Daichi
(Daichi)
10 Marzec 2007 08:47
#1
Witam ponownie… dzisiaj mam kolejny problem z moim komputerkiem a mianowicie --> http://img225.imageshack.us/img225/8708/screenadsasyk2.jpg
tym razem przy starcie systemu mi to wyskakuje, lecz podczas pracy komputera tak poprostu wyskakuje inny komunikat BŁAD I ZOSTANIE ZAMKNIETY ale tym razem z jakims services.exe nie mam screena ale jak sie pojawi znowu to dam a na dodatek czerwona dioda w komputerze oznaczająca prace (chyba) procesora CIAGLE SIE SWIECI… nie wazne czy komputer jest ruszany czy nie… czy SĄ WŁACZONE jakie kolwiek programy czy nie… CIAGLE SIE SWIECI
Hijackthis
Logfile of HijackThis v1.99.1 Scan saved at 09:38:05, on 2007-03-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programy\A4TECH~1\Amoumain.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Programy\Ram Cleaner\ramcleaner.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\PowerS.exe C:\Programy\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Programy\Kalendarz XP\Kalendarz.exe C:\Programy\Alwil Software\Avast4\aswUpdSv.exe C:\Programy\Alwil Software\Avast4\ashServ.exe C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Programy\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\Programy\Mozilla Firefox\firefox.exe D:\My Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programy\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programy\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\Spybot - Search Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programy\FlashGet\fgiebar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [WheelMouse] C:\Programy\A4TECH~1\Amoumain.exe O4 - HKLM…\Run: [uVS10 Preload] C:\Programy\Ulead VideoStudio 10\uvPL.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Programy\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Programy\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [RAM Cleaner] C:\Programy\Ram Cleaner\ramcleaner.exe O4 - HKLM…\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM…\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM…\Run: [avast!] C:\Programy\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKCU…\Run: [skype] “C:\Programy\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab O17 - HKLM\System\CCS\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 195.114.161.61,195.114.181.130 O17 - HKLM\System\CS1\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programy\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programy\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - C:\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
SilentRunners
“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Skype” = ““C:\Programy\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “WheelMouse” = “C:\Programy\A4TECH~1\Amoumain.exe” [“A4Tech Co., Ltd.”] “UVS10 Preload” = “C:\Programy\Ulead VideoStudio 10\uvPL.exe” [“Ulead Systems, Inc.”] “DAEMON Tools” = ““C:\Programy\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “NeroFilterCheck” = “C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [“Nero AG”] “QuickTime Task” = ““C:\Programy\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “RAM Cleaner” = “C:\Programy\Ram Cleaner\ramcleaner.exe” [“Mariusz Żurawek”] “snpstd3” = “C:\WINDOWS\vsnpstd3.exe” [empty string] “PowerS” = “C:\WINDOWS\PowerS.exe” [“prolink”] “avast!” = “C:\Programy\ALWILS~1\Avast4\ashDisp.exe” [null data] “ATICCC” = ““C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) - {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}(Default) = (no title provided) - {HKLM…CLSID} = “Flashget Catch Url Class” \InProcServer32(Default) = “C:\Programy\FlashGet\jccatch.dll” [“www.flashget.com ”] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}(Default) = “BitComet ClickCapture” - {HKLM…CLSID} = “BitComet Helper” \InProcServer32(Default) = “C:\Programy\BitComet\tools\BitCometBHO.dll” [“BitComet”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) - {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Programy\Spybot - Search Destroy\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) - {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] {F156768E-81EF-470C-9057-481BA8380DBA}(Default) = (no title provided) - {HKLM…CLSID} = “gFlash Class” \InProcServer32(Default) = “C:\Programy\FlashGet\getflash.dll” [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” - {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” - {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Programy\WinRAR\rarext.dll” [null data] “{DBD8E168-244D-448C-9922-25508950D1DC}” = “Ulead UDF Driver” - {HKLM…CLSID} = “USIShellExt Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll” [“Ulead Systems, Inc.”] “{e57ce731-33e8-4c51-8354-bb4de9d215d1}” = “Uniwersalne urządzenia Plug and Play” - {HKLM…CLSID} = “Uniwersalne urządzenia Plug and Play” \InProcServer32(Default) = “C:\WINDOWS\system32\upnpui.dll” [MS] “{19F500E0-9964-11cf-B63D-08002B317C03}” = “Desktop Icon Layout” - {HKLM…CLSID} = “Desktop Icon Layout” \InProcServer32(Default) = “Layout.dll” [“Microsoft”] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” - {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” - {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” - {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” - {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}(Default) = “OpenOffice.org