Windows security alert


(Cesarz Gd) #1

Mam problem z wyskakującym oknem windows security alert ,system alert i spyware alert ,nie wiem co mam z tym zrobić. pomocy !

Log z Hijack:

Logfile of HijackThis v1.99.1

Scan saved at 23:45:00, on 2008-04-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\UTSCSI.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\PLANET WL-8310\WLANPRO.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Michał\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll

O2 - BHO: DVA Storm - {4C9C9447-3658-44C9-8490-D96B0AB57C88} - C:\WINDOWS\lgmxvpatgbn.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: (no name) - {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - (no file)

O4 - HKLM..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = ?

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2322958984

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/sezam/components/SignActivX.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: omlbpkaw - {0F63ED6D-17BA-4639-A855-9536806FCD7F} - C:\WINDOWS\omlbpkaw.dll

O21 - SSODL: pmsoarbf - {9685C04C-77B3-42DC-8B4B-04BC58E00766} - C:\WINDOWS\pmsoarbf.dll

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Serwis struktury programu McAfee (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)

O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE


(Gutek) #2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

O2 - BHO: DVA Storm - {4C9C9447-3658-44C9-8490-D96B0AB57C88} - C:\WINDOWS\lgmxvpatgbn.dll

O3 - Toolbar: (no name) - {3D91099B-562D-49EC-BDBD-78C5DE9CAED9} - (no file)

O21 - SSODL: omlbpkaw - {0F63ED6D-17BA-4639-A855-9536806FCD7F} - C:\WINDOWS\omlbpkaw.dll		

O21 - SSODL: pmsoarbf - {9685C04C-77B3-42DC-8B4B-04BC58E00766} - C:\WINDOWS\pmsoarbf.dll

usuń wpisy HJT

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym daj log z ComboFix

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350


(Cesarz Gd) #3

log z ComboFix:

http://wklej.org/id/1fad21ceef


(Gutek) #4

Wklej do Notatnika:

File::

C:\WINDOWS\npqtsrak.exe 

C:\WINDOWS\rtqmekwg.exe


Folder::

C:\Documents and Settings\All Users\Dane aplikacji\evktkpej

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo


(Zawadka Micha) #5

Witam ! Prosze o pomoc ciagle wyskakuje mi jakis komunikat Windows security alert i nie mam pojecia co mam zrobic ! Prosze o pomoc .

To jest mpj log z hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:46:43, on 2008-04-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\xghmzely.exe

D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Opera\Opera.exe

D:\Program Files\BitComet\BitComet.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm ... Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll

O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU..\Run: [pjyktuoi] C:\WINDOWS\system32\xghmzely.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip..{5974899F-2C0A-46D1-93D6-16610D6CAEDF}: NameServer = 10.100.0.1,194.204.159.1

O17 - HKLM\System\CS1\Services\Tcpip..{5974899F-2C0A-46D1-93D6-16610D6CAEDF}: NameServer = 10.100.0.1,194.204.159.1

O17 - HKLM\System\CS2\Services\Tcpip..{5974899F-2C0A-46D1-93D6-16610D6CAEDF}: NameServer = 10.100.0.1,194.204.159.1

O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll

O21 - SSODL: wdpoefan - {1A2C1C23-11D3-4A7C-BAE8-DA586F910BF4} - C:\WINDOWS\wdpoefan.dll

O21 - SSODL: vadokmxt - {B8276B6E-8CDF-46E0-AEA0-04897B39A04B} - C:\WINDOWS\vadokmxt.dll

O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)

--

End of file - 7508 bytes

Bardzo prosze o pomoc i dziekuje

W dniu 22.04.2008 , o godzinie 12:54 został dopisany post przez Zyzio218

a to jest moj

log z ComboFix:

ComboFix 08-04-20.5 - OLO 2008-04-22 12:48:29.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.98 [GMT 2:00]

Running from: C:\Documents and Settings\OLO\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\OLO\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\Internet Logs\xDB1.tmp

C:\WINDOWS\Internet Logs\xDB2.tmp

C:\WINDOWS\olgdqarf.exe

C:\WINDOWS\system32\SpOrder.dll

C:\WINDOWS\wxvgsdbq.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\olgdqarf.exe

C:\WINDOWS\wxvgsdbq.exe

.

((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))

.

2008-04-22 10:42 . 2008-04-12 16:39 47,616 --a------ C:\WINDOWS\system32\fsmgmt.dll

2008-04-22 10:41 . 2008-04-22 10:41

2008-04-22 10:39 . 2008-04-22 10:39

2008-04-21 22:05 . 2008-04-21 22:05

2008-04-21 22:05 . 2008-04-21 22:05

2008-04-21 22:05 . 2008-04-21 22:05

2008-04-21 22:05 . 2008-04-21 22:05

2008-04-21 21:45 . 2008-04-21 21:45

2008-04-21 17:51 . 2008-04-21 17:51

2008-04-21 17:51 . 2008-04-21 17:51

2008-04-21 16:05 . 2008-04-22 09:20

2008-04-21 15:09 . 2008-04-21 15:09

2008-04-21 15:02 . 2008-04-21 15:02

2008-04-21 14:56 . 2008-04-21 18:07

2008-04-20 23:51 . 2008-04-20 23:52

2008-04-20 22:26 . 2008-04-20 22:26

2008-04-20 22:26 . 2008-03-21 22:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll

2008-04-19 12:39 . 2008-04-19 12:39

2008-04-19 12:34 . 2008-04-22 09:38

2008-04-17 10:35 . 2008-04-09 17:33 47,616 --a------ C:\WINDOWS\system32\fsmgmt.dll.tmp

