PROSZE O POMOC sprawdzcie mojego loga na pasku zadan pojawia mi sie ikona mrugajaca jak na nia klikne to nie pokazuje sie zadne opcje tylko wchodzi mi na strone http://www.puresafetyhere.com co chwilke pojawia mi sie chmurka system alert dodam jeszcze ze ta stronka uruchamia sie automatycznie przy kazdym uruchomieniu IE a strona startowa przestawia mi sie automatycznie na nia

Logfile of HijackThis v1.99.1

Scan saved at 15:15:52, on 2008-02-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NetProject\scit.exe

C:\Program Files\NetProject\sbmntr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Winamp\Winampa.exe

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\V0230Mon.exe

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\NetProject\scm.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\NetProject\sbsm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Miron\Pulpit\Misiak antyvir\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202642468.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”

O4 - HKLM…\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM…\Run: [V0230Mon.exe] C:\WINDOWS\V0230Mon.exe

O4 - HKLM…\Run: [CreativeTaskScheduler] “C:\Program Files\Creative\Shared Files\CTSched.exe” /logon

O4 - HKLM…\Run: [Creative Software Update] “C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe” /Silent

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET Smart Security\egui.exe” /hide /waitservice

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [Creative Live! Cam Manager] “C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe”

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip…{F3E51F6B-29F5-427C-942C-A0B690C927C1}: NameServer = 194.204.152.34,194.204.159.1

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Użyj SmitFraudFix z opcji 2, w trybie awaryjnym. Opis ( w połowie linku )

Potem daj log z ComboFix

zrobilem jak napisales i problem zniknął WIELKIE DZIĘKI czy mam dać loga z ComboFIX a jesli tak to uruchamia sie go(ComboFix) w trybie awaryjnym ???

Możesz dać, zobaczymy czy jeszcze jakiś syf jest w systemie

Nie

Wklejam loga z ComboFix

ComboFix 08-02-18.1 - Miron 2008-02-18 22:12:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.124 [GMT 1:00]

Running from: C:\Documents and Settings\Miron\Pulpit\combofix\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))

.

2008-02-17 18:44 . 2008-02-17 18:44 2,994 --a------ C:\WINDOWS\system32\tmp.reg

2008-02-17 18:20 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-02-17 18:20 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-02-17 18:20 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe

2008-02-17 18:20 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-02-17 18:20 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-02-17 18:20 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-02-17 18:20 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-02-14 09:18 . 2008-02-14 09:18 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-02-11 17:56 . 2008-02-11 17:56

2008-02-11 17:55 . 2008-02-11 18:01

2008-02-11 17:55 . 2008-02-11 17:55

2008-02-10 15:00 . 2008-02-10 15:04

2008-02-10 14:10 . 2008-02-16 21:04

2008-02-10 12:22 . 2008-02-10 15:04

2008-02-06 21:48 . 2008-02-06 21:48

2008-01-30 16:52 . 2008-01-30 16:52

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-18 19:18 --------- d-----w C:\Documents and Settings\Miron\Dane aplikacji\Skype

2008-02-10 13:38 --------- d-----w C:\Program Files\Google

2008-01-22 12:33 --------- d-----w C:\Documents and Settings\Miron\Dane aplikacji\Nokia

2008-01-20 19:57 --------- d-----w C:\Documents and Settings\Miron\Dane aplikacji\BearShare

2008-01-14 20:01 --------- d-----w C:\Documents and Settings\Miron\Dane aplikacji\Nokia Multimedia Player

2008-01-05 07:41 --------- d-----w C:\Documents and Settings\Miron\Dane aplikacji\HP

2008-01-03 02:00 --------- d-----w C:\Program Files\MSXML 4.0

2008-01-01 17:44 --------- d-----w C:\Program Files\HP

2008-01-01 17:44 --------- d-----w C:\Program Files\Common Files\HP

2008-01-01 17:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP

2008-01-01 17:42 --------- d-----w C:\Program Files\Hewlett-Packard

2008-01-01 17:41 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2007-12-07 01:08 662,016 ----a-w C:\WINDOWS\system32\wininet.dll

2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-10-14 19:28 21,840 ----a-w C:\Documents and Settings\Miron\Dane aplikacji\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-10-13 16:20 20058152]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39 2119104]

“Creative Live! Cam Manager”=“C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe” [2006-09-06 08:42 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2005-11-11 12:47 7311360]

“nwiz”=“nwiz.exe” [2005-11-11 12:47 1519616 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2005-11-11 12:47 86016]

“SoundMan”=“SOUNDMAN.EXE” [2002-10-16 17:24 47104 C:\WINDOWS\SOUNDMAN.EXE]

“WinFast Schedule”=“C:\Program Files\WinFast\WFTVFM\WFWIZ.exe” [2006-04-27 15:18 344064]

“WinampAgent”=“C:\Program Files\Winamp\Winampa.exe” [2007-05-30 17:08 24576]

“AVFX Engine”=“C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-08-16 00:12 24576]

“V0230Mon.exe”=“C:\WINDOWS\V0230Mon.exe” [2006-09-06 18:01 32768]

“CreativeTaskScheduler”=“C:\Program Files\Creative\Shared Files\CTSched.exe” [2006-01-09 03:43 53340]

“Creative Software Update”=“C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe” [2006-06-08 15:41 422029]

“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-03-23 13:20 227328]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-05-11 23:12 49152]

“egui”=“C:\Program Files\ESET\ESET Smart Security\egui.exe” [2007-11-23 21:51 1410304]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360]

“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26 29696]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 13:50]

R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 14:20]

R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 13:49]

R3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-23 18:00]

R3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-09-28 18:01]

R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 15:55]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{7dfc752c-735b-11dc-8629-001485753cf9}]

\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{beeae932-7dc0-11dc-8657-001485753cf9}]

\Shell\AutoRun\command - G:\LaunchU3.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-18 22:14:41

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-02-18 22:15:36

.

2008-02-14 08:18:43 — E O F —

Log z ComboFixa jest czysty!

PS: A tak prywatnie, to dlaczego nie chcesz ( lub nie możesz ) przestrzegać tego -->http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=213350 ?

jessi

Dziękuje za pomoc, a z tym wklejaniem to nastepnym jak zajdzie potrzeba razem wkleje juz na strone po prostu nie zwróciłem na to uwagi POZDRAWIAM!!