Przegladarki internetowe same mi sie zamykaja bez powodu

**Posty:** 2 · przez **maaariuszzz123** 07 Mar 2009, 14:01

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:05, on 2009-03-07 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\winamp\winampa.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Administrator\Moje dokumenty\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\winamp\winampa.exe" O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [VisualTaskTips] C:\Program Files\Utilities\VisualTaskTips\VisualTaskTips.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{51450AE7-294A-4A9E-ABC9-2DE214DDF533}: NameServer = 194.204.152.34 O17 - HKLM\System\CS1\Services\Tcpip\..\{51450AE7-294A-4A9E-ABC9-2DE214DDF533}: NameServer = 194.204.152.34 O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 4489 bytes [quote][/quote]

Kod: Zaznacz wszystko: ComboFix 09-03-06.01 - Administrator 2009-03-08 14:52:07.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.767.552 [GMT 1:00] Uruchomiony z: c:\documents and settings\Administrator\Moje dokumenty\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-08 do 2009-03-08 ))))))))))))))))))))))))))))))) . 2009-03-07 12:42 . 2009-03-07 12:42 <DIR> d-------- c:\program files\Trend Micro 2009-02-25 18:27 . 2009-02-25 18:27 664,064 --a------ c:\windows\system32\drivers\sptd.sys 2009-02-25 18:27 . 2009-02-25 18:27 96,384 --a------ c:\windows\system32\drivers\sptd0029.sys 2009-02-23 11:29 . 2009-02-23 11:29 <DIR> d--h----- c:\program files\InstallShield Installation Information 2009-02-23 10:52 . 2009-02-23 10:52 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Nero 2009-02-23 10:46 . 2009-02-23 10:46 <DIR> d-------- c:\program files\Common Files\InstallShield 2009-02-23 10:42 . 2009-02-23 10:42 <DIR> d-------- c:\program files\Maxis 2009-02-23 10:41 . 2009-02-23 10:41 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2009-02-23 10:41 . 1998-01-23 14:15 304,640 --a------ c:\windows\IsUn0415.exe 2009-02-21 10:57 . 2008-07-22 11:39 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-02-21 10:57 . 2008-07-22 11:39 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-02-20 11:07 . 2009-02-20 11:07 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Winamp 2009-02-19 17:18 . 2009-02-19 17:24 69 --a------ c:\windows\NeroDigital.ini 2009-02-19 14:05 . 2009-02-19 14:05 <DIR> d-------- c:\windows\Sun 2009-02-19 11:46 . 2009-02-19 11:46 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu 2009-02-19 11:45 . 2009-03-06 15:42 <DIR> d-------- c:\program files\Gadu-Gadu 2009-02-19 11:45 . 2009-02-20 09:00 <DIR> d-------- c:\documents and settings\Administrator\Gadu-Gadu . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-06 14:45 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\uTorrent 2009-02-27 06:13 --------- d-----w c:\program files\Drive Space Indicator 2009-02-18 21:52 --------- d-----w c:\program files\ESET 2009-02-18 21:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET 2009-02-18 21:18 --------- d-----w c:\program files\Opera 2009-02-18 21:10 --------- d-----w c:\program files\uTorrent 2009-02-18 21:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles 2009-02-18 21:09 --------- d-----w c:\program files\Mozilla Thunderbird 2009-02-18 21:09 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Thunderbird 2009-02-18 21:09 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Talkback 2009-02-18 21:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage 2009-02-18 20:55 --------- d-----w c:\program files\Your Uninstaller 2008 2009-02-18 20:55 --------- d-----w c:\program files\OO Software 2009-02-18 20:55 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-02-18 20:55 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\URSoft 2009-02-18 20:54 --------- d-----w c:\program files\Notepad++ 2009-02-18 20:54 --------- d-----w c:\program files\MozBackup 2009-02-18 20:54 --------- d-----w c:\program files\Java 2009-02-18 20:54 --------- d-----w c:\program files\Common Files\Java 2009-02-18 20:54 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Notepad++ 2009-02-18 20:53 --------- d-----w c:\program files\PowerISO 2009-02-18 20:53 --------- d-----w c:\program files\Nero 2009-02-18 20:53 --------- d-----w c:\program files\FastStone Image Viewer 2009-02-18 20:53 --------- d-----w c:\program files\Driver Magician 2009-02-18 20:53 --------- d-----w c:\program files\Common Files\Nero 2009-02-18 20:53 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2009-02-18 20:52 --------- d-----w c:\program files\Unlocker 2009-02-18 20:52 --------- d-----w c:\program files\Common Files\Adobe 2009-02-18 20:51 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-18 20:43 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Xentient 2009-02-18 20:42 --------- d-----w c:\program files\winamp 2009-02-18 20:41 --------- d-----w c:\program files\Utilities 2009-02-18 20:40 --------- d-----w c:\program