Bledy explorer.exe, robaki

Majkel7 · 25 Sierpień 2008 17:29

Antywirus wykrywa troche zlosliwego oprogramowania. Wystepuja problemy z explorer.exe(konkretniej zamyka sie), raz wyskoczyl blad windows. Z gory dziekie za szybkie i rzetelne sprawdzenie loga

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:22:57, on 2008-08-25 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\D-Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe E:\Winamp\winampa.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\AusLogics BoostSpeed\boostspeed.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe E:\Office-Bibliothek\PCLib.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\system32\txtuser.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Spyware Doctor\swdoctor.exe C:\Spyware Doctor\svcntaux.exe C:\Spyware Doctor\swdsvc.exe C:\Spyware Doctor\SDTrayApp.exe C:\Mozilla Firefox\firefox.exe C:\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche … p=aus&qkw=%s&tbid=66026 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66026 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo … TbId=66026 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66026 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo … TbId=66026 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM…\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\D-Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [iTunesHelper] “C:\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [WinampAgent] E:\Winamp\winampa.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [sDTray] “C:\Spyware Doctor\SDTrayApp.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Auslogics BoostSpeed 4] C:\AusLogics BoostSpeed\boostspeed.exe O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU…\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Office-Bibliothek-Direktsuche.lnk = E:\Office-Bibliothek\PCLib.exe O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe O9 - Extra ‘Tools’ menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne … nicode.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe – End of file - 8427 bytes

Piotr92 · 25 Sierpień 2008 17:39

Fix w hijack this

nic więcej nie widzę podaj log z combofix

http://www.instalki.pl/programy/downloa … mboFix.php

Przed uruchomieniem pozamykaj wszystko i wyłącz antywirusa na czas skanowania

Majkel7 · 25 Sierpień 2008 17:49

Zalaczony byl chyba Firefox i chyba czesc funkcji antywira, ale problemow nie bylo.