Column Handler” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Programy\OpenOffice.org 2.0.2\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” - {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Programy\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Convert(Default) = “{9f95ca1a-e80e-4c0f-acd1-4c9b7900b982}” - {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft DirectX SDK (February 2007)\Utilities\Bin\x86\TxView.DLL” [MS] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Programy\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” - {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Programy\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] IconLayout(Default) = “{19F500E0-9964-11cf-B63D-08002B317C03}” - {HKLM…CLSID} = “Desktop Icon Layout” \InProcServer32(Default) = “Layout.dll” [“Microsoft”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” - {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Programy\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Daichi DMC\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “Daichi DMC” “All Users” startup folders: ------------------------------------------------------------ C:\Documents and Settings\Daichi DMC\Menu Start\Programy\Autostart “Adobe Gamma” - shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” - shortcut to: “C:\Programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “Kalendarz XP” - shortcut to: “C:\Programy\Kalendarz XP\Kalendarz.exe” [null data] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” - launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” - {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{E0E899AB-F487-11D5-8D29-0050BA6940E3}” = “FlashGet” - {HKLM…CLSID} = “FlashGet” \InProcServer32(Default) = “C:\Programy\FlashGet\fgiebar.dll” [“Amaze Soft”] “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) - {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” - {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] - {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ “ButtonText” = “FlashGet” “MenuText” = “FlashGet” “Exec” = “C:\Programy\FlashGet\flashget.exe” [“FlashGet.com ”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] avast! Antivirus, avast! Antivirus, ““C:\Programy\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Programy\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Web Scanner, avast! Web Scanner, ““C:\Programy\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] BlueSoleil Hid Service, BlueSoleil Hid Service, “C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe” [null data] Ulead Burning Helper, UleadBurningHelper, “C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe” [“Ulead Systems, Inc.”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] ---------- : Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 97 seconds. ---------- (total run time: 152 seconds)
Krótki z SmitFraudFix ^^
SmitFraudFix v2.144 Scan done at 9:46:34.46, 2007-03-10 Run from D:\My Downloads\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daichi DMC »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daichi DMC\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAICHI~1\Ulubione »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “AppInit_DLLs”="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End ORAZ SmitFraudFix v2.144 Scan done at 9:48:21.03, 2007-03-10 Run from D:\My Downloads\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End
adam9870
(adam9870)
10 Marzec 2007 09:52
#2
Możesz kosmetycznie ciachnąć HJT.
Plik 83015.exe jest jednym z plików szkodnika PSW.Generic . Tworzy on pliki o tzw. losowych nazwach. Niestety ani HijackThis ani SilentRunners nie pokazują plików utworzonych na dysku w przeciągu np. ostatniego miesiąca dlatego proszę pokazać log z Comboscan .
Daichi
(Daichi)
10 Marzec 2007 10:36
#3
ComboScan v20070306.20 run by Daichi DMC on 2007-03-10 at 11:35:09 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Daichi DMC.exe) ------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 11:35:10, on 2007-03-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programy\A4TECH~1\Amoumain.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Programy\Ram Cleaner\ramcleaner.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\PowerS.exe C:\Programy\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Programy\Kalendarz XP\Kalendarz.exe C:\Programy\Alwil Software\Avast4\aswUpdSv.exe C:\Programy\Alwil Software\Avast4\ashServ.exe C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Programy\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Programy\Gadu-Gadu\gg.exe C:\Programy\Mozilla Firefox\firefox.exe C:\Programy\FlashGet\flashget.exe D:\My Downloads\comboscan.exe D:\MYDOWN~1\HIJACK~1\DAICHI~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programy\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programy\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programy\FlashGet\fgiebar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [WheelMouse] C:\Programy\A4TECH~1\Amoumain.exe O4 - HKLM…\Run: [uVS10 Preload] C:\Programy\Ulead VideoStudio 10\uvPL.