Co zlapal moj komputer?

IP: 194.25.214.* 14.05.07, 08:24
Witam Wszystkich i bardzo prosze o pomoc. Jestem bardzo zielony w sprawach
komputerowych. Wczoraj sciagnolem sobie rozne darmowe programy, po
rozpakowaniu jednego z nich IE zaczol wariowac otwierajac co chwila nowe okna
z reklamami. Nie zachowywal sie tak nigdy dotad. Nowe okna IE z tymi
reklamami maja nazwe zaczynajaca sie od CiD. Mam antywirusa McAffe, skanowal
komputer i nic nie wykryl.
Poradzcie mi co mam zrobic.

Pozdrawiam wszystkich
    • Gość: Kolobos Re: Co zlapal moj komputer? IP: *.escom.net.pl 14.05.07, 10:06
      Na poczatek wklej log z hijackthis.
      • Gość: NIEZORIENTOWANY Re: Co zlapal moj komputer? IP: 194.25.214.* 14.05.07, 10:17
        Pisze z pracy, bede w domu ok 12 i wkleje wtedy-jesli dobrze rozumiem log to
        jest raport otrzymany po skanowaniu komputera?
        • Gość: Kolobos Re: Co zlapal moj komputer? IP: *.escom.net.pl 14.05.07, 10:20
          Tak. W linku ktory jest w naglowku forum masz wszystko opisane.
          • Gość: NIEZORIENTOWANY Re: Co zlapal moj komputer? IP: 194.25.214.* 14.05.07, 10:23
            Dzieki wielkie, wracam po 13tej.
            • Gość: NIEZORIENTOWANY Re: Co zlapal moj komputer? IP: *.dip.t-dialin.net 14.05.07, 12:19
              Wklejam log:

              Logfile of Trend Micro HijackThis v2.0.0 (BETA)
              Scan saved at 12:18:22, on 2007-05-14
              Platform: Windows XP SP2 (WinNT 5.01.2600)
              Boot mode: Normal

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
              C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
              C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
              c:\program files\common files\mcafee\mna\mcnasvc.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
              C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
              c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
              C:\Program Files\McAfee\MPF\MPFSrv.exe
              C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              C:\Program Files\SiteAdvisor\6066\SAService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
              C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
              Platform\VCSW\VCSW.exe
              C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
              Platform\VzCdb\VzCdbSvc.exe
              C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
              Platform\VzCdb\VzFw.exe
              C:\PROGRA~1\mcafee.com\agent\mcagent.exe
              C:\Program Files\Apoint\Apoint.exe
              C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
              C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
              C:\Program Files\Sony\ISB Utility\ISBMgr.exe
              C:\WINDOWS\system32\igfxtray.exe
              C:\WINDOWS\system32\hkcmd.exe
              C:\Program Files\Apoint\Apntex.exe
              C:\WINDOWS\system32\igfxpers.exe
              C:\WINDOWS\vsnpstd.exe
              C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
              C:\Program Files\Messenger\msmsgs.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Logitech\SetPoint\SetPoint.exe
              C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
              C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
              C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462
              \GoogleToolbarNotifier.exe
              c:\progra~1\intern~1\iexplore.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\WINDOWS\system32\drwtsn32.exe
              C:\WINDOWS\system32\drwtsn32.exe
              C:\WINDOWS\explorer.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\HiJackThis_v2.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.onet.pl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              go.microsoft.com/fwlink/?LinkId=69157
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
              go.microsoft.com/fwlink/?LinkId=54896
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
              go.microsoft.com/fwlink/?LinkId=54896
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              go.microsoft.com/fwlink/?LinkId=69157
              O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
              784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
              O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program
              Files\SiteAdvisor\6066\SiteAdv.dll
              O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
              C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
              O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1
              \mcafee\VIRUSS~1\scriptcl.dll
              O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
              c:\program files\google\googletoolbar4.dll
              O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -
              C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
              O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
              files\google\googletoolbar4.dll
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
              \NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
              O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
              O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
              O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power
              Management\SPMgr.exe
              O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2
              \VAIOUpdt.exe" /Stationary
              O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
              O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
              O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting
              Utility\Switcher.exe
              O4 - HKLM\..\Run: [CloneCDTray] "C:\Program
              Files\SlySoft\CloneCD\CloneCDTray.exe" /s
              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
              O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
              O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
              O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
              O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
              O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1
              \LAUNCH~1.EXE -startup
              O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
              O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
              O4 - HKLM\..\Run: [InvalidDelete] C:\DOCUME~1\Leszek\LOCALS~1
              \Temp\KYE\Setup.exe /Delete C:\Program Files\Genius NetScroll+ Mini Traveler
              Mouse
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [swg] C:\Program
              Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
              O4 - HKCU\..\Run: [Mp3 send] C:\DOCUME~1\Leszek\APPLIC~1\STOREF~1\Grid Cool.exe
              O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program
              Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
              O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
              Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
              O4 - Global Startup: Logitech SetPoint.lnk = ?
              O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1
              \MICROS~3\OFFICE11\EXCEL.EXE/3000
              O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
              C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
              O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
              00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
              O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1
              \Skype\Phone\IEPlugin\SKYPEI~1.DLL
              O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
              C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
              O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%
              \Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-
              f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
              C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
              00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O14 - IERESET.INF: START_PAGE_URL=www.sony.com/vaiopeople
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
              www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
              O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
              <a href="downlo
              • Gość: NIEZORIENTOWANY Re: Co zlapal moj komputer? IP: *.dip.t-dialin.net 14.05.07, 12:22
                Ciag dalszy:

