Problem z IE,wyskakujące okienka,czerwony pulpit

PAWEL51 · 29 Luty 2008 16:10

mam problem wyskakującymi okienkami IE.Informuje mnie ze mój komp jest zagrożony. Przy włączaniu kompa pojawia sie czerwony pulpit. Wskakuje mi też strona “oczyszczacz kompoterza”.Które logi mam przesłać? Komp mam od niedawna wiec proszę o w miarę dokładne instrukcje. Z góry dzięki.

voltmen · 29 Luty 2008 16:25

Na początek pobierz i uruchom program Smitfraudfix

Następnie wstaw logi z programów Hijackthis oraz Combofix

Tu Masz Instrukcję

arekmalek · 29 Luty 2008 16:31

Smitraudfix w trybiie awaryjnym , warto dodać

PAWEL51 · 29 Luty 2008 17:18

log z combo fix

i hijackthis

ale nie wiem czy logi pujda bo wyskakuje “rozszwrzenie log jesr zablokowane”

PAWEL51 · 29 Luty 2008 17:24

ComboFix 08-02-25.3 - Magda 2008-02-29 18:03:40.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.136 [GMT 1:00]

Running from: C:\Documents and Settings\Magda\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-29 )))))))))))))))))))))))))))))))

.

2008-02-29 16:10 . 2008-02-29 16:10

2008-02-26 14:55 . 2008-02-26 14:55

2008-02-25 17:59 . 2008-02-25 17:59

2008-02-25 16:48 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-02-25 16:47 . 2008-02-25 16:47

2008-02-23 14:49 . 2008-02-23 14:49

2008-02-23 12:38 . 2008-02-23 12:38

2008-02-23 12:36 . 2008-02-22 21:08 237,568 --a------ C:\WINDOWS\alofkmn.dll

2008-02-23 12:36 . 2008-02-22 21:08 90,112 --a------ C:\WINDOWS\fkxvkns.exe

2008-02-23 11:59 . 2008-02-23 11:59

2008-02-21 18:02 . 2008-02-21 18:02

2008-02-18 19:01 . 2008-02-18 19:01

2008-02-18 19:01 . 2008-02-18 19:01 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav

2008-02-18 19:01 . 2008-02-18 19:01 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav

2008-02-18 19:01 . 2008-02-18 19:02 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER

2008-02-18 19:01 . 2008-02-18 19:01 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE

2008-02-17 15:32 . 2008-02-17 15:32

2008-02-17 15:30 . 2008-02-17 15:30 715 --a------ C:\WINDOWS\unins000.dat

2008-02-17 11:31 . 2008-02-23 16:31

2008-02-17 11:31 . 2008-02-17 11:31 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-02-17 11:30 . 2008-02-17 11:32

2008-02-16 23:41 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-02-16 21:09 . 2008-02-16 21:12

2008-02-16 21:09 . 2008-02-16 21:09

2008-02-16 14:49 . 2008-02-17 11:10

2008-02-15 20:09 . 2008-02-28 19:59

2008-02-15 20:05 . 2008-02-16 15:39

2008-02-15 20:02 . 2008-02-15 20:02

2008-02-15 20:00 . 2008-02-15 20:00

2008-02-15 19:59 . 2008-02-15 19:59

2008-02-15 19:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-02-15 19:58 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

2008-02-15 19:58 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

2008-02-15 19:58 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

2008-02-15 19:58 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

2008-02-15 19:58 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe

2008-02-15 19:58 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

2008-02-15 19:57 . 2008-02-15 20:02

2008-02-15 19:56 . 2008-02-15 20:04 113,548 --a------ C:\WINDOWS\hpoins07.dat

2008-02-15 19:56 . 2005-05-24 09:22 21,124 --------- C:\WINDOWS\hpomdl07.dat

2008-02-15 19:55 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

2008-02-15 19:55 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-02-15 19:55 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys

2008-02-15 19:55 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

2008-02-15 19:55 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

2008-02-15 19:54 . 2005-04-08 02:51 606,208 -ra------ C:\WINDOWS\system32\hpotscl.dll

2008-02-15 19:54 . 2005-04-08 02:51 278,528 -ra------ C:\WINDOWS\system32\hpgwiamd.dll

2008-02-15 19:54 . 2005-03-08 05:39 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll

2008-02-15 19:54 . 2005-04-08 02:51 258,122 -ra------ C:\WINDOWS\system32\hpovst08.dll

2008-02-15 19:54 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-02-15 19:54 . 2004-08-03 22:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-02-15 19:51 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-02-15 19:51 . 2004-08-03 23:08 31,616 --a–c— C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-02-15 19:45 . 2008-02-15 19:45

2008-02-15 19:28 . 2008-02-27 17:32 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-02-15 10:27 . 2008-02-27 14:33

2008-02-15 10:27 . 2008-02-15 10:27

2008-02-15 10:26 . 2008-02-15 10:26

2008-02-15 10:25 . 2004-08-13 10:56 5,810 --a------ C:\WINDOWS\system32\drivers\ASACPI.sys

