files\Insider\Insider.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s … DEXAXO.cab O17 - HKLM\System\CCS\Services\Tcpip…{23717C14-8011-4D56-9234-5F52752201C0}: NameServer = 217.30.129.149,217.30.137.200 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows

=================EDIT==============

Log z ComboFix (w trakcie właczył mi się avast z ostrzeżeniem o trojanie, nie jestem pewna czy to ma jakiś wpływ na skan i czy mam zrobić kolejny)

ComboFix 07-11-19.4C - Karo 2005-01-01 23:15:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.254 [GMT 1:00] Running from: C:\Documents and Settings\Karo\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Dane aplikacji\NetMon C:\Documents and Settings\LocalService\Dane aplikacji\NetMon\domains.txt C:\Documents and Settings\LocalService\Dane aplikacji\NetMon\log.txt C:\Documents and Settings\NetworkService\Dane aplikacji\NetMon C:\Documents and Settings\NetworkService\Dane aplikacji\NetMon\domains.txt C:\Documents and Settings\NetworkService\Dane aplikacji\NetMon\log.txt C:\Program Files\Common Files\StorageProtector C:\Program Files\Common Files\StorageProtector\strpmon.exe C:\Program Files\Common Files\Yazzle1560OinAdmin.exe C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe C:\Program Files\inetget2 C:\Program Files\Insider C:\Program Files\Insider\Insider.exe C:\Program Files\network monitor C:\Program Files\Temporary C:\Program Files\Temporary\wininstall.exe.lzma C:\Program Files\WinAble C:\Program Files\WinAble\winable.exe.lzma C:\Program Files\Windows NT\prokybozu.html C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\UGA6P C:\WINDOWS\b122.exe C:\WINDOWS\b128.exe C:\WINDOWS\b147.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\edeeg.ini C:\WINDOWS\system32\edeeg.ini2 C:\WINDOWS\system32\geede.dll C:\WINDOWS\system32\h12 C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\rkdoskon.dllbox C:\WINDOWS\system32\s21 C:\WINDOWS\system32\x24 C:\WINDOWS\system32\x24\jumper83122.exe C:\WINDOWS\TTC-4444.exe C:\WINDOWS\uninstall_nmon.vbs . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR ((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 ))))))))))))))))))))))))))))))) . 2007-11-22 08:36 78,400 --a------ C:\WINDOWS\system32\aapsnllg.dll 2007-11-21 02:21 78,400 --a------ C:\WINDOWS\system32\wvxujtwk.dll 2007-11-19 23:31 0 C:\WINDOWS\system32\tfmybqhh.tmp 2007-11-19 18:13 832,479 —hs---- C:\WINDOWS\system32\tgfymnnk.ini 2007-11-18 05:46 78,400 --a------ C:\WINDOWS\system32\ybsujvpa.dll 2007-11-18 01:03 689,471 —hs---- C:\WINDOWS\system32\wagpmlpx.ini 2007-11-06 00:21 2007-11-06 00:20 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-10-22 23:24 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-19 17:14 78,400 ----a-w C:\WINDOWS\system32\hsncaiuh.dll 2007-11-18 06:18 87,104 ----a-w C:\WINDOWS\system32\brentxpn.dll 2007-11-18 06:18 78,400 ----a-w C:\WINDOWS\system32\rludctcd.dll 2007-11-18 04:49 87,104 ----a-w C:\WINDOWS\system32\jvachoye.dll 2007-11-18 00:03 78,400 ----a-w C:\WINDOWS\system32\dihjnoue.dll 2007-11-05 23:25 28,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-28 22:22 --------- d-----w C:\Program Files\Java 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-10-03 21:07 65,536 ----a-w C:\WINDOWS\IFinst27.exe 2007-10-02 18:35 --------- d-----w C:\Documents and Settings\Karo\Dane aplikacji\Skype 2007-10-02 15:25 --------- d-----w C:\Program Files\Skype 2007-10-02 15:24 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-02 15:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2005-07-29 15:24 472 --sha-r C:\WINDOWS\S2Fyb2xh\mZIVvZU1.vbs . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{01CD0B31-9154-45F2-9414-F5D64B74EAF6}] 2005-01-05 04:08 36352 --a------ C:\WINDOWS\system32\mljgedd.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2005-01-01 01:45 216160 --a------ C:\WINDOWS\system32\rkdoskon.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{aa69eaba-5f77-4cf0-8ce4-62cfb7794a58}] 2005-01-01 00:06 78400 --a------ C:\WINDOWS\system32\dphnevyq.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{BBE7924E-2D1B-49A8-89A0-BBB24B05C2B3}] 2006-01-05 21:28 83456 --a------ C:\WINDOWS\system32\btcs.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SoundMan”=“SOUNDMAN.EXE” [2006-08-03 04:12 C:\WINDOWS\soundman.exe] “QuickTime Task”=“E:\QuickTime\qttask.exe” [2007-04-27 08:41] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” [2001-12-06 17:01] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-10-25 17:20] “e08075ef”=“C:\WINDOWS\system32\hhqbymft.dll” [2005-01-01 00:07] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{01CD0B31-9154-45F2-9414-F5D64B74EAF6}”= C:\WINDOWS\system32\mljgedd.dll [2005-01-05 04:08 36352] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgedd] mljgedd.dll 2005-01-05 04:08 36352 C:\WINDOWS\system32\mljgedd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rkdoskon] rkdoskon.dll 2005-01-01 01:45 216160 C:\WINDOWS\system32\rkdoskon.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 C:\WINDOWS\system32\geede.dll R0 qqpnabpa;qqpnabpa;C:\WINDOWS\system32\drivers\cdmtkpch.dat S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-19 23:31:56 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-19 23:33:47 - machine was rebooted . — E O F —

