pylus89 utworzono 6 lipca 2007 utworzono 6 lipca 2007 dopadł mnie: iworm_attck_v122.02a A konkretnie "wirus" który powoduje wyskakujące chmurki z prawej strony... chmurki te informuja o rzekomych zagrożeniach dla komputera, po ich kliknięciu otwiera sie strona z "polecanymi" programami antywirusowymi które "rzekomo" maja nam pomóc... Nagminne wyskakiwanie tychże chmurek skłania mnie do tego aby usunąć tenm problem raz na zawsze... Skanowałem system progeramami typu AVG,Ad-Awere... nie wykrywają problemu... Zrobiem loga HiJAckiem... jak co to go wrzuce...chciałbym wiedzieć czy ktoś mógły mi pomoc... z góry dziękuje bardzo! Pozdrawiam pylus89
Vis Maior komentarz 6 lipca 2007 komentarz 6 lipca 2007 Jak wiesz gdzie sie ulokował to go usuń. Spróbuj moze przeskanować jeszcze jakimis innymi antyvirami. Jak chcesz uniknąc problemu mozesz zainstalowac np xpanty spy i odznaczyc wyskakujące chmurki.
pylus89 komentarz 6 lipca 2007 Autor komentarz 6 lipca 2007 LOG HIJACK : Logfile of HijackThis v1.99.1 Scan saved at 14:06:58, on 2007-07-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:PROGRA~1GrisoftAVG7avgamsvr.exe C:PROGRA~1GrisoftAVG7avgupsvc.exe C:PROGRA~1GrisoftAVG7avgemc.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe C:WINDOWSSystem32nvsvc32.exe C:WINDOWSSystem32svchost.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:PROGRA~1GrisoftAVG7avgcc.exe C:Program FilesJavajre1.6.0_01binjusched.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:Program FilesD-Toolsdaemon.exe C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesMessengermsmsgs.exe C:Program FilesGadu-Gadugg.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSsystem32notepad.exe C:Program FilesMozilla Firefoxfirefox.exe C:Documents and SettingsPaweł_2Pulpithijackthis_199HijackThis.exe R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://gadnet.hit.gemius.pl/hitredir/id=nG...zkaniowy.bph.pl R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe" O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe" O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe" O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O4 - Startup: DrAntispy.lnk = C:Program FilesDrAntispyDrAntispy.exe O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe -------------------------------------------------------------------------------------- LOG COMBOFIX: "Pawe_2" - 2007-07-06 13:48:57 - ComboFix 07-07-04.4 - Dodatek Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:WINDOWSsystem32wingob32.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:d.exe C:DOCUME~1ALLUSE~1DANEAP~1.TEMP C:DOCUME~1PAWE_2~1Pulpit.internet explorer.lnk C:Program Filesvideo activex access C:Program Filesvideo activex accessiesmin.exe~ C:Program Filesvideo activex accessiesmn.exe~ C:Program Filesvideo activex accessiesplg.dll C:Program Filesvideo activex accessimsmain.exe~ C:Program Filesvideo activex accessimsmn.exe~ C:Program Filesvideo activex accessimsunst.exe C:Program Filesvideo activex accessot.ico C:Program Filesvideo activex accessts.ico ((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 ))))))))))))))))))))))))))))))) 2007-07-06 13:48 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-06 11:40 42,093 --a------ C:hivtvru.exe 2007-07-06 11:34 <DIR> d-------- C:Program FilesXoftSpySE 2007-07-06 11:12 89,088 --a------ C:WINDOWSsystem32atl71.dll 2007-07-05 21:18 5,632 --a------ C:WINDOWSsystem32ptpusb.dll 2007-07-05 21:18 159,232 --a------ C:WINDOWSsystem32ptpusd.dll 2007-07-05 21:18 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys 2007-07-02 15:51 <DIR> d-------- C:Program Files01-mp3search 2007-06-27 11:21 4 --a------ C:WINDOWSinfo147.sys 2007-06-10 22:06 <DIR> d-------- C:WINDOWSCache 2007-06-06 06:57 <DIR> d-------- C:DOCUME~1PaulinaDANEAP~1Media Player Classic (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-06 11:47:40 -------- d-----w C:DOCUME~1PAWE_2~1DANEAP~1Skype 2007-07-06 09:40:37 -------- d-----w C:Program FilesWinamp 2007-06-27 09:19:57 8,704 --s-a-w C:WINDOWSsystem32xnvaogd.dll 2007-06-17 11:28:41 49,492 ----a-w C:WINDOWSsystem32perfc015.dat 2007-06-17 11:28:41 355,486 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-22 12:44:01 -------- d-----w C:DOCUME~1PAWE_2~1DANEAP~1MSN6 2007-05-16 15:18:58 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:WINDOWSsystem32wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:WINDOWSsystem32wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:WINDOWSsystem32wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:WINDOWSsystem32wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:WINDOWSsystem32wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:WINDOWSsystem32wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll 2007-04-10 15:08:58 98,304 ----a-w C:WINDOWSsystem32CmdLineExt.