Jak najlepiej usunąć Trojan-Proxy.Win32.Mitglieder.dz

Allex · 10 Styczeń 2007 19:39

Znalazłam przyczynę swoich problemów z programami antywirusowymi, które opisałam już w tym temacie http://forum.dobreprogramy.pl/viewtopic.php?t=123910&highlight=. Po krótkim skanowaniu online skanerem Pandy znalazłam coś podejrzanego - okazało się, że to trojan “Trojan-Proxy.Win32.Mitglieder.dz” - a tu jego opis http://wirusy.antivirenkit.pl/pl/opis/Trojan-Proxy.Win32.Mitglieder.dz.html

Ze względu na to, iż nie pozwala on działać programom antywirusowym, chciałabym wiedzieć, jak najlepiej (i najbezpieczniej, bo boję się uszkodzić system) go usunąć - a chciałabym uniknąć formatowania dysku.

Bardzo proszę o pomoc!

system · 10 Styczeń 2007 19:53

Pisz w tym dziale co ci doradzili co zrobić , bo w ten sposób robi się bałagan :mrgreen: .

Allex · 10 Styczeń 2007 20:38

No właśnie doradzili zrobić jedynie loga (stwierdzono, że jest OK) i na tym się pomoc skończyła, dlatego założyłam osobny temat.

Joan · 10 Styczeń 2007 22:29

Nie pomoc się skończyła tylko złączyło posta i nie widać nowego :?

Szukałaś tych plików na dysku > hidr.exe, wintems.exe ??

Daj loga z Silent Runners (zaznaczasz No i czekasz aż skończy pracować w tle).

Skan EWIDO po update, wklej raport.

rixx · 11 Styczeń 2007 00:14

wirus nie jest aż tak niebezpieczny i bez obawy możesz go usunąć

ręcznie - podane exe w windows i system 32;

ponadto sprawdż dane aplikacji w swoim folderze, szukaj hidires\hidr.exe

klucze rejestru Clave: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Valores: “drvsyskit” = “%Userprofiles%\Application Data\hidires\hidr.exe”

“german.exe” = “%System%\wintems.exe”

Clave: HKEY_CURRENT_USER\Software\DateTime4

Valores: “port” = “0x5B7E”

“uid” = “[- aleatorio -]”

“wdrn” = “0x00000001”

jeśli chodzi o programy antywirusowe to wirus po prostu usiłuje wyłączyć

je, aby nie odkryły jego obecności

valores- wartości kluczy - wszystko oczywiście usunąć - w Run podane wartości i cały klucz DateTime4

Allex · 11 Styczeń 2007 09:15

Jeszcze raz napiszę, że pobrałam według instrukcji SR, ale nie otwiera się żaden program tylko długi kod w mojej przeglądarce.

Złączono Posta : 11.01.2007 (Czw) 10:56

A poza tym nie prościej by mi było użyć np. Trojan Remover 6.5.5?

Joan · 11 Styczeń 2007 11:20

Kliknij prawym na linka do Silenta podanego w temacie, który zlinkowałam i daj “zapisz element docelowy jako”. To jest tam wyjaśnione przecież

Allex · 11 Styczeń 2007 11:43

Wiem że jest tak wyjaśnione i tak właśnie zrobiłam. Wszystko według instrukcji.

A nie prościej byłoby mi użyć np. Trojan Remover 6.5.5?

Joan · 11 Styczeń 2007 11:48

Jeśli dajesz “zapisz element docelowy jako” to nie ma siły, plik musi się zapisać w folderze, który jest docelowy do transferów, np pulpit. Znajdź go i odpal

Allex · 11 Styczeń 2007 11:51

Nie lubię się powtarzać. Ściągęłam i zapisałam plik na pulpicie, odpalam no i w przeglądarce wyświetla się długi kod, z którego guzik rozumiem. To wszystko.

Joan · 11 Styczeń 2007 11:59

:? Może zauważ mimo wszystko, że chcemy Ci pomóc.

Masz źle ustawiony program domyślny do otwierania tego piku i pewnie dlatego odpala się w przeglądarce. Prawym + shift na plik > Otwórz za pomocą > “Windows Based Script Host”.

Allex · 13 Styczeń 2007 10:10

Przeglądałam na razie edytor rejestru.

Trojan zarejestrował swój sterownik:

HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ m_hook

Znalazłam też jego dane konfiguracyjne z DateTime4. Ale w:

HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run

nie ma nic podejrzanego.

