Wyskaujące okienko

King89 · 30 Grudzień 2007 16:27

Witam, od pewnego czasu wyskakuje mi okienko, podczas rozmowy gg czy oglądania filmu.

Zrobiłem LOGA programem HijackTHIS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:21:37, on 2007-12-30

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

D:\Program Files [D]\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

D:\Program Files [D]\BitSpirit\BitSpirit.exe

C:\WINDOWS\System32\Rundll32.exe

D:\Program Files [D]\DAEMON Tools\daemon.exe

D:\Program Files [D]\Free Ram XP Pro\FreeRAM XP Pro.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

F:\Tyśka\Picasa2\PicasaMediaDetector.exe

C:\Program Files\D-Link AirPlus\AirPlus.exe

D:\Program Files [D]\Mozilla Firefox\firefox.exe

D:\Program Files [D]\Tlen.pl\tlen.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://cache.prospect.pl/auto.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: optimizer by rightonadz - {AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4} - C:\WINDOWS\system32\gzmrotate.dll (file missing)

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [PC Suite for Smartphones] "D:\Program Files [D]\PC Suite W950i\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\Program Files [D]\Nokia PC Suit\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [LaunchList] D:\Program Files [D]\Pinnacle\LaunchList.exe

O4 - HKLM\..\Run: [CBitSpirit] "D:\Program Files [D]\BitSpirit\BitSpirit.exe" /start /nosplash

O4 - HKLM\..\Run: [Siemens SmartSync - ScheduleSync] D:\PROGRA~1\Siemens\SMARTS~1\SCHEDU~1.EXE

O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart

O4 - HKCU\..\Run: [Komunikator] D:\Program Files [D]\Tlen.pl\tlen.exe

O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files [D]\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files [D]\Free Ram XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

O4 - HKCU\..\Run: [Picasa Media Detector] F:\Tyśka\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz z &BitSpirit - D:\Program Files [D]\BitSpirit\bsurl.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF59196B-188F-4E7F-957D-5A5240FCB958}: NameServer = 89.234.193.2,89.234.192.19

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files [D]\Ad-Aware\aawservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - D:\Program Files [D]\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


--

End of file - 6563 bytes

Skanowałem ad-aware i spybot, nie dało nic, używam najnowszego firefox

Proszę o pomoc

Gutek · 30 Grudzień 2007 17:52

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix

King89 · 30 Grudzień 2007 20:13

ComboFix 07-12-21.4 - King89 2007-12-30 20:45:49.1 - NTFSx86

Gutek · 30 Grudzień 2007 20:30

Wklej do Notatnika:

File::

C:\WINDOWS\system32\gzmrt.dll

C:\WINDOWS\system32\gzmrotate.dll


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

King89 · 31 Grudzień 2007 09:19

ComboFix 07-12-21.4 - King89 2007-12-30 22:03:45.2 - NTFSx86

Gutek · 31 Grudzień 2007 11:18

Log Ok

King89 · 31 Grudzień 2007 13:50

no tak, ale problem nadal jest

King89 · 31 Grudzień 2007 15:00

SDFix: Version 1.120


Run by King89 on 2007-12-31 at 15:44


Microsoft Windows XP [Wersja 5.1.2600]


Running From: C:\SDFix


Safe Mode:

Checking Services: 



Restoring Windows Registry Values

Restoring Windows Default Hosts File


Rebooting...



Normal Mode:

Checking Files: 


No Trojan Files Found






Removing Temp Files...


ADS Check:


C:\WINDOWS

No streams found. 


C:\WINDOWS\system32

No streams found. 


C:\WINDOWS\system32\svchost.exe

No streams found.


C:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-31 15:50:20

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


scanning hidden processes ...


IPC error: 2 Nie można odnaleźć określonego pliku.

scanning hidden services & system hive ...


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000002


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="D:\Program Files [D]\Alcohol 120\"

"h0"=dword:00000001

"ujdew"=hex:92,4b,be,09,1c,6c,65,d8,5b,dd,27,14,8f,f9,d7,19,79,0d,81,00,37,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Program Files [D]\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:5f,7b,d9,85,0c,ad,b7,62,7a,49,25,05,d3,0f,16,36,06,0f,4e,3a,15,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,5b,cf,8d,79,10,6b,f8,94,57,25,9d,94,3d,03,f6,83,4d,..

"khjeh"=hex:5c,1f,fc,72,78,76,79,fd,9e,05,3e,ea,17,33,5f,92,36,10,cb,80,72,..


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:69,ef,4d,80,a2,1f,91,05,fc,6f,a6,31,aa,84,a8,cd,6a,84,5e,1b,88,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"p0"="D:\Program Files [D]\Alcohol 120\"

"h0"=dword:00000001

"ujdew"=hex:92,4b,be,09,1c,6c,65,d8,5b,dd,27,14,8f,f9,d7,19,79,0d,81,00,37,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="D:\Program Files [D]\DAEMON Tools\"

"h0"=dword:00000000

"khjeh"=hex:5f,7b,d9,85,0c,ad,b7,62,7a,49,25,05,d3,0f,16,36,06,0f,4e,3a,15,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,5b,cf,8d,79,10,6b,f8,94,57,25,9d,94,3d,03,f6,83,4d,..

