pytak
(Pytak666)
22 Marzec 2009 14:10
#1
Witam!
Mam problemy z drukarka przestala dzialac zainstalowalem nowe sterowniki i dzialala przez chwile ale znowu padla, po za tym podczas wlaczenia kamery przy skypie myszka wariuje i otwiera wszystko !Jeszcze system sie troche muli!rzeskanowalem nod 32 znalazl 7 wirusów i dalej to samo potem jeszcze combofix-em i nic sie nie zmieniło! aha i jeszcze przy kazdym wlaczeniu kompa zegar sie sam przestawia!oto log z HijackThis:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:48:30, on 2009-03-22 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero 7\InCD\InCD.exe D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe D:\WINDOWS\V0230Mon.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero 7\InCD\InCDsrv.exe D:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\msiexec.exe D:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [securDisc] C:\Program Files\Nero 7\InCD\NBHGui.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Nero 7\InCD\InCD.exe O4 - HKLM…\Run: [egui] “D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice O4 - HKLM…\Run: [V0230Mon.exe] D:\WINDOWS\V0230Mon.exe O4 - HKCU…\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [LightScribe Control Panel] D:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU…\Run: [Nowe Gadu-Gadu] “D:\Program Files\Nowe Gadu-Gadu\gg.exe” O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.77.33.2:8080/activex/AMC.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su2/CTL_V02002/ … /CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip…{F8143A0C-1091-4C55-B234-89333B696682}: NameServer = 202.96.128.133,202.96.128.188 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - D:\WINDOWS\Microsoft.NET \Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero 7\InCD\InCDsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe – End of file - 6407 bytes
ciemnowidz
(Henio Mazurek)
22 Marzec 2009 15:25
#2
Daj jeszcze log ze skanu ComboFixem.
Powinien być bezpośrednio na C.
Log daj na www.wklej.org lub www.wklej.eu a w poście tylko link.
pytak
(Pytak666)
22 Marzec 2009 15:34
#3
huber2t
(huber2t)
22 Marzec 2009 15:56
#4
Wklej do notatnika:
Folder::
D:\32788R22FWJFW
D:\FOUND.130
Plik -> zapisz jako -> CFScript.txt .
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->
Rozpocznie się usuwanie i powstanie log, który dasz na forum.
Logi dajesz na http://wklej.org a w poście dajesz tylko link