Szukałam też plików trojana hidr.exe oraz wintems.exe, ale znalazłam tylko to:

C:\WINDOWS\Prefetch\HIDR.EXE-04AA7E86.pf

Nie wiem, czy to jest ten szkodliwy plik? Jak to rozumieć?

adam9870 · 13 Styczeń 2007 10:44

To od rootkita Bagle.

Wrzuć dwa logi z Gmer’a przy takich ustawieniach:

Zakładka Rootkit >>> Zaznaczone wszystko oprócz Pokaż wszystko >>> kliknij Szukaj >>> Czekaj cierpliwie aż skończy
Zakładka Rootkit >>> Zaznaczone tylko Usługi oraz Pokaż wszystko >>> kliknij Szukaj >>> Czekaj cierpliwie aż skończy.

Dodatkowo pokaż jeszcze log z HijackThis.

Allex · 30 Styczeń 2007 17:36

pierwszy log z gmer’a

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-30 18:39:55 Windows 5.1.2600 Dodatek Service Pack 2 ---- Files - GMER 1.0.12 ---- ADS C:\Documents and Settings\Amilo\Moje dokumenty\EMULE\2dartist\2DArtist_Issue_001_jan06.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS C:\Documents and Settings\Amilo\Moje dokumenty\Pliki :DocumentSummaryInformation ADS C:\Documents and Settings\Amilo\Moje dokumenty\Pliki :SummaryInformation ADS C:\Documents and Settings\Amilo\Moje dokumenty\Pliki :{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS C:\Documents and Settings\Amilo\Pulpit\tutoriale3\tutorial1.pdf:SummaryInformation ADS C:\Documents and Settings\Amilo\Pulpit\tutoriale3\tutorial1.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS C:\Documents and Settings\Amilo\Pulpit\tutoriale3\tutorial2.pdf:SummaryInformation ADS C:\Documents and Settings\Amilo\Pulpit\tutoriale3\tutorial2.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS C:\Documents and Settings\Amilo\Pulpit\tutoriale3\tutorial3.pdf:SummaryInformation ADS C:\Documents and Settings\Amilo\Pulpit\tutoriale3\tutorial3.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ADS C:\Documents and Settings\Amilo\Pulpit\tutoriale3\tutorial4MD.pdf:SummaryInformation ADS … ---- EOF - GMER 1.0.12 ----