"khjeh"=hex:5c,1f,fc,72,78,76,79,fd,9e,05,3e,ea,17,33,5f,92,36,10,cb,80,72,..


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:69,ef,4d,80,a2,1f,91,05,fc,6f,a6,31,aa,84,a8,cd,6a,84,5e,1b,88,..


scanning hidden registry entries ...


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..


scanning hidden files ...


scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0



Remaining Services:

------------------




Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"D:\\Program Files [D]\\BitSpirit\\BitSpirit.exe"="D:\\Program Files [D]\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"

"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"

"D:\\Program Files [D]\\Tlen.pl\\tlen.exe"="D:\\Program Files [D]\\Tlen.pl\\tlen.exe:*:Enabled:Komunikator Tlen.pl"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


Remaining Files:

---------------



Files with Hidden Attributes:



Finished!

Zrobiłem

Gutek · 1 Styczeń 2008 01:03

SDFix - nic nie usunął i nic nie znalazł - post kosz arekmalek

King89 · 1 Styczeń 2008 12:26

ale problem nadal jest

system · 1 Styczeń 2008 12:41

Pokaż screena tego okienka może.

Leon1 · 1 Styczeń 2008 12:47

Jakiego typu to jest okno czy jest jakiś komunikat

Ponadto przejrzyj co uruchamia się podczas startu może tam leży przyczyna tych okien według mnie 3/4 rzeczy nie potrzebnie się uruchamia ze startem

Optymalizacja Autostartu

http://www.bezpieczenstwosystemow.pl/index.php?topic=116.0

Ponad to należy usunąć jeszcze

Otwórz notatnik i wklej

File::

C:\WINDOWS\system32\gzmrt.dll

C:\WINDOWS\system32\rightonadz-uninst.exe

zapisz jako CFScript (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

na pytanie “1 or 2” - to wpisz 1 i naciśnij ENTER

Powinno rozpocząć się usuwanie

Potem daj log Combofixa z usuwania

Następnie usuń ręcznie folder C: \Qoobox

Potem nowy log HijackThis

King89 · 2 Styczeń 2008 15:34

Problem jest taki:

że jak pisze np na forum to co jakiś czas odświeża mi tak jakby okno, i nie mogę pisac juz tylko musze kliknąć na przeglądarke i ja aktywowac i dalej moge pisac, jest to uciazliwe np podczas pisania w wordzie, co jakis czas trzeba kliknac myszka gdyz “opuszcza” edytor

zrobilem to:

