Samoczynnie uruchamiająca się witryna www.gsearching.com

basia1992 · 28 Czerwiec 2007 15:43

Mam poważny problem z którym niewiem kompletnie co mam zrobić , mianowicie strona http://www.gsearching.com ciągle się samoczynnie wyświetla i przerywa mi prace komputera , a ja nie wiem jak to usunąć

Danielson · 28 Czerwiec 2007 15:50

pewnie to jakiś szkodnik, myślę że wystarczy zfixować go hijackiem.

TomaszP · 28 Czerwiec 2007 16:44

Danielson taka rada dla osoby która (prawdopodobnie) jest pierwszy raz na forum jest nieprzydatna.

basia1992 wejdź na stronę http://forum.dobreprogramy.pl/viewtopic.php?t=36654 i zgodnie ze wskazówkami wklej loga z HijackThis’a

basia1992 · 28 Czerwiec 2007 17:51

To mój log z HijackThis’a , bardzo prosze o pomoc .

Logfile of HijackThis v1.99.1 Scan saved at 19:37:56, on 2007-06-28 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\BearShare\BearShare.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\System32\u.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\smss.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\neostrada tp\Watch.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [bearShare] “C:\Program Files\BearShare\BearShare.exe” /pause O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM…\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [NvCp1Do] C:\Program Files\smss.exe O4 - HKLM…\Run: [Virscanner] c:\windows\smss.exe O4 - HKLM…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\RunServices: [NvCp1Do] C:\Program Files\smss.exe O4 - HKLM…\RunServices: [Virscanner] c:\windows\smss.exe O4 - HKLM…\RunServices: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\RunServices: [Msnmsgr.exe] c:\lsass.exe O4 - HKCU…\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe O4 - HKCU…\Run: [NvCp1Do] C:\Program Files\smss.exe O4 - HKCU…\Run: [Virscanner] c:\windows\smss.exe O4 - HKCU…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKCU…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - Startup: thoosje’s sidebar.lnk = E:\Program Files\Thoosje Vista Sidebar v1.7.8\thoosje’s sidebar.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip…{8DB0538A-D82F-4EED-842D-AD7706864A19}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

chaker.zbw · 29 Czerwiec 2007 12:14

To chyba jest to.

Więc tak: możesz to fixować ale dla pewności wejdź do Start -> Uruchom -> MSCONFIG tam zakładka Uruchamianie i odznacz “MSNMSGR.EXE”. Uruchom ponownie kompa. Jeżeli sie nie będzie pojawiać to badziewie to to możesz fixować.

system · 29 Czerwiec 2007 18:08

W logu:

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe O4 - HKLM…\Run: [NvCp1Do] C:\Program Files\smss.exe O4 - HKLM…\Run: [Virscanner] c:\windows\smss.exe O4 - HKLM…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\RunServices: [NvCp1Do] C:\Program Files\smss.exe O4 - HKLM…\RunServices: [Virscanner] c:\windows\smss.exe O4 - HKLM…\RunServices: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\RunServices: [Msnmsgr.exe] c:\lsass.exe O4 - HKCU…\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe O4 - HKCU…\Run: [NvCp1Do] C:\Program Files\smss.exe O4 - HKCU…\Run: [Virscanner] c:\windows\smss.exe O4 - HKCU…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKCU…\Run: [Msnmsgr.exe] c:\lsass.exe

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki:

i naciskasz X czerwony.

Uruchamiasz HijackThis >>> Do a system scan only , zaznaczasz wpisy:

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe O4 - HKLM…\Run: [NvCp1Do] C:\Program Files\smss.exe O4 - HKLM…\Run: [Virscanner] c:\windows\smss.exe O4 - HKLM…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\RunServices: [NvCp1Do] C:\Program Files\smss.exe O4 - HKLM…\RunServices: [Virscanner] c:\windows\smss.exe O4 - HKLM…\RunServices: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\RunServices: [Msnmsgr.exe] c:\lsass.exe O4 - HKCU…\Run: [Office Monitor Word Exel R] C:\WINDOWS\System32\u.exe O4 - HKCU…\Run: [NvCp1Do] C:\Program Files\smss.exe O4 - HKCU…\Run: [Virscanner] c:\windows\smss.exe O4 - HKCU…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKCU…\Run: [Msnmsgr.exe] c:\lsass.exe

i klikasz Fix checked.

