wyskakujące okienko

[lemur]

Mam problem otóż ciągle wyskakuje mi okienko i niewiem co z nim zrobić bo jak anuluje to po 5-10 minutach się znowu pojawia i tak w nieskończoność. Pokazuje że komputer został zaataowany czy coś takiego. Skanowałem komputer Avastem PRO, Zone Alarmem PRO, spy botem, Adaware 2007 PRO i ciągle ta ikona się pojawia. Niewiem tylko jak moge tu wstawić screem .

[Mike]

Wstaw loga z silenta i HJ, tutaj opis jak je wstawić => http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html


NTF => przenoszę do Bezpieczeństwa

[Thunderas]

Ale jak został zaatakowany? czym?
Na poczatek może tak log z hijackthis
Info co i jak z tym na [url]http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
[/url]
Skoro skanowałes i nic nie wykryło to jest ciekawe.

[lemur]

No więc opisze to tak: Pojawia się okienko zatytuowane "Windows Security Alert" a w treści jest : "Warning! Potential Spyware Operation!" "Your computer is making unauthorized copies of your system and Internet files. Run full scan now to pervent any unauthorised access to you files! Click yes to download spyware remover..." Jak klikam "yes" to otwiera strone i strony nieznajduje a jak wybieram "no" to jak wyżej w pierwszym poscie.

[ Dodano: Dzisiaj o 21:37 ]

Logfile of HijackThis v1.99.1
Scan saved at 21:30:01, on 2007-10-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\printer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\Program Files\WapSter\AQQ\AQQ.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Michał\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C326C1-4FD5-43E5-8B81-334ED44B358D}: NameServer = 194.204.152.34 217.98.63.164
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[wojtas]

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe



potem log z hijacka oraz combofixa

[lemur]

Cos niedziala ten link http://siri.urz.free.fr/Fix/SmitfraudFix.exe niewiem dlaczego

[wojtas]

lemur dziala dziala sprobuj na innej przegladarce

[lemur]

No niewiem mi coś niedziała, próbuje Avantem, FireFoxem, IE i nic...

[wojtas]

masz tu innego linka:

http://s001.wyslijto.pl/?file_id=79367275504169553277

[lemur]

Tu pisze żeby zastosować tryb awaryjny, jak go właczyć ?

[wojtas]

jak go właczyć ?

F8 przy starcie systemu....

[lemur]

[ Dodano: Dzisiaj o 14:06 ]
No dobra to log z hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23:07:23, on 2007-10-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\WF2K.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Michał\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe C:\WINDOWS\system32\wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Log z Combofix

ComboFix 07-10-03.7 - Michaˆ 2007-10-03 23:04:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1019 [GMT 2:00]
Running from: C:\Documents and Settings\Michaˆ\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.

2007-10-03 22:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-03 22:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-03 22:38 3,918 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-03 22:38 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-03 22:38 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-03 22:38 25,088 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-03 21:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 18:49 <DIR> d-------- C:\Program Files\CCleaner
2007-10-02 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2007-10-02 17:59 720,896 --a------ C:\WINDOWS\iun6002.exe
2007-10-01 17:38 <DIR> d-------- C:\Program Files\Lavalys
2007-09-30 16:42 <DIR> d-------- C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2007-09-29 11:27 <DIR> d-------- C:\Program Files\ivo
2007-09-12 15:09 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-09-12 15:09 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-09-12 15:09 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-09-12 15:09 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-09-04 15:55 <DIR> d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Avant Profiles
2007-09-03 23:05 <DIR> d-------- C:\Program Files\Alcohol Soft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 22:52 --------- d-------- C:\Program Files\Neostrada TP
2007-10-03 19:48 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-03 19:48 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-10-03 18:50 --------- d-------- C:\Program Files\Xfire
2007-10-02 19:18 --------- d-------- C:\Program Files\DAEMON Tools
2007-09-30 21:06 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-30 11:10 --------- d-------- C:\Program Files\eMule
2007-09-29 20:06 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-18 22:20 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-09-15 17:25 66872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-09-12 15:09 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-03 22:26 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-01 13:21 --------- d-------- C:\Program Files\Sierra On-Line
2007-09-01 13:17 86528 --a------ C:\WINDOWS\bnetunin.exe
2007-09-01 13:17 61440 --a------ C:\WINDOWS\diabunin.exe
2007-08-26 09:59 --------- d-------- C:\Program Files\Avant Browser
2007-08-25 22:55 --------- d-------- C:\Program Files\Opera
2007-08-25 22:07 --------- d-------- C:\Program Files\directx
2007-08-25 18:36 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-24 16:37 --------- d-------- C:\Program Files\iTunes
2007-08-24 16:37 --------- d-------- C:\Program Files\iPod
2007-08-24 16:37 --------- d-------- C:\Program Files\Common Files\Apple
2007-08-24 16:37 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2007-08-20 13:47 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-08-20 13:47 --------- d-------- C:\Program Files\OpenAL
2007-08-20 13:47 --------- d-------- C:\Program Files\AGEIA Technologies
2007-08-16 20:44 --------- d-------- C:\Program Files\Common Files\DirectX
2007-08-14 11:48 --------- d-------- C:\Program Files\Lavasoft
2007-08-14 11:48 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2007-08-08 13:49 --------- d-------- C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2007-08-06 16:05 --------- d-------- C:\Program Files\SubEdit-Player
2007-08-04 19:25 --------- d-------- C:\Program Files\Xvid
2007-08-04 19:21 --------- d-------- C:\Program Files\DivX
2007-08-04 19:11 --------- d-------- C:\Program Files\AviSynth 2.5
2007-08-04 16:35 --------- d-------- C:\Program Files\Gabest
2007-08-04 16:35 --------- d-------- C:\Program Files\AVI ReComp
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 01:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-27 01:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 01:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-27 01:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-27 01:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-27 01:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-27 01:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-27 01:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-27 01:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-27 01:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-27 01:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-27 01:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-27 01:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-27 01:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-27 01:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-15 21:43 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"="c6501.cpl" []
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 17:35]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 16:25]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"WinFoxV2"="C:\WINDOWS\system32\WF2K.EXE" [2006-07-17 14:31]
"WinFast2KLoadDefault"="C:\WINDOWS\system32\wf2kcpl.dll" [2006-02-22 13:29]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-07-07 17:15]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-16 15:00]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2006-03-14 13:12]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-06-16 21:30:25]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-06-16 21:32:33]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-06-16 21:30:25]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2007-06-16 21:32:33]

R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys
R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys
R3 WFIOCTL;WFIOCTL;\??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS
R4 WINFOXIO;WINFOXIO;\??\C:\WINDOWS\system32\Drivers\WINFOXIO.SYS
S3 iMSPCLOj;iMSPCLOj;\??\C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\iMSPCLOj.sys
S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\sony_ssm.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - WINFOXIO
.
Contents of the 'Scheduled Tasks' folder
"2007-09-07 14:04:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 23:05:26
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-03 23:06:04
.
--- E O F ---

Podczas skanowania Combo fixem Avast znalazł w nim tym programie konia trojaniskiego o nazwie Win32:Dadobra-EY [Trj], niewiedziałem co z nim zrobić wiec wpakowałem do kwarantanny. Usunąć go ?

[Red]

Usunać.Poza tym to avast tak reaguje na combo,tym się nie przejmuj.

Z systemu mozesz usunąć:

C:\WINDOWS\system32\tmp.reg

[lemur]

Ikona już mi się niepokazuje, to już chyba wszystko prawda ? Dzięki za roziązanie mojego problemu .