Złączono Posty : 30.01.2007 (Wto) 18:37

drugi

GMER 1.0.12.12011 - http://www.gmer.net Rootkit scan 2007-01-30 18:41:52 Windows 5.1.2600 Dodatek Service Pack 2 ---- Services - GMER 1.0.12 ---- Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service C:\WINDOWS\System32\DRIVERS\ACPIEC.sys [bOOT] ACPIEC Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [sYSTEM] AFD Service C:\WINDOWS\System32\DRIVERS\agp440.sys [bOOT] agp440 Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service C:\WINDOWS\System32\svchost.exe [DISABLED] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service C:\WINDOWS\System32\DRIVERS\arp1394.sys [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service C:\Program Files\Anti Trojan Elite\ATEPMon.sys [MANUAL] ATE_PROCMON Service C:\WINDOWS\System32\Ati2evxx.exe [DISABLED] Ati HotKey Poller Service C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [sYSTEM] AvgAsCln Service BattC Service [sYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [DISABLED] ClipSrv Service C:\WINDOWS\System32\DRIVERS\CmBatt.sys [MANUAL] CmBatt Service [DISABLED] CmdIde Service C:\WINDOWS\System32\DRIVERS\compbatt.sys [bOOT] Compbatt Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service C:\WINDOWS\system32\Drivers\CO_Mon.sys [MANUAL] CO_Mon Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\CTsvcCDA.EXE [AUTO] Creative Service for CDROM Access Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\system32\svchost.exe [AUTO] DcomLaunch Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [DISABLED] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [DISABLED] dmload Service C:\WINDOWS\System32\svchost.exe [MANUAL] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service C:\WINDOWS\System32\DRIVERS\DP83815.SYS [MANUAL] DP83815 Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [MANUAL] FA312 Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service [sYSTEM] Fdc Service [sYSTEM] Fips Service [sYSTEM] Flpydisk Service C:\WINDOWS\system32\drivers\fltmgr.sys [bOOT] FltMgr Service [sYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] HidUsb Service [DISABLED] hpn Service C:\WINDOWS\System32\Drivers\HTTP.sys [MANUAL] HTTP Service C:\WINDOWS\System32\svchost.exe [MANUAL] HTTPFilter Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [MANUAL] IDriverT Service C:\WINDOWS\System32\DRIVERS\imapi.sys [sYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service C:\WINDOWS\System32\DRIVERS\intelide.sys [bOOT] IntelIde Service C:\WINDOWS\System32\DRIVERS\intelppm.sys [sYSTEM] intelppm Service C:\WINDOWS\system32\drivers\ip6fw.sys [DISABLED] ip6fw Service C:\WINDOWS\System32\DRIVERS\IPFilter.sys [MANUAL] IPFilter Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\Program Files\iPod\bin\iPodService.exe [MANUAL] iPod Service Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service C:\WINDOWS\system32\DRIVERS\irda.sys [AUTO] irda Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service C:\WINDOWS\system32\svchost.exe [AUTO] Irmon Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [MANUAL] Macromedia Licensing Service Service C:\WINDOWS\system32\82.tmp [MANUAL] MEMSWEEP2 Service C:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\system32\drivers\MODEMCSA.sys [MANUAL] MODEMCSA Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [sYSTEM] Msfs Service C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [MANUAL] MSIRCOMM Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service C:\WINDOWS\System32\DRIVERS\mssmbios.sys [MANUAL] mssmbios Service C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [MANUAL] Mtlmnt5 Service C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [MANUAL] Mtlstrm Service [bOOT] Mup Service [MANUAL] m_hook Service [bOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [DISABLED] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [sYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDE Service C:\WINDOWS\system32\netdde.exe [DISABLED] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\DRIVERS\nic1394.sys [MANUAL] NIC1394 Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [MANUAL] NtMtlFax Service [sYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\ohci1394.sys [bOOT] ohci1394 Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [bOOT] PCIIde Service C:\WINDOWS\System32\DRIVERS\pcmcia.sys [bOOT] Pcmcia Service System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasirda.sys [MANUAL] Rasirda Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\RecAgent.sys [MANUAL] RecAgent Service C:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\drivers\RKPavProc.sys [MANUAL] RKPavProc Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\system32\DRIVERS\ArtecGT.sys [AUTO] SampleScanner Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service ScsiPort Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service [AUTO] Serial Service C:\WINDOWS\System32\DRIVERS\sfloppy.sys [MANUAL] Sfloppy Service C:\WINDOWS\System32\svchost.exe [DISABLED] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\System32\DRIVERS\slntamr.sys [MANUAL] Slntamr Service C:\WINDOWS\System32\DRIVERS\Slnthal.sys [MANUAL] SlNtHal Service C:\WINDOWS\system32\slserv.exe [AUTO] SLService Service C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [MANUAL] SlWdmSup Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\system32\DRIVERS\irstusb.sys [MANUAL] STIrUsb Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\Drivers\StMp3Rec.sys [MANUAL] StMp3Rec Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service swwd Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\wdfmgr.exe [AUTO] UMWdf Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service [DISABLED] ViaIde Service C:\WINDOWS\system32\drivers\viaudios.sys [MANUAL] VIAudio Service [bOOT] VolSnap Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service VXD Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [MANUAL] WmdmPmSN Service Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\System32\svchost.exe [DISABLED] wscsvc Service C:\WINDOWS\system32\svchost.exe [DISABLED] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service C:\WINDOWS\System32\svchost.exe [MANUAL] xmlprov Service {60382E71-0075-41F4-8AF8-343CDBF782C6} Service {F102F1F5-4940-485A-A688-49F1BA65A6C1} ---- EOF - GMER 1.0.12 ----

Złączono Posty : 30.01.2007 (Wto) 18:40

z HijackThis

Logfile of HijackThis v1.99.1 Scan saved at 18:43:47, on 2007-01-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\system32\atwtusb.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\hldrrr.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\WINDOWS\system32\hldrrr.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\ScanPanel\ScnPanel.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Amilo\USTAWI~1\Temp\Rar$EX00.297\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM…\Run: [POINTER] point32.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [atwtusb] atwtusb.exe beta O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM…\Run: [KonektorTP] “c:\program files\konektortp\konektortp.exe” tray O4 - HKLM…\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\MSMSGS.EXE” /background O4 - HKCU…\Run: [Creative Detector] “C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” /R O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [spamihilator] “C:\Program Files\Spamihilator\spamihilator.exe” O4 - HKCU…\Run: [EdHTML] C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none O4 - HKCU…\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe O4 - HKCU…\Run: [german.exe] C:\WINDOWS\system32\wintems.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virus … nicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 8289234718 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s … wflash.cab O17 - HKLM\System\CCS\Services\Tcpip…{324561E5-DBB2-48E2-85E9-BB8471738498}: NameServer = 194.204.152.34 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Złączono Posty : 30.01.2007 (Wto) 18:49

