ďťż

Wštki

Pierwszy log z hijacka

Ciamcia - Czw Kwi 10, 2008 7:42 pm
Proszę o sprawdzenie loga. Avast nie znajduje żadnych wirusów ale inne programy tak, zwłaszcza jak włącza się wygaszacz ekranu. Poza tym zaraz po włączeniu pojawia się komunikat, że brak gzmtr dll.bmp (nie mam pojęcia co to jest i jak sie tego pozbyć;/)!
Plizz help!!

Kod: Zaznacz wszystkoLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:07, on 2008-04-10
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\Program Files\QuickTime\qttask.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Gadu-Gadu\gg.exe
I:\Program Files\Macrogaming\SweetIM\SweetIM.exe
I:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\msiexec.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - I:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - I:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: MySidesearch Search Assistant - {DDFA1356-E6ED-42a5-9D62-93211D424A90} - I:\WINDOWS\system32\mysidesearch_sidebar.dll
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - I:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - I:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [zzGBK] G:\setup.exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] I:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [postSetupCheck] I:\WINDOWS\System32\Rundll32.exe "I:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] I:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "I:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SweetIM] I:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198529454531
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB52AA4-9724-4A50-935B-77C520845F79}: NameServer = 213.241.5.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6224 bytes

huber2t - Czw Kwi 10, 2008 7:47 pm
fix w hijackthis
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssbR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - I:\Program Files\Adssite Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [postSetupCheck] I:\WINDOWS\System32\Rundll32.exe "I:\WINDOWS\system32\gzmrt.dll" DllStart
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DB52AA4-9724-4A50-935B-77C520845F79}: NameServer = 213.241.5.3

Ciamcia - Czw Kwi 10, 2008 11:00 pm
Dzięki, już mi nie wyskakują żadne okienka przy starcie!!:)
Oto nowy log z combofix