2008-02-14 21:19 . 2008-02-14 21:19

2008-02-14 21:19 . 2008-02-15 11:16 2,546 --a------ C:\WINDOWS\wincmd.ini

2008-02-14 21:19 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF

2008-02-14 21:19 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF

2008-02-14 21:19 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-02-14 21:19 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-02-14 21:19 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-02-14 21:19 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF

2008-02-14 21:19 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF

2008-02-14 21:09 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll

2008-02-14 21:09 . 2008-02-14 21:09 421 --a------ C:\WINDOWS\ODBC.INI

2008-02-14 21:08 . 2008-02-14 21:08

2008-02-14 21:07 . 2008-02-14 21:08

2008-02-14 21:07 . 2008-02-14 21:07

2008-02-14 21:06 . 2008-02-14 21:06

2008-02-14 21:01 . 2008-02-14 21:02

2008-02-14 20:47 . 2008-02-14 20:47

2008-02-14 20:47 . 2008-02-14 20:49

2008-02-14 20:47 . 2008-02-14 20:47

2008-02-14 20:36 . 2008-02-14 20:36 1,158 --a------ C:\WINDOWS\mozver.dat

2008-02-14 20:35 . 2008-02-14 20:35 0 --a------ C:\WINDOWS\nsreg.dat

2008-02-14 20:33 . 2008-02-14 20:34

2008-02-14 20:30 . 2008-02-14 20:33

2008-02-14 20:29 . 2008-02-14 20:29

2008-02-14 20:13 . 2008-02-14 20:13

2008-02-14 20:13 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2008-02-14 20:13 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-02-14 20:13 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-02-14 20:13 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-02-14 20:13 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-02-14 20:13 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-02-14 20:13 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-02-14 20:13 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-02-14 20:13 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-02-14 20:12 . 2008-02-25 17:59

2008-02-14 20:12 . 2003-03-19 04:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2008-02-14 20:12 . 2004-01-11 23:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2008-02-14 20:12 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-02-14 20:11 . 2008-02-14 20:12

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-25 13:59 --------- d-----w C:\Program Files\Usługi online

2008-02-14 13:25 --------- d-----w C:\Program Files\microsoft frontpage

2008-01-22 21:38 2,845,696 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-01-22 20:44 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2008-01-22 20:43 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2008-01-22 20:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2008-01-22 20:36 9,949,184 ----a-w C:\WINDOWS\system32\atioglx2.dll

2008-01-22 20:35 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2008-01-22 20:35 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2008-01-22 20:35 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2008-01-22 20:35 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2008-01-22 20:34 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2008-01-22 20:33 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2008-01-22 20:25 3,121,920 ----a-w C:\WINDOWS\system32\ati3duag.dll

2008-01-22 20:14 1,664,256 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2008-01-22 20:04 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll

2008-01-22 20:01 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll

2008-01-22 19:59 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2008-01-22 19:58 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll

2008-01-22 19:58 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-01-22 19:57 163,840 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2008-01-22 19:53 503,808 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll

2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll

2008-01-02 23:37 991,744 ----a-w C:\WINDOWS\system32\syssetup.dll

2008-01-02 23:37 1,548,288 ----a-w C:\WINDOWS\system32\sfcfiles.dll

2007-12-24 12:49 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2007-12-07 00:48 668,672 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUninst.exe

2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll

2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-11-14 11:54 2131392]

“BitComet”=“C:\Program Files\BitComet\BitComet.exe” [2008-02-01 08:20 2194744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SoundMan”=“SOUNDMAN.EXE” [2005-07-26 10:16 77824 C:\WINDOWS\SOUNDMAN.EXE]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 13:06 40048]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 23:12 49152]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“alofkmn”= {CD774B51-26F7-44B8-AACE-659B6974BAD1} - C:\WINDOWS\alofkmn.dll [2008-02-22 21:08 237568]

“bxlrvps”= {693EC628-55B1-446E-A6D1-52DF69F1FCCC} - C:\WINDOWS\bxlrvps.dll []

“DriveCD”= {94dc36f3-9201-4274-9cd4-8a3eaecb8e26} - C:\WINDOWS\Installer{94dc36f3-9201-4274-9cd4-8a3eaecb8e26}\DriveCD.dll [2008-02-23 12:36 17958]

“RunOnceVolume”= {d5e9f12a-3a7d-4e3a-9463-1c0f877fd983} - C:\WINDOWS\Installer{d5e9f12a-3a7d-4e3a-9463-1c0f877fd983}\RunOnceVolume.dll [2008-02-23 12:43 17958]

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

–a------ 2007-04-19 13:26 484904 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\BitComet\BitComet.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“15434:TCP”= 15434:TCP:BitComet 15434 TCP

“15434:UDP”= 15434:UDP:BitComet 15434 UDP

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-29 18:05:03

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-29 18:05:40

ComboFix-quarantined-files.txt 2008-02-29 17:05:26

ComboFix2.txt 2008-02-28 17:58:12

ComboFix3.txt 2008-02-28 16:59:18

.

2008-02-24 14:01:13 — E O F —

oraz hjt