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Programy\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Programy\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [RAM Cleaner] C:\Programy\Ram Cleaner\ramcleaner.exe O4 - HKLM…\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM…\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM…\Run: [avast!] C:\Programy\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKCU…\Run: [skype] “C:\Programy\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab O17 - HKLM\System\CCS\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 195.114.161.61,195.114.181.130 O17 - HKLM\System\CS1\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programy\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programy\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - C:\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe – Files created between 2007-02-10 and 2007-03-10 ----------------------------- 2007-03-10 10:53:29 155411 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys 2007-03-10 09:28:59 33408 --a------ C:\WINDOWS\system32\main.sys 2007-03-09 06:59:06 3584 --a------ C:\WINDOWS\system32\ksys.sys 2007-02-27 18:28:31 30920 --a------ C:\WINDOWS\system32\dswaved.dll 2007-02-27 18:28:31 134344 --a------ C:\WINDOWS\system32\dmusicd.dll 2007-02-27 18:28:31 112840 --a------ C:\WINDOWS\system32\dmsynthd.dll 2007-02-27 18:28:31 117448 --a------ C:\WINDOWS\system32\dmstyled.dll 2007-02-27 18:28:31 115912 --a------ C:\WINDOWS\system32\dmscripd.dll 2007-02-27 18:28:31 52424 --a------ C:\WINDOWS\system32\dmloaded.dll 2007-02-27 18:28:31 240328 --a------ C:\WINDOWS\system32\dmimed.dll 2007-02-27 18:28:31 73928 --a------ C:\WINDOWS\system32\dmcompod.dll 2007-02-27 18:28:31 41160 --a------ C:\WINDOWS\system32\dmbandd.dll 2007-02-27 18:28:30 359624 --a------ C:\WINDOWS\system32\dinput8d.dll 2007-02-27 18:28:30 3724568 --a------ C:\WINDOWS\system32\d3dx9d_32.dll 2007-02-27 18:28:30 342888 --a------ C:\WINDOWS\system32\d3dref9.dll 2007-02-27 18:28:30 248008 --a------ C:\WINDOWS\system32\d3dref8.dll 2007-02-27 18:28:30 106696 --a------ C:\WINDOWS\system32\d3dref.dll 2007-02-27 18:28:30 3087208 --a------ C:\WINDOWS\system32\d3d9d.dll 2007-02-27 18:28:29 1390792 --a------ C:\WINDOWS\system32\d3d8d.dll 2007-02-27 18:28:26 0 d-------- C:\Program Files\Common Files\aliaswavefront shared 2007-02-27 18:28:26 0 d-------- C:\Program Files\Common Files\Alias Shared 2007-02-27 18:23:50 0 d-------- C:\Program Files\Microsoft DirectX SDK (February 2007) 2007-02-27 18:23:49 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-02-27 18:23:48 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-02-27 18:23:48 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-02-27 18:23:47 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-02-27 18:23:47 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-02-27 18:23:47 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-02-27 18:23:47 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-02-27 18:23:46 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-02-27 18:23:46 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-02-26 16:28:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-02-23 20:39:52 0 d–h----- C:\WINDOWS\PIF 2007-02-22 22:24:17 0 d-------- C:\WINDOWS\system32\LogFiles 2007-02-22 17:05:17 35564 --a------ C:\WINDOWS\system32\vxga4me1.exe 2007-02-22 16:15:59 28160 --a------ C:\WINDOWS\system32\wsys.dll 2007-02-22 16:14:27 96820 --a------ C:\WINDOWS\system32\zu.exe 2007-02-22 16:14:24 7220 --a------ C:\WINDOWS\system32\dd.exe 2007-02-22 16:14:22 7220 --a------ C:\WINDOWS\system32\sm.exe 2007-02-22 16:13:24 7594 --a------ C:\WINDOWS\system32\vxg4am1et2.exe 2007-02-22 16:12:47 9780 --a------ C:\WINDOWS\system32\kernels88.exe 2007-02-21 19:44:00 0 d-------- C:\Program Files\Common Files\Macromedia Shared 2007-02-21 19:43:52 344064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-02-21 19:43:52 487424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-02-21 19:43:52 974848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-02-18 00:25:44 10345 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-02-13 18:00:28 81920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-02-13 18:00:28 98304 --a------ C:\WINDOWS\system32\viscomtran.dll 2007-02-13 18:00:28 147456 --a------ C:\WINDOWS\system32\viscomqtenc.dll 2007-02-13 18:00:28 598016 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-02-13 18:00:28 90112 --a------ C:\WINDOWS\system32\viscomframe.dll 2007-02-13 18:00:28 262144 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-02-13 18:00:27 110592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll 2007-02-13 18:00:27 94208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll 2007-02-13 18:00:27 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll 2007-02-13 18:00:27 1703936 --a------ C:\WINDOWS\system32\gdiplus.dll – Find3M Report --------------------------------------------------------------- 2007-03-10 09:48:29 1666 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-10 09:30:26 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Skype 2007-03-08 18:50:32 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\OpenOffice.org2 2007-03-07 18:55:00 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\MegauploadToolbar 2007-03-01 15:37:41 507904 --a------ C:\WINDOWS\system32\winlogon.exe 2007-02-27 20:28:48 0 d-------- C:\Program Files\ATI Technologies 