Pobierz Combofix i dajesz logi z Combofix i HijackThis.

Odyn1992 · 6 Lipiec 2007 10:15

Mam identyczny problem jak wyżej, więc proszę o pomoc

Logfile of HijackThis v1.99.1 Scan saved at 12:14:57, on 2007-07-06 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RunDll32.exe C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe D:\Programy\DAEMON Tools\daemon.exe C:\DOCUME~1\GENERA~1\USTAWI~1\Temp\dl6661969.exe C:\WINDOWS\System32\wimnini.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Programy\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [DAEMON Tools] “D:\Programy\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [Windows Security Centers] C:\WINDOWS\System32\wimnini.exe O4 - HKLM…\Run: [NvCp1Do] C:\DOCUME~1\GENERA~1\USTAWI~1\Temp\dl6661969.exe O4 - HKLM…\Run: [Virscanner] c:\windows\smss.exe O4 - HKLM…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\RunServices: [NvCp1Do] C:\DOCUME~1\GENERA~1\USTAWI~1\Temp\dl6661969.exe O4 - HKLM…\RunServices: [Virscanner] c:\windows\smss.exe O4 - HKLM…\RunServices: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\RunServices: [Msnmsgr.exe] c:\lsass.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Windows Security Centers] C:\WINDOWS\System32\wimnini.exe O4 - HKCU…\Run: [NvCp1Do] C:\DOCUME~1\GENERA~1\USTAWI~1\Temp\dl6661969.exe O4 - HKCU…\Run: [Virscanner] c:\windows\smss.exe O4 - HKCU…\Run: [AntiVir] c:\Program Files\smss.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{348D1E02-09E5-4C10-B3EC-81EE49F160F9}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

maminek2222 · 6 Lipiec 2007 10:35

TO JEST TEN NO TROJAn

arekmalek · 6 Lipiec 2007 10:35

O4 - HKLM…\Run: [Windows Security Centers] C:\WINDOWS\System32\wimnini.exe O4 - HKLM…\Run: [NvCp1Do] C:\DOCUME~1\GENERA~1\USTAWI~1\Temp\dl6661969.exe O4 - HKLM…\Run: [Virscanner] c:\windows\smss.exe O4 - HKLM…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\RunServices: [NvCp1Do] C:\DOCUME~1\GENERA~1\USTAWI~1\Temp\dl6661969.exe O4 - HKLM…\RunServices: [Virscanner] c:\windows\smss.exe O4 - HKLM…\RunServices: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\RunServices: [Msnmsgr.exe] c:\lsass.exe O4 - HKCU…\Run: [Windows Security Centers] C:\WINDOWS\System32\wimnini.exe O4 - HKCU…\Run: [NvCp1Do] C:\DOCUME~1\GENERA~1\USTAWI~1\Temp\dl6661969.exe O4 - HKCU…\Run: [Virscanner] c:\windows\smss.exe O4 - HKCU…\Run: [AntiVir] c:\Program Files\smss.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

pobierz windows worms door cleaner i ustaw w tym programie znaczki na zielono, potem w trybie awaryjnym z wyłączonym przywracaniem systemu p[liki na czerwono kasujesz a wpisy fixujesz- potem daj log z Combofix