lukasz913 · 2 Grudzień 2007 16:57

Witam mam ten sam problem, oto mje logi:

hijack:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:42, on 2007-12-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\PROGRA~1\QUICKT~1\qttask.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\eMule\emule.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {C8ED1852-D794-A066-BB5A-8C8A37842C96} - C:\WINDOWS\system32\xohycex.dll (file missing) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\PROGRA~1\QUICKT~1\qttask.exe” -atboottime O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKCU…\Run: [seab] “C:\PROGRA~1\YSTEM3~1\winspool.exe” -vt yazb O4 - HKCU…\Run: [Xbtjn] “C:\Documents and Settings\Łukasz\Dane aplikacji\a?sembly??plorer.exe” O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne … nicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://cf.sobotka.net/activex/AxisCamControl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{C7035154-095B-44F9-AB58-6B004F9DBE2B}: NameServer = 85.128.107.242,213.134.128.19 O17 - HKLM\System\CCS\Services\Tcpip…{F26B3A82-E53B-48BB-AE5C-E622DF872D9A}: NameServer = 85.128.107.242,213.134.128.19 O21 - SSODL: E404Helper - {199f9717-3152-4dff-9749-38ae8d961b0d} - e404d.dll (file missing) O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe – End of file - 5712 bytes

oraz z combofixa:

ComboFix 07-12-02.5 - Łukasz 2007-12-02 17:15:28.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.54 [GMT 1:00] Running from: C:\DOCUME~1\ŁUKASZ\USTAWI~1\Temp\Temporary Internet Files\Content.IE5\Q3Y9G56P\ComboFix[1].exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Łukasz\Dane aplikacji\ASEMBL~1 C:\Documents and Settings\Łukasz\Dane aplikacji\ASEMBL~1??plorer.exe C:\Documents and Settings\Łukasz\Dane aplikacji\ICROSO~1 C:\Documents and Settings\Łukasz\Dane aplikacji\Install.dat C:\Documents and Settings\Łukasz\Dane aplikacji\MANTEC~1 C:\Documents and Settings\Łukasz\Dane aplikacji\SMBOLS~1 C:\Documents and Settings\Łukasz\Menu Start\Programy\Brave-Sentry C:\Documents and Settings\Łukasz\Menu Start\Programy\Brave-Sentry\BraveSentry.lnk C:\Documents and Settings\Łukasz\Menu Start\Programy\Brave-Sentry\Uninstall.lnk C:\Documents and Settings\Łukasz\Menu Start\Programy\Outerinfo C:\Documents and Settings\Łukasz\Menu Start\Programy\Outerinfo\Terms.lnk C:\Documents and Settings\Łukasz\Menu Start\Programy\Outerinfo\Uninstall.lnk C:\Documents and Settings\Łukasz\Moje dokumenty\DOBE~1 C:\Documents and Settings\Łukasz\Moje dokumenty\MBOLS~1 C:\Documents and Settings\Łukasz\Moje dokumenty\WNSXS~1 C:\Documents and Settings\Łukasz\spooldr.ini C:\Program Files\asembl~1 C:\Program Files\bravesentry C:\Program Files\bravesentry\BraveSentry.lic C:\Program Files\bravesentry\BraveSentry0.bs C:\Program Files\bravesentry\BraveSentry1.bs C:\Program Files\Common Files\crosof~1.net C:\Program Files\Common Files\Yazzle1122OinAdmin.exe C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\Program Files\inetget2 C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\00C6CE2A C:\Program Files\myglobalsearch\bar\Cache\00C6D483 C:\Program Files\myglobalsearch\bar\Cache\00C76D0A.bin C:\Program Files\myglobalsearch\bar\Cache\00C77854.bin C:\Program Files\myglobalsearch\bar\Cache\00C77A19.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\OiUninstaller.exe C:\Program Files\outerinfo\outerinfo.ico C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Temporary C:\Program Files\WinAble C:\Program Files\WinAble\winable.exe C:\Program Files\ystem3~1 C:\Program Files\ystem3~1?ystem32\ C:\Program Files\ystem3~1\winspool.exe C:\WINDOWS\b122.exe C:\WINDOWS\b128.exe C:\WINDOWS\crosof~1.net C:\WINDOWS\g32.txt C:\WINDOWS\s32.txt C:\WINDOWS\stem32~1 C:\WINDOWS\system32\aspimgr.exe C:\WINDOWS\system32\dllh8jkd1q8.exe C:\WINDOWS\system32\drivers\ctl_w32.sys C:\WINDOWS\system32\drivers\ip6fw.sys C:\WINDOWS\system32\drivers\runtime2.sys C:\WINDOWS\system32\drivers\smtpdrv.sys C:\WINDOWS\system32\racle~1 C:\WINDOWS\system32\sstem3~1 C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\vedxga3me2.exe C:\WINDOWS\system32\vedxga4m1et4.exe C:\WINDOWS\system32\vedxga4me1.exe C:\WINDOWS\system32\vx.tll C:\WINDOWS\system32\winservcs32.dll C:\WINDOWS\system32\winsub.xml C:\WINDOWS\system32\wnsapisu32.exe C:\WINDOWS\system32\xsx.dll C:\WINDOWS\system32\ystem~1 C:\WINDOWS\Temp\1178377765.exe C:\WINDOWS\Temp\1331833892.exe C:\WINDOWS\Temp\900526570.exe C:\WINDOWS\Temp\999781336.exe C:\WINDOWS\tsitra.exe C:\WINDOWS\ws386.ini D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ASPIMGR -------\LEGACY_DRIVER -------\LEGACY_FCI -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 -------\LEGACY_SMTPDRV -------\LEGACY_SYMAVC32 -------\LEGACY_SYSLIBRARY -------\asc355O -------\aspimgr -------\Driver -------\FCI -------\runtime -------\smtpdrv ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-01 18:38 . 