Wyskakująca witryna explorer.exe i gsearching

system · 26 Sierpień 2007 17:39

A więc po tym wszystkim nowy log z combofix’a :

ComboFix 07-08-17.2 - “Rafa” 2007-08-26 19:12:45.24 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.555 [GMT 2:00] ((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 ))))))))))))))))))))))))))))))) 2007-08-22 19:01 2007-08-21 17:12 2007-08-21 16:49 971,776 --a------ C:\WINDOWS\system32\msgina.dll 2007-08-21 16:49 945,664 --a------ C:\WINDOWS\system32\syssetup.dll 2007-08-21 16:49 88,576 --a------ C:\WINDOWS\system32\mydocs.dll 2007-08-21 16:49 8,192 --a------ C:\WINDOWS\system32\winhlp32.exe 2007-08-21 16:49 765,440 --a------ C:\WINDOWS\system32\winntbbu.dll 2007-08-21 16:49 67,072 --a------ C:\WINDOWS\notepad.exe 2007-08-21 16:49 649,216 --a------ C:\WINDOWS\system32\rasdlg.dll 2007-08-21 16:49 571,904 --a------ C:\WINDOWS\system32\wiashext.dll 2007-08-21 16:49 562,688 --a------ C:\WINDOWS\system32\shdoclc.dll 2007-08-21 16:49 530,432 --a------ C:\WINDOWS\system32\printui.dll 2007-08-21 16:49 52,736 --a------ C:\WINDOWS\system32\narrator.exe 2007-08-21 16:49 504,832 --a------ C:\WINDOWS\system32\logonui.exe 2007-08-21 16:49 421,888 --a------ C:\WINDOWS\system32\shimgvw.dll 2007-08-21 16:49 416,768 --a------ C:\WINDOWS\system32\wiaacmgr.exe 2007-08-21 16:49 387,072 --a------ C:\WINDOWS\system32\themeui.dll 2007-08-21 16:49 342,016 --a------ C:\WINDOWS\system32\mspaint.exe 2007-08-21 16:49 317,440 --a------ C:\WINDOWS\system32\zipfldr.dll 2007-08-21 16:49 276,992 --a------ C:\WINDOWS\system32\winsrv.dll 2007-08-21 16:49 253,952 --a------ C:\WINDOWS\system32\mstask.dll 2007-08-21 16:49 240,128 --a------ C:\WINDOWS\system32\newdev.dll 2007-08-21 16:49 231,424 --a------ C:\WINDOWS\system32\upnpui.dll 2007-08-21 16:49 219,648 --a------ C:\WINDOWS\system32\logon.scr 2007-08-21 16:49 210,944 --a------ C:\WINDOWS\system32\moricons.dll 2007-08-21 16:49 142,336 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-08-21 16:49 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-08-21 16:49 138,752 --a------ C:\WINDOWS\system32\ntshrui.dll 2007-08-21 16:49 136,704 --a------ C:\WINDOWS\system32\netid.dll 2007-08-21 16:49 132,608 --a------ C:\WINDOWS\system32\taskmgr.exe 2007-08-21 16:49 125,440 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-08-21 16:49 118,272 --a------ C:\WINDOWS\system32\stobject.dll 2007-08-21 16:49 104,448 --a------ C:\WINDOWS\system32\sysocmgr.exe 2007-08-21 16:49 1,629,184 --a------ C:\WINDOWS\system32\netshell.dll 2007-08-21 16:48 91,648 --a------ C:\WINDOWS\system32\ahui.exe 2007-08-21 16:48 77,312 --a------ C:\WINDOWS\system32\gcdef.dll 2007-08-21 16:48 67,584 --a------ C:\WINDOWS\system32\acctres.dll 2007-08-21 16:48 66,560 --a------ C:\WINDOWS\system32\console.dll 2007-08-21 16:48 62,464 --a------ C:\WINDOWS\system32\cleanmgr.exe 2007-08-21 16:48 6,656 --a------ C:\WINDOWS\system32\batt.dll 2007-08-21 16:48 382,976 --a------ C:\WINDOWS\system32\cmd.exe 2007-08-21 16:48 329,216 --a------ C:\WINDOWS\system32\cmdial32.dll 2007-08-21 16:48 27,136 --a------ C:\WINDOWS\system32\batmeter.dll 2007-08-21 16:48 16,896 --a------ C:\WINDOWS\system32\deskmon.dll 2007-08-21 16:48 159,744 --a------ C:\WINDOWS\system32\credui.dll 2007-08-21 16:48 147,968 --a------ C:\WINDOWS\system32\keymgr.dll 2007-08-21 16:48 138,240 --a------ C:\WINDOWS\system32\hotplug.dll 2007-08-21 16:48 117,760 --a------ C:\WINDOWS\system32\inetcplc.dll 2007-08-21 16:48 115,200 --a------ C:\WINDOWS\system32\calc.exe 2007-08-21 16:48 1,005,568 --a------ C:\WINDOWS\explorer.exe 2007-08-21 16:13 44,055 --a------ C:\WINDOWS\BricoPackUninst.cmd 2007-08-21 16:13 204,288 --a------ C:\WINDOWS\system32\uxtheme.dll 2007-08-21 16:05 3,645 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-08-21 16:05 2007-08-18 21:49 2007-08-18 21:35 2007-08-17 20:31 2007-08-17 13:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-08-17 12:42 2007-08-17 12:23 2007-08-16 23:47 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-12 18:23 2007-08-12 18:22 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe 2007-08-12 18:22 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll 2007-08-05 12:09 48,640 --------- C:\WINDOWS\system32\drivers\ser2pl.sys 2007-08-05 10:49 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-26 19:11 --------- d-------- C:\Program Files\neostrada tp 2007-08-22 18:41 --------- d-------- C:\Program Files\Gadu-Gadu 2007-08-21 16:58 --------- d-------- C:\Program Files\Movie Maker 2007-08-19 22:22 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-08-19 22:22 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-08-12 17:55 --------- d-------- C:\Program Files\K-Lite Codec Pack 2007-08-05 12:09 --------- d–h----- C:\Program Files\InstallShield Installation Information 2007-07-27 19:55 --------- d—s---- C:\Program Files\Xfire 2007-07-27 17:08 --------- d-------- C:\DOCUME~1\RAFA~1\DANEAP~1\Xfire 2007-07-26 20:38 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-07-19 19:04 --------- d-------- C:\DOCUME~1\RAFA~1\DANEAP~1\teamspeak2 2007-07-16 17:53 --------- d-------- C:\DOCUME~1\RAFA~1\DANEAP~1\Azureus 2007-07-12 09:12 81920 --a------ C:\WINDOWS\system32\frapsvid.dll 2007-07-09 21:43 --------- d-------- C:\Program Files\PhotoFiltre 2007-07-08 18:20 --------- d-------- C:\Program Files\NiemPol 2007-07-07 17:03 --------- d-------- C:\Program Files\MultiRes 2007-07-07 17:02 737280 --a------ C:\WINDOWS\iun6002.exe 2007-07-06 23:44 --------- d-------- C:\DOCUME~1\RAFA~1\DANEAP~1\Tibia 2007-07-05 17:27 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-07-04 19:01 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-07-01 00:53 --------- d-------- C:\Program Files\Azureus 2007-07-01 00:40 --------- d-------- C:\Program Files\BitTorrent 2007-07-01 00:40 --------- d-------- C:\DOCUME~1\RAFA~1\DANEAP~1\BitTorrent 2001-11-23 06:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SiSUSBRG”=“C:\WINDOWS\SiSUSBrg.exe” [2002-07-12 12:15] “Cmaudio”=“cmicnfg.cpl” [] “AdslTaskBar”=“stmctrl.dll” [2006-06-02 11:01 C:\WINDOWS\system32\stmctrl.dll] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2004-07-15 17:42] “nwiz”=“nwiz.exe” [2004-07-15 17:42 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2004-07-15 17:42] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 14:49] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 16:55] “Windows Server Client Verification Service”=“C:\WINDOWS\system32\wscvs.exe” [] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] “Google Desktop Search”=“C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” [2007-08-21 17:12] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-04-17 13:12] “AlcoholAutomount”=“C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “appinit_dlls”=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys S2 wscvs;Windows Server Client Verification Service;C:\WINDOWS\system32\wscvs.exe S3 SER120;OTI Serial port driver;C:\WINDOWS\System32\DRIVERS\SER120.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-26 19:14:01 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-26 19:14:50 C:\ComboFix-quarantined-files.txt … 2007-08-26 19:14 C:\ComboFix2.txt … 2007-08-22 19:40 — E O F —

