Przekierowania w witrynie Google

kajko · 10 Grudzień 2007 16:57

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:56:51, on 2007-12-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE E:\Programy\Ad-Aware\bebechy\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\DialNet\winpppoverethernet.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\ATKKBService.exe E:\Programy\Ewido Anti-Spyware\bebechy\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe E:\Programy\Alkohol 120%\bebechy\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DialNet\WrOS.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=3 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.idg.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.idg.pl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Programy\FlashGet\bebechy\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programy\BitComet\bebechy\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - E:\Programy\Expressivo\bebechy\Expressivo\IH_iexplore.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Programy\FlashGet\bebechy\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Programy\FlashGet\bebechy\FlashGet\fgiebar.dll O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - E:\Programy\Expressivo\bebechy\Expressivo\IH_iexplore.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [iaxLite] C:\Documents and Settings\Imperator\Pulpit\iaxLite.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [a-winpoet-service] “C:\Program Files\DialNet\winpppoverethernet.exe” O4 - HKLM…\Run: [] “C:\PROGRA~1\DialNet\FPLICE~1.EXE zhimakaimen//WINPOET_QUITTING_EVENT” O4 - HKLM…\Run: [z-wrdialer] “C:\Program Files\DialNet\wrdialer.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe O4 - HKCU…\Run: [AlcoholAutomount] “E:\Programy\Alkohol 120%\bebechy\Alcohol 120\axcmd.exe” /automount O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Programy\Adobe Reader\bebechy\Reader\reader_sl.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programy\BitComet\bebechy\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programy\BitComet\bebechy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programy\BitComet\bebechy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - E:\Programy\FlashGet\bebechy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - E:\Programy\FlashGet\bebechy\FlashGet\jc_all.htm O8 - Extra context menu item: Add to AMV Converter… - C:\Program Files\MP3 Player Utilities 4.10\AMVConverter\grab.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.10\MediaManager\grab.html O8 - Extra context menu item: Pobierz z &BitSpirit - E:\Programy\BitSpirit\bebechy\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programy\BitComet\bebechy\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programy\FRONTP~1\bebechy\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\FlashGet\bebechy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Programy\FlashGet\bebechy\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8965652077 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8967508686 O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{44C8C720-02AE-4758-8012-B2AFBBB6F90F}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{761F71E0-A1FB-455D-B5BC-92CC092593ED}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{7E6274FD-74C7-473B-AA95-869A7BF3648B}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{806356A4-C86A-48AD-8424-9934A1196A67}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{A7B99E96-D135-41EA-9116-11451CCC9309}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110 O17 - HKLM\System\CS1\Services\Tcpip…{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - E:\Programy\Ad-Aware\bebechy\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Programy\Ewido Anti-Spyware\bebechy\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpdj - HP - C:\DOCUME~1\IMPERA~1\USTAWI~1\Temp\hpdj.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\WINDOWS\ O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE – End of file - 12334 bytes

Złączono Posta : 10.12.2007 (Pon) 18:04

Witam. Przekierowania w czasie odwiedzania witryny Google. Po wyszukaniu tematów w Googlach otwierają się stronki reklamowe, a nie znalezione przez witrynę.

Pozdrawiam kajko

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

Gutek · 10 Grudzień 2007 17:09

O17 - HKLM\System\CCS\Services\Tcpip…{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{44C8C720-02AE-4758-8012-B2AFBBB6F90F}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{761F71E0-A1FB-455D-B5BC-92CC092593ED}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{7E6274FD-74C7-473B-AA95-869A7BF3648B}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{806356A4-C86A-48AD-8424-9934A1196A67}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip…{A7B99E96-D135-41EA-9116-11451CCC9309}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110 O17 - HKLM\System\CS1\Services\Tcpip…{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}: NameServer = 85.255.115.45,85.255.112.110 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.45 85.255.112.110

usuń wpisy HJT

Użyj FixWareOut - http://downloads.subratam.org/Fixwareout.exe

Daj log z ComboFix

kajko · 10 Grudzień 2007 17:24

CODE Username “Imperator” - 2007-12-10 18:14:21 [Fixwareout edited 9/01/2007]