2008-04-10 19:46 . 2008-04-10 19:46

2008-03-25 15:07 . 2008-03-25 15:07

2008-03-25 15:07 . 2008-03-25 15:07

2008-03-25 14:55 . 2008-03-25 14:55

2008-03-25 14:55 . 2003-12-17 16:00 1,208,320 --a------ C:\WINDOWS\system32\PTxSCP.ocx

2008-03-25 14:55 . 2007-07-31 12:57 1,164,728 --a------ C:\WINDOWS\system32\NMSDVDXU.dll

2008-03-25 14:55 . 2000-05-22 22:58 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx

2008-03-25 14:55 . 2002-10-16 21:03 208,896 --a------ C:\WINDOWS\system32\RICHTX32.OCX

2008-03-25 14:55 . 2002-10-26 14:35 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX

2008-03-25 14:55 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL

2008-03-25 11:23 . 2008-03-25 11:23

2008-03-25 11:23 . 2008-03-25 11:23

2008-03-22 14:15 . 2008-04-09 17:33 46,080 --a------ C:\WINDOWS\system32\fsmgmt.dll.tmp

2008-03-22 14:15 . 2008-04-12 16:39 46,080 --a------ C:\WINDOWS\system32\fsmgmt.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-22 08:43 47,616 ----a-w C:\WINDOWS\system32\ fsmgmt.dll

2008-04-22 08:39 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-04-22 08:25 47,616 ----a-w C:\WINDOWS\system32\ fsmgmt.dll.tmp

2008-04-22 08:00 --------- d-----w C:\Documents and Settings\OLO\Dane aplikacji\Image Zone Express

2008-04-22 08:00 --------- d-----w C:\Documents and Settings\OLO\Dane aplikacji\HP

2008-04-21 13:05 --------- d-----w C:\Program Files\Common Files\Nero

2008-04-21 13:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero

2008-04-21 11:48 258,048 ----a-w C:\WINDOWS\wdpoefan.dll

2008-04-21 11:48 221,184 ----a-w C:\WINDOWS\vadokmxt.dll

2008-04-21 11:48 184,320 ----a-w C:\WINDOWS\dpevflbg.dll

2008-04-15 17:19 --------- d-----w C:\Program Files\Java

2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll

2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-03-25 12:55 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-03-25 12:55 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-03-20 08:01 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:01 1,846,144 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 15:29 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP

2008-03-13 15:28 --------- d-----w C:\Program Files\Common Files\HP

2008-03-13 15:19 --------- d-----w C:\Program Files\Hewlett-Packard

2008-03-13 15:15 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2008-03-13 15:06 --------- d-----w C:\Program Files\HP

2008-03-13 14:52 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys

2008-03-13 14:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys

2008-03-13 14:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys

2008-03-09 08:59 --------- d-----w C:\Program Files\Opera

2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 19:43 --------- d-----w C:\Program Files\Common Files\Java

2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2008-02-20 18:53 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-20 18:53 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll

2008-02-20 06:53 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 06:53 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll

2008-02-20 05:23 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

2008-01-19 21:22 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008011920080120\index.dat

.

------- Sigcheck -------

2007-07-10 15:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

.

((((((((((((((((((((((((((((( snapshot@2008-04-21_20.05.47,70 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-04-21 16:14:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-04-22 08:41:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-04-21 16:18:19 47,616 ----a-w C:\WINDOWS\system32\ fsmgmt.dll

  • 2008-04-22 08:43:42 47,616 ----a-w C:\WINDOWS\system32\ fsmgmt.dll

  • 2008-04-21 16:14:42 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

  • 2008-04-22 08:41:20 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

  • 2008-04-21 16:14:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat

  • 2008-04-22 08:41:20 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat

  • 2008-04-21 16:14:42 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat

  • 2008-04-22 08:41:20 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]

2008-02-14 15:54 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 15:54 1555480]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 15:54 1555480]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:44 15360]

"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-01-30 16:58 1716224]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

"pjyktuoi"="C:\WINDOWS\system32\xghmzely.exe" [2008-04-21 14:56 94208]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:44 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="regsvr32 /s /n /i:U shell32" []

"nltide_3"="advpack.dll" [2007-12-07 03:58 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"wdpoefan"= {2EE58C2B-B8DE-4A22-B82D-497EB03D8D5C} - C:\WINDOWS\wdpoefan.dll [2008-04-21 13:48 258048]

"vadokmxt"= {A8EF3E50-4A97-4934-BBC8-E8CCD9E56014} - C:\WINDOWS\vadokmxt.dll [2008-04-21 13:48 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]

fsmgmt.dll 2008-04-12 16:39 46080 C:\WINDOWS\system32\fsmgmt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"msacm.ac3acm"= ac3acm.acm

"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"D:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\Opera\Opera.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=

"D:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=

"D:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=

"D:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=

"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"11486:TCP"= 11486:TCP:BitComet 11486 TCP

"11486:UDP"= 11486:UDP:BitComet 11486 UDP

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-10-17 20:23]

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-22 12:51:04

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-22 12:52:11

ComboFix-quarantined-files.txt 2008-04-22 10:52:07

ComboFix2.txt 2008-04-22 10:38:49

ComboFix3.txt 2008-04-22 08:31:02

ComboFix4.txt 2008-04-21 19:40:04

ComboFix5.txt 2008-04-21 18:06:24

Pre-Run: 5,255,610,368 bajtów wolnych

Post-Run: 5,248,851,968 bajtów wolnych

215 --- E O F --- 2008-04-09 16:29:50


(Cesarz Gd) #6

Nowy log

http://wklej.org/id/4bb41feb89


(jessica) #7

@Zyzio218 - lepiej będzie, jak założysz własny temat.

@koucz

W logu nie ma już nic szkodliwego.

jessi


(Cesarz Gd) #8

dzięki i pozdrawiam