2007-02-25 17:55:17 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-24 20:05:23 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\teamspeak2 2007-02-22 16:13:15 1532295 --a------ C:\Documents and Settings\Daichi DMC\Dane aplikacji\Install.dat 2007-02-22 16:10:13 249856 -----n— C:\WINDOWS\Setup1.exe 2007-02-22 16:10:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-02-21 21:37:36 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Macromedia 2007-02-21 19:43:52 0 d-------- C:\Program Files\Common Files\Macromedia 2007-02-21 18:59:05 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Adobe 2007-02-17 20:50:11 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\fretsonfire 2007-02-05 13:24:31 0 d-------- C:\Program Files\MegauploadToolbar 2007-01-30 07:00:35 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-01-29 09:58:06 60416 -----n— C:\WINDOWS\system32\tzchange.exe 2007-01-27 00:56:53 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\CyberLink 2007-01-24 20:41:31 0 d-------- C:\Program Files\Prolink 2007-01-17 16:06:52 0 d-------- C:\Program Files\Common Files\Skype 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-13 09:04:21 0 d-------- C:\Program Files\windysoft 2007-01-12 08:39:17 0 d-------- C:\Program Files\KSIGN 2007-01-08 08:12:04 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-01-06 21:33:50 172032 --a------ C:\WINDOWS\system32\cncs32.dll 2007-01-01 20:50:27 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2007-01-01 19:20:12 666 --a------ C:\WINDOWS\mozver.dat 2006-12-30 20:18:37 448004 --a------ C:\WINDOWS\system32\perfh015.dat 2006-12-30 20:18:37 74230 --a------ C:\WINDOWS\system32\perfc015.dat 2006-12-30 19:18:30 72748 --a------ C:\WINDOWS\unins000.exe 2006-12-30 19:18:30 660 --a------ C:\WINDOWS\unins000.dat 2006-12-19 22:51:04 135168 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 19:18:25 334336 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-12 21:10:20 82432 --a------ C:\WINDOWS\system32\msxml4r.dll 2006-12-12 17:33:10 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-12-12 16:53:42 0 --a------ C:\WINDOWS\nsreg.dat 2006-12-12 16:32:47 0 -rahs---- C:\MSDOS.SYS 2006-12-12 16:32:47 0 -rahs---- C:\IO.SYS 2006-12-12 16:32:47 0 --a------ C:\CONFIG.SYS 2006-12-12 16:32:47 0 --a------ C:\AUTOEXEC.BAT 2006-12-12 16:29:55 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2006-12-12 16:14:01 62 --ahs---- C:\Documents and Settings\Daichi DMC\Dane aplikacji\desktop.ini – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Skype”="“C:\Programy\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “WheelMouse”=“C:\Programy\A4TECH~1\Amoumain.exe” “UVS10 Preload”=“C:\Programy\Ulead VideoStudio 10\uvPL.exe” “DAEMON Tools”="“C:\Programy\DAEMON Tools\daemon.exe” -lang 1033" “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”" “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “QuickTime Task”="“C:\Programy\QuickTime\qttask.exe” -atboottime" “RAM Cleaner”=“C:\Programy\Ram Cleaner\ramcleaner.exe” “snpstd3”=“C:\WINDOWS\vsnpstd3.exe” “PowerS”=“C:\WINDOWS\PowerS.exe” “avast!”=“C:\Programy\ALWILS~1\Avast4\ashDisp.exe” “ATICCC”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “UPnPMonitor”="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I] Shell\AutoRun\command I:\cm_setup.exe – End of ComboScan: finished at 2007-03-10 at 11:35:35 ------------------------
Cholera słownictwo JNJN szkodniki :evil:
adam9870
(adam9870)
10 Marzec 2007 11:45
#4
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT
Pobierz Gmer’a .
W Gmerze w zakładce Procesy wybierz Gmer awaryjny. Komputer uruchomi się ponownie i zostaniesz spytany czy chcesz zabić wszystkie procesy na co oczywiście się zgadzasz. Następnie w zakładce Procesy przez … (trzy kropki) wskaż plik FIX.BAT. Po chwilce mignie ekran i komputer się zrestartuje.
Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.
Po wykonaniu pokaż nowy log z ComboScan plus dwa logi z Gmer’a wykonane przy takich ustawieniach:
Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.
http://forum.dobreprogramy.pl/viewtopic.php?t=96929
Daichi
(Daichi)
10 Marzec 2007 14:51
#5
Gutek
(Gutek)
10 Marzec 2007 14:52
#6
czyli jakie - zmień tytuł na konkretny
Daichi
(Daichi)
10 Marzec 2007 15:12
#7
Gutek… sęk w tym ze nie wiem co to są za błedy ! dlatego jest taki temat
Gutek
(Gutek)
10 Marzec 2007 17:39
#8
Otwierasz Gmera i w zakładce CMD dla opcji CMD wklejasz:
i kliknij na Uruchom z prawej strony.
Daichi
(Daichi)
10 Marzec 2007 19:59
#9
adam9870
(adam9870)
10 Marzec 2007 20:30
#10
Wklej nowe logi z Gmer’a plus nowy log z Comboscan.
Daichi
(Daichi)
10 Marzec 2007 21:09
#11
Najnowsze… bo nic sie (raczej) nie zmienilo to sa te co podalem w poprzednich postach
LOG z opcji 2 --> http://daichipl.w.interia.pl/nr2.txt
LOG z opcji 1 --> http://daichipl.w.interia.pl/nr1.txt
a tu sa te o ktore prosiles… no ale moge zrobi kolejne co mi szkodzi
Złączono Posta : 10.03.2007 (Sob) 22:10
Comboscan
