Komputer się wiesza + Worm.Graz

grejs · 30 Maj 2007 20:50

Witam,

Zaczął mi się wieszać komputer, dziś 3 razy w ciągu godziny. Nie wiem,co sie dzieje, bo przestaje działać IE, komputer nie reaguje na polecenie ponownego uruchomienia czy zamknięcia. Ale mogę rozwinąć pasek Start i np. wybrać otwarcie Mojego Komputera (co prawda nie otwiera się tylko szuka, ale wybiera),nie reaguje też na polecenie Ctrl+Alt+Del Do tego jeszcze ciągle nie mogę się pozbyć tego Worm.Graz wykrywanego za każdym razem przez Ewido.

Pomóżcie proszę,bo siły już nie mam…

Joan · 30 Maj 2007 21:02

wklej logi > Hijack i SilentRunners > http://forum.dobreprogramy.pl/viewtopic.php?t=36654

grejs · 30 Maj 2007 21:03

Logfile of HijackThis v1.99.1 Scan saved at 23:02, on 2007-05-30 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system\csrrs.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe D:\Program Files\SiteAdvisor\6066\SAService.exe D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\WINDOWS\Explorer.EXE D:\Program Files\SiteAdvisor\6066\SiteAdv.exe D:\PROGRA~1\WANADOO\TaskbarIcon.exe D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe D:\Program Files\Lavalys\EVEREST Home Edition\everest.bin D:\Program Files\Wanadoo\EspaceWanadoo.exe D:\Program Files\Wanadoo\ComComp.exe D:\Program Files\Wanadoo\Watch.exe D:\Program Files\Internet Explorer\iexplore.exe D:\Program Files\Trend Micro\Tmasy\tmasy.exe D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM…\Run: [siteAdvisor] D:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKLM…\Run: [win msdt service] mswindtc.exe O4 - HKLM…\RunServices: [win msdt service] mswindtc.exe O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [spyware Doctor] “D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q O4 - HKCU…\Run: [win msdt service] mswindtc.exe O4 - HKCU…\RunServices: [win msdt service] mswindtc.exe O4 - Startup: Trend Micro Anti-Spyware.lnk = D:\Program Files\Trend Micro\Tmasy\Tmasy.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 6571394826 O17 - HKLM\System\CCS\Services\Tcpip…{8AD810F0-1959-4D43-97F2-EE50546B97BC}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O23 - Service: Windows Time Service (CSRRS) - Unknown owner - D:\WINDOWS\system\csrrs.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - D:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Gutek · 30 Maj 2007 21:08

Start >>> Uruchom >>> services.msc >>> zatrzymaj i wyłącz Windows Time Service , a wtrybie awaryjnym usuń wpisy HJT pliki ręcznie

Daj log z Combofix

grejs · 30 Maj 2007 21:14

Ale opcję zatrzymania mam niedostępną

Złączono Posta : 30.05.2007 (Sro) 23:16

do tego nie mogę uruchomić SR,bo jakiś błąd Win32… (?) nie daję rady odczytać

Joan · 30 Maj 2007 21:23

start > uruchom > cmd >

sc stop CSRRS

sc delete CSRRS

reszta tak, jak Gutek napisał

O problemach z Silentem poczytaj tutaj -> KLIK

grejs · 30 Maj 2007 21:30

mogę wyłączyć Windows Time Service,ale w okienku stanu nadal jest uruchomiony i nie mam mozliwości go zatrzymać (w ogóle nie mam mozliwości nic zrobić “zatrzymaj,wstrzymaj…zadania się nie podświetlają” Pomóżcie…

Joan · 30 Maj 2007 21:33

ok ale te komendy ktore Ci podałam skasują usługę, po prostu pomiń ten punkt i wklej nowe logi

grejs · 30 Maj 2007 21:45

Komunikat to "… cannot use WMI to identify operating system. This is caused by corruption od WMI installation, zaraz zapodam log’a z WMI Diagnosis Utility, bo Silent nie mogę uruchomić…

Złączono Posta : 30.05.2007 (Sro) 23:58

straaaasznie długi ten log z WMI…nie wiem…czy mam go wklejać, czy tylko coś z niego podać?