Złączono Posta : 06.07.2007 (Pią) 11:38

jeszcze ten wpis zafixuj

Złączono Posta : 06.07.2007 (Pią) 11:40

sam ustawiłeś blokadę rejestru? jak nie to to też zafixuj

circlehappenorK · 13 Lipiec 2007 10:03

Witam

u mnie występuje ten sam problem

Logfile of HijackThis v1.99.1 Scan saved at 11:48:46, on 2007-07-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dllcache\ivchost.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\Documents and Settings\Przemas\Pulpit\progz\Alcohol 52%\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\NSecurity.exe C:\WINDOWS\System32\ctfmon.exe C:\windows\Winlogon.exe C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\Przemas\Pulpit\progz\Gadu-Gadu\gg.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Documents and Settings\Przemas\Pulpit\progz\Winamp\winamp.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Documents and Settings\Przemas\Pulpit\progz\Mozilla Firefox\firefox.exe C:\Documents and Settings\Przemas\Pulpit\progz\INSTALKI\HijackThis 1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [] Upydate.exe O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe O4 - HKLM…\Run: [MSWinlogon] C:\windows\Winlogon.exe O4 - HKLM…\RunServices: [] Upydate.exe O4 - HKLM…\RunServices: [MSWinlogon] C:\windows\Winlogon.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [] Upydate.exe O4 - HKCU…\Run: [DAEMON Tools] “C:\Documents and Settings\Przemas\Pulpit\progz\Daemon Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Documents and Settings\Przemas\Pulpit\progz\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe O4 - HKCU…\Run: [MSWinlogon] C:\windows\Winlogon.exe O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Documents and Settings\Przemas\Pulpit\progz\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{52B58784-269D-4032-B377-65E68D4D34B2}: NameServer = 194.204.152.34 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Documents and Settings\Przemas\Pulpit\progz\Alcohol 52%\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Proszę o pomoc

Pozdrawiam

arekmalek · 13 Lipiec 2007 12:54

w trybie awaryjnym z wyłączonym przywracaniem systemu pliki na czerwono kasujesz, wpisy fixujesz. Wyłącz usługę

usuń ten plik ivchost.exe i usun Megaupload Toolbar, daj nowy log + SR + Combofix

circlehappenorK · 13 Lipiec 2007 16:21

pliku Upydate.exe nie usunąłem, ponieważ nigdzie go nie znalazło

plik Winlogon.exe jest ciągle używany i nie da się wyłączyć procesu

pliku ivchost.exe nie ma w ścieżce docelowej, ani nigdzie indziej

log z HijackThis:

Logfile of HijackThis v1.99.1 Scan saved at 17:49:32, on 2007-07-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\taskmgr.exe C:\Documents and Settings\Przemas\Pulpit\progz\INSTALKI\HijackThis 1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\RunOnce: [megauploadtoolbar] C:\DOCUME~1\Przemas\USTAWI~1\Temp\tbuninstall.exe -df “C:\Program Files\MegauploadToolbar” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [DAEMON Tools] “C:\Documents and Settings\Przemas\Pulpit\progz\Daemon Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Documents and Settings\Przemas\Pulpit\progz\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Documents and Settings\Przemas\Pulpit\progz\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Documents and Settings\Przemas\Pulpit\progz\Alcohol 52%\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

ComboFix:

