Mustarastas
(Antoni Marczewski)
18 Wrzesień 2007 09:55
#1
Witam,
wrócił niedawny problem z informacją o aplikacji “temp2.exe”. Wyskakuje na początku pracy z komputerem, a sam komputer zaczyna wydawać co kilkanaście sekund dziwny dźwięk (poprzednio przestał po usunięciu złego pliku).
Log z Hijacka:
Logfile of HijackThis v1.99.1 Scan saved at 11:50:08, on 2007-09-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Beniamin\tguard.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\temp1.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\user\USTAWI~1\Temp\Rar$EX05.382\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.przyroda.org/index.htm?sid … 91c9a609fc R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Reactivator Class - {6C31790D-1EDF-4b05-83DC-925B3A8E2318} - C:\Program Files\FreeShield Toolbar\elertz.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll O3 - Toolbar: Free Shield Toolbar - {0C6DD65A-F36B-4ac8-89EB-6175AEE6BB8C} - C:\Program Files\FreeShield Toolbar\elertz.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [ccRegVfy] “C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [msnappau] “C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM…\Run: [tguard] C:\Program Files\Beniamin\tguard.exe O4 - HKLM…\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM…\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b31267.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.33/g_bin/pl/boards_2_0_0_34.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Mam prośbę o sprawdzenie tego loga i pytanie: problem powrócił, gdy podłączyłem do komputera aparat cyfrowy, więc podejrzewam, że to tam jest problem - w jaki sposób można się go pozbyć?
jessica
(jessica)
18 Wrzesień 2007 10:11
#2
>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked .
Znów zastosuj ComboFix .
Tak, to jest na 100% infekcja z aparatu cyfrowego, a dokładniej z jego dysku przenośnego.
Masz trzy wyjścia:
po każdym użyciu tego pena - stosować ComboFix
sformatować ten dysk przenośny
wyrzucić ten dysk przenośny na śmieci.
jessi
Mustarastas
(Antoni Marczewski)
18 Wrzesień 2007 11:31
#3
Zrobiłem jak napisałaś w Hijacku, natomiast jest problem z Combofixem. Mimo, że wyłączyłem zaporę i program antywirusowy oraz wszystkie inne programy, podczas skanu ComboFix mówi, że nie może otworzyć jakiegoś pliku, po czym pojawia sie komunikat o przygotowywaniu “log report”, a chwilę potem wyświetla się “Odmowa dostępu” i już dalej nic się nie dzieje. Nie mam pojęcia, dlaczego tak jest, bo poprzednio wszystko poszło bez problemu.
jessica
(jessica)
18 Wrzesień 2007 11:48
#4
Chyba musisz od nowa przeinstalować ComboFixa, bo pewnie Twój Antivirus usunął/zablokował jeden z jego plików.
jessi
Mustarastas
(Antoni Marczewski)
20 Wrzesień 2007 08:19
#5
Hej,
infekcję aparat i Pendrive musiały załapać w Finlandii. W aparacie sformatowałem dysk, natomiast dzisiaj podłączyłem pendrive’a i zabawa od nowa.
log:
Logfile of HijackThis v1.99.1 Scan saved at 10:15, on 2007-09-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Beniamin\tguard.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Beniamin\tguard.exe C:\WINDOWS\ZSSnp211.exe C:\WINDOWS\Domino.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\temp1.exe C:\Documents and Settings\user\Pulpit\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.przyroda.org/index.htm?sid … 91c9a609fc R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialoffer.com/indexie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Reactivator Class - {6C31790D-1EDF-4b05-83DC-925B3A8E2318} - C:\Program Files\FreeShield Toolbar\elertz.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\pl-pl\msntb.dll O3 - Toolbar: Free Shield Toolbar - {0C6DD65A-F36B-4ac8-89EB-6175AEE6BB8C} - C:\Program Files\FreeShield Toolbar\elertz.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [ccRegVfy] “C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe” O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [msnappau] “C:\Program Files\MSN Apps\Updater\01.02.3000.1001\pl-pl\msnappau.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM…\Run: [tguard] C:\Program Files\Beniamin\tguard.exe O4 - HKLM…\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe O4 - HKLM…\Run: [Domino] C:\WINDOWS\Domino.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [spyware Doctor] “C:\Program Files\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\bnmndrv.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b31267.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.33/g_bin/pl/boards_2_0_0_34.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Usługa Auto-Protect w programie Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Gutek
(Gutek)
20 Wrzesień 2007 20:42
#6
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym
Pobierz program SDFix
jessica
(jessica)
21 Wrzesień 2007 09:30
#7
A ja proponuję, oprócz SDFix i SmitfraudFix użyć jeszcze raz ComboFix,
bo ani SDFix, ani SmitfraudFix nie usuwają tej powyższej infekcji z pendrive - sprawdzałam to w ich modułach usuwających.
To " F3 " oczywiście sfiksuj także w Hijacku.
Log z ComboFixa wklej na http://wklej.org/ , a w poście daj tylko link.(czyli skopiuj adres z paska adresów).
jessi
Gutek
(Gutek)
21 Wrzesień 2007 14:28
#8
jessica:
A ja proponuję, oprócz SDFix i SmitfraudFix użyć jeszcze raz ComboFix, bo ani SDFix, ani SmitfraudFix nie usuwają tej powyższej infekcji z pendrive - sprawdzałam to w ich modułach usuwających. To “F3” oczywiście sfiksuj także w Hijacku. Log z ComboFixa wklej na http://wklej.org/ , a w poście daj tylko link.(czyli skopiuj adres z paska adresów). jessi
coś user robi źle ponieważ już fixował chyba widzisz wyżej te wpisy!