Joan · 30 Maj 2007 22:00

daj lepiej loga z ComboFix

grejs · 30 Maj 2007 22:12

ComboFix 07-05.27.BV - Running from: “D:\Documents and Settings\Kasia\Pulpit\waľne narz©dzia” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “D:\WINDOWS\system32.exe” “D:\WINDOWS\system32\k.exe” ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 )))))))))))))))))))))))))))))))))) 2007-05-30 20:11 38,400 -r-hs---- D:\WINDOWS\system\csrrs.exe 2007-05-29 21:41 75,264 --a------ D:\WINDOWS\system32\mswindtc.exe 2007-05-29 21:24 49,152 --a------ D:\WINDOWS\nircmd.exe 2007-05-26 09:56 2007-05-11 21:46 2007-05-11 12:11 2007-05-10 21:11 2007-05-10 20:08 2007-05-10 19:35 2007-05-10 10:52 2007-05-06 19:05 73,728 --a------ D:\WINDOWS\system32\pv.exe 2007-05-06 19:05 39,184 --a------ D:\WINDOWS\system32\Ntrights.exe 2007-05-06 19:05 175,616 --a------ D:\WINDOWS\system32\strings.exe 2007-05-06 19:05 16,384 --a------ D:\WINDOWS\system32\restart.exe 2007-05-06 19:05 126,976 --a------ D:\WINDOWS\system32\zip.exe 2007-05-06 19:05 11,254 --a------ D:\WINDOWS\system32\locate.com 2007-05-05 19:39 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-05 19:39 2007-05-05 09:53 25,992 --a------ D:\WINDOWS\system32\pgdfgsvc.exe 2007-05-04 23:39 2007-05-04 22:02 2007-05-04 16:41 2007-05-02 21:30 2007-05-02 16:11 46,892 --a------ D:\WINDOWS\system32\adadix16.dll 2007-05-02 16:11 46,167 --a------ D:\WINDOWS\system32\drivers\adildr.sys 2007-05-02 16:11 4,981 --a------ D:\WINDOWS\system32\adadix2k.dll 2007-05-02 16:11 22,395 --a------ D:\WINDOWS\system32\drivers\fpga.bin 2007-05-02 16:11 155,648 --a------ D:\WINDOWS\system32\adadix32.dll 2007-05-02 16:11 143,360 --a------ D:\WINDOWS\autoclk.exe 2007-05-02 16:11 135,168 --a------ D:\WINDOWS\system32\unaddrv.exe 2007-05-02 16:11 127,497 --a------ D:\WINDOWS\system32\drivers\adiusbaw.sys 2007-05-02 16:11 127,456 --a------ D:\WINDOWS\system32\ipdetect.exe 2007-05-02 16:11 126,976 --a------ D:\WINDOWS\system32\coclassfast.dll 2007-05-02 16:11 2007-05-02 15:35 2007-05-02 15:35 2007-05-02 13:23 2007-05-02 12:59 3,145,728 --a------ D:\Documents and Settings\Kasia\ntuser.dat 2007-05-02 12:59 3,145,728 --a------ D:\DOCUME~1\Kasia\ntuser.dat 2007-05-01 17:45 2007-05-01 11:52 2007-05-01 11:46 2007-05-01 11:46 2007-05-01 11:45 2007-05-01 11:43 2007-05-01 11:43 2007-04-27 22:39 26,622 --a------ D:\WINDOWS\system32\lr86.exe 2007-04-23 13:20 2007-04-16 16:58 0 --a------ D:\WINDOWS\system32\CMMGR32.EXE 2007-04-15 15:02 524,288 --ah----- D:\DOCUME~1\ADMINI~1\ntuser.dat 2007-04-15 15:02 2007-04-15 15:02 2007-04-15 15:02 2007-04-15 15:02 2007-04-15 15:02 2007-04-15 15:02 2007-04-15 15:02 2007-04-15 12:41 128,232 --a------ D:\WINDOWS\system32\mucltui.dll 2007-04-14 19:02 726,920 --a------ D:\Program Files\WindowsXP-KB935448-x86-PLK.exe 2007-04-14 18:57 4,709,688 --a------ D:\Program Files\WindowsXP-KB922760-x86-PLK.exe 2007-04-14 18:48 2007-04-14 17:37 2007-04-14 16:49 125,208 --a------ D:\WINDOWS\system32\wuauclt.exe 2007-04-14 16:49 1,343,768 --a------ D:\WINDOWS\system32\wuaueng.dll 2007-04-14 16:44 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll 2007-04-14 16:44 13,312 --a------ D:\WINDOWS\system32\irclass.dll 2007-04-14 16:38 2007-04-14 16:30 37,860,928 --a------ D:\Program Files\iTunesSetup.exe 2007-04-14 09:12 2007-04-10 21:05 2007-04-10 20:54 2007-04-10 20:32 2007-04-10 20:28 68,888 --a------ D:\WINDOWS\system32\xinput1_3.dll 2007-04-10 20:28 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll 2007-04-10 20:28 237,848 --a------ D:\WINDOWS\system32\xactengine2_4.dll 2007-04-10 20:28 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll 2007-04-10 20:28 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll 2007-04-10 20:28 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll 2007-04-10 20:28 15,128 --a------ D:\WINDOWS\system32\x3daudio1_1.dll 2007-04-10 20:28 2007-04-10 