i nowy log z sdfix’a :

SDFix: Version 1.98 Run by Rafa on 2007-08-26 at 19:25 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: C:!KillBox\wscvs.exe C:\WINDOWS\system32\Tools\All.exe C:\WINDOWS\system32\Tools\Change.exe C:\WINDOWS\system32\Tools\CheckPath.exe C:\WINDOWS\system32\Tools\Counter.exe C:\WINDOWS\system32\Tools\DelFolders.exe C:\WINDOWS\system32\Tools\RegClean.exe C:\WINDOWS\system32\Tools\Regexe.exe C:\WINDOWS\system32\Tools\Restart.exe C:\WINDOWS\system32\Tools\RunRegexe.exe C:\WINDOWS\LastGood.Tmp\INF\oem5.inf C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF C:\WINDOWS\LastGood.Tmp\INF\oem6.inf C:\WINDOWS\LastGood.Tmp\INF\oem6.PNF Finished

qrczak13 · 26 Sierpień 2007 18:14

Do notatnika wklej:

Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na

pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.

Usuń folder.

Star > uruchom > cmd > wpisz:

sc delete wscvs

Czy jeszcze występuje problem jak w temacie?

system · 26 Sierpień 2007 18:26

LOL :o Z tego co widzę to z moim system już wszystko w porządku!! ( przynajmniej do pewnego stopnia) No i co najważniejsze explorer.exe już się nie wpieprza :mrgreen: heheeh wielkie Bóg Zapłać dla wszystkich którzy mi pomogli ! Dzięki jeszcze raz

Gutek · 26 Sierpień 2007 18:27

Daj nowy log z Combo