Kod: Zaznacz wszystkoComboFix 08-04-09.9 - Monika 2008-04-10 22:41:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.225 [GMT 2:00]
Running from: I:\Documents and Settings\Monika\Pulpit\ComboFix.exe
Command switches used :: I:\Documents and Settings\Monika\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
I:\WINDOWS\system32\gzmrt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\Monika\Dane aplikacji\Adssite Advanced Toolbar
I:\Documents and Settings\Monika\Dane aplikacji\Adssite Advanced Toolbar\selected.xml
I:\Documents and Settings\Monika\Dane aplikacji\urlredir.cfg
I:\Program Files\Adssite Advanced Toolbar
I:\Program Files\Adssite Advanced Toolbar\buttons.xml
I:\Program Files\Adssite Advanced Toolbar\search.xml
I:\Program Files\Adssite Advanced Toolbar\toolbar.dll
I:\Program Files\Adssite Advanced Toolbar\uninstall.exe
I:\Program Files\Adssite Games Collection
I:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe
I:\Program Files\Adssite Games Collection\BobAndBill.exe
I:\Program Files\Adssite Games Collection\CrazyBlocks.exe
I:\Program Files\Adssite Games Collection\Lines.exe
I:\Program Files\Adssite Games Collection\uninstall.exe
I:\Program Files\Adssite Games Collection\VideoPool.exe
I:\Program Files\myglobalsearch
I:\Program Files\myglobalsearch\bar\History\search
I:\WINDOWS\system32\adssite-remove.exe
I:\WINDOWS\system32\gzmrot-uninst.exe
I:\WINDOWS\system32\ninjaext-uninstall.exe
I:\WINDOWS\system32\rightonadz-uninst.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-10 20:51 . 2008-04-10 20:51 <DIR> d-------- I:\Program Files\Panda Security
2008-04-10 20:30 . 2008-04-10 20:30 <DIR> d-------- I:\Program Files\Trend Micro
2008-04-06 23:56 . 2008-04-06 23:56 <DIR> d-------- I:\Program Files\Mozilla ActiveX Control v1.7.1
2008-04-06 23:42 . 2008-03-29 19:31 75,856 --a------ I:\WINDOWS\system32\drivers\aswSP.sys
2008-04-06 23:42 . 2008-03-29 19:35 20,560 --a------ I:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-06 23:41 . 2008-04-06 23:41 <DIR> d-------- I:\Documents and Settings\LocalService\Dane aplikacji\AdobeUM
2008-03-28 21:33 . 2008-03-28 21:33 <DIR> d-------- I:\Documents and Settings\Monika\Dane aplikacji\ArcaBit
2008-03-28 20:18 . 2008-03-28 20:18 <DIR> d-------- I:\Program Files\Avira
2008-03-28 20:18 . 2008-04-10 21:00 <DIR> d-------- I:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-03-24 10:13 . 2008-03-24 10:13 84,729 --a------ I:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 20:43 --------- d-----w I:\Documents and Settings\Monika\Dane aplikacji\uTorrent
2008-04-10 18:15 --------- d-----w I:\Program Files\Common Files\Symantec Shared
2008-04-09 21:24 --------- d-----w I:\Program Files\Java
2008-03-29 17:45 1,146,232 ----a-w I:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w I:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w I:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w I:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w I:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w I:\WINDOWS\system32\AvastSS.scr
2008-03-24 08:13 --------- d-----w I:\Documents and Settings\Monika\Dane aplikacji\MegauploadToolbar
2008-03-20 08:09 1,845,504 ----a-w I:\WINDOWS\system32\win32k.sys
2008-03-14 16:30 --------- d-----w I:\Program Files\NAPI-PROJEKT
2008-03-06 11:01 339,968 ----a-w I:\WINDOWS\system32\mysidesearch_sidebar.dll
2008-03-05 17:15 --------- d-----w I:\Program Files\eMule
2008-02-26 13:38 --------- d-----w I:\Program Files\Gadu-Gadu
2008-02-20 06:51 282,624 ----a-w I:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w I:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:05 662,016 ----a-w I:\WINDOWS\system32\wininet.dll
2008-02-11 23:33 --------- d-----w I:\Documents and Settings\Monika\Dane aplikacji\gtk-2.0
2008-02-01 22:02 77,353 ----a-w I:\WINDOWS\system32\adssite_sidebar_uninstall.exe
2008-01-25 16:24 46,300 ----a-w I:\WINDOWS\system32\AdssiteSocial-uninstall.exe
2007-12-27 14:03 21,528 ----a-w I:\Documents and Settings\Monika\Dane aplikacji\GDIPFONTCACHEV1.DAT
2007-09-08 18:16 25,600 ----a-w I:\Documents and Settings\Monika\usbsermptxp.sys
2007-09-08 18:16 22,768 ----a-w I:\Documents and Settings\Monika\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDFA1356-E6ED-42a5-9D62-93211D424A90}]
2008-03-06 13:01 339968 --a------ I:\WINDOWS\system32\mysidesearch_sidebar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"Komunikator"="I:\Program Files\Tlen.pl\tlen.exe" [ ]
"Gadu-Gadu"="I:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36 2111176]
"SweetIM"="I:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-07-25 16:35 102512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 06:22 1622016 I:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016]
"zzGBK"="G:\setup.exe" [ ]
"NeroFilterCheck"="I:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SweetIM"="I:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-07-25 16:35 102512]
"QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2007-08-15 19:27 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
"Picasa Media Detector"="I:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]

I:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Gadu-Gadu\\gg.exe"=
"I:\\Program Files\\BearShare\\BearShare.exe"=
"I:\\Program Files\\eMule\\emule.exe"=
"I:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"J:\\Salon Gier\\SDR\\Bin\\SRS.exe"=
"I:\\Program Files\\uTorrent\\utorrent.exe"=

R0 videX32;videX32;I:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 05:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;I:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 05:39]
R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 athsgt;athsgt;I:\WINDOWS\system32\DRIVERS\athsgt.sys [2008-01-13 14:14]
R2 limsgt;limsgt;I:\WINDOWS\system32\DRIVERS\limsgt.sys [2008-01-13 14:14]
S3 gdrv;gdrv;I:\WINDOWS\gdrv.sys [2007-05-19 18:37]

*Newly Created Service* - CATCHME
*Newly Created Service* - ERASERUTILDRV10741
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 22:43:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-10 22:47:43
ComboFix-quarantined-files.txt 2008-04-10 20:47:34
Pre-Run: 6,128,492,544 bajtów wolnych
Post-Run: 6,119,301,120 bajtów wolnych
.
2008-04-09 21:03:14 --- E O F ---

mam nadzieje że jest ok

huber2t - Pią Kwi 11, 2008 1:33 am
Log jest czysty

Sitedesign by AltusUmbrae.

Darmowy hosting zapewnia PRV.PL