ComboScan v20070306.20 run by Daichi DMC on 2007-03-10 at 22:09:37 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Daichi DMC.exe) ------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 22:09:57, on 2007-03-10 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programy\A4TECH~1\Amoumain.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Programy\Ram Cleaner\ramcleaner.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\PowerS.exe C:\Programy\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Programy\Kalendarz XP\Kalendarz.exe C:\Programy\Alwil Software\Avast4\aswUpdSv.exe C:\Programy\Alwil Software\Avast4\ashServ.exe C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Programy\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Programy\Gadu-Gadu\gg.exe C:\WINDOWS\system32\wscntfy.exe D:\Programy\BearShare\BearShare.exe C:\Programy\Mozilla Firefox\firefox.exe D:\My Downloads\comboscan.exe D:\MYDOWN~1\HIJACK~1\DAICHI~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programy\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programy\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programy\FlashGet\fgiebar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [WheelMouse] C:\Programy\A4TECH~1\Amoumain.exe O4 - HKLM…\Run: [uVS10 Preload] C:\Programy\Ulead VideoStudio 10\uvPL.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Programy\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Programy\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [RAM Cleaner] C:\Programy\Ram Cleaner\ramcleaner.exe O4 - HKLM…\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM…\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM…\Run: [avast!] C:\Programy\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKCU…\Run: [skype] “C:\Programy\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab O17 - HKLM\System\CCS\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 195.114.161.61,195.114.181.130 O17 - HKLM\System\CS1\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programy\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programy\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - C:\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe – Files created between 2007-02-10 and 2007-03-10 ----------------------------- 2007-03-10 12:53:51 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-10 10:53:29 155411 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys 2007-02-27 18:28:31 30920 --a------ C:\WINDOWS\system32\dswaved.dll 2007-02-27 18:28:31 134344 --a------ C:\WINDOWS\system32\dmusicd.dll 2007-02-27 18:28:31 112840 --a------ C:\WINDOWS\system32\dmsynthd.dll 2007-02-27 18:28:31 117448 --a------ C:\WINDOWS\system32\dmstyled.dll 2007-02-27 18:28:31 115912 --a------ C:\WINDOWS\system32\dmscripd.dll 2007-02-27 18:28:31 52424 --a------ C:\WINDOWS\system32\dmloaded.dll 2007-02-27 18:28:31 240328 --a------ C:\WINDOWS\system32\dmimed.dll 2007-02-27 18:28:31 73928 --a------ C:\WINDOWS\system32\dmcompod.dll 2007-02-27 18:28:31 41160 --a------ C:\WINDOWS\system32\dmbandd.dll 2007-02-27 18:28:30 359624 --a------ C:\WINDOWS\system32\dinput8d.dll 2007-02-27 18:28:30 3724568 --a------ C:\WINDOWS\system32\d3dx9d_32.dll 2007-02-27 18:28:30 342888 --a------ C:\WINDOWS\system32\d3dref9.dll 2007-02-27 18:28:30 248008 --a------ C:\WINDOWS\system32\d3dref8.dll 2007-02-27 18:28:30 106696 --a------ C:\WINDOWS\system32\d3dref.dll 2007-02-27 18:28:30 3087208 --a------ C:\WINDOWS\system32\d3d9d.dll 2007-02-27 18:28:29 1390792 --a------ C:\WINDOWS\system32\d3d8d.dll 2007-02-27 18:28:26 0 d-------- C:\Program Files\Common Files\aliaswavefront shared 2007-02-27 18:28:26 0 d-------- C:\Program Files\Common Files\Alias Shared 2007-02-27 18:23:50 0 d-------- C:\Program Files\Microsoft DirectX SDK (February 2007) 2007-02-27 18:23:49 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-02-27 18:23:48 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-02-27 18:23:48 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-02-27 18:23:47 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-02-27 18:23:47 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-02-27 18:23:47 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-02-27 18:23:47 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-02-27 18:23:46 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-02-27 18:23:46 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-02-26 16:28:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-02-23 20:39:52 0 d–h----- C:\WINDOWS\PIF 2007-02-22 22:24:17 0 d-------- C:\WINDOWS\system32\LogFiles 2007-02-22 16:14:24 7220 --a------ C:\WINDOWS\system32\dd.exe 2007-02-21 19:44:00 0 d-------- C:\Program Files\Common Files\Macromedia Shared 2007-02-21 19:43:52 344064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-02-21 19:43:52 487424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-02-21 19:43:52 974848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-02-18 00:25:44 10345 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-02-13 18:00:28 81920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-02-13 18:00:28 98304 --a------ C:\WINDOWS\system32\viscomtran.dll 2007-02-13 18:00:28 147456 --a------ C:\WINDOWS\system32\viscomqtenc.dll 2007-02-13 18:00:28 598016 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-02-13 18:00:28 90112 --a------ C:\WINDOWS\system32\viscomframe.dll 2007-02-13 18:00:28 262144 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-02-13 18:00:27 110592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll 2007-02-13 18:00:27 94208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll 2007-02-13 18:00:27 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll 2007-02-13 18:00:27 1703936 --a------ C:\WINDOWS\system32\gdiplus.dll – Find3M Report --------------------------------------------------------------- 2007-03-10 20:57:16 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Skype 2007-03-10 20:51:04 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\MegauploadToolbar 2007-03-10 13:26:12 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Adobe 2007-03-10 13:04:55 1666 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-08 18:50:32 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\OpenOffice.org2 2007-03-01 15:37:41 507904 --a------ C:\WINDOWS\system32\winlogon.exe 2007-02-27 20:28:48 0 d-------- C:\Program Files\ATI Technologies 2007-02-25 17:55:17 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-24 20:05:23 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\teamspeak2 2007-02-22 16:13:15 1532295 --a------ C:\Documents and Settings\Daichi DMC\Dane aplikacji\Install.dat 2007-02-22 16:10:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-02-21 21:37:36 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Macromedia 2007-02-21 19:43:52 0 d-------- C:\Program Files\Common Files\Macromedia 2007-02-17 20:50:11 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\fretsonfire 2007-02-05 13:24:31 0 d-------- C:\Program Files\MegauploadToolbar 2007-01-30 07:00:35 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-01-29 09:58:06 60416 -----n— C:\WINDOWS\system32\tzchange.exe 2007-01-27 00:56:53 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\CyberLink 2007-01-24 20:41:31 0 d-------- C:\Program Files\Prolink 2007-01-17 16:06:52 0 d-------- C:\Program Files\Common Files\Skype 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-13 09:04:21 0 d-------- C:\Program Files\windysoft 2007-01-12 08:39:17 0 d-------- C:\Program Files\KSIGN 2007-01-08 08:12:04 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-01-06 21:33:50 172032 --a------ C:\WINDOWS\system32\cncs32.dll 2007-01-01 20:50:27 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2007-01-01 19:20:12 666 --a------ C:\WINDOWS\mozver.dat 2006-12-30 20:18:37 448004 --a------ C:\WINDOWS\system32\perfh015.dat 2006-12-30 20:18:37 74230 --a------ C:\WINDOWS\system32\perfc015.dat 2006-12-30 19:18:30 72748 --a------ C:\WINDOWS\unins000.exe 2006-12-30 19:18:30 660 --a------ C:\WINDOWS\unins000.dat 2006-12-19 22:51:04 135168 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 19:18:25 334336 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-12 21:10:20 82432 --a------ C:\WINDOWS\system32\msxml4r.dll 2006-12-12 17:33:10 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-12-12 16:53:42 0 --a------ C:\WINDOWS\nsreg.dat 2006-12-12 16:32:47 0 -rahs---- C:\MSDOS.SYS 2006-12-12 16:32:47 0 -rahs---- C:\IO.SYS 2006-12-12 16:32:47 0 --a------ C:\CONFIG.SYS 2006-12-12 16:32:47 0 --a------ C:\AUTOEXEC.BAT 2006-12-12 16:29:55 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2006-12-12 16:14:01 62 --ahs---- C:\Documents and Settings\Daichi DMC\Dane aplikacji\desktop.ini – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Skype”="“C:\Programy\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “WheelMouse”=“C:\Programy\A4TECH~1\Amoumain.exe” “UVS10 Preload”=“C:\Programy\Ulead VideoStudio 10\uvPL.exe” “DAEMON Tools”="“C:\Programy\DAEMON Tools\daemon.exe” -lang 1033" “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”" “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “QuickTime Task”="“C:\Programy\QuickTime\qttask.exe” -atboottime" “RAM Cleaner”=“C:\Programy\Ram Cleaner\ramcleaner.exe” “snpstd3”=“C:\WINDOWS\vsnpstd3.exe” “PowerS”=“C:\WINDOWS\PowerS.exe” “avast!”=“C:\Programy\ALWILS~1\Avast4\ashDisp.exe” “ATICCC”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “UPnPMonitor”="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I] Shell\AutoRun\command I:\cm_setup.exe – End of ComboScan: finished at 2007-03-10 at 22:10:33 ------------------------
adam9870
(adam9870)
10 Marzec 2007 22:18
#12
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT
W Gmerze w zakładce Procesy wybierz Gmer awaryjny. Komputer uruchomi się ponownie i zostaniesz spytany czy chcesz zabić wszystkie procesy na co oczywiście się zgadzasz. Następnie w zakładce Procesy przez … (trzy kropki) wskaż plik FIX.BAT. Po chwilce mignie ekran i komputer się zrestartuje.
Po wykonaniu wklej nowe logi (comboscan + dwa logi z Gmer’a).
Daichi
(Daichi)
11 Marzec 2007 09:40
#13
Zrobilem jak kazales… i teraz przedstawie PLAN co sie jak działo:
1.Dałem gmer AWARYJNY wiec sie włączył itd.
2.Nie dostałem komunikatu zeby USUNAC WSZYSTKIE PROCESY wiec sam kliknąłem ten guzik, i wtedy zaakceptowalem moj wybor… w tabeli nic sie nie zmienilo… jakby ich nie usunął… :shock:
3.Dalej kliknolem te “…” i dalem mu plik FIX.BAT ale co po tym nasąpiło !!!
a)PARAMETR JEST NIEPOPRAWNY (mowa tu o pierwszej linijce “gmer -del service EXAMPLE1”)
b)Wystąpił błąd nr 0xC0000034 w czasie kasowania “ścieżka do pliku” (czyli do ksys.sys , asn5bf31.sys i dd.exe)
nie wiem oco chodzi ale chyba kasowanie plików nie lepiej wychodzi killboxem ?? ale nvm. nie ja tu jestem fachowcem ^^
POMOCYY
adam9870
(adam9870)
11 Marzec 2007 09:46
#14
Wklej komplet nowych logów. Zawsze tak rób po wykonaniu czegoś. Bez względu na to czy pojawią się jakieś błędy, czy nie.
