Anicha
(Anicha 81)
20 Październik 2007 17:18
#1
Bardzo proszę o sprawdzenie loga.
Komputer chodzi bardzo wolno ale głównym problemem jest to że nie można pisać normalnie bo zamiast jednej litery wybijają się dwie lub trzy :?
To jest przykład pisania normalną klawiaturą:
(rt4o9 jesrt4 p[0rt4zuy7kład p[0i]8sani]8a no9rt4malną klaw2I]8ART4UY7RT4ą.)
Z konieczności muszę używać klawiatury ekranowej.
Logfile of HijackThis v1.99.1 Scan saved at 18:49:03, on 2007-10-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\DOCUME~1\anna\USTAWI~1\Temp\Rar$EX00.534\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gry.pl/cat566_1.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [steam] “C:\Program Files\Steam\Steam.exe” -silent O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download with Internet TOOLS - C:\Program Files\MarBit\TOOLS\MBdownload.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Wyslij SMS’a - {215940F1-E7E0-4801-BEE3-44D045534106} - C:\Program Files\Common Files\moje.js O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7923698831 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 8151243187 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://217.96.55.11//activex/AMC.cab O16 - DPF: {A1C54E16-0C95-4C77-8C4D-EB7C7C7E3960} (VideoControl Class) - http://anteny.no-ip.info:2165/activex/VideoControl.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe … loader.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://195.74.79.163:29/activex/AMC.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: WEP/WPA-PMK key recovery service (WZCOOK) - Unknown owner - C:\Documents and Settings\anna\Pulpit\adam\aircrack-ng-0.8-win\aircrack-ng-0.8-win\bin\wzcook.exe" (file missing)
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] “BitTorrent” = ““C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized” [file not found] “Steam” = ““C:\Program Files\Steam\Steam.exe” -silent” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “ISUSPM” = ““C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler” [file not found] “RemoteControl” = ““C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”” [“Cyberlink Corp.”] “LanguageShortcut” = ““C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”” [null data] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}(Default) = “Internet Explorer” \StubPath = “C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig” [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}(Default) = “Outlook Express” \StubPath = “C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = “flashget urlcatch” -> {HKLM…CLSID} = “FGCatchUrl” \InProcServer32(Default) = “C:\Program Files\FlashGet\jccatch.dll” [“www.flashget.com ”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided) -> {HKLM…CLSID} = “FlashGet GetFlash Class” \InProcServer32(Default) = “C:\Program Files\FlashGet\getflash.dll” [“www.flashget.com ”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{A155339D-CCCD-4714-85EB-3754B804C9DF}” = “a-squared Free Shell Extension” -> {HKLM…CLSID} = “a-squared Free Shell Extension” \InProcServer32(Default) = “C:\Program Files\a-squared Free\a2freecontmenu.dll” [“Emsi Software GmbH”] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Outlook File Icon Extension” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office12\msohevi.dll” [MS] “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler” -> {HKLM…CLSID} = “Microsoft Office Metadata Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler” -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll” [MS] “{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}” = “NeroCoverEd Live Icons” -> {HKLM…CLSID} = “NeroCoverEdLiveIcons Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807563E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = “Microsoft Office InfoPath XML Mime Filter” \InProcServer32(Default) = “C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Cover Designer(Default) = “{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}” -> {HKLM…CLSID} = “NeroCoverEdContextMenu Class” \InProcServer32(Default) = “C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll” [“Nero