Witam, tak się składa że mam identyczny problem jak autor tego wątku, czy mogłabym również prosić o pomoc??
Logi nie są długie więc wklejam je tutaj:
ComboFix:
ComboFix 09-02-02.04 - Anulka 2009-02-03 9:02:48.1 - FAT32 x86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.127.46 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Anulka\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2009-01-03 do 2009-02-03 )))))))))))))))))))))))))))))))
.
2009-02-02 14:16 . 2009-02-02 14:16
2009-02-02 14:16 . 2009-02-02 14:16
2009-02-02 14:16 . 2009-02-02 14:16
2009-01-30 16:43 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-01-29 15:04 . 2009-02-02 18:29 69 --a------ c:\windows\NeroDigital.ini
2009-01-26 21:21 . 2009-01-26 21:21
2009-01-26 13:43 . 2009-01-26 13:43 427 --a------ c:\windows\ODBC.INI
2009-01-26 13:40 . 2009-01-26 13:40
2009-01-26 13:39 . 2009-01-26 13:39
2009-01-26 13:33 . 2009-01-26 13:33
2009-01-26 13:33 . 2009-01-26 13:33
2009-01-26 12:57 . 2005-09-01 12:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-01-26 12:57 . 2005-09-01 12:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-26 12:56 . 2009-01-26 12:56
2009-01-26 12:56 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-26 12:56 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-26 12:56 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-26 12:56 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-01-26 12:56 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-26 12:56 . 2006-01-12 16:40 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-26 12:56 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-01-26 12:42 . 2003-03-19 04:14 499,712 --a------ c:\windows\system32\msvcp71.dll
2009-01-26 12:42 . 2004-01-11 23:00 348,160 --a------ c:\windows\system32\msvcr71.dll
2009-01-26 12:27 . 2009-01-26 12:27
2009-01-26 12:23 . 2009-01-26 12:23
2009-01-26 12:21 . 2003-12-03 06:01 545 --a------ c:\windows\UC.PIF
2009-01-26 12:21 . 2003-12-03 06:01 545 --a------ c:\windows\RAR.PIF
2009-01-26 12:21 . 2003-12-03 06:01 545 --a------ c:\windows\PKZIP.PIF
2009-01-26 12:21 . 2003-12-03 06:01 545 --a------ c:\windows\PKUNZIP.PIF
2009-01-26 12:21 . 2003-12-03 06:01 545 --a------ c:\windows\NOCLOSE.PIF
2009-01-26 12:21 . 2003-12-03 06:01 545 --a------ c:\windows\LHA.PIF
2009-01-26 12:21 . 2003-12-03 06:01 545 --a------ c:\windows\ARJ.PIF
2009-01-26 12:21 . 2009-01-26 21:18 333 --a------ c:\windows\wincmd.ini
2009-01-26 12:20 . 2009-01-26 12:20
2009-01-26 12:20 . 2009-01-26 12:20
2009-01-26 12:20 . 2009-01-26 12:20
2009-01-26 12:20 . 2009-01-26 12:20 77,824 --a------ c:\windows\system32\qttask.exe
2009-01-26 12:20 . 2001-08-17 22:03 24,960 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-26 12:20 . 2001-08-17 22:03 24,960 --a------ c:\windows\system32\dllcache\usbccgp.sys
2009-01-26 12:19 . 2009-01-26 12:19
2009-01-26 12:19 . 2008-03-16 14:47 872,192 --a------ c:\windows\system32\drivers\mod7700.sys
2009-01-26 12:19 . 2008-03-17 11:56 103,168 --a------ c:\windows\system32\drivers\ewusbfake.sys
2009-01-26 12:19 . 2008-03-17 11:03 101,376 -ra------ c:\windows\system32\drivers\ewusbmdm.sys
2009-01-26 12:19 . 2008-01-22 15:09 100,992 --a------ c:\windows\system32\drivers\ewusbnet.sys
2009-01-26 12:19 . 2007-08-09 04:13 24,448 -ra------ c:\windows\system32\drivers\ewdcsc.sys
2009-01-26 12:17 . 2009-01-26 12:18
2009-01-26 12:17 . 2009-01-26 12:17 0 --a------ c:\windows\nsreg.dat
2009-01-26 12:09 . 2009-01-26 12:09
2009-01-26 12:07 . 2009-01-26 12:07
2009-01-26 12:05 . 2009-01-26 12:05
2009-01-26 12:03 . 2009-01-26 12:03
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 13:15 133,120 ----a-w c:\windows\system32\sfc_os.dll
2009-01-26 10:47 --------- d-----w c:\program files\microsoft frontpage
2009-01-26 10:41 --------- d-----w c:\program files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{038cb5c7-48ea-4af9-94e0-a1646542e62b}”= “c:\program files\ToggleEN\tbTogg.dll” [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 23:03 1784856 --a------ c:\program files\ToggleEN\tbTogg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{038cb5c7-48ea-4af9-94e0-a1646542e62b}”= “c:\program files\ToggleEN\tbTogg.dll” [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{038CB5C7-48EA-4AF9-94E0-A1646542E62B}”= “c:\program files\ToggleEN\tbTogg.dll” [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“avast!”=“e:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2008-11-26 81000]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2001-10-26 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.ffds”= c:\progra~1\ffdshow\ffdshow.ax
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
–a------ 2001-08-02 07:14 1077277 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2006-01-12 16:40 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-08-04 00:02 36352 e:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“UpdatesDisableNotify”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-02 75856]
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
MSConfigStartUp-Client Server Runtime Process - c:\windows\System32\csrs.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= … =CT2077543
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
TCP: {0AEB4FB1-D55F-45A7-B1EF-B5941711B43A} = 89.108.195.20 89.108.195.21
FF - ProfilePath - c:\documents and settings\Anulka\Dane aplikacji\Mozilla\Firefox\Profiles\hkv8xz1q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as … ource=3q=
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as … ource=2q=
FF - plugin: e:\program files\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: e:\program files\Real Alternative\browser\plugins\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 09:04:31
Windows 5.1.2600 FAT NTAPI
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-436374069-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.*C`*Z%]
@Class=“Shell”
[HKEY_USERS\S-1-5-21-1454471165-436374069-1708537768-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts.*C`*Z%\OpenWithList]
@Class=“Shell”
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- ‘winlogon.exe’(520)
-
-
-
-
-
c:\windows\system32\ODBC32.dll
-
-
-
-
-
-
- ‘lsass.exe’(576)
-
-
-
-
-
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
c:\windows\System32\dssenh.dll
.
Czas ukończenia: 2009-02-03 9:06:02
ComboFix-quarantined-files.txt 2009-02-03 08:06:00
Przed: 6 352 588 800 bajtów wolnych
Po: 6,351,093,760 bajtów wolnych
148
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:00:27, on 2009-02-03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
E:\Program Files\PLAY ONLINE\PLAY ONLINE.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anulka\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= … =CT2077543
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\SCtri.exe
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O4 - HKLM…\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip…{0AEB4FB1-D55F-45A7-B1EF-B5941711B43A}: NameServer = 89.108.195.20 89.108.195.21
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashServ.exe
–
End of file - 2661 bytes
Co mam teraz zrobić?