“Przemas” - 2007-07-13 18:03:16 - ComboFix 07-07-13.8 - Dodatek Service Pack. 1 NTFS [sAFE MODE] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32.exe C:\WINDOWS\system32\a.exe C:\WINDOWS\winlogon.exe ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 ))))))))))))))))))))))))))))))) 2007-07-13 18:02 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-13 16:41 2007-07-13 16:24 2007-07-13 16:11 2007-07-12 19:40 30,326 --a------ C:\rnew.exe 2007-07-11 19:31 38,912 --a------ C:\WINDOWS\system32\ne1.exe 2007-07-11 13:43 62,464 —hs---- C:\sg.exe 2007-07-10 16:39 145,920 -ra------ C:\WINDOWS\system32\config.exe 2007-07-08 14:51 2007-07-03 21:16 2007-06-29 08:19 2007-06-28 10:36 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-06-27 14:28 2007-06-21 13:56 2007-06-20 18:39 2007-06-18 11:32 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 15:27:00 -------- d-----w C:\Program Files\Neostrada TP 2007-07-12 16:30:09 -------- d-----w C:\Program Files\Google 2007-07-10 12:39:12 -------- d-----w C:\DOCUME~1\Przemas\DANEAP~1\Skype 2007-07-05 17:52:44 -------- d-----w C:\DOCUME~1\Przemas\DANEAP~1\Xfire 2007-07-03 19:16:13 -------- d-----w C:\Program Files\Skype 2007-06-29 06:19:45 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-27 19:47:34 -------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint 2007-06-19 20:52:30 6,385,152 ----a-w C:\WINDOWS\system32\logonuiX.exe 2007-06-06 11:38:36 -------- d-----w C:\Program Files\Common Files\YDP 2007-06-06 10:49:24 4,504 -c–a-w C:\WINDOWS\mozver.dat 2007-06-04 04:57:52 -------- d-----w C:\DOCUME~1\Przemas\DANEAP~1\eMule 2007-06-03 10:15:14 -------- d-----w C:\DOCUME~1\Przemas\DANEAP~1\BearShare 2007-05-26 15:57:39 -------- d-----w C:\Program Files\Microsoft.NET 2007-05-05 09:45:36 82,508 -c–a-w C:\WINDOWS\system32\perfc015.dat 2007-05-05 09:45:36 470,642 -c–a-w C:\WINDOWS\system32\perfh015.dat 2007-05-04 18:09:27 0 -c–a-w C:\WINDOWS\system32\dload.exe 2007-04-17 10:51:17 2,368 ----a-w C:\WINDOWS\system32\SVKP.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{31FF080D-12A3-439A-A2EF-4BA95A3148E8}] 2007-01-05 00:57 247112 --a------ C:\Program Files\GetRight\xx2gr.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-12-15 04:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE~\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-03-09 00:11] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2003-01-01 20:52] “DAEMON Tools”=“C:\Documents and Settings\Przemas\Pulpit\progz\Daemon Tools\daemon.exe” [] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:54] “Gadu-Gadu”=“C:\Documents and Settings\Przemas\Pulpit\progz\Gadu-Gadu\gg.exe” [2007-05-10 16:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “megauploadtoolbar”=C:\DOCUME~1\Przemas\USTAWI~1\Temp\tbuninstall.exe -df “C:\Program Files\MegauploadToolbar” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “”=Upydate.exe “Network Security”=C:\WINDOWS\System32\NSecurity.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] MSWinlogon C:\windows\Winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon “nwiz”=nwiz.exe /install “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” “WooCnxMon”=C:\PROGRA~1\NEOSTR~1\CnxMon.exe “KernelFaultCheck”=%systemroot%\system32\dumprep 0 -k “WOOWATCH”=C:\PROGRA~1\NEOSTR~1\Watch.exe Contents of the ‘Scheduled Tasks’ folder 2007-07-13 15:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-13 18:05:16 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-13 18:06:02 C:\ComboFix-quarantined-files.txt … 2007-07-13 18:05 — E O F —

Wszystkie logi z trybu awaryjnego (jak jest ta informacja potrzebna)

arekmalek · 13 Lipiec 2007 16:29

pobierz windows worms door cleaner i ustaw w tym programie znaczki na zielono, chodziło mi o winlogon.exe w C:/Windows a nie C:/Windows/system32, co do upydate.exe to włączyłeś pokazywanie plików ukrytych i systemowych??? Jeśli nie to jeszcze raz wyszukaj. Po za tym

fixujesz, daj jeszcze jeden log z combofix , zapomniałeś to C:\WINDOWS\System32\NSecurity.exe usunąć ( wszystko tryb awaryjny, ale log z combofix nie)