ComboFix 08-08-24.03 - WIN_XP 2008-08-25 19:40:01.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1266 [GMT 2:00] Running from: C:\Documents and Settings\WIN_XP\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780} -------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780} ((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))) . 2008-08-23 18:57 . 2008-08-23 18:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-23 18:57 . 2008-08-23 18:57 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-16 21:06 . 2008-08-16 21:12 2008-08-07 19:43 . 2001-01-04 12:22 135,168 --a------ C:\WINDOWS\system32\TXTUSER.EXE 2008-08-07 19:43 . 2000-07-24 15:33 61,440 --a------ C:\WINDOWS\system32\lookmod.dll 2008-08-07 19:43 . 2000-07-24 15:35 45,056 --a------ C:\WINDOWS\system32\patchmod.dll 2008-08-07 19:43 . 2000-07-24 15:29 45,056 --a------ C:\WINDOWS\system32\hookmod.dll 2008-08-06 13:42 . 2008-08-06 13:42 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll 2008-08-06 13:42 . 2008-08-06 13:42 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll 2008-08-06 13:42 . 2008-08-06 13:42 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll 2008-08-06 13:38 . 2008-08-06 13:38 204 --a------ C:\WINDOWS\SIERRA.INI 2008-08-06 00:02 . 2008-08-06 00:02 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-08-06 00:02 . 2008-08-06 00:02 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-08-06 00:02 . 2008-08-06 00:02 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-08-06 00:00 . 2008-08-06 00:00 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-08-06 00:00 . 2008-08-06 00:00 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-08-05 23:59 . 2008-08-05 23:59 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2008-08-05 23:59 . 2008-08-05 23:59 344,064 --a------ C:\WINDOWS\system32\dpus11.dll 2008-08-05 23:59 . 2008-08-05 23:59 294,912 --a------ C:\WINDOWS\system32\dpu11.dll 2008-08-05 23:59 . 2008-08-05 23:59 294,912 --a------ C:\WINDOWS\system32\dpu10.dll 2008-08-05 23:59 . 2008-08-05 23:59 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-08-05 23:59 . 2008-08-05 23:59 81,920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-08-05 23:59 . 2008-08-05 23:59 57,344 --a------ C:\WINDOWS\system32\dpv11.dll 2008-08-05 23:59 . 2008-08-05 23:59 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2008-08-05 23:59 . 2008-08-05 23:59 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-08-05 23:59 . 2008-08-05 23:59 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-08-05 23:58 . 2008-08-05 23:58 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-08-05 23:58 . 2008-08-05 23:58 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-08-05 23:58 . 2008-08-05 23:58 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-08-05 23:58 . 2008-08-05 23:58 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-08-05 23:58 . 2008-08-05 23:58 683,520 --a------ C:\WINDOWS\system32\DivX.dll 2008-08-05 23:58 . 2008-08-05 23:58 634,880 --a------ C:\WINDOWS\system32\divxdec.ax 2008-08-05 23:58 . 2008-08-05 23:58 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-08-05 23:58 . 2008-08-05 23:58 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-08-05 23:58 . 2008-08-05 23:58 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2008-08-03 21:59 . 2008-08-03 21:59 0 --a------ C:\picture2sv6.jpg 2008-07-30 16:03 . 2008-07-30 16:03 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-25 17:43 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-08-25 17:14 --------- d-----w C:\Program Files\Crawler 2008-08-25 17:10 4,000 ----a-w C:\ao.dat 2008-08-13 17:30 --------- d-----w C:\Documents and Settings\WIN_XP\Dane aplikacji\teamspeak2 2008-08-07 17:43 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-07-30 14:03 --------- d-----w C:\Documents and Settings\WIN_XP\Dane aplikacji\Nokia 2008-07-13 23:57 --------- d-----w C:\Documents and Settings\WIN_XP\Dane aplikacji\GanymedeNet 2008-07-12 10:56 --------- d-----w C:\Program Files\TomTom DesktopSuite 2008-07-12 10:26 --------- d-----w C:\Documents and Settings\WIN_XP\Dane aplikacji\Datalayer 2008-07-10 18:32 --------- d-----w C:\Program Files\Samsung 2008-07-10 10:58 --------- d-----w C:\Program Files\Nokia 2008-07-10 10:56 --------- d-----w C:\Program Files\DIFX 2008-07-10 10:56 --------- d-----w C:\Program Files\Common Files\PCSuite 2008-07-10 10:56 --------- d-----w C:\Program Files\Common Files\Nokia 2008-07-10 10:56 --------- d-----w C:\Documents and Settings\WIN_XP\Dane aplikacji\PC Suite 2008-07-10 10:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2008-07-10 10:56 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations 2007-09-16 00:10 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360] “Auslogics BoostSpeed 4”=“C:\AusLogics BoostSpeed\boostspeed.exe” [2008-03-21 12:08 250880] “PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-06-27 16:21 1449984] “AdobeUpdater”=“C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe” [2007-10-08 12:25 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “JMB36X IDE Setup”=“C:\WINDOWS\JM\JMInsIDE.exe” [2006-10-31 06:44 36864] “36X Raid Configurer”=“C:\WINDOWS\system32\JMRaidSetup.exe” [2006-11-17 03:05 1953792] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-11 15:47 949376] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-09-25 09:12 90112] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07 24576] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07 20480] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07 53248] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-08-17 16:15 185632] “DAEMON Tools-1033”=“C:\D-Tools\daemon.exe” [2004-08-22 17:05 81920] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50 155648] “iTunesHelper”=“C:\iTunes\iTunesHelper.exe” [2005-09-16 09:43 274432] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-10-30 20:36 155648] “WinampAgent”=“E:\Winamp\winampa.exe” [2008-04-01 20:49 36352] “PCSuiteTrayApplication”=“C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE” [2006-06-15 12:36 229376] “SDTray”=“C:\Spyware Doctor\SDTrayApp.exe” [2007-11-02 17:24 1065800] “RTHDCPL”=“RTHDCPL.EXE” [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe] “SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] C:\Documents and Settings\WIN_XP\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:00 113664] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:00 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:00 734872] DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-14 17:57:57 962661] Office-Bibliothek-Direktsuche.lnk - E:\Office-Bibliothek\PCLib.exe [2008-08-07 19:43:48 323584] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-09-25 20:55:43 950272] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoResolveSearch”= 1 (0x1) [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”= “C:\Gadu-Gadu\gg.exe”= “C:\Documents and Settings\WIN_XP\Pulpit\netsoccer\Netsoccer\server.exe”= “E:\Hamachi\hamachi.exe”= “E:\Football Manager 07\Football Manager 07’\fm.exe”= “C:\Mozilla Firefox\firefox.exe”= “E:\BitComet\BitComet.exe”= “E:\eMule\emule.exe”= “E:\EA Sports\FIFA 08\FIFA08.exe”= “C:\SopCast\SopCast.exe”= “C:\Documents and Settings\WIN_XP\Dane aplikacji\SopCast\adv\SopAdver.exe”= “E:\Football Manager 2008\fm.exe”= “E:\Evil Islands\game.exe”= “C:\iTunes\iTunes.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= “E:\3DO\Heroes3\Heroes3.exe”= “C:\WINDOWS\system32\dplaysvr.exe”= “E:\3DO\Heroes3\Heroes33(2).exe”= “E:\Soldat\Soldat.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “16533:TCP”= 16533:TCP:BitComet 16533 TCP “16533:UDP”= 16533:UDP:BitComet 16533 UDP R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2007-01-10 10:14] S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\WIN_XP\USTAWI~1\Temp\DMSKSSRh.sys [] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59] S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\WIN_XP\Dane aplikacji\Mozilla\Firefox\Profiles\30u4xno9.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=ie=UTF-8oe=UTF-8q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-25 19:43:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe - C:\Program Files\Eset\pr_imon.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ESET\nod32krn.exe C:\Spyware Doctor\svcntaux.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\TXTUSER.EXE C:\WINDOWS\system32\wdfmgr.exe C:\iPod\bin\iPodService.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe . ************************************************************************** . Completion time: 2008-08-25 19:45:49 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-25 17:45:45 Pre-Run: 4,099,403,776 bajtów wolnych Post-Run: 4,026,728,448 bajt˘w wolnych 190 — E O F — 2007-08-26 20:34:05

huber2t · 26 Sierpień 2008 04:33

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

Driver::

DMSKSSRh

Video3D

ZDCndis5

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link