Daichi
(Daichi)
11 Marzec 2007 10:04
#15
http://daichipl.w.interia.pl/nr123.txt OPCJA 1
http://daichipl.w.interia.pl/nr234.txt OPCJA 2
ComboScan v20070306.20 run by Daichi DMC on 2007-03-11 at 10:44:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Daichi DMC.exe) ------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 10:44:36, on 2007-03-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programy\A4TECH~1\Amoumain.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Programy\Ram Cleaner\ramcleaner.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\PowerS.exe C:\Programy\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Programy\Kalendarz XP\Kalendarz.exe C:\Programy\Alwil Software\Avast4\aswUpdSv.exe C:\Programy\Alwil Software\Avast4\ashServ.exe C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Programy\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\svchost.exe C:\Programy\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe D:\My Downloads\comboscan.exe D:\MYDOWN~1\HIJACK~1\DAICHI~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programy\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programy\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programy\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programy\FlashGet\getflash.dll O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Programy\FlashGet\fgiebar.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [WheelMouse] C:\Programy\A4TECH~1\Amoumain.exe O4 - HKLM…\Run: [uVS10 Preload] C:\Programy\Ulead VideoStudio 10\uvPL.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Programy\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Programy\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [RAM Cleaner] C:\Programy\Ram Cleaner\ramcleaner.exe O4 - HKLM…\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM…\Run: [PowerS] C:\WINDOWS\PowerS.exe O4 - HKLM…\Run: [avast!] C:\Programy\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay O4 - HKCU…\Run: [skype] “C:\Programy\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programy\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Programy\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Programy\FlashGet\jc_all.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programy\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programy\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programy\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab O17 - HKLM\System\CCS\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 195.114.161.61,195.114.181.130 O17 - HKLM\System\CS1\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CS2\Services\Tcpip…{9D6F4A5F-4F9A-4A39-B87A-53721ADF829B}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programy\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programy\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NBService - Nero AG - C:\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe – Files created between 2007-02-11 and 2007-03-11 ----------------------------- 2007-03-10 12:53:51 80 --a------ C:\WINDOWS\gmer_uninstall.cmd 2007-03-10 10:53:29 155411 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys 2007-02-27 18:28:31 30920 --a------ C:\WINDOWS\system32\dswaved.dll 2007-02-27 18:28:31 134344 --a------ C:\WINDOWS\system32\dmusicd.dll 2007-02-27 18:28:31 112840 --a------ C:\WINDOWS\system32\dmsynthd.dll 2007-02-27 18:28:31 117448 --a------ C:\WINDOWS\system32\dmstyled.dll 2007-02-27 18:28:31 115912 --a------ C:\WINDOWS\system32\dmscripd.dll 2007-02-27 18:28:31 52424 --a------ C:\WINDOWS\system32\dmloaded.dll 2007-02-27 18:28:31 240328 --a------ C:\WINDOWS\system32\dmimed.dll 2007-02-27 18:28:31 73928 --a------ C:\WINDOWS\system32\dmcompod.dll 2007-02-27 18:28:31 41160 --a------ C:\WINDOWS\system32\dmbandd.dll 2007-02-27 18:28:30 359624 --a------ C:\WINDOWS\system32\dinput8d.dll 2007-02-27 18:28:30 3724568 --a------ C:\WINDOWS\system32\d3dx9d_32.dll 2007-02-27 18:28:30 342888 --a------ C:\WINDOWS\system32\d3dref9.dll 2007-02-27 18:28:30 248008 --a------ C:\WINDOWS\system32\d3dref8.dll 2007-02-27 18:28:30 106696 --a------ C:\WINDOWS\system32\d3dref.dll 2007-02-27 18:28:30 3087208 --a------ C:\WINDOWS\system32\d3d9d.dll 2007-02-27 18:28:29 1390792 --a------ C:\WINDOWS\system32\d3d8d.dll 2007-02-27 18:28:26 0 d-------- C:\Program Files\Common Files\aliaswavefront shared 2007-02-27 18:28:26 0 d-------- C:\Program Files\Common Files\Alias Shared 2007-02-27 18:23:50 0 d-------- C:\Program Files\Microsoft DirectX SDK (February 2007) 2007-02-27 18:23:49 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-02-27 18:23:48 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-02-27 18:23:48 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-02-27 18:23:47 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-02-27 18:23:47 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-02-27 18:23:47 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-02-27 18:23:47 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-02-27 18:23:46 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-02-27 18:23:46 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-02-26 16:28:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-02-23 20:39:52 0 d–h----- C:\WINDOWS\PIF 2007-02-22 22:24:17 0 d-------- C:\WINDOWS\system32\LogFiles 2007-02-21 19:44:00 0 d-------- C:\Program Files\Common Files\Macromedia Shared 2007-02-21 19:43:52 344064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-02-21 19:43:52 487424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-02-21 