                O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
                www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
                O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
                downloads.ewido.net/ewidoOnlineScan.cab
                O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System
                Class) -
                download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
                O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
                www.mks.com.pl/skaner/SkanerOnline.cab
                O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
                www.bph.pl/pi/components/SignActivX.cab
                O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
                acs.pandasoftware.com/activescan/as5free/asinst.cab
                O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
                download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5029/mcfscan.cab
                O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1
                \COMMON~1\Skype\SKYPE4~1.DLL
                O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-
                00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
                O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-
                11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
                O23 - Service: McAfee Application Installer Cleanup (0219131179013984)
                (0219131179013984mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\021913~1.EXE
                O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program
                Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
                O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1
                \COMMON~1\McAfee\EmProxy\emproxy.exe
                O23 - Service: EvtEng - Intel Corporation - C:\Program
                Files\Intel\Wireless\Bin\EvtEng.exe
                O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
                Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program
                Files\Common Files\McAfee\HackerWatch\HWAPI.exe
                O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1
                \McAfee\MSC\mcupdmgr.exe
                O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1
                \McAfee\MSC\mcmscsvc.exe
                O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program
                files\common files\mcafee\mna\mcnasvc.exe
                O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1
                \McAfee\VIRUSS~1\mcods.exe
                O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1
                \McAfee\MSC\mcpromgr.exe
                O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. -
                c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
                O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1
                \McAfee\VIRUSS~1\mcshield.exe
                O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1
                \McAfee\VIRUSS~1\mcsysmon.exe
                O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. -
                C:\Program Files\McAfee\MPF\MPFSrv.exe
                O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
                C:\WINDOWS\system32\nvsvc32.exe
                O23 - Service: RegSrvc - Intel Corporation - C:\Program
                Files\Intel\Wireless\Bin\RegSrvc.exe
                O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -
                C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
                O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
                Solution\ServiceLayer.exe
                O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program
                Files\SiteAdvisor\6066\SAService.exe
                O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony
                Corporation - C:\Program Files\Common Files\Sony Shared\VAIO
                Entertainment\VzRs\VzRs.exe
                O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation -
                C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
                O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony
                Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
                Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
                O23 - Service: VAIO Event Service - Sony Corporation - C:\Program
                Files\Sony\VAIO Event Service\VESMgr.exe
                O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-
                AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated
                Server\VMISrv.exe
                O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-
                IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media
                Integrated Server\Platform\SV_Httpd.exe
                O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-
                IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media
                Integrated Server\Platform\UPnPFramework.exe
                O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) -
                Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated
                Server\Platform\VmGateway.exe
                O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-
                AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated
                Server\Video\GPVSvr.exe
                O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-
                UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated
                Server\Platform\UPnPFramework.exe
                O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony
                Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
                Platform\VCSW\VCSW.exe
                O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony
                Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
                Platform\VzCdb\VzCdbSvc.exe
                O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony
                Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
                Platform\VzCdb\VzFw.exe

                --
                End of file - 12964 bytes

                Co jest niebezpieczne? Czy poradze sobie sam? Laik komputerowy?
                • Gość: Kolobos Re: Co zlapal moj komputer? IP: *.escom.net.pl 14.05.07, 12:58
                  Uzyj: www.spywareedge.net/nolop/NoLop.exe

                  W hjt usun:
                  O4 - HKLM\..\Run: [InvalidDelete] C:\DOCUME~1\Leszek\LOCALS~1
                  \Temp\KYE\Setup.exe /Delete C:\Program Files\Genius NetScroll+ Mini Traveler
                  Mouse
                  O4 - HKCU\..\Run: [Mp3 send] C:\DOCUME~1\Leszek\APPLIC~1\STOREF~1\Grid Cool.exe

                  Na koniec skan tym:
                  www.superantispyware.com/downloads/SUPERAntiSpyware.exe
                  • Gość: NIEZORIENTOWANY Re: Co zlapal moj komputer? IP: 194.25.214.* 14.05.07, 13:23
                    Dzieki Ci!

                    hjt to znaczy w programie Hijackthis?

                    Czy cos jeszcze wyglada nie tak? Przejzalem inne logi i inne sa krotsze niz
                    ten. Moze rekomendujesz jakies zmiany???
                    • Gość: Kolobos Re: Co zlapal moj komputer? IP: *.escom.net.pl 14.05.07, 13:35
                      Tak hjt to hijackthis. Reszta jest ok i nic nie trzeba zmieniac.
                      • Gość: NIEZORIENTOWANY Re: Co zlapal moj komputer? IP: *.dip.t-dialin.net 14.05.07, 21:07
                        Podzialalo! Dzieki raz jeszcze!
                        • Gość: anmar Re: Co zlapal moj komputer? IP: 217.98.71.* 15.05.07, 21:44
                          Przy okazji i ja skorzystałem. Dziś w czasie pracy na kompie zrobił mi się
                          pulpit strażacko-czerwony. Po wejściu w IE zamiast ustawionej strony
                          wyświetlała się strona z reklamująca sprzedaż jakichś programów
                          zabezpieczających. Przeskanowałem antywirusami, które mam i nic. Wszedłem na to
                          forum i zobaczyłem ten wątek. Zainstalowałem i przeskanowałem SuperAntiSpywarem
                          i pokazało się ponad 40 trojanów i innego świństwa. Teraz powinno być dobrze.
                          DZIĘKI!!!
                          To swiństwo chyba było podklejone pod programik, który wczoraj zainstalowałem z
                          netu (do obróbki zdjęć foto).
Pełna wersja