Prosze o sprawdzenie logow /wirusy!

Gibonek · 14 Październik 2007 12:18

Skanowalem 3 AV ,AntySpyware wykryto kilka trojanow ,dwa Backdoory i nadal dzieja sie dziwne rzeczy Przeglądarka samoistnie zmienia mi strony ciagle wyskakuje jakis serwis randkowy (Korzystam z opery) ,wlacza sie foobar , utorrent :-/ Wszystko dzieje sie “samoistnie”

Prosze pomóżcie…

http://wklej.org/id/99ef1f0e50 logi z ComboFix

Logfile of HijackThis v1.99.1 

Scan saved at 13:29, on 2007-10-13 

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) 

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 


Running processes: 

C:\WINDOWS\System32\smss.exe 

C:\WINDOWS\system32\winlogon.exe 

C:\WINDOWS\system32\services.exe 

C:\WINDOWS\system32\lsass.exe 

C:\WINDOWS\system32\svchost.exe 

C:\WINDOWS\System32\svchost.exe 

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 

C:\Program Files\Alwil Software\Avast4\ashServ.exe 

C:\WINDOWS\Explorer.EXE 

C:\PROGRA~1\NEOSTR~1\CnxMon.exe 

C:\Program Files\Alwil Software\Avast4\ashDisp.exe 

C:\Program Files\SpeedItUpFree\SpeedItUp.exe 

C:\WINDOWS\system32\spoolsv.exe 

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 

C:\WINDOWS\system32\nvsvc32.exe 

C:\Program Files\Agnitum\Outpost Firewall\outpost.exe 

C:\WINDOWS\system32\PnkBstrA.exe 

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 

C:\Program Files\Neostrada TP\NeostradaTP.exe 

C:\Program Files\Neostrada TP\ComComp.exe 

C:\Program Files\Neostrada TP\Watch.exe 

C:\Program Files\Opera\Opera.exe 

C:\WINDOWS\system32\svchost.exe 

C:\Documents and Settings\Kopytko\Pulpit\hijackthis\HijackThis.exe 


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/ 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/ 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza 

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SE986C~1.DLL 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll 

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 

O4 - HKLM\..\Run: [ant] C:\Program Files\DreamSys Software\Advanced Net Tools (ANT)\ant.exe 

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe 

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe 

O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" /waitservice 

O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup 

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" 

O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe 

O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\SpeedItUpFree\SpeedItUp.exe -MINI 

O4 - HKCU\..\Run: [MailScanner] C:\Program Files\MKS_VIR_2006\Mks_mail.exe 

O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized 

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray 

O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized 

O4 - HKCU\..\Run: [ThePrivacyGuard] "C:\Program Files\The Privacy Guard\ThePrivacyGuard.exe" /startup 

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll 

O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll 

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab 

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab 

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab 

O17 - HKLM\System\CCS\Services\Tcpip\..\{9DCBA3AF-C13F-479B-A151-AE08A5E94164}: NameServer = 194.204.159.1 217.98.63.164 

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) 

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) 

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe 

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe 

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Gutek · 15 Październik 2007 15:41

Pobierz program SDFix

Gibonek · 16 Październik 2007 15:12

Gutek2222 Zrobiłem jak w opisie ,a komp mi przy probie zalogowania sie w trybie Awaryjnym robi restart ,za kazdym razem .Robie reinstalacje systemu jednak :-x :evil:

arekmalek · 16 Październik 2007 15:46

Prawdopodobnie masz uszkodzony tryb awaryjny - daj log z combofix (temat przyklejony

LostWorld · 16 Październik 2007 18:13

Może ta lektura pomoże :

http://www.searchengines.pl/Naprawianie … 79791.html