circlehappenorK · 13 Lipiec 2007 20:29

na pewno nie mam tych plików na dysku

NSecurity.exe usunąłem

“Przemas” - 2007-07-13 22:19:56 - ComboFix 07-07-13.8 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((( Files Created from 2007-06-13 to 2007-07-13 ))))))))))))))))))))))))))))))) 2007-07-13 20:14 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2007-07-13 20:14 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2007-07-13 20:14 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2007-07-13 20:14 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2007-07-13 20:14 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2007-07-13 20:14 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2007-07-13 20:14 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2007-07-13 20:14 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2007-07-13 18:02 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-13 16:41 2007-07-13 16:24 2007-07-13 16:11 2007-07-12 19:40 30,326 --a------ C:\rnew.exe 2007-07-11 19:31 38,912 --a------ C:\WINDOWS\system32\ne1.exe 2007-07-11 13:43 62,464 —hs---- C:\sg.exe 2007-07-10 16:39 145,920 -ra------ C:\WINDOWS\system32\config.exe 2007-07-08 14:51 2007-07-03 21:16 2007-06-29 08:19 2007-06-28 10:36 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-06-27 14:28 2007-06-21 13:56 2007-06-20 18:39 2007-06-18 11:32 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 20:18:58 -------- d-----w C:\Program Files\Neostrada TP 2007-07-12 16:30:09 -------- d-----w C:\Program Files\Google 2007-07-10 12:39:12 -------- d-----w C:\DOCUME~1\Przemas\DANEAP~1\Skype 2007-07-05 17:52:44 -------- d-----w C:\DOCUME~1\Przemas\DANEAP~1\Xfire 2007-07-03 19:16:13 -------- d-----w C:\Program Files\Skype 2007-06-29 06:19:45 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-06-27 19:47:34 -------- d-----w C:\Program Files\ABBYY FineReader 4.0 Sprint 2007-06-19 20:52:30 6,385,152 ----a-w C:\WINDOWS\system32\logonuiX.exe 2007-06-06 11:38:36 -------- d-----w C:\Program Files\Common Files\YDP 2007-06-06 10:49:24 4,504 -c–a-w C:\WINDOWS\mozver.dat 2007-06-04 04:57:52 -------- d-----w C:\DOCUME~1\Przemas\DANEAP~1\eMule 2007-06-03 10:15:14 -------- d-----w C:\DOCUME~1\Przemas\DANEAP~1\BearShare 2007-05-26 15:57:39 -------- d-----w C:\Program Files\Microsoft.NET 2007-05-05 09:45:36 82,508 -c–a-w C:\WINDOWS\system32\perfc015.dat 2007-05-05 09:45:36 470,642 -c–a-w C:\WINDOWS\system32\perfh015.dat 2007-05-04 18:09:27 0 -c–a-w C:\WINDOWS\system32\dload.exe 2007-04-17 10:51:17 2,368 ----a-w C:\WINDOWS\system32\SVKP.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{31FF080D-12A3-439A-A2EF-4BA95A3148E8}] 2007-01-05 00:57 247112 --a------ C:\Program Files\GetRight\xx2gr.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-12-15 04:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}] 2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-03-09 00:11] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 03:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2003-01-01 20:52] “DAEMON Tools”=“C:\Documents and Settings\Przemas\Pulpit\progz\Daemon Tools\daemon.exe” [] “MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:54] “Gadu-Gadu”=“C:\Documents and Settings\Przemas\Pulpit\progz\Gadu-Gadu\gg.exe” [2007-05-10 16:36] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “”=Upydate.exe “Network Security”=C:\WINDOWS\System32\NSecurity.exe [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] MSWinlogon C:\windows\Winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “NeroFilterCheck”=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon “nwiz”=nwiz.exe /install “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” “WooCnxMon”=C:\PROGRA~1\NEOSTR~1\CnxMon.exe “KernelFaultCheck”=%systemroot%\system32\dumprep 0 -k “WOOWATCH”=C:\PROGRA~1\NEOSTR~1\Watch.exe Contents of the ‘Scheduled Tasks’ folder 2007-07-13 15:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-13 22:23:21 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-13 22:24:10 C:\ComboFix-quarantined-files.txt … 2007-07-13 22:23 C:\ComboFix2.txt … 2007-07-13 18:06 — E O F —

