centi
(Niedzwiesz)
25 Listopad 2007 23:57
#1
internet i komputer zwolnil i mam kolo zegarka -czerwony krzyżyk przemieniający sie w niebieski znak zapytania usunalem video addon ale nie umiem znalesc jak usunac ta tarcze kolo zegarka dzieki za pomoc ;]
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:54:03, on 2007-11-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\Mixer.exe C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.187\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM…\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r O4 - HKLM…\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKLM…\Run: [NVIDIA nTune] “C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” clear O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’) O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe – End of file - 6622 bytes
Gutek
(Gutek)
26 Listopad 2007 17:14
#2
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix
centi
(Niedzwiesz)
27 Listopad 2007 01:05
#3
dzieki za pomoc ;] a to log po
ComboFix 07-11-19.4 - Administrator 2007-11-27 2:00:02.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.233 [GMT 1:00] Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . 2007-11-25 14:26 2007-11-25 14:09 2007-11-25 14:07 2007-11-24 14:52 2007-11-22 22:23 2007-11-05 23:36 2007-11-05 17:48 2007-11-01 19:52 2007-11-01 19:52 684 --a------ C:\WINDOWS\mozver.dat 2007-11-01 15:46 2007-11-01 14:52 2007-10-28 20:46 468 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-10-28 20:46 468 --a------ C:\WINDOWS\system32\vorbisenc.dll 2007-10-28 20:46 468 --a------ C:\WINDOWS\system32\vorbis.dll 2007-10-28 20:46 468 --a------ C:\WINDOWS\system32\mkx.dll 2007-10-28 20:46 468 --a------ C:\WINDOWS\system32\mkunicode.dll 2007-10-28 20:46 468 --a------ C:\WINDOWS\system32\lmpgvd.ax 2007-10-28 20:46 468 --a------ C:\WINDOWS\system32\lmpgspl.ax . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 00:49 --------- d-----w C:\Program Files\FlashGet 2007-11-25 14:34 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2007-11-25 14:34 299,392 ----a-w C:\WINDOWS\system32\imon.dll 2007-11-25 14:34 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2007-11-25 13:02 --------- d-----w C:\Program Files\Soulseek 2007-11-22 19:41 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar 2007-11-17 09:30 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-11-14 20:28 --------- d-----w C:\Program Files\Torrent Master 2007-11-06 17:42 --------- d-----w C:\Program Files\eMule 2007-11-01 14:17 --------- d-----w C:\Program Files\Common Files\Adobe 2007-10-18 18:00 --------- d-----w C:\Program Files\MarBit 2007-10-18 17:10 --------- d-----w C:\Program Files\EarMaster School 5 2007-10-18 17:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\EarMaster 2007-10-16 17:25 --------- d-----w C:\Program Files\MegauploadToolbar 2007-10-15 17:48 --------- d-----w C:\Program Files\Common Files\xing shared 2007-10-15 17:48 --------- d-----w C:\Program Files\Common Files\Real 2007-10-15 17:47 --------- d-----w C:\Program Files\Real 2007-10-15 09:53 417,792 ----a-w C:\WINDOWS\system32\DICOM_DLL.dll 2007-10-12 15:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Resolume 2.4 2007-10-12 15:45 --------- d-----w C:\Program Files\Resolume 2.4 2007-10-09 21:07 --------- d-----w C:\Program Files\BitSpirit 2007-10-09 21:07 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\BitSpirit 2007-10-09 21:04 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Azureus 2007-10-08 20:47 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\uTorrent 2007-10-08 18:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus 2007-10-05 19:15 --------- d-----w C:\Program Files\Microsoft.NET 2007-10-02 20:42 --------- d-----w C:\Program Files\NVIDIA Corporation 2007-10-02 19:50 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Teleca 2007-10-02 19:49 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2007-10-02 19:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Teleca 2007-10-02 19:49 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson 2007-10-02 19:48 --------- d-----w C:\Program Files\Sony Ericsson 2007-10-02 19:42 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys 2007-10-02 19:42 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys 2007-10-02 19:42 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys 2007-10-02 19:42 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys 2007-10-02 19:42 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys 2007-10-02 19:42 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys 2007-10-02 19:41 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-02 19:32 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-09-28 13:04 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\Propellerhead Software 2007-09-28 12:54 --------- d-----w C:\Program Files\SAMSUNG 2007-09-23 12:38 233,472 ----a-w C:\WINDOWS\system32\REX Shared Library.dll 2007-09-23 12:38 225,280 ----a-w C:\WINDOWS\system32\ReWire.dll 2007-09-21 17:37 720,896 ----a-w C:\WINDOWS\iun6002.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2006-09-13 10:12] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-11-08 23:00] “C-Media Mixer”=“Mixer.exe” [2001-09-12 15:09 C:\WINDOWS\mixer.exe] “Resume copy”=“copyfstq.exe” [2002-03-24 11:54 C:\WINDOWS\COPYFSTQ.EXE] “Name of App”=“C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe” [2007-04-05 14:29] “Flashget”=“C:\Program Files\FlashGet\flashget.exe” [2007-06-29 12:44] “NVIDIA nTune”=“C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe” [2006-08-21 08:16] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-10-15 18:47] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-11-25 15:34] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] “nltide_2”=“regsvr32 /s /n /i:U shell32” [] “nltide_3”=“advpack.dll” [2007-07-27 20:31 C:\WINDOWS\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableStatusMessages”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”= 1 (0x1) “NoSMConfigurePrograms”= 1 (0x1) “NoSMHelp”= 1 (0x1) “NoRecentDocsMenu”= 1 (0x1) “NoRecentDocsHistory”= 1 (0x1) “NoResolveTrack”= 1 (0x1) “NoResolveSearch”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ef263ec6-89dc-11dc-af56-000e2e6967c0}] \Shell\AutoRun\command - H:\hyqyvryy.exe \Shell\explore\Command - H:\hyqyvryy.exe \Shell\open\Command - H:\hyqyvryy.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 02:01:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 2:02:21 . — E O F —
Gutek
(Gutek)
27 Listopad 2007 23:17
#4
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.