AG”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a-squared Free Shell Extension(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Shell Extension” \InProcServer32(Default) = “C:\Program Files\a-squared Free\a2freecontmenu.dll” [“Emsi Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ a-squared Free Shell Extension(Default) = “{A155339D-CCCD-4714-85EB-3754B804C9DF}” -> {HKLM…CLSID} = “a-squared Free Shell Extension” \InProcServer32(Default) = “C:\Program Files\a-squared Free\a2freecontmenu.dll” [“Emsi Software GmbH”] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoActiveDesktop” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Disable Active Desktop} “ClassicShell” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Enable Classic Shell / Turn on Classic Shell} “ForceActiveDesktopOn” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop| Enable Active Desktop} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableTaskMgr” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| Remove Task Manager} “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Windows\System\ “DisableCMD” = (REG_DWORD) hex:0x00000001 {User Configuration|Administrative Templates|System| Disable the command prompt} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\anna\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Active Desktop web content (hidden if disabled): HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ “FriendlyName” = “” “Source” = “http://pagead2.googlesyndication.com/pagead/show_ads.js ” “SubscribedURL” = “http://pagead2.googlesyndication.com/pagead/show_ads.js ” Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Poszukaj” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {215940F1-E7E0-4801-BEE3-44D045534106}\ “ButtonText” = “Wyslij SMS’a” “Script” = “C:\Program Files\Common Files\moje.js” [null data] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Research” {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “FlashGet” “Exec” = “C:\Program Files\FlashGet\FlashGet.exe” [“FlashGet.com ”] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll ,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users.WINDOWS/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ a-squared Free Service, a2free, ““C:\Program Files\a-squared Free\a2service.exe”” [“Emsi Software GmbH”] Cyberlink RichVideo Service(CRVS), RichVideo, ““C:\Program Files\CyberLink\Shared Files\RichVideo.exe”” [empty string] Machine Debug Manager, MDM, ““C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe”” [MS] TuneUp Theme Extension, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Lexmark Network Port\Driver = “LEXLMPM.DLL” [file not found] Lexmark Z25-Z35 Port Monitor\Driver = “lxaxpmnt.dll” [“Lexmark International, Inc.”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- (launch time: 2007-10-20 18:51:01) <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 326 seconds, including 17 seconds for message boxes)
Z góry wielkie dzięki za pomoc.
Pozdrawiam
Anka
jessica
(jessica)
20 Październik 2007 17:46
#2
>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked .
Te wpisy oczywiście nie mają nic wspólnego z Twoim problemem.
Zresztą najprawdopodobniej te problemy w ogóle nie mają żadnego związku z wirusami.
Byż może klawiaturę trzeba wyrzucić na śmietnik.,
Ale może też być tysiące innych powodów niewirusowych.
Trudno zgadywać.
Ale możesz dać jeszcze, tak na wszelki wypadek, log z ComboFix (na dole tej strony z linku) -
Log wklej na http://wklej.org/ , a w poście daj tylko link.(czyli skopiuj adres z paska adresów).
jessi
Anicha
(Anicha 81)
20 Październik 2007 19:48
#3
jessica
(jessica)
20 Październik 2007 20:21
#4
ComboFix trochę usunął, ale najgorsze zostało do usuwania, i to ciężko będzie usunąć.
Zaczniemy od:
Wklej do Notatnika :
File::
C:\WINDOWS\system32\qy.sys
C:\WINDOWS\system32\qz.sys
C:\WINDOWS\system32\cert64.sys
C:\WINDOWS\System32\accessX2.sys
C:\Windows\ADS.exe
Driver::
cert64
accessX2
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADS]
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Następnie użyj –HaxFix .
Chyba najlepiej będzie go użyć z opcji " 2. Run auto Fix ".
Daj tu potem raport HaxFixa i log ComboFixa.