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}] 2005-12-07 16:06 399424 --a------ C:Program FilesYahoo!CompanionInstallscpnyt.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-11-04 00:17 54248 --a------ C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] 2006-11-17 20:30 202304 --a------ C:Program FilesBitComettoolsBitCometBHO.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:PROGRA~1SPYBOT~1SDHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [2007-04-23 08:55] "nwiz"="nwiz.exe" [2006-08-11 21:43 C:WINDOWSsystem32nwiz.exe] "WinampAgent"="C:Program FilesWinampwinampa.exe" [] "SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43] "DAEMON Tools-1033"="C:Program FilesD-Toolsdaemon.exe" [2004-08-22 18:05] "HP Component Manager"="C:Program FilesHPhpcoretechhpcmpmgr.exe" [2003-10-23 19:51] "HP Software Update"="C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe" [2003-06-25 11:24] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44] "Skype"="C:Program FilesSkypePhoneSkype.exe" [2006-10-13 17:33] "MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24] "Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2006-11-14 11:12] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskSched ler] "{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="C:WINDOWSsystem32xnvaogd.dll" [2007-06-27 11:19] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS] "C:Program FilesMessengermsmsgs.exe" /background Contents of the 'Scheduled Tasks' folder 2007-07-06 11:54:00 C:WINDOWStasksXoftSpySE 2.job 2007-07-06 09:34:18 C:WINDOWStasksXoftSpySE.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-06 13:54:13 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... C:WINDOWSsystem32cmd.exe [3860] 0xFF70BDA0 scanning hidden autostart entries ... scanning hidden files ... C:WINDOWS0.log scan completed successfully hidden files: 1 ************************************************************************** Completion time: 2007-07-06 13:56:14 - machine was rebooted C:ComboFix-quarantined-files.txt ... 2007-07-06 13:56 --- E O F --- Czekam na odpowiedź Pozdrawiam
CatchMe komentarz 6 lipca 2007 komentarz 6 lipca 2007 Zablokuj porty programami WWDC i Seconfig XP VAX... a raczej resztki. Dla pewności użyj SmitFraudFix z opcji 2 w trybie awaryjnym. Następnie nowe logi.
pylus89 komentarz 6 lipca 2007 Autor komentarz 6 lipca 2007 ze mnie kompletny laik... mógłyś mi to jakoś przetworzyć na język dla mnie zrozumiały to co napisałeś? plizz
pylus89 komentarz 6 lipca 2007 Autor komentarz 6 lipca 2007 Chciałem tylko wiedzieć co znaczy VAX...?
CatchMe komentarz 6 lipca 2007 komentarz 6 lipca 2007 video activex access - tylko inna grupa Czekam na logi.
pylus89 komentarz 6 lipca 2007 Autor komentarz 6 lipca 2007 LOG HIJACK: Logfile of HijackThis v1.99.1 Scan saved at 15:43:44, on 2007-07-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:PROGRA~1GrisoftAVG7avgamsvr.exe C:PROGRA~1GrisoftAVG7avgupsvc.exe C:PROGRA~1GrisoftAVG7avgemc.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe C:WINDOWSSystem32nvsvc32.exe C:WINDOWSSystem32svchost.exe C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:WINDOWSExplorer.EXE C:Program FilesSunbelt SoftwarePersonal Firewallkpf4gui.exe C:PROGRA~1GrisoftAVG7avgcc.exe C:Program FilesJavajre1.6.0_01binjusched.exe C:Program FilesD-Toolsdaemon.exe C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesSkypePhoneSkype.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesMessengermsmsgs.exe C:Program FilesGadu-Gadugg.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSsystem32notepad.exe C:Program FilesMozilla Firefoxfirefox.exe C:WINDOWSsystem32NOTEPAD.EXE C:Documents and SettingsPaweł_2Pulpithijackthis_199HijackThis.exe R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://gadnet.hit.gemius.pl/hitredir/id=nG...zkaniowy.bph.pl R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [WinampAgent] C:Program FilesWinampwinampa.exe O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe" O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe" O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe" O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - Startup: Adobe Gamma.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O4 - Startup: DrAntispy.lnk = C:Program FilesDrAntispyDrAntispy.exe O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE O8 - Extra context menu item: Download all links using BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:Program FilesSunbelt SoftwarePersonal Firewallkpf4ss.