files\Windows Sidebar 2009-02-18 20:40 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-18 20:40 --------- d-----w c:\program files\System 2009-02-18 20:40 --------- d-----w c:\program files\FirmTools 2009-02-18 20:40 --------- d-----w c:\program files\Driver Sweeper 2007-08-07 22:49 100,247 ----a-w c:\windows\system32\config\systemprofile\xmlUpdater.exe 2007-08-07 22:49 100,247 ----a-w c:\documents and settings\Default User\xmlUpdater.exe 2007-08-07 22:49 100,247 ----a-w c:\documents and settings\Administrator\xmlUpdater.exe . ------- Sigcheck ------- 2008-07-22 14:34 487424 5f1ccdf37f28a88d0473b0c9ea1e0d58 c:\windows\system32\user32.dll 2008-07-22 14:35 893952 808de3bfbabd3737bf331661d919e32b c:\windows\system32\wininet.dll 2008-07-22 14:15 361600 e88631e21a9caca06104802f9e915115 c:\windows\system32\drivers\tcpip.sys 2008-07-22 14:29 2190208 5fb59f2506787a7e036b7c2eff1cce24 c:\windows\system32\ntoskrnl.exe 2008-07-22 14:25 1528832 b49a80a502fd86b2f05bc7bbd723ddab c:\windows\explorer.exe 2008-07-22 14:23 40448 0277e1a3e8b337555a45943808451981 c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-07-22 40448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-24 7626752] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-24 86016] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072] "WinampAgent"="c:\program files\winamp\winampa.exe" [2008-07-10 36352] "nwiz"="nwiz.exe" [2006-09-24 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\program files\Utilities\VisualTaskTips\VisualTaskTips.exe" [2007-09-05 36352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-07-22 c:\windows\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-03-13 33800] R1 vcdrom;Virtual CD-ROM Device Driver;c:\program files\System\CPL Bonus\vcdrom.sys [2009-02-18 8576] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-07-22 29696] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - VCDROM . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ Trusted Zone: google.com\mail TCP: {51450AE7-294A-4A9E-ABC9-2DE214DDF533} = 194.204.152.34 FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7sp80nan.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-08 14:53:47 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="AD11DA6860BE214D31E41A076EEB4E73D0EDEADFC855B7A17A04E6CB76ABF220AF0D0F4332D77BDA19D6B40C5D1FC797FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808FEBC9E127BECC74CA9C6AECB7A5D1407EF524F13D5EA41248A2E8B6E85A3F532000BE3B1A536F858F88C06F37B1519B07D8F8F55C91194E4FE80F72D4284AA603445DAC4457B0897CABB7DAA02FC015FDDBF390BCCDA9454C6CA2525DE96C9CB341918C5D54E56E41F66FCD409469694FEB9EDF72D76D7D0DABEA53DCAB0EE48262FC6D981CE2124E8CEE0FB9979DD64C0F55C26F17746432D2C229EA790862AA6D1A0ED2483FA3B13591C6C6F052E677B144D63D0519D131E8CD3B849D3D2CC4672F630D2D24B97798DB1B4F7B8343BF8D3193F38E0EDAE86F98BBDBA7EE91108A3AC93538ACCA76E9A3CAAD9CA6EFE751D301049649B08B033AC22B87734D5649EBC4FA0D98D5F365068E469D5B1D72578936ED57CE094DB1B2D22368AF085483E31DFE8D5F1B789A3F8C0B35625EE2D145AB7E83249CD3B381AB9D567B20892822B820E762F2A15AD415E782C44F0A642AD8CBE6EB6B1F4B5112D74A0DCCC97105FBAA69850B67BAAAB21AB1F600E21F84CD2C57EDB4124E246011D2EAA479E2E95D17E7D356250FCB5B1F2579B7B1D5208342517438259B10101136C29EDE549294F13478E341EA7EF7BAB616EF0920BC89CB3CD4900163B9C394A98BB3A1BF08C86170065B7DFD4803064B025ABE80607BD7F1C1F4652B7877D6DD7162B6458C107F11413FC08511FC16199DE6D02C8510CC7614966770745E3D9314345D7D862A9BCD2C696FB0D9A6A1AD58EF8AB7E4BC101DF1F78662DEDC5A00FA08C02ED1B09C672831D939D5325B882FC17AE722A5BD33D4F92724FAC4287C2600E63B62A8592099FAC1BBC3FB29DA04795C318B79A1E055A56DFB9403A887E07D6EFF666C0D615C6E3D6C6E7975D97D9451986D383EE2594E26C5B7CD4D0586FF88F9836A27D7676E6F73BE89A3EADFB79D1F46F600C6F275D46C4C77C414EC80D1E2596D5A5EF02DCAAC0F449BC12C30C034311BE6B1C0F7190301E5EEFBE122D6CCD184AA12C11718A20D0F207579C58367352ED3CC29B4BE1768E6C27EC22773DE5DE32F7B61DD528C556AB81EFC6C06BAAE305DEE4721E45973CDDE200A38E49E52285627F75BB8942F2CB4437562992B105DBE5E10D9DBA355FACD68313193DE9B000D05BBD5BA6CA2770196BB27912F80F101C03B7843317C11666E6C3C238B0E79E6503EAF0EDB808F8812C181F4511E9827DEF929019A7439DABFDD9384E1EBDA6F613C83CBE083F0930FE958AF7AF94D8B8391404C3765708747FCE2E07BBB81E0F8AF6006F5A8A880C4E0F30" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(464) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\COMRes.dll - - - - - - - > 'lsass.exe'(524) c:\windows\system32\scecli.dll c:\windows\system32\SETUPAPI.dll . Czas ukończenia: 2009-03-08 14:54:53 ComboFix-quarantined-files.txt 2009-03-08 13:54:46 Przed: 13 006 159 872 bajtów wolnych Po: 13,166,936,064 bajtów wolnych 156

Kod: Zaznacz wszystko

**Posty:** 300 · przez **sgsman** 07 Mar 2009, 15:36

A log z Combofixa gdzie?

**Posty:** 2 · przez **maaariuszzz123** 08 Mar 2009, 15:58

sorki. juz dodałem.

**Posty:** 18165 · przez **wojtas** 08 Mar 2009, 16:46

napisz dokladnie co sie dzieje ... wiecej info:

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.