Logfile of HijackThis v1.99.1 Scan saved at 22:13:19, on 2007-07-13 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Przemas\Pulpit\progz\INSTALKI\HijackThis 1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [DAEMON Tools] “C:\Documents and Settings\Przemas\Pulpit\progz\Daemon Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Documents and Settings\Przemas\Pulpit\progz\Gadu-Gadu\gg.exe” /tray O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Documents and Settings\Przemas\Pulpit\progz\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resou … NPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ms hexidecimal defx (mshexdefx) - Unknown owner - C:\WINDOWS\system32\dllcache\ivchost.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Documents and Settings\Przemas\Pulpit\progz\Alcohol 52%\StarWind\StarWindService.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

zlookas · 13 Lipiec 2007 21:13

Witam.Tez mam podobny problem z ta wyswietlajaca sie strona.Jesli mozna,prosze o pomoc.

Logfile of HijackThis v1.99.1 Scan saved at 22:51:10, on 2007-07-13 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\taskbaricon.exe C:\WINDOWS\System32\CTHELPER.EXE C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\WINDOWS\system32\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\smss.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\lookas\WINCMD\WINCMD32.EXE C:\lookas\Progs2\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM…\Run: [QuickTime Task] “C:\WINDOWS\system32\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe O4 - HKLM…\Run: [Office Monitor Secure Systema] C:\WINDOWS\System32\absecure32.exe O4 - HKLM…\Run: [NvCp1Do] C:\Program Files\smss.exe O4 - HKLM…\Run: [Virscanner] c:\windows\smss.exe O4 - HKLM…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [NvCp1Do] C:\Program Files\smss.exe O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{03F4A4E5-5388-4D40-990F-BDAE1DBC5594}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{03F4A4E5-5388-4D40-990F-BDAE1DBC5594}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

kaszio · 14 Lipiec 2007 05:21

Witam. Tez niesmialo poprosze o pomoc.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:13:55, on 2007-07-14

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\windows\smss.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu48\AOL_security_toolbar.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: IE Assistant - {B08D32DE-64B2-4137-8345-87293E70D40B} - C:\WINDOWS\System32\iea.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu48\AOL_security_toolbar.dll (file missing)

O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [Windows Secure Update] szsyihiexd.exe

O4 - HKLM…\Run: [internet Security Service] msq32.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

O4 - HKLM…\Run: [NvCp1Do] C:\windows\smss.exe

O4 - HKLM…\Run: [Virscanner] c:\windows\smss.exe

O4 - HKLM…\Run: [AntiVir] c:\Program Files\smss.exe

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [Msnmsgr.exe] c:\lsass.exe

O4 - HKLM…\RunServices: [Windows Secure Update] szsyihiexd.exe

O4 - HKLM…\RunServices: [internet Security Service] msq32.exe

O4 - HKLM…\RunServices: [NvCp1Do] C:\windows\smss.exe

O4 - HKLM…\RunServices: [Virscanner] c:\windows\smss.exe

O4 - HKLM…\RunServices: [AntiVir] c:\Program Files\smss.exe

O4 - HKLM…\RunServices: [Msnmsgr.exe] c:\lsass.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [Windows Secure Update] szsyihiexd.exe