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe ------------------------------------------------------------------------------------------------------------------- LOG COMBOFIX "Pawe_2" - 2007-07-06 15:34:34 - ComboFix 07-07-04.4 - Dodatek Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------LEGACY_NPF ((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 ))))))))))))))))))))))))))))))) 2007-07-06 15:28 2,200 --a------ C:WINDOWSsystem32tmp.reg 2007-07-06 13:48 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-06 11:40 42,093 --a------ C:hivtvru.exe 2007-07-06 11:34 <DIR> d-------- C:Program FilesXoftSpySE 2007-07-06 11:12 89,088 --a------ C:WINDOWSsystem32atl71.dll 2007-07-05 21:18 5,632 --a------ C:WINDOWSsystem32ptpusb.dll 2007-07-05 21:18 159,232 --a------ C:WINDOWSsystem32ptpusd.dll 2007-07-05 21:18 15,104 --a------ C:WINDOWSsystem32driversusbscan.sys 2007-07-02 15:51 <DIR> d-------- C:Program Files01-mp3search 2007-06-27 11:21 4 --a------ C:WINDOWSinfo147.sys 2007-06-10 22:06 <DIR> d-------- C:WINDOWSCache 2007-06-06 06:57 <DIR> d-------- C:DOCUME~1PaulinaDANEAP~1Media Player Classic (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-06 13:33:40 -------- d-----w C:DOCUME~1PAWE_2~1DANEAP~1Skype 2007-07-06 09:40:37 -------- d-----w C:Program FilesWinamp 2007-06-17 11:28:41 49,492 ----a-w C:WINDOWSsystem32perfc015.dat 2007-06-17 11:28:41 355,486 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-22 12:44:01 -------- d-----w C:DOCUME~1PAWE_2~1DANEAP~1MSN6 2007-05-16 15:18:58 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll 2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:WINDOWSsystem32wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:WINDOWSsystem32wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:WINDOWSsystem32wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:WINDOWSsystem32wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:WINDOWSsystem32wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:WINDOWSsystem32wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll 2007-04-10 15:08:58 98,304 ----a-w C:WINDOWSsystem32CmdLineExt.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}] 2005-12-07 16:06 399424 --a------ C:Program FilesYahoo!CompanionInstallscpnyt.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-11-04 00:17 54248 --a------ C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}] 2006-11-17 20:30 202304 --a------ C:Program FilesBitComettoolsBitCometBHO.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:PROGRA~1SPYBOT~1SDHelper.dll [HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2007-03-14 03:43 501400 --a------ C:Program FilesJavajre1.6.0_01binssv.dll [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [2007-04-23 08:55] "nwiz"="nwiz.exe" [2006-08-11 21:43 C:WINDOWSsystem32nwiz.exe] "WinampAgent"="C:Program FilesWinampwinampa.exe" [] "SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 03:43] "DAEMON Tools-1033"="C:Program FilesD-Toolsdaemon.exe" [2004-08-22 18:05] "HP Component Manager"="C:Program FilesHPhpcoretechhpcmpmgr.exe" [2003-10-23 19:51] "HP Software Update"="C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd.exe" [2003-06-25 11:24] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44] "Skype"="C:Program FilesSkypePhoneSkype.exe" [2006-10-13 17:33] "MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24] "Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2006-11-14 11:12] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS] "C:Program FilesMessengermsmsgs.exe" /background Contents of the 'Scheduled Tasks' folder 2007-07-06 13:39:43 C:WINDOWStasksXoftSpySE 2.job 2007-07-06 09:34:18 C:WINDOWStasksXoftSpySE.job ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-06 15:39:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... C:WINDOWSsystem32cmd.exe [3224] 0xFF72D598 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-06 15:41:48 - machine was rebooted C:ComboFix-quarantined-files.txt ... 2007-07-06 15:41 C:ComboFix2.txt ... 2007-07-06 13:56 --- E O F --- Zrobiłem wszystko wg wskazówek... po czyszczeniu SmitFraudFix'em problem jak ręką odjął... jak narazie spokój;) Dziękuje bardzo za pomoc!!! POZDRAWIAM
CatchMe komentarz 6 lipca 2007 komentarz 6 lipca 2007 Resztka do usunięcia: (w trybie awaryjnym) C:hivtvru.exe Kosmetycznie usuń: C:WINDOWSsystem32tmp.reg C:WINDOWSnircmd.exe i wklej combofixa
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.