HKLM\SOFTWARE\~\Winlogon\ "System"="kdfjm.exe"

HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

"nameserver"="85.255.115.45 85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}

"nameserver"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44C8C720-02AE-4758-8012-B2AFBBB6F90F}

"nameserver"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{761F71E0-A1FB-455D-B5BC-92CC092593ED}

"nameserver"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7E6274FD-74C7-473B-AA95-869A7BF3648B}

"nameserver"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{806356A4-C86A-48AD-8424-9934A1196A67}

"nameserver"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A7B99E96-D135-41EA-9116-11451CCC9309}

"nameserver"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{048B6076-D97B-4BDA-B20F-9491EC7A3DC4}

"DhcpNameServer"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44C8C720-02AE-4758-8012-B2AFBBB6F90F}

"DhcpNameServer"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{806356A4-C86A-48AD-8424-9934A1196A67}

"DhcpNameServer"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A7B99E96-D135-41EA-9116-11451CCC9309}

"DhcpNameServer"="85.255.115.45,85.255.112.110"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{B73359C6-5B5B-4901-8250-BAD31B5456F4}

"DhcpNameServer"="85.255.115.45,85.255.112.110"

Pomyślnie opróżniono pamięć podręczną programu rozpoznawania nazw DNS.

System was rebooted successfully.

