system
(system)
#1
To mój log,pomóżcie
Logfile of HijackThis v1.99.1
Scan saved at 12:20:39, on 2007-07-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\komp1\Pulpit\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.73\AMVConverter\grab.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\OFICE\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.73\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {134F7664-943D-3BB9-65F5-70B91DF46C86} - http://www.v-codec.com/getcodec/SVideoCodec4_01a.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
slake
(Slake1)
#2
Odinstaluj Spyware Doctor.Znajduje się on na liście fałszywych programów.
Pokaż log z Silent Runners i ComboFix.
system
(system)
#3
a skąd wziąć Silent Runners i ComboFix.sory ale jestem laik straszny 47lat:)
Złączono Posta : 01.07.2007 (Nie) 12:35
Spyware Doctor odinstalowany
system
(system)
#5
cos nie moge poradzic z Silent Runners
slake
(Slake1)
#6
A możesz opisać dokładniej jaki masz z nim problem?
system
(system)
#7
wyskakuje czasem strona z error safe w przglądarce.
log z combo fixa:
"komp1" - 2007-07-01 13:37:16 - ComboFix 07-06-27.7 - Dodatek Service Pack 2 NTFS
[color=red][b] Rootkit driver pe386 is present. ... attempting disinfection [/b][/color]
[color=blue] pe386 ...... driver unloaded successfully.[/color]
[i] ADS removed - system32: deleted 68250 bytes in 1 streams. [/i]
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\wxadd.bak1
C:\WINDOWS\system32\wxadd.bak2
C:\WINDOWS\system32\wxadd.ini
C:\WINDOWS\system32\ddaxw.dll
C:\WINDOWS\system32\yayvvuu.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\komp1\DANEAP~1.\macromedia\Flash Player\#SharedObjects\UV2EYF3Q\www.broadcaster.com
C:\DOCUME~1\komp1\DANEAP~1.\macromedia\Flash Player\#SharedObjects\UV2EYF3Q\www.broadcaster.com\played_list.sol
C:\DOCUME~1\komp1\DANEAP~1.\macromedia\Flash Player\#SharedObjects\UV2EYF3Q\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\komp1\DANEAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\komp1\DANEAP~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\hcrsdegv.exe
C:\WINDOWS\system32\hgurnaje.exe
C:\WINDOWS\system32\lzx32.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NM
-------\nm
((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))
2007-07-01 12:44 66,112 --a------ C:\WINDOWS\system32\bqfvmfbp.dll
2007-07-01 12:43 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 10:50 1,518 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-01 06:12 128,576 --a------ C:\WINDOWS\system32\lqvclusg.dll
2007-06-30 07:18 66,112 --a------ C:\WINDOWS\system32\wpxudmql.dll
2007-06-30 07:15 128,576 --a------ C:\WINDOWS\system32\nmjsgonk.dll
2007-06-19 16:26 8,576 --a------ C:\WINDOWS\system32\drivers\hidgame.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-30 10:17:32 58,448 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-06-30 10:17:32 376,876 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-06-26 11:47:36 12,834 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-23 04:44:39 -------- d-----w C:\DOCUME~1\komp1\DANEAP~1\Azureus
2007-06-19 17:15:09 -------- d-----w C:\Program Files\NetworkView
2007-06-05 17:05:48 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-05 17:05:38 -------- d-----w C:\Program Files\hp deskjet 3320 series
2007-05-26 11:40:28 376 ----a-w C:\WINDOWS\mozregistry.dat
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-19 15:36:36 1,040,384 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-04-19 15:30:29 196,608 ----a-w C:\WINDOWS\system32\ssleay32.dll
2004-08-03 23:44:30 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$TEMP$\System\wmplayer.exe
2007-03-02 05:52:59 56 --sh--r C:\WINDOWS\system32\082BEA1FA2.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll,NvTaskbarInit" []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Trojan Elite]
C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Detector]
D:\PROGRA~1\ACDSee\DEVDET~1\DEVDET~1.EXE -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
"C:\Program Files\Gadu-Gadu\gg.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.com]
rundll32.exe "C:\WINDOWS\system32\nmjsgonk.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
C:\Program Files\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startkey]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STManager]
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Twoje TVN24]
"M:\Pasek TVN24\PasekTVN24.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winconf]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\start.exe
runit\command- I:\start.exe
setup\command- I:\setup\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
AutoRun\command- J:\Autorun.exe
Contents of the 'Scheduled Tasks' folder
2007-06-30 22:15:01 C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 13:52:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
cmd.exe [3724]
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\wmprfPLK.prx
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\ytlat22b.dat
C:\WINDOWS\_default.pif
**************************************************************************
Completion time: 2007-07-01 13:56:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-01 13:55
--- E O F ---
[color=darkblue][size=9][i][b]Złączono Posta[/b]: 01.07.2007 (Nie) 15:53[/i][/size][/color]
Silent Runners -wyświetla sie -program wykonał nieprawidłową operacje .
[color=darkblue][size=9][i][b]Złączono Posta[/b]: 02.07.2007 (Pon) 18:08[/i][/size][/color]
witam nie uruchamia się silent-wyskakuje ;
WYSTąPIł PROBLEM Z APLIKACJą MICROSOFT WINDOWS BASED SCRIPT HOST I ZOSTANIE ONA ZAMKNIETA.PRZEPRASZAMY ZA KłOPOTY
WYśLIJ RAPORT O BłęDACH NIE WYSYłAJ
Proszę o pomoc .leszek[/quote]
Złączono Posta : 03.07.2007 (Wto) 14:04
Pomogli mi na innym forum, tu nie za bardzo wracają do tematów. ale i dzieki za te pare wskazowek.TAMAT ZAMYKAM