O4 - HKCU…\Run: [internet Security Service] msq32.exe

O4 - HKCU…\Run: [ActiveSync] C:\WINDOWS\System32\wcescom32.exe

O4 - HKCU…\Run: [NvCp1Do] C:\windows\smss.exe

O4 - HKCU…\Run: [Virscanner] c:\windows\smss.exe

O4 - HKCU…\Run: [AntiVir] c:\Program Files\smss.exe

O4 - HKCU…\Run: [Msnmsgr.exe] c:\lsass.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

–

End of file - 6242 bytes

circlehappenorK · 14 Lipiec 2007 10:26

dzięki arekmalek za pomoc

na razie się nie wyświetla ta strona

arekmalek · 14 Lipiec 2007 12:51

zlookas

pobierz WWDC i ustaw znaczki na zielono. w trybie awaryjnym z wyłączonym przywracaniem systemu usuń pliki na czerwono a wpisy zafixuj. Daj nowy log + combofix

Złączono Posta : 14.07.2007 (Sob) 13:57

kaszio z WWDC zrob to co wyzej, i daj logi. A wpisy ktore podam usun i pliki które podam na czerwono (tryb awaryjny, wyłączone przywracanie systemu )

O4 - HKCU…\Run: [Windows Secure Update] szsyihiexd.exe O4 - HKCU…\Run: [internet Security Service] msq32.exe O4 - HKCU…\Run: [ActiveSync] C:\WINDOWS\System32\wcescom32.exe O4 - HKCU…\Run: [NvCp1Do] C:\windows\smss.exe O4 - HKCU…\Run: [Virscanner] c:\windows\smss.exe O4 - HKCU…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKCU…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\Run: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\RunServices: [Windows Secure Update] szsyihiexd.exe O4 - HKLM…\RunServices: [internet Security Service] msq32.exe O4 - HKLM…\RunServices: [NvCp1Do] C:\windows\smss.exe O4 - HKLM…\RunServices: [Virscanner] c:\windows\smss.exe O4 - HKLM…\RunServices: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\RunServices: [Msnmsgr.exe] c:\lsass.exe O4 - HKLM…\Run: [NvCp1Do] C:\windows\smss.exe O4 - HKLM…\Run: [Virscanner] c:\windows\smss.exe O4 - HKLM…\Run: [AntiVir] c:\Program Files\smss.exe O4 - HKLM…\Run: [Windows Secure Update] szsyihiexd.exe O4 - HKLM…\Run: [internet Security Service] msq32.exe O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

anik444 · 14 Lipiec 2007 17:11

Witam mi też strona zablokowała net. uporalam się z ad -aware ale nadal wyskakuje mi komunikat na dolnym pasku po stronie prawej :Alert system i jak klikne to laduje mi strone virus protectpro.Proszę o pomoc

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG09.exe

C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM…\Run: [DiskeeperSystray] “C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe”

O4 - HKLM…\Run: [ipTray.exe] “C:\Program Files\Intel\IDU\iptray.exe”

O4 - HKLM…\Run: [Remote Console] “C:\SyAM\system_monitor\agent\winvnc.exe” -servicehelper

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

O4 - HKLM…\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM…\Run: [intelAudioStudio] “C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe” TRAY

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe”

O4 - HKLM…\Run: [sSC_UserPrompt] “C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe”

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [PowerBar] “C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe” /AtBootTime

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PLANET WL-8303.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O17 - HKLM\System\CCS\Services\Tcpip…{79214595-1507-46FF-A5E6-CBABC3A3D34B}: NameServer = 192.168.3.1,194.204.152.34

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Desktop Monitor Web Server (DMWebSrv) - Unknown owner - C:\SyAM\jetty\DMWebSrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Desktop Monitor Agent (SMAgent) - SyAM Software, Inc. - C:\SyAM\system_monitor\agent\smaagent.exe

O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Remote Console (winvnc) - Unknown owner - C:\SyAM\system_monitor\agent\winvnc.exe" -service (file missing)

Złączono Posta : 14.07.2007 (Sob) 19:18

jeśli ktośma gg 2842468 lub skype anik4444 to prosze o kontakt .