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

~~~~~ Other

C:\WINDOWS\Temp\kdfjm.ren 72729 2007-06-13

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"nwiz"="nwiz.exe /install"

"SoundMan"="SOUNDMAN.EXE"

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""

"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""

"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"

"DeviceDiscovery"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\_03\\bin\\jusched.exe\""

"iaxLite"="C:\\Documents and Settings\\Imperator\\Pulpit\\iaxLite.exe"

"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"a-winpoet-service"="\"C:\\Program Files\\DialNet\\winpppoverethernet.exe\""

@="\"C:\\PROGRA~1\\DialNet\\FPLICE~1.EXE zhimakaimen//WINPOET\_QUITTING\_EVENT\""

"z-wrdialer"="\"C:\\Program Files\\DialNet\\wrdialer.exe\""

[HKEY\_CURRENT\_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"eyeBeam SIP Client"=""

"Gadu-Gadu"="\"C:\\Program Files\\Gadu-Gadu\\gg.exe\" /tray"

"z-WrDialer"="C:\\Program Files\\DialNet\\WrDialer.exe"

"AlcoholAutomount"="\"E:\\Programy\\Alkohol 120%\\bebechy\\Alcohol 120\\axcmd.exe\" /automount"

[HKEY\_CURRENT\_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~End report~~~~~ QUOTE

**_Złączono Posta_** _: 10.12.2007 (Pon) 18:27_

Wita. Użyłem FixWareOut, wyłączył , przeskanował, włączył. Nie wiem czy mam samodzielnie coś usuwać ??

**_Złączono Posta_** _: 10.12.2007 (Pon) 18:29_

Witam. Rozumiem że 9 wpisów "O17" mam usunąć ręcznie ???

**_Złączono Posta_** _: 10.12.2007 (Pon) 18:37_

Witam. ComboFix.exe nie jest prawidłową aplikacją systemu Win32. Otrzymuję taki komunikat w trakcie uruchamiania ComboFix, i nic się nie dzieje.

Pozdrawiam kajko

**_Złączono Posta_** _: 10.12.2007 (Pon) 18:46_

CODE ComboFix 07-12-09.1 - Imperator 2007-12-10 18:42:06.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.626 [GMT 1:00]

Running from: E:\Pliki z Menadżera\ComboFix.exe

\* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\History\search

C:\WINDOWS\hosts

.

((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))

.

2007-12-10 17:17 . 2007-12-10 17:17

2007-12-06 22:24 . 2007-12-06 22:47

2007-12-06 22:24 . 2007-12-10 18:15

2007-12-05 18:59 . 2007-12-05 18:59 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2007-11-29 20:18 . 2007-12-04 19:23

2007-11-26 16:30 . 2007-11-26 16:30

2007-11-26 15:57 . 2007-11-26 15:57 360 --a------ C:\drmHeader.bin

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-10 17:16 --------- d-----w C:\Program Files\DialNet

2007-12-10 11:57 --------- d-----w C:\Documents and Settings\Imperator\Dane aplikacji\Programer

2007-12-08 21:14 --------- d-----w C:\Documents and Settings\Imperator\Dane aplikacji\GanymedeNet

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-12-03 16:59 --------- d-----w C:\Documents and Settings\Imperator\Dane aplikacji\Skype

2007-11-24 18:17 --------- d-----w C:\Documents and Settings\Imperator\Dane aplikacji\Ahead

2007-11-20 16:34 --------- d-----w C:\Program Files\Ganymede

2007-11-10 16:45 23,008 ----a-w C:\Documents and Settings\Imperator\Dane aplikacji\GDIPFONTCACHEV1.DAT

2007-11-02 17:20 --------- d-----w C:\Program Files\Zylom Games

2007-11-02 17:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom

2007-10-31 18:19 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2007-10-24 19:55 --------- d-----w C:\Program Files\City Interactive

2007-10-24 16:41 --------- d-----w C:\Program Files\Java

2007-10-14 15:18 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll

2007-10-14 15:03 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-14 15:03 --------- d-----w C:\Program Files\LEGO Media

2007-10-11 18:30 --------- d-----w C:\Program Files\DivX

2007-10-04 18:33 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-09-27 09:26 740,442 ----a-w C:\WINDOWS\system32\DivX.dll

2007-09-27 09:26 167,936 ----a-w C:\WINDOWS\system32\ts.dll

2007-09-27 09:26 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll

2007-09-27 09:25 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll

2007-09-27 09:25 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll

2007-09-27 09:25 151,040 ----a-w C:\WINDOWS\system32\mkx.dll

2007-09-27 09:25 142,848 ----a-w C:\WINDOWS\system32\mp4.dll

2007-01-22 12:40 36 ----a-w C:\Documents and Settings\Imperator\klextlock.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

\*Note\* empty entries & legit default entries are not shown

REGEDIT4

[HKEY\_CURRENT\_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

"eyeBeam SIP Client"="" []

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 15:36]

"z-WrDialer"="C:\Program Files\DialNet\WrDialer.exe" [2007-01-18 12:18]

"AlcoholAutomount"="E:\Programy\Alkohol 120%\bebechy\Alcohol 120\axcmd.exe" [2007-07-02 11:29]

[HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-06-20 14:42 C:\WINDOWS\SOUNDMAN.EXE]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 14:43]

"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\_03\bin\jusched.exe" [2007-09-25 00:11]

"iaxLite"="C:\Documents and Settings\Imperator\Pulpit\iaxLite.exe" []

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]

"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe]

"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-01-18 09:26]

"z-wrdialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-01-18 12:18]

[HKEY\_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44]

R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys

R3 dsnpfd;DeskSoft Service;C:\WINDOWS\system32\DRIVERS\dsnpfd.sys

R3 FPD;Fine Point Packet Service;\??\C:\WINDOWS\system32\drivers\fpd.sys

R3 WrKPoET2000;WrKPoET2000;\??\C:\Program Files\DialNet\WrKPoET2000.sys

R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys

\*Newly Created Service\* - CATCHME

\*Newly Created Service\* - PROCEXP90

.

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [http://www.gmer.net](http://www.gmer.net)

Rootkit scan 2007-12-10 18:43:27

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

.

Completion time: 2007-12-10 18:43:51

.

--- E O F --- QUOTE

pROSZę LOG Z cOMOfIX

**_Złączono Posta_** _: 10.12.2007 (Pon) 18:49_

Witam. Ściągnąłem ComboFix z innej lokalizacji i zadziałał. Log powyżej ![!!](https://forum.dpcdn.pl/uploads/icon_wykrzyknik.gif)

Pozdrawiam kajko

**_Złączono Posta_** _: 10.12.2007 (Pon) 18:51_

Witam i czekam na dalszą POMOC ![!!](https://forum.dpcdn.pl/uploads/icon_wykrzyknik.gif)

Pozdrawiam kajko.

Gutek · 11 Grudzień 2007 19:08

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509