jessi
Anicha
(Anicha 81)
20 Październik 2007 20:53
#5
ComboFix 07-10-21.1** - anna 2007-10-21 22:31:16.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.57 [GMT 2:00] Running from: C:\Documents and Settings\anna\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\anna\Pulpit\CFScript.txt * Created a new restore point FILE:: C:\Windows\ADS.exe C:\WINDOWS\System32\accessX2.sys C:\WINDOWS\system32\cert64.sys C:\WINDOWS\system32\qy.sys C:\WINDOWS\system32\qz.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\ADS.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ACCESSX2 -------\LEGACY_CERT64 -------\accessX2 -------\cert64 ((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 ))))))))))))))))))))))))))))))) . 2007-10-20 21:21 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-18 11:59 2007-10-18 11:33 2007-10-10 05:48 582,656 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-20 17:37 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\Skype 2007-10-20 17:36 --------- d-----w C:\Program Files\Java 2007-10-20 12:20 --------- d-----w C:\Program Files\eMule 2007-10-19 12:39 --------- d-----w C:\Program Files\a-squared Free 2007-10-18 09:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\CyberLink 2007-10-18 09:43 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-18 08:52 --------- d-----w C:\Program Files\InterVideo Information Service 2007-10-10 07:57 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help 2007-09-16 16:56 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\PlayFirst 2007-09-10 21:36 --------- d-----w C:\Program Files\FlashGet 2007-04-23 13:15 766 ----a-w C:\Program Files\Common Files\sms.ico 2007-04-23 13:15 70 ----a-w C:\Program Files\Common Files\moje.js 2007-04-11 14:09 37,360 ------w C:\Documents and Settings\WIKTORIA\Eey Uninstal.exe 2006-04-21 15:43 2,895,168 ----a-w C:\Program Files\FoxitReader.exe 2005-09-05 22:46 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-09 18:53] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2006-11-12 12:48] “ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2007-01-08 22:26] “LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2007-01-08 22:17] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 16:36] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “tscuninstall”=%systemroot%\system32\tscupgrd.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”=“C:\Program Files\Spyware Doctor\swdoctor.exe” /Q [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cert32.sys] @=“Driver” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cert64.sys] @=“Driver” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^InterVideo WinCinema Manager.lnk] backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMSRun] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSwitch] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkRun] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “LexBceS”=2 (0x2) “Symantec Core LC”=2 (0x2) “SpywareCleanerService”=2 (0x2) “SDhelper”=2 (0x2) “ArcaVirMonitor”=2 (0x2) “WZCSVC”=2 (0x2) “TapiSrv”=3 (0x3) “cisvc”=3 (0x3) R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys R3 G200;G200;C:\WINDOWS\system32\DRIVERS\G200m.sys S3 arcaen;ArcaVir Monitor Kernel Engine Driver;??\C:\Program Files\ArcaBit\ArcaVir\arcaen.sys S3 arcaev;ArcaVir Monitor Kernel Events Driver;??\C:\Program Files\ArcaBit\ArcaVir\arcaev.sys S3 arcafd;ArcaVir Monitor Kernel Filter Driver;??\C:\Program Files\ArcaBit\ArcaVir\arcafd.sys S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys S3 ntportio;ntportio;??\C:\DOCUME~1\anna\USTAWI~1\Temp\Rar$EX00.398\ntportio.sys S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;??\C:\WINDOWS\System32\ZDCndis5.SYS S4 ArcaVirMonitor;ArcaVir Antivirus Monitor Service;C:\Program Files\ArcaBit\ArcaVir\AvMon.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the ‘Scheduled Tasks’ folder “2007-10-19 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job” - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-21 22:37:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-21 22:38:49 - machine was rebooted C:\ComboFix2.txt … 2007-10-21 21:42 . — E O F —
HAXFIX logfile - by Marckie version 4.57_1 2007-10-21 22:47:12,36 — Checking for Haxdoor — checking for a3d files a3d files found in.a3d checking for matching notify keys no matching notify keys found checking for matching services no matching services found checking for matching safeboot services matching safeboot services found cert32.sys cert64.sys checking for other Haxdoor-files no other Haxdoor-files found — Checking for Goldun — checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for other Goldun-files no other Goldun-files found checking iexplore.exe iexplore.exe is not infected — Catchme logfile - thank you Gmer —
Dzięki wielkie
Z samego rana lece po nową klawiature. :lol:
jessica
(jessica)
21 Październik 2007 20:28
#6
Wg mnie - jest czysto.
Z tą klawiaturą to przesada - ja podałam to tylko jako jedną z możliwych przyczyn, ale na pewno nie jedyną.
jessi