W32 myzor fk

desert_warrior · 28 Listopad 2007 14:23

Przejrzałem już trochę o tym na forum, więc bardzo proszę o sprawdzenie loga wykonanego za pomoca Hijacka.

Logfile of HijackThis v1.99.1 Scan saved at 15:10:44, on 2007-11-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Shpak\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM…\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” O4 - HKLM…\Run: [AtiPTA] atiptaxx.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [NI.UGA6P_0001_N122M2210] “C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Gutek · 28 Listopad 2007 16:50

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

usuń wpisy HJT

Daj log z ComboFix

desert_warrior · 29 Listopad 2007 23:03

ComboFix 07-11-19.4C - 2007-11-29 23:51:04.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.247 [GMT 1:00] Running from: C:\Documents and Settings\Shpak\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\myglobalsearch C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL C:\Program Files\myglobalsearch\bar\Cache\007B7662 C:\Program Files\myglobalsearch\bar\Cache\007BA968 C:\Program Files\myglobalsearch\bar\Cache\007BD7AC.bin C:\Program Files\myglobalsearch\bar\Cache\007BF084.bin C:\Program Files\myglobalsearch\bar\Cache\007C0F37.bin C:\Program Files\myglobalsearch\bar\Cache\files.ini C:\Program Files\myglobalsearch\bar\History\search C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))) . 2007-11-28 18:11 2007-11-28 15:01 2007-11-25 21:07 2007-11-25 21:07 2007-11-24 20:07 2007-11-23 14:35 2007-11-22 16:07 2007-11-18 16:04 2007-11-15 20:27 2007-11-15 17:25 2007-11-15 17:24 2007-11-15 17:24 2007-11-07 16:19 1,156 --a------ C:\WINDOWS\mozver.dat 2007-11-07 15:55 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-05 21:12 2007-11-05 21:12 2007-11-05 19:48 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-11-05 19:48 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-11-05 19:47 2007-11-05 19:47 2007-11-05 19:47 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-11-05 19:47 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-11-05 19:47 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-11-05 19:47 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-11-05 19:47 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-11-05 19:47 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-11-05 19:47 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-11-05 19:45 2007-11-05 16:33 2007-11-05 16:27 2007-11-05 16:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-05 16:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys 2007-11-04 13:54 2007-11-04 13:54 2007-11-04 13:54 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx 2007-11-04 10:03 2007-11-04 10:03 2,301,952 --a------ C:\WINDOWS\system\cmicnfg.cpl 2007-11-04 10:03 1,454,080 --a------ C:\WINDOWS\system\SmWizard.exe 2007-11-04 10:03 917,504 --a------ C:\WINDOWS\system\cmids3d.dll 2007-11-04 10:03 754,560 --a------ C:\WINDOWS\system32\drivers\cmuda.sys 2007-11-04 10:03 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll 2007-11-04 10:03 712,704 --a------ C:\WINDOWS\system32\a3d.dll 2007-11-04 10:03 266,240 --a------ C:\WINDOWS\CMIUninstall.exe 2007-11-04 10:03 233,472 --a------ C:\WINDOWS\system32\cmirmdrv.exe 2007-11-04 10:03 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe 2007-11-04 10:03 114,688 --a------ C:\WINDOWS\system32\cmuda.dll 2007-11-04 10:03 32,768 --a------ C:\WINDOWS\system32\udaprop.dll 2007-11-04 10:03 28,672 --a------ C:\WINDOWS\system32\cmirmdrv.dll 2007-11-04 10:03 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll 2007-11-04 10:03 495 --a------ C:\WINDOWS\system\CmiCnfg.ini 2007-11-02 20:07 148,498 --a------ C:\WINDOWS\system32\atmplkxx.hlp 2007-11-02 20:07 44,430 --a------ C:\WINDOWS\system32\attplkxx.hlp 2007-11-02 20:07 26,138 --a------ C:\WINDOWS\system32\atfplkxx.hlp 2007-11-02 20:06 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-11-02 20:06 27,165 --a–c— C:\WINDOWS\system32\dllcache\fetnd5.sys 2007-11-02 20:03 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-11-02 20:03 10,624 --a–c— C:\WINDOWS\system32\dllcache\gameenum.sys 2007-11-02 16:03 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-11-02 16:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-11-02 16:03 0 --a------ C:\WINDOWS\ativpsrm.bin 2007-11-02 15:57 2007-11-02 15:15 2007-11-02 15:14 2007-11-02 15:14 451,072 --a------ C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe 2007-11-02 14:50 4,096 --a------ C:\WINDOWS\system32\crash 2007-11-02 14:27 2007-11-02 13:45 331,184 --------- C:\WINDOWS\system32\difxapi.dll 2007-11-02 13:45 9,216 -ra------ C:\WINDOWS\system32\drivers\videX32.sys 2007-11-02 12:37 2007-11-02 12:37 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-11-02 12:32 2007-11-02 12:12 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 22:56 6,350,880 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-28 23:19 78,512 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-28 14:18 --------- d-----w C:\Program Files\SkanerOnline 2007-11-25 20:07 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-15 16:19 --------- d-----w C:\Program Files\Gadu-Gadu 2007-11-11 20:53 --------- d-----w C:\Program Files\Winamp 2007-09-29 04:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-09-29 04:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll 2007-09-29 03:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-03 23:55] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ZoneAlarm Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-06-21 20:54] “AtiPTA”=“atiptaxx.exe” [2006-02-22 02:05 C:\WINDOWS\system32\atiptaxx.exe] “Cmaudio”=“RunDll32 cmicnfg.cpl” [] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 15:40] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-25 15:57:57] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator] C:\Program Files\Tlen.pl\tlen.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] e:\valve\steam\steam.exe -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] 2002-12-09 17:24 45056 --------- C:\PROGRA~1\Wanadoo\TaskbarIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] 2002-12-09 17:24 20480 --------- C:\PROGRA~1\Wanadoo\Watch.exe R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys S1 atitray;atitray;??\C:\Program Files\Radeon Omega Drivers\v3.8.421\ATI Tray Tools\atitray.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{02770d90-39db-11dc-b994-806d6172696f}] \Shell\AutoRun\command - F:\setup\rsrc\Autorun.exe \Shell\dinstall\command - F:\Directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c2f86596-3abc-11dc-8067-0002446b3e1c}] \Shell\AutoRun\command - J:\LaunchU3.exe . Contents of the ‘Scheduled Tasks’ folder “2007-11-29 22:55:19 C:\WINDOWS\Tasks\XoftSpySE 2.job” - C:\Program Files\XoftSpySE\XoftSpy.exe “2007-11-28 14:01:08 C:\WINDOWS\Tasks\XoftSpySE.job” - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 23:55:28 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-29 23:57:03 - machine was rebooted . — E O F —

Gutek · 29 Listopad 2007 23:40

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Pobierz program SDFix