2007-12-01 18:38 2007-11-29 21:18 . 2007-11-29 21:18 51,712 --a------ C:\WINDOWS\system32\e404d.dll 2007-11-20 22:45 . 2007-11-20 22:45 2007-11-20 22:44 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-20 22:42 . 2007-11-20 22:42 2007-11-20 22:41 . 2007-11-20 22:41 2007-11-18 21:01 . 2007-11-18 21:01 2007-11-16 00:41 . 2007-11-16 00:41 643 --a------ C:\WINDOWS\system32\MRT.INI 2007-11-14 04:42 . 2007-11-14 04:42 2007-11-14 04:03 . 2007-11-14 04:03 2007-11-13 16:40 . 2007-11-13 16:40 2007-11-07 21:20 . 2007-11-07 21:20 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 15:16 402,432 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2007-11-15 15:16 402,432 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 21:07 --------- d-----w C:\Program Files\Lexmark X1100 Series 2007-10-28 21:59 --------- d-----w C:\Program Files\Wykresy 2007-10-28 20:01 --------- d-----w C:\Program Files\Arkadiusz Jachnik 2007-10-25 16:57 8,483,328 ------w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-15 12:23 98,304 ----a-w C:\WINDOWS\system32\LtTtf14n.Dll 2007-10-15 12:23 94,208 ----a-w C:\WINDOWS\system32\ltdoc14n.dll 2007-10-15 12:23 89,232 ----a-w C:\WINDOWS\system32\LPCPN05N.dll 2007-10-15 12:23 86,016 ----a-w C:\WINDOWS\system32\lffax14n.dll 2007-10-15 12:23 85,136 ----a-w C:\WINDOWS\system32\LPINS05N.dll 2007-10-15 12:23 77,898 ----a-w C:\WINDOWS\system32\lfjb214n.dll 2007-10-15 12:23 72,848 ----a-w C:\WINDOWS\system32\LpTxt05n.dll 2007-10-15 12:23 703,632 ----a-w C:\WINDOWS\system32\LPRES05N.DLL 2007-10-15 12:23 695,440 ----a-w C:\WINDOWS\system32\LPDLG05N.DLL 2007-10-15 12:23 68,752 ----a-w C:\WINDOWS\system32\Lpdrv05n.DLL 2007-10-15 12:23 65,536 ----a-w C:\WINDOWS\system32\ltserial.dll 2007-10-15 12:23 642,192 ----a-w C:\WINDOWS\system32\LPUIR05r.dll 2007-10-15 12:23 56,464 ----a-w C:\WINDOWS\system32\LPUNI05N.dll 2007-10-15 12:23 56,464 ----a-w C:\WINDOWS\system32\LPRPC05u.dll 2007-10-15 12:23 52,368 ----a-w C:\WINDOWS\system32\LPEML05N.DLL 2007-10-15 12:23 507,024 ----a-w C:\WINDOWS\system32\LtAct14n.dll 2007-10-15 12:23 48,272 ----a-w C:\WINDOWS\system32\LPRNT05N.DLL 2007-10-15 12:23 434,176 ----a-w C:\WINDOWS\system32\ltkrn14n.dll 2007-10-15 12:23 38,032 ----a-w C:\WINDOWS\system32\LPUMD05n.dll 2007-10-15 12:23 364,544 ----a-w C:\WINDOWS\system32\LFCMP14n.dll 2007-10-15 12:23 35,984 ----a-w C:\WINDOWS\system32\LPPMN05u.DLL 2007-10-15 12:23 32,768 ----a-w C:\WINDOWS\system32\Lfwmf14n.dll 2007-10-15 12:23 262,144 ----a-w C:\WINDOWS\system32\LTDIS14n.dll 2007-10-15 12:23 253,952 ----a-w C:\WINDOWS\system32\LTEml14n.dll 2007-10-15 12:23 241,664 ----a-w C:\WINDOWS\system32\ltefx14n.dll 2007-10-15 12:23 228,496 ----a-w C:\WINDOWS\system32\LpPdf05n.dll 2007-10-15 12:23 224,400 ----a-w C:\WINDOWS\system32\LPKRN05N.DLL 2007-10-15 12:23 221,184 ----a-w C:\WINDOWS\system32\Lvkrn14n.dll 2007-10-15 12:23 2,199,552 ----a-w C:\WINDOWS\system32\PdfDll32.dll 2007-10-15 12:23 155,648 ----a-w C:\WINDOWS\system32\LTSGM14n.dll 2007-10-15 12:23 155,648 ----a-w C:\WINDOWS\system32\ltfil14n.dll 2007-10-15 12:23 146,576 ----a-w C:\WINDOWS\system32\LpDoc05n.dll 2007-10-15 12:23 142,480 ----a-w C:\WINDOWS\system32\ltact.dll 2007-10-15 12:23 139,264 ----a-w C:\WINDOWS\system32\lfpdf14n.dll 2007-10-15 12:23 138,384 ----a-w C:\WINDOWS\system32\LpHTM05n.dll 2007-10-15 12:23 138,384 ----a-w C:\WINDOWS\system32\LpEmf05n.dll 2007-10-15 12:23 113,808 ----a-w C:\WINDOWS\system32\LPWSE05n.exe 2007-10-15 