mam jeszcze log z SR bo udało mi się go uruchomić

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “MSMSGS” = ““C:\Program Files\Messenger\MSMSGS.EXE” /background” [MS] “Creative Detector” = ““C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe” /R” [“Creative Technology Ltd”] “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Spamihilator” = ““C:\Program Files\Spamihilator\spamihilator.exe”” [“Michel Krämer”] “EdHTML” = “C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none” [file not found] “hldrrr” = “C:\WINDOWS\system32\hldrrr.exe” [null data] “german.exe” = “C:\WINDOWS\system32\wintems.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ATIModeChange” = “Ati2mdxx.exe” [“ATI Technologies, Inc.”] “ATIPTA” = “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [“ATI Technologies, Inc.”] “NeroCheck” = “C:\WINDOWS\System32\NeroCheck.exe” [“Ahead Software Gmbh”] “POINTER” = “point32.exe” [MS] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “atwtusb” = “atwtusb.exe beta” [“Aiptek”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] “Anti Trojan Elite” = “C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO” [file not found] “KonektorTP” = ““c:\program files\konektortp\konektortp.exe” tray” [file not found] “hldrrr” = “C:\WINDOWS\system32\hldrrr.exe” [null data] “!AVG Anti-Spyware” = ““C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized” [“Anti-Malware Development a.s.”] “iTunesHelper” = ““C:\Program Files\iTunes\iTunesHelper.exe”” [“Apple Computer, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office10\msohev.dll” [MS] “{FEB7DAE0-E111-11D0-BFD7-444553540000}” = “ICEOWS” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “C:\WINDOWS\System32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] “{B8323370-FF27-11D2-97B6-204C4F4F5020}” = “SmartFTP Shell Extension DLL” -> {HKLM…CLSID} = “SmartFTP Shell Extension DLL” \InProcServer32(Default) = “C:\Program Files\SmartFTP Client 2.0\smarthook.dll” [file not found] “{23F0DC38-DC86-49D6-81EC-40C54A204212}” = “Zen Nano Plus Media Explorer” -> {HKLM…CLSID} = “Zen Nano Plus Media Explorer” \InProcServer32(Default) = “C:\Program Files\Creative\Creative Zen Nano Plus\CTMvns.dll” [“Creative Technology Ltd”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “C:\Program Files\iTunes\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ICEOWS(Default) = “{FEB7DAE0-E111-11D0-BFD7-444553540000}” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “C:\WINDOWS\System32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] IMMenuShellExt(Default) = “{F8984111-38B6-11D5-8725-0050DA2761C4}” -> {HKLM…CLSID} = “IMMenuShellExt Class” \InProcServer32(Default) = “C:\Program Files\IncrediMail\bin\IMShExt.dll” [“IncrediMail, Ltd.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] ICEOWS(Default) = “{FEB7DAE0-E111-11D0-BFD7-444553540000}” -> {HKLM…CLSID} = “Folder Iceows” \InProcServer32(Default) = “C:\WINDOWS\System32\ShellExt\IceGUI.dll” [“Raphaël MOUNIER”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “DisableRegistryTools” = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “%APPDATA%\Mozilla\Firefox\Tapeta pulpitu.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Amilo\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “Amilo” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Amilo\Menu Start\Programy\Autostart “Adobe Gamma” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “Adobe Reader Speed Launch” -> shortcut to: “C:\WINDOWS\Installer{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe” [null data] “InterVideo WinCinema Manager” -> shortcut to: “C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe” [empty string] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l” [MS] “ScanPanel” -> shortcut to: “C:\ScanPanel\ScnPanel.exe” [empty string] Enabled Scheduled Tasks: ------------------------ “AppleSoftwareUpdate” -> launches: “C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task” [“Apple Computer, Inc.”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_09” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Creative Service for CDROM Access, Creative Service for CDROM Access, “C:\WINDOWS\system32\CTsvcCDA.EXE” [“Creative Technology Ltd”] iPod Service, iPod Service, ““C:\Program Files\iPod\bin\iPodService.exe”” [“Apple Computer, Inc.”] SmartLinkService, SLService, “slserv.exe” [" "] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\System32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor PIXMA iP3000\Driver = “CNMLM61.DLL” [“CANON INC.”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 11 seconds. ---------- (total run time: 55 seconds)

Gutek · 30 Styczeń 2007 18:00

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\System32\hldrrr.exe

C:\WINDOWS\System32\wintems.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Użyj ATF-Cleaner - http://www.atribune.org/ccount/click.php?id=1

Usuwanie w Gmerze:

W zakładce Usługi z prawokliku skasować usługę m_hook.

Allex · 31 Styczeń 2007 10:55

Wszystko działa już poprawnie, zainstalowałam i uruchomiłam wreszcie antywirusa

Serdecznie dziękuję za pomoc!