20:26 98,816 --a------ D:\WINDOWS\system32\dmstyle.dll 2007-04-10 20:26 974,848 --a------ D:\WINDOWS\system32\dxdiag.exe 2007-04-10 20:26 83,968 --a------ D:\WINDOWS\system32\drivers\nabtsfec.sys 2007-04-10 20:26 80,896 --a------ D:\WINDOWS\system32\dpvsetup.exe 2007-04-10 20:26 8,192 --a------ D:\WINDOWS\system32\d3d8thk.dll 2007-04-10 20:26 797,184 --a------ D:\WINDOWS\system32\d3dim700.dll 2007-04-10 20:26 79,360 --a------ D:\WINDOWS\system32\dpwsockx.dll 2007-04-10 20:26 77,824 --a------ D:\WINDOWS\system32\dpmodemx.dll 2007-04-10 20:26 76,800 --a------ D:\WINDOWS\system32\dmscript.dll 2007-04-10 20:26 733,184 --a------ D:\WINDOWS\system32\qedwipes.dll 2007-04-10 20:26 723,968 --a------ D:\WINDOWS\system32\dpnet.dll 2007-04-10 20:26 7,424 --a------ D:\WINDOWS\system32\drivers\mskssrv.sys 2007-04-10 20:26 68,096 --a------ D:\WINDOWS\system32\dpnhupnp.dll 2007-04-10 20:26 667,648 --a------ D:\WINDOWS\system32\dinput8.dll 2007-04-10 20:26 648,704 --a------ D:\WINDOWS\system32\dinput.dll 2007-04-10 20:26 64,512 --a------ D:\WINDOWS\system32\amstream.dll 2007-04-10 20:26 602,624 --a------ D:\WINDOWS\system32\dx7vb.dll 2007-04-10 20:26 590,336 --a------ D:\WINDOWS\system32\d3dramp.dll 2007-04-10 20:26 58,368 --a------ D:\WINDOWS\system32\dmcompos.dll 2007-04-10 20:26 52,096 --a------ D:\WINDOWS\system32\drivers\msdv.sys 2007-04-10 20:26 5,504 --a------ D:\WINDOWS\system32\drivers\mstee.sys 2007-04-10 20:26 5,248 --a------ D:\WINDOWS\system32\drivers\mspclock.sys 2007-04-10 20:26 491,520 --a------ D:\WINDOWS\system32\dsdmoprp.dll 2007-04-10 20:26 48,512 --a------ D:\WINDOWS\system32\drivers\stream.sys 2007-04-10 20:26 470,528 --a------ D:\WINDOWS\system32\qdvd.dll 2007-04-10 20:26 47,616 --a------ D:\WINDOWS\system32\d3dxof.dll 2007-04-10 20:26 47,104 --a------ D:\WINDOWS\system32\wstdecod.dll 2007-04-10 20:26 467,968 --a------ D:\WINDOWS\system32\diactfrm.dll 2007-04-10 20:26 44,032 --a------ D:\WINDOWS\system32\dimap.dll 2007-04-10 20:26 436,224 --a------ D:\WINDOWS\system32\d3dim.dll 2007-04-10 20:26 4,608 --a------ D:\WINDOWS\system32\drivers\mspqm.sys 2007-04-10 20:26 4,096 --a------ D:\WINDOWS\system32\ksuser.dll 2007-04-10 20:26 4,096 --a------ D:\WINDOWS\system32\drivers\swenum.sys 2007-04-10 20:26 381,952 --a------ D:\WINDOWS\system32\dsound.dll 2007-04-10 20:26 381,952 --a------ D:\WINDOWS\system32\dpvoice.dll 2007-04-10 20:26 354,816 --a------ D:\WINDOWS\system32\psisdecd.dll 2007-04-10 20:26 350,208 --a------ D:\WINDOWS\system32\d3drm.dll 2007-04-10 20:26 34,816 --a------ D:\WINDOWS\system32\d3dpmesh.dll 2007-04-10 20:26 34,304 --a------ D:\WINDOWS\system32\mciqtz32.dll 2007-04-10 20:26 33,280 --a------ D:\WINDOWS\system32\dmloader.dll 2007-04-10 20:26 324,096 --a------ D:\WINDOWS\system32\mswebdvd.dll 2007-04-10 20:26 32,768 --a------ D:\WINDOWS\system32\dpnhpast.dll 2007-04-10 20:26 316,928 --a------ D:\WINDOWS\system32\qdv.dll 2007-04-10 20:26 31,744 --a------ D:\WINDOWS\system32\pid.dll 2007-04-10 20:26 3,072 --a------ D:\WINDOWS\system32\dpnlobby.dll 2007-04-10 20:26 3,072 --a------ D:\WINDOWS\system32\dpnaddr.dll 2007-04-10 20:26 292,864 --a------ D:\WINDOWS\system32\ddraw.dll 2007-04-10 20:26 28,160 --a------ D:\WINDOWS\system32\dplaysvr.exe 2007-04-10 20:26 27,136 --a------ D:\WINDOWS\system32\dmband.dll 2007-04-10 20:26 257,024 --a------ D:\WINDOWS\system32\qcap.dll 2007-04-10 20:26 24,064 --a------ D:\WINDOWS\system32\ddrawex.dll 2007-04-10 20:26 230,400 --a------ D:\WINDOWS\system32\dplayx.dll 2007-04-10 20:26 223,232 --a------ D:\WINDOWS\system32\gcdef.dll 2007-04-10 20:26 19,968 --a------ D:\WINDOWS\system32\dpvacm.dll 2007-04-10 20:26 186,880 --a------ D:\WINDOWS\system32\dsdmo.dll 2007-04-10 20:26 181,248 --a------ D:\WINDOWS\system32\dmime.dll 2007-04-10 20:26 18,944 --a------ D:\WINDOWS\system32\encapi.dll 2007-04-10 20:26 18,688 --a------ D:\WINDOWS\system32\drivers\wstcodec.sys 2007-04-10 20:26 18,432 --a------ D:\WINDOWS\system32\dswave.dll 2007-04-10 20:26 173,056 --a------ D:\WINDOWS\system32\qasf.dll 2007-04-10 20:26 16,896 --a------ D:\WINDOWS\system32\msyuv.dll 2007-04-10 20:26 16,896 --a------ D:\WINDOWS\system32\dpnsvr.exe 2007-04-10 20:26 16,384 --a------ D:\WINDOWS\system32\drivers\ccdecode.sys 2007-04-10 20:26 15,104 --a------ D:\WINDOWS\system32\drivers\mpe.sys 2007-04-10 20:26 14,976 --a------ D:\WINDOWS\system32\drivers\streamip.sys 2007-04-10 20:26 132,608 --a------ D:\WINDOWS\system32\devenum.dll 2007-04-10 20:26 130,304 --a------ D:\WINDOWS\system32\drivers\ks.sys 2007-04-10 20:26 13,312 --a------ D:\WINDOWS\system32\msdmo.dll 2007-04-10 20:26 122,880 --a------ D:\WINDOWS\system32\dmusic.dll 2007-04-10 20:26 112,128 --a------ D:\WINDOWS\system32\dpvvox.dll 2007-04-10 20:26 11,392 --a------ D:\WINDOWS\system32\drivers\bdasup.sys 2007-04-10 20:26 100,864 --a------ D:\WINDOWS\system32\dmsynth.dll 2007-04-10 20:26 10,880 --a------ D:\WINDOWS\system32\drivers\slip.sys 2007-04-10 20:26 10,496 --a------ D:\WINDOWS\system32\drivers\dxapi.sys 2007-04-10 20:26 10,112 --a------ D:\WINDOWS\system32\drivers\ndisip.sys 2007-04-10 20:26 1,962,496 --a------ D:\WINDOWS\system32\quartz.dll 2007-04-10 20:26 1,798,144 --a------ D:\WINDOWS\system32\qedit.dll 2007-04-10 20:26 1,769,472 --a------ D:\WINDOWS\system32\dxdiagn.dll 2007-04-10 20:26 1,703,936 --a------ D:\WINDOWS\system32\d3d9.dll 2007-04-10 20:26 1,294,336 --a------ D:\WINDOWS\system32\dsound3d.dll 2007-04-10 20:26 1,230,336 --a------ D:\WINDOWS\system32\msvidctl.dll 2007-04-10 20:26 1,201,152 --a------ D:\WINDOWS\system32\d3d8.dll 2007-04-10 20:26 1,189,888 --a------ D:\WINDOWS\system32\dx8vb.dll 2007-04-10 19:58 2007-04-06 11:53 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-26 07:58:36 12,400 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-04-14 15:43:24 49,492 ----a-w D:\WINDOWS\system32\perfc015.dat 2007-04-14 15:43:24 355,486 ----a-w D:\WINDOWS\system32\perfh015.dat 2007-04-14 14:50:36 23,016 ----a-w D:\WINDOWS\system32\emptyregdb.dat 2007-03-30 15:00:22 -------- d-----w D:\Program Files\Microsoft.NET 2007-03-30 14:58:44 -------- d-----w D:\Program Files\Microsoft Works 2007-03-30 14:41:58 -------- d-----w D:\Program Files\Windows Messaging (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {089FD14D-132B-48FC-8861-0048AE113215}=D:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SiteAdvisor”=“D:\Program Files\SiteAdvisor\6066\SiteAdv.exe” [2007-03-30 17:42] “WOOWATCH”=“D:\PROGRA~1\WANADOO\Watch.exe” [2002-12-09 18:24] “WOOTASKBARICON”=“D:\PROGRA~1\WANADOO\TaskbarIcon.exe” [2002-12-09 18:24] “win msdt service”=“mswindtc.exe” [2007-05-29 21:41 D:\WINDOWS\system32\mswindtc.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Odkurzacz-MCD”=“D:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “Spyware Doctor”=“D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” [2007-03-26 21:09] “win msdt service”=“mswindtc.exe” [2007-05-29 21:41 D:\WINDOWS\system32\mswindtc.exe] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] “win msdt service”=mswindtc.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “win msdt service”=mswindtc.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “win msdt service”=mswindtc.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”=“D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q “win msdt service”=mswindtc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=c:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=D:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk] backup=D:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Kasia^Menu Start^Programy^Autostart^Trend Micro Anti-Spyware.lnk] backup=D:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] “D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