19:43:52 974848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-02-18 00:25:44 10345 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-02-13 18:00:28 81920 --a------ C:\WINDOWS\system32\viscomwave.dll 2007-02-13 18:00:28 98304 --a------ C:\WINDOWS\system32\viscomtran.dll 2007-02-13 18:00:28 147456 --a------ C:\WINDOWS\system32\viscomqtenc.dll 2007-02-13 18:00:28 598016 --a------ C:\WINDOWS\system32\viscomqtde.dll 2007-02-13 18:00:28 90112 --a------ C:\WINDOWS\system32\viscomframe.dll 2007-02-13 18:00:28 262144 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-02-13 18:00:27 110592 --a------ C:\WINDOWS\system32\viscomaudioencoder.dll 2007-02-13 18:00:27 94208 --a------ C:\WINDOWS\system32\viscomaudiodata.dll 2007-02-13 18:00:27 40960 --a------ C:\WINDOWS\system32\SSubTmr6.dll 2007-02-13 18:00:27 1703936 --a------ C:\WINDOWS\system32\gdiplus.dll – Find3M Report --------------------------------------------------------------- 2007-03-11 10:35:16 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Skype 2007-03-10 20:51:04 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\MegauploadToolbar 2007-03-10 13:26:12 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Adobe 2007-03-10 13:04:55 1666 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-08 18:50:32 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\OpenOffice.org2 2007-03-01 15:37:41 507904 --a------ C:\WINDOWS\system32\winlogon.exe 2007-02-27 20:28:48 0 d-------- C:\Program Files\ATI Technologies 2007-02-25 17:55:17 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-02-24 20:05:23 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\teamspeak2 2007-02-22 16:13:15 1532295 --a------ C:\Documents and Settings\Daichi DMC\Dane aplikacji\Install.dat 2007-02-22 16:10:11 73216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-02-21 21:37:36 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\Macromedia 2007-02-21 19:43:52 0 d-------- C:\Program Files\Common Files\Macromedia 2007-02-17 20:50:11 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\fretsonfire 2007-02-05 13:24:31 0 d-------- C:\Program Files\MegauploadToolbar 2007-01-30 07:00:35 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment 2007-01-29 09:58:06 60416 -----n— C:\WINDOWS\system32\tzchange.exe 2007-01-27 00:56:53 0 d-------- C:\Documents and Settings\Daichi DMC\Dane aplikacji\CyberLink 2007-01-24 20:41:31 0 d-------- C:\Program Files\Prolink 2007-01-17 16:06:52 0 d-------- C:\Program Files\Common Files\Skype 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-13 09:04:21 0 d-------- C:\Program Files\windysoft 2007-01-12 08:39:17 0 d-------- C:\Program Files\KSIGN 2007-01-08 08:12:04 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-01-06 21:33:50 172032 --a------ C:\WINDOWS\system32\cncs32.dll 2007-01-01 20:50:27 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll 2007-01-01 19:20:12 666 --a------ C:\WINDOWS\mozver.dat 2006-12-30 20:18:37 448004 --a------ C:\WINDOWS\system32\perfh015.dat 2006-12-30 20:18:37 74230 --a------ C:\WINDOWS\system32\perfc015.dat 2006-12-30 19:18:30 72748 --a------ C:\WINDOWS\unins000.exe 2006-12-30 19:18:30 660 --a------ C:\WINDOWS\unins000.dat 2006-12-19 22:51:04 135168 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 19:18:25 334336 --a------ C:\WINDOWS\system32\wiaservc.dll 2006-12-12 21:10:20 82432 --a------ C:\WINDOWS\system32\msxml4r.dll 2006-12-12 17:33:10 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-12-12 16:53:42 0 --a------ C:\WINDOWS\nsreg.dat 2006-12-12 16:32:47 0 -rahs---- C:\MSDOS.SYS 2006-12-12 16:32:47 0 -rahs---- C:\IO.SYS 2006-12-12 16:32:47 0 --a------ C:\CONFIG.SYS 2006-12-12 16:32:47 0 --a------ C:\AUTOEXEC.BAT 2006-12-12 16:29:55 21856 --a------ C:\WINDOWS\system32\emptyregdb.dat 2006-12-12 16:14:01 62 --ahs---- C:\Documents and Settings\Daichi DMC\Dane aplikacji\desktop.ini – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “Skype”="“C:\Programy\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “WheelMouse”=“C:\Programy\A4TECH~1\Amoumain.exe” “UVS10 Preload”=“C:\Programy\Ulead VideoStudio 10\uvPL.exe” “DAEMON Tools”="“C:\Programy\DAEMON Tools\daemon.exe” -lang 1033" “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe”" “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” “QuickTime Task”="“C:\Programy\QuickTime\qttask.exe” -atboottime" “RAM Cleaner”=“C:\Programy\Ram Cleaner\ramcleaner.exe” “snpstd3”=“C:\WINDOWS\vsnpstd3.exe” “PowerS”=“C:\WINDOWS\PowerS.exe” “avast!”=“C:\Programy\ALWILS~1\Avast4\ashDisp.exe” “ATICCC”="“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “UPnPMonitor”="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G] Shell\AutoRun\command G:\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I] Shell\AutoRun\command I:\cm_setup.exe – End of ComboScan: finished at 2007-03-11 at 10:44:59 ------------------------
Gutek
(Gutek)
11 Marzec 2007 11:32
#16
Otwierasz Gmera i w zakładce CMD dla opcji CMD wklejasz:
i kliknij na Uruchom z prawej strony.
Daichi
(Daichi)
11 Marzec 2007 12:38
#17
DONE…
Po raz kolejny BŁAD PODCZAS KASOWANIA PLIKU “SCIEZKA”
PS:Wkleić logi z comboscana czy gmera czy hijacka ? czego kolwiek ??
adam9870
(adam9870)
11 Marzec 2007 13:19
#18
Wklej nowy, wykonany przy pierwszym ustawieniu log z Gmer’a.
Daichi
(Daichi)
11 Marzec 2007 16:11
#19
adam9870
(adam9870)
11 Marzec 2007 16:37
#20
W Gmerze w zakładce CMD z zaznaczoną opcją CMD.EXE wklej:
i kliknij z prawej strony na Uruchom.
Przeskanuj system http://www.kaspersky.pl/virusscanner.html i wklej raport i nowy log z Gmer’a.