Zamulanie komputera


(filutylu) #1

Mam problem! Gdy urzywam komputera otwieraja mi sie procesy typu 1688.tmp . na poczatku je kasowałem ale dzis mialem 1h wlaczony komputer i otworzylo mi sie 1000 takich prozesow i kazdy ciagnol od 1200 kb do 500 kb oto log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:34:59, on 2003-07-24

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Windows\system32\taskeng.exe

C:\Windows\msa.exe

C:\Windows\system32\ctfmon.exe

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Filip\AppData\Roaming\Nowe Gadu-Gadu_userdata\ggbho.1.dll

O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHPN.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU..\Run: [Cognac] C:\Users\Filip\AppData\Local\Temp\b.exe

O4 - HKCU..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)" -"http://origin.candystand.com/play/thunderboard"

O4 - HKUS\S-1-5-19..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')

O8 - Extra context menu item: Add to AMV/AVI Video Converter... - D:\Program Files\Media Player Utilities 4.21\AMVConverter\grab.html

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip..{FF94D185-5801-47EB-A7B9-BD6D345AA2BF}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS2\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS3\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS4\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS5\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS6\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS7\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS8\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS9\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS10\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS11\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS12\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS13\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS14\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS15\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O17 - HKLM\System\CS16\Services\Tcpip..{32D5CD5E-8F91-4A37-BDD6-B785261F2453}: NameServer = 217.144.192.2,217.144.192.33

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Usługa Google Update (gupdate1c98edf93f79fa0) (gupdate1c98edf93f79fa0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe

O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: FIM Speedway GP3 Drivers Auto Removal (pr2aq6eb) (pr2aq6eb) - Techland Sp.z o.o. - C:\Windows\system32\pr2aq6eb.exe

O23 - Service: SolidConverterPDFv4ReadSpool (SCPDFV4ReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSIA9A3.tmp

--

End of file - 11996 bytes


(Henio Mazurek) #2

W tej sytuacji użyj ComboFix i wklej log z niego

viewtopic.php?p=1170959#p1170959

Podczas pobierania i skanu ComboFix'em wyłącz antywirusa i zapory.

Logi wklej na www.wklej.org a tutaj tylko link do wklejki.


(filutylu) #3

http://www.wklej.org/id/126006/


(Henio Mazurek) #4

Log jest obcięty. Popraw go. Do tego gmer pokazywał szkodliwy strumień podpięty pod svchost. Wklej również nowo robiony log z gmer.


(filutylu) #5

http://www.wklej.org/id/126050/


(Henio Mazurek) #6

Dobra nic nic tu nie ma.

Start => Uruchom => wpisz Combofix /u lub ręcznie usuń folder C:\Qoobox i instalkę Combofix z dysku.

Wyłącz na chwilę przywracanie systemu.

http://support.microsoft.com/kb/310405/pll

Wykonaj pełny skan Malwarebytes Anti-Malware, jeśli coś znajdzie - usuń i wklej log.

http://dobreprogramy.pl/index.php?dz=2& ... ntiMalware

Przeczyść dysk i rejestr CCleaner'em

Podepnij pamięci przenośne i zastosuj FlashDisinfector

http://www.searchengines.pl/index.php?s ... ntry369724

Z tym strumieniem pod svchost to u kogoś innego w logu, moja pomyłka.