Gutek · 30 Maj 2007 22:23

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Po tym nowy log z Combo

grejs · 30 Maj 2007 22:26

Mam problem z ręcznym usunięciem plików HJ, jak mogę to inaczej zrobić?

Gutek · 30 Maj 2007 22:30

Użyj The Avenger i daj nowy log z Combo

grejs · 30 Maj 2007 22:37

ComboFix 07-05.27.BV - Running from: “D:\Documents and Settings\Kasia\Pulpit\waľne narz©dzia” Error: dll_whitelist.cf Error: whitedir.cf Error: miscfile.cf Error: attr.cf ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 )))))))))))))))))))))))))))))))))) 2007-05-31 00:33 64 --a------ D:\ComboFix.txt.bat 2007-05-31 00:30 2007-05-31 00:10 2007-05-29 21:24 87,040 --a------ D:\WINDOWS\catchme.exe 2007-05-29 21:24 49,152 --a------ D:\WINDOWS\system32\vfind.exe 2007-05-29 21:24 49,152 --a------ D:\WINDOWS\nircmd.exe 2007-05-29 21:24 428,032 --a------ D:\WINDOWS\system32\swreg.exe 2007-05-29 21:24 38,400 --a------ D:\WINDOWS\system32\moveex.exe 2007-05-29 21:24 370,688 --a------ D:\WINDOWS\system32\swsc.exe 2007-05-29 21:24 212,480 --a------ D:\WINDOWS\system32\swxcacls.exe 2007-05-29 21:18 2007-05-26 09:56 2007-05-11 21:46 2007-05-11 12:11 2007-05-10 21:11 2007-05-10 20:08 2007-05-10 19:35 2007-05-10 10:52 2007-05-06 19:05 73,728 --a------ D:\WINDOWS\system32\pv.exe 2007-05-06 19:05 39,184 --a------ D:\WINDOWS\system32\Ntrights.exe 2007-05-06 19:05 175,616 --a------ D:\WINDOWS\system32\strings.exe 2007-05-06 19:05 16,384 --a------ D:\WINDOWS\system32\restart.exe 2007-05-06 19:05 126,976 --a------ D:\WINDOWS\system32\zip.exe 2007-05-06 19:05 11,254 --a------ D:\WINDOWS\system32\locate.com 2007-05-05 19:39 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-05 19:39 2007-05-05 09:53 25,992 --a------ D:\WINDOWS\system32\pgdfgsvc.exe 2007-05-04 22:02 2007-05-04 16:41 2007-05-02 16:11 46,892 --a------ D:\WINDOWS\system32\adadix16.dll 2007-05-02 16:11 46,167 --a------ D:\WINDOWS\system32\drivers\adildr.sys 2007-05-02 16:11 4,981 --a------ D:\WINDOWS\system32\adadix2k.dll 2007-05-02 16:11 22,395 --a------ D:\WINDOWS\system32\drivers\fpga.bin 2007-05-02 16:11 155,648 --a------ D:\WINDOWS\system32\adadix32.dll 2007-05-02 16:11 143,360 --a------ D:\WINDOWS\autoclk.exe 2007-05-02 16:11 135,168 --a------ D:\WINDOWS\system32\unaddrv.exe 2007-05-02 16:11 127,497 --a------ D:\WINDOWS\system32\drivers\adiusbaw.sys 2007-05-02 16:11 127,456 --a------ D:\WINDOWS\system32\ipdetect.exe 2007-05-02 16:11 126,976 --a------ D:\WINDOWS\system32\coclassfast.dll 2007-05-02 16:11 2007-05-02 15:35 2007-05-02 15:35 2007-05-02 13:23 2007-05-02 12:59 3,145,728 --a------ D:\Documents and Settings\Kasia\ntuser.dat 2007-05-01 17:45 2007-05-01 12:07 80 --a------ D:\WINDOWS\gmer_uninstall.cmd 2007-05-01 12:07 69,905 --a------ D:\WINDOWS\system32\drivers\gmer.sys 2007-05-01 12:07 577,536 -ra------ D:\WINDOWS\gmer.exe 2007-05-01 12:07 573,503 --a------ D:\WINDOWS\gmer.dll 2007-05-01 11:52 2007-05-01 11:45 2007-04-27 22:39 26,622 --a------ D:\WINDOWS\system32\lr86.exe 2007-04-23 13:20 2007-04-16 16:58 0 --a------ D:\WINDOWS\system32\CMMGR32.EXE 2007-04-15 12:41 128,232 --a------ D:\WINDOWS\system32\mucltui.dll 2007-04-14 19:02 726,920 --a------ D:\Program Files\WindowsXP-KB935448-x86-PLK.exe 2007-04-14 18:57 4,709,688 --a------ D:\Program Files\WindowsXP-KB922760-x86-PLK.exe 2007-04-14 17:37 2007-04-14 16:49 125,208 --a------ D:\WINDOWS\system32\wuauclt.exe 2007-04-14 16:49 1,343,768 --a------ D:\WINDOWS\system32\wuaueng.dll 2007-04-14 16:44 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll 2007-04-14 16:44 13,312 --a------ D:\WINDOWS\system32\irclass.dll 2007-04-14 16:38 402,653,184 D:\pagefile.sys 2007-04-14 16:38 2007-04-14 16:30 37,860,928 --a------ D:\Program Files\iTunesSetup.exe 2007-04-14 09:12 2007-04-10 21:05 2007-04-10 20:32 2007-04-10 20:28 68,888 --a------ D:\WINDOWS\system32\xinput1_3.dll 2007-04-10 20:28 62,744 --a------ D:\WINDOWS\system32\xinput1_2.dll 2007-04-10 20:28 62,672 --a------ D:\WINDOWS\system32\xinput1_1.dll 2007-04-10 20:28 61,136 --a------ D:\WINDOWS\system32\xinput9_1_0.dll 2007-04-10 20:28 237,848 --a------ D:\WINDOWS\system32\xactengine2_4.dll 2007-04-10 20:28 236,824 --a------ D:\WINDOWS\system32\xactengine2_3.dll 2007-04-10 20:28 230,168 --a------ D:\WINDOWS\system32\xactengine2_2.dll 2007-04-10 20:28 230,096 --a------ D:\WINDOWS\system32\xactengine2_0.dll 2007-04-10 20:28 229,584 --a------ D:\WINDOWS\system32\xactengine2_1.dll 2007-04-10 20:28 2,414,360 --a------ D:\WINDOWS\system32\d3dx9_31.dll 2007-04-10 20:28 2,388,176 --a------ D:\WINDOWS\system32\d3dx9_30.dll 2007-04-10 20:28 2,337,488 --a------ D:\WINDOWS\system32\d3dx9_25.dll 2007-04-10 20:28 2,332,368 --a------ D:\WINDOWS\system32\d3dx9_29.dll 2007-04-10 20:28 2,323,664 --a------ D:\WINDOWS\system32\d3dx9_28.dll 2007-04-10 20:28 2,319,568 --a------ D:\WINDOWS\system32\d3dx9_27.dll 2007-04-10 20:28 2,297,552 --a------ D:\WINDOWS\system32\d3dx9_26.dll 2007-04-10 20:28 2,222,800 --a------ D:\WINDOWS\system32\d3dx9_24.dll 2007-04-10 20:28 15,128 --a------ D:\WINDOWS\system32\x3daudio1_1.dll 2007-04-10 20:28 14,032 --a------ D:\WINDOWS\system32\x3daudio1_0.dll 2007-04-10 20:28 2007-04-10 20:26 98,816 --a------ D:\WINDOWS\system32\dmstyle.dll 2007-04-10 20:26 974,848 --a------ D:\WINDOWS\system32\dxdiag.exe 2007-04-10 20:26 83,968 --a------ D:\WINDOWS\system32\drivers\nabtsfec.sys 2007-04-10 20:26 80,896 --a------ D:\WINDOWS\system32\dpvsetup.exe 2007-04-10 20:26 8,192 --a------ D:\WINDOWS\system32\d3d8thk.dll 2007-04-10 20:26 797,184 --a------ D:\WINDOWS\system32\d3dim700.dll 2007-04-10 20:26 79,360 --a------ D:\WINDOWS\system32\dpwsockx.dll 2007-04-10 20:26 77,824 --a------ D:\WINDOWS\system32\dpmodemx.dll 2007-04-10 20:26 76,800 --a------ D:\WINDOWS\system32\dmscript.dll 2007-04-10 20:26 733,184 --a------ D:\WINDOWS\system32\qedwipes.dll 2007-04-10 20:26 723,968 --a------ D:\WINDOWS\system32\dpnet.dll 2007-04-10 20:26 7,424 --a------ D:\WINDOWS\system32\drivers\mskssrv.sys 2007-04-10 20:26 68,096 --a------ D:\WINDOWS\system32\dpnhupnp.dll 2007-04-10 20:26 667,648 --a------ D:\WINDOWS\system32\dinput8.dll 2007-04-10 20:26 648,704 --a------ D:\WINDOWS\system32\dinput.dll 2007-04-10 20:26 64,512 --a------ D:\WINDOWS\system32\amstream.dll 2007-04-10 20:26 602,624 --a------ D:\WINDOWS\system32\dx7vb.dll 2007-04-10 20:26 590,336 --a------ D:\WINDOWS\system32\d3dramp.dll 2007-04-10 20:26 58,368 --a------ D:\WINDOWS\system32\dmcompos.dll 2007-04-10 20:26 52,096 --a------ D:\WINDOWS\system32\drivers\msdv.sys 2007-04-10 20:26 5,504 --a------ D:\WINDOWS\system32\drivers\mstee.sys 2007-04-10 20:26 5,248 --a------ D:\WINDOWS\system32\drivers\mspclock.sys 2007-04-10 20:26 491,520 --a------ D:\WINDOWS\system32\dsdmoprp.dll 2007-04-10 20:26 48,512 --a------ D:\WINDOWS\system32\drivers\stream.sys 2007-04-10 20:26 470,528 --a------ D:\WINDOWS\system32\qdvd.dll 2007-04-10 20:26 47,616 --a------ D:\WINDOWS\system32\d3dxof.dll 2007-04-10 20:26 47,104 --a------ D:\WINDOWS\system32\wstdecod.dll 2007-04-10 20:26 467,968 --a------ D:\WINDOWS\system32\diactfrm.dll 2007-04-10 20:26 44,032 --a------ D:\WINDOWS\system32\dimap.dll 2007-04-10 20:26 436,224 --a------ D:\WINDOWS\system32\d3dim.dll 2007-04-10 20:26 4,608 --a------ D:\WINDOWS\system32\drivers\mspqm.sys 2007-04-10 20:26 4,096 --a------ D:\WINDOWS\system32\ksuser.dll 2007-04-10 20:26 4,096 --a------ D:\WINDOWS\system32\drivers\swenum.sys 2007-04-10 20:26 381,952 --a------ D:\WINDOWS\system32\dsound.dll 2007-04-10 20:26 381,952 --a------ D:\WINDOWS\system32\dpvoice.dll 2007-04-10 20:26 354,816 --a------ D:\WINDOWS\system32\psisdecd.dll 2007-04-10 20:26 350,208 --a------ D:\WINDOWS\system32\d3drm.dll 2007-04-10 20:26 34,816 --a------ D:\WINDOWS\system32\d3dpmesh.dll 2007-04-10 20:26 34,304 --a------ D:\WINDOWS\system32\mciqtz32.dll 2007-04-10 20:26 33,280 --a------ D:\WINDOWS\system32\dmloader.dll 2007-04-10 20:26 324,096 --a------ D:\WINDOWS\system32\mswebdvd.dll 2007-04-10 20:26 32,768 --a------ D:\WINDOWS\system32\dpnhpast.dll 2007-04-10 20:26 316,928 --a------ D:\WINDOWS\system32\qdv.dll 2007-04-10 20:26 31,744 --a------ D:\WINDOWS\system32\pid.dll 2007-04-10 20:26 3,072 --a------ D:\WINDOWS\system32\dpnlobby.dll 2007-04-10 20:26 3,072 --a------ D:\WINDOWS\system32\dpnaddr.dll 2007-04-10 20:26 292,864 --a------ D:\WINDOWS\system32\ddraw.dll 2007-04-10 20:26 28,160 --a------ D:\WINDOWS\system32\dplaysvr.exe 2007-04-10 20:26 27,136 --a------ D:\WINDOWS\system32\dmband.dll 2007-04-10 20:26 257,024 --a------ D:\WINDOWS\system32\qcap.dll 2007-04-10 20:26 24,064 --a------ D:\WINDOWS\system32\ddrawex.dll 2007-04-10 20:26 230,400 --a------ D:\WINDOWS\system32\dplayx.dll 2007-04-10 20:26 223,232 --a------ D:\WINDOWS\system32\gcdef.dll 2007-04-10 20:26 19,968 --a------ D:\WINDOWS\system32\dpvacm.dll 2007-04-10 20:26 186,880 --a------ D:\WINDOWS\system32\dsdmo.dll 2007-04-10 20:26 181,248 --a------ D:\WINDOWS\system32\dmime.dll 2007-04-10 20:26 18,944 --a------ D:\WINDOWS\system32\encapi.dll 2007-04-10 20:26 18,688 --a------ D:\WINDOWS\system32\drivers\wstcodec.sys 2007-04-10 20:26 18,432 --a------ D:\WINDOWS\system32\dswave.dll 2007-04-10 20:26 173,056 --a------ D:\WINDOWS\system32\qasf.dll 2007-04-10 20:26 16,896 --a------ D:\WINDOWS\system32\msyuv.dll 2007-04-10 20:26 16,896 --a------ D:\WINDOWS\system32\dpnsvr.exe 2007-04-10 20:26 16,384 --a------ D:\WINDOWS\system32\drivers\ccdecode.sys 2007-04-10 20:26 15,104 --a------ D:\WINDOWS\system32\drivers\mpe.sys 2007-04-10 20:26 14,976 --a------ D:\WINDOWS\system32\drivers\streamip.sys 2007-04-10 20:26 132,608 --a------ D:\WINDOWS\system32\devenum.dll 2007-04-10 20:26 130,304 --a------ D:\WINDOWS\system32\drivers\ks.sys 2007-04-10 20:26 13,312 --a------ D:\WINDOWS\system32\msdmo.dll 2007-04-10 20:26 122,880 --a------ D:\WINDOWS\system32\dmusic.dll 2007-04-10 20:26 112,128 --a------ D:\WINDOWS\system32\dpvvox.dll 2007-04-10 20:26 11,392 --a------ D:\WINDOWS\system32\drivers\bdasup.sys 2007-04-10 20:26 100,864 --a------ D:\WINDOWS\system32\dmsynth.dll 2007-04-10 20:26 10,880 --a------ D:\WINDOWS\system32\drivers\slip.sys 2007-04-10 20:26 10,496 --a------ D:\WINDOWS\system32\drivers\dxapi.sys 2007-04-10 20:26 10,112 --a------ D:\WINDOWS\system32\drivers\ndisip.sys 2007-04-10 20:26 1,962,496 --a------ D:\WINDOWS\system32\quartz.dll 2007-04-10 20:26 1,798,144 --a------ D:\WINDOWS\system32\qedit.dll 2007-04-10 20:26 1,769,472 --a------ D:\WINDOWS\system32\dxdiagn.dll 2007-04-10 20:26 1,703,936 --a------ D:\WINDOWS\system32\d3d9.dll 2007-04-10 20:26 1,294,336 --a------ D:\WINDOWS\system32\dsound3d.dll 2007-04-10 20:26 1,230,336 --a------ D:\WINDOWS\system32\msvidctl.dll 2007-04-10 20:26 1,201,152 --a------ D:\WINDOWS\system32\d3d8.dll 2007-04-10 20:26 1,189,888 --a------ D:\WINDOWS\system32\dx8vb.dll 2007-04-10 19:58 2007-04-06 11:53 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-30 22:29:54 2,048 --s-a-w D:\WINDOWS\bootstat.dat 2007-05-30 22:29:48 402,653,184 --sha-w D:\pagefile.sys 2007-05-26 07:58:36 12,400 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys 2007-05-01 09:43:54 -------- d-----w D:\Documents and Settings\Kasia\Dane aplikacji\SiteAdvisor 2007-04-14 15:43:24 49,492 ----a-w D:\WINDOWS\system32\perfc015.dat 2007-04-14 15:43:24 39,992 ----a-w D:\WINDOWS\system32\perfc009.dat 2007-04-14 15:43:24 355,486 ----a-w D:\WINDOWS\system32\perfh015.dat 2007-04-14 15:43:24 311,604 ----a-w D:\WINDOWS\system32\perfh009.dat 2007-04-14 14:59:42 250,288 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT 2007-04-14 14:50:36 23,016 ----a-w D:\WINDOWS\system32\emptyregdb.dat 2007-04-10 18:54:30 -------- d-----w D:\Documents and Settings\Kasia\Dane aplikacji\FunkyFarm 2007-03-30 15:00:22 -------- d-----w D:\Program Files\Microsoft.NET 2007-03-30 14:58:54 -------- d-----w D:\Program Files\Common Files\DESIGNER 2007-03-30 14:58:44 -------- d-----w D:\Program Files\Microsoft Works 2007-03-30 14:41:58 -------- d-----w D:\Program Files\Windows Messaging 2007-03-14 00:04:46 139,264 ----a-w D:\WINDOWS\system32\javaws.exe 2007-03-13 22:31:28 135,168 ----a-w D:\WINDOWS\system32\javaw.exe 2007-03-13 22:31:24 135,168 ----a-w D:\WINDOWS\system32\java.exe 2007-03-07 10:36:34 12,619,736 ----a-w D:\WINDOWS\system32\MRT.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {089FD14D-132B-48FC-8861-0048AE113215}=D:\Program Files\SiteAdvisor\6066\SiteAdv.dll [2007-03-30 17:41] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SiteAdvisor”=“D:\Program Files\SiteAdvisor\6066\SiteAdv.exe” [2007-03-30 17:42] “WOOWATCH”=“D:\PROGRA~1\WANADOO\Watch.exe” [2002-12-09 18:24] “WOOTASKBARICON”=“D:\PROGRA~1\WANADOO\TaskbarIcon.exe” [2002-12-09 18:24] “win msdt service”=“mswindtc.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Odkurzacz-MCD”=“D:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “Spyware Doctor”=“D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” [2007-03-26 21:09] “win msdt service”=“mswindtc.exe” [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices] “win msdt service”=mswindtc.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “win msdt service”=mswindtc.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “win msdt service”=mswindtc.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Spyware Doctor”=“D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q “win msdt service”=mswindtc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk] path=c:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk backup=D:\WINDOWS\pss\DSLMON.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programy^Autostart^VIA RAID TOOL.lnk] backup=D:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Kasia^Menu Start^Programy^Autostart^Trend Micro Anti-Spyware.lnk] backup=D:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] “D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-31 00:35:18 Windows 5.1.2600 FAT NTAPI scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-05-31 0