12:23 109,712 ----a-w C:\WINDOWS\system32\LpRTF05n.dll 2007-10-15 12:23 106,680 ----a-w C:\WINDOWS\system32\LPUID05n.dll 2007-10-15 12:23 1,703,936 ----a-w C:\WINDOWS\system32\LTCLR14n.dll 2007-10-15 12:23 1,637,520 ----a-w C:\WINDOWS\system32\LPUIT05N.dll 2007-10-15 12:23 1,433,600 ----a-w C:\WINDOWS\system32\LTDic14n.dll 2007-10-15 12:23 1,396,736 ----a-w C:\WINDOWS\system32\ltann14n.dll 2007-10-15 12:23 1,122,304 ----a-w C:\WINDOWS\system32\ltimg14n.dll 2007-09-18 17:54 3,335 --sha-r C:\WINDOWS\system32\msvc32.dll 2007-09-18 17:52 59,342 ----a-w C:\WINDOWS\system32\msdnc0.exe 2007-09-18 17:52 58,880 ----a-w C:\WINDOWS\system32\fci.exe . C:\WINDOWS\system32\drivers\tcpip.sys … is infected (additional data below) 402,432 2007-11-15 15:16:18 C:\WINDOWS\system32\drivers\tcpip.sys 402,432 2007-11-15 15:16:16 C:\WINDOWS\system32\dllcache\tcpip.sys 359,040 2004-08-03 22:14:42 C:\WINDOWS$NtUninstallKB893066$\tcpip.sys 332,928 2002-08-29 00:58:12 C:\WINDOWS$NtServicePackUninstall$\tcpip.sys 359,040 2006-02-23 21:07:02 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys 359,808 2005-05-25 19:04:02 C:\WINDOWS$NtUninstallKB913446$\tcpip.sys 359,936 2005-05-25 19:07:12 C:\WINDOWS$hf_mig$\KB893066\SP2QFE\tcpip.sys 360,448 2006-01-13 17:07:08 C:\WINDOWS$hf_mig$\KB913446\SP2QFE\tcpip.sys 360,576 2006-04-20 13:18:36 C:\WINDOWS$hf_mig$\KB917953\SP2QFE\tcpip.sys 359,808 2006-02-23 21:07:02 C:\WINDOWS$NtUninstallKB917953$\tcpip.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{C8ED1852-D794-A066-BB5A-8C8A37842C96}] C:\WINDOWS\system32\xohycex.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Seab”=“C:\PROGRA~1\YSTEM3~1\winspool.exe” [] “Xbtjn”=“C:\Documents and Settings\Łukasz\Dane aplikacji\a?sembly??plorer.exe” [] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [2005-07-26 14:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2006-02-20 16:00] “Sony Ericsson PC Suite”=“C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2005-10-26 16:17] “SoundMan”=“SOUNDMAN.EXE” [2005-01-20 20:04 C:\WINDOWS\soundman.exe] “Lexmark X1100 Series”=“C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” [2003-08-19 16:09] “QuickTime Task”=“C:\PROGRA~1\QUICKT~1\qttask.exe” [2006-12-15 18:01] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-02-11 19:20:26] Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-03 19:06:37] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-02-19 17:22:27] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “Ghp`amfUbrhLds”= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “Mn@iboddPubswLfov”= 0 (0x0) “Mn@mlrf”= 0 (0x0) “MnOndNeg”= 0 (0x0) “MnQtm”= 0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “E404Helper”= {199f9717-3152-4dff-9749-38ae8d961b0d} - e404d.dll [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime R0 ndisrd;ndisrd;C:\WINDOWS\system32\drivers\ndisrd.sys S2 sb70531432;Wi523173Shell Control Servic;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 M2400;IEEE 802.11b Wireless Network Driver;C:\WINDOWS\system32\DRIVERS\M2400.sys S3 rtl8185;802.11g Wireless LAN PCI Card Driver;C:\WINDOWS\system32\DRIVERS\rtl8185.sys S3 SjyPkt;SjyPkt;??\C:\WINDOWS\System32\Drivers\SjyPkt.sys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs cb63718632 sb70531432 . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 17:21:27 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 17:22:17 - machine was rebooted . — E O F —

system · 2 Grudzień 2007 17:43

nie lepiej zrobić swój temat ??