oto log

ComboFix 07-12-31.4 - King89 2008-01-02 16:27:07.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.225 [GMT 1:00] Running from: C:\Documents and Settings\King89\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\King89\Pulpit\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\gzmrt.dll C:\WINDOWS\system32\rightonadz-uninst.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\gzmrt.dll C:\WINDOWS\system32\rightonadz-uninst.exe . ((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))) . 2008-01-02 16:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-31 15:43 . 2007-12-31 15:44 2007-12-30 20:20 . 2007-12-30 20:38 2,856 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-30 20:19 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-12-30 20:19 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-12-30 20:19 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2007-12-30 20:19 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-30 20:19 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-30 20:19 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-12-30 17:21 . 2007-12-30 17:21 2007-12-29 15:42 . 2007-12-29 15:42 2007-12-29 15:41 . 2007-12-29 15:41 2007-12-23 08:49 . 2007-12-23 08:49 2007-12-22 19:18 . 2007-12-22 19:18 2007-12-17 14:33 . 2007-12-17 14:33 2007-12-17 14:32 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-12-16 20:53 . 2007-12-16 20:53 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-02 14:26 --------- d-----w C:\Documents and Settings\King89\Dane aplikacji\Tlen.pl 2008-01-01 14:02 --------- d-----w C:\Documents and Settings\King89\Dane aplikacji\Skype 2007-12-27 13:56 --------- d-----w C:\Documents and Settings\King89\Dane aplikacji\Vso 2007-12-26 15:17 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-27 16:41 --------- d-----w C:\Program Files\NokiaFREE Unlock Codes Calculator 2007-11-17 07:11 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-17 07:06 --------- d-----w C:\Program Files\SystemRequirementsLab 2007-11-16 14:15 --------- d-----w C:\Program Files\DivX 2007-11-13 15:58 --------- d-----w C:\Documents and Settings\King89\Dane aplikacji\XCPCSync.OEM 2007-11-13 14:51 --------- d-----w C:\Program Files\VSFE 2007-11-13 14:50 --------- d-----w C:\Program Files\Common Files\XCPCSync.OEM 2007-11-11 18:51 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-11 18:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-11-11 15:37 --------- d-----w C:\Documents and Settings\King89\Dane aplikacji\Teleca 2007-11-09 15:32 --------- d-----w C:\Program Files\Ganymede 2007-11-07 21:44 --------- d-----w C:\Program Files\PopTray 2007-11-04 18:55 --------- d-----w C:\Program Files\Java 2007-11-03 15:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle Studio 2007-11-03 15:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Pinnacle 2007-11-03 13:57 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-09-16 15:58 47,360 ----a-w C:\Documents and Settings\King89\Dane aplikacji\pcouffin.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Komunikator”=“D:\Program Files [D]\Tlen.pl\tlen.exe” [2007-11-07 15:33 6234624] “DAEMON Tools”=“D:\Program Files [D]\DAEMON Tools\daemon.exe” [2007-08-29 16:09 171464] “FreeRAM XP”=“D:\Program Files [D]\Free Ram XP Pro\FreeRAM XP Pro.exe” [2006-03-22 23:13 1591808] “mRouterConfig”=“C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe” [2006-03-02 10:54 290816] “Picasa Media Detector”=“F:\Tyśka\Picasa2\PicasaMediaDetector.exe” [2007-09-28 02:17 443968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-09-15 17:58 949376] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 20:43 7630848] “nwiz”=“nwiz.exe” [2006-08-11 20:43 1519616 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-08-11 20:43 86016] “SoundMan”=“SOUNDMAN.EXE” [2006-08-03 04:12 577536 C:\WINDOWS\soundman.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496] “CBitSpirit”=“D:\Program Files [D]\BitSpirit\BitSpirit.exe” [2007-09-09 19:29 3063296] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360] “Picasa Media Detector”=“D:\Program Files [D]\Picasa2\PicasaMediaDetector.exe” [2007-09-28 02:17 443968] “Nokia.PCSync”=“D:\Program Files [D]\Nokia PC Suit\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 09:17 1241088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite for Smartphones] D:\Program Files [D]\PC Suite W950i\Application Launcher\Application Launcher.exe /startoptions [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] D:\Program Files [D]\Nokia PC Suit\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Siemens SmartSync - ScheduleSync] 2005-03-16 10:15 45056 --a------ D:\PROGRA~1\Siemens\SMARTS~1\SCHEDU~1.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] C:\Program Files\uTorrent\uTorrent.exe R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2007-04-13 07:50] S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2004-07-08 12:40] S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2007-04-13 07:50] S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2007-04-13 07:50] S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2007-04-13 07:50] S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2007-04-13 07:50] S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2007-04-13 07:50] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{2f8008c2-a96f-11dc-a1bc-001195055c6f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \Shell\Open(&0)\command - Recycled\ctfmon.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-02 16:30:21 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** “ImagePath”="“D:\Program Files [D]\Ad-Aware\aawservice.exe”" – “ImagePath”=“D:\Program Files [D]\Nero 7\Nero BackItUp\NBService.exe” . Completion time: 2008-01-02 16:30:53 C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 15:30:38 C:\qoobox\ComboFix2.txt 2007-12-30 21:07:32 C:\qoobox\ComboFix3.txt 2007-12-30 19:49:18

Gutek · 2 Styczeń 2008 16:19

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Leon1 · 2 Styczeń 2008 16:39

King89 · 2 Styczeń 2008 18:40

Zrobiłem wszystko

musze chwile poczekac czy to wystepuje nadal czy nie…

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:39:28, on 2008-01-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files [D]\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe D:\Program Files [D]\BitSpirit\BitSpirit.exe D:\Program Files [D]\DAEMON Tools\daemon.exe D:\Program Files [D]\Free Ram XP Pro\FreeRAM XP Pro.exe F:\Tyśka\Picasa2\PicasaMediaDetector.exe D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\D-Link AirPlus\AirPlus.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files [D]\Tlen.pl\tlen.exe D:\Program Files [D]\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://cache.prospect.pl/auto.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [CBitSpirit] “D:\Program Files [D]\BitSpirit\BitSpirit.exe” /start /nosplash O4 - HKCU…\Run: [Komunikator] D:\Program Files [D]\Tlen.pl\tlen.exe O4 - HKCU…\Run: [DAEMON Tools] “D:\Program Files [D]\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKCU…\Run: [FreeRAM XP] “D:\Program Files [D]\Free Ram XP Pro\FreeRAM XP Pro.exe” -win O4 - HKCU…\Run: [mRouterConfig] “C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe” O4 - HKCU…\Run: [Picasa Media Detector] F:\Tyśka\Picasa2\PicasaMediaDetector.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: D-Link AirPlus.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz z &BitSpirit - D:\Program Files [D]\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{BF59196B-188F-4E7F-957D-5A5240FCB958}: NameServer = 89.234.193.2,89.234.192.19 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files [D]\Ad-Aware\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - D:\Program Files [D]\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – End of file - 5353 bytes

Gutek · 2 Styczeń 2008 19:35

Log Ok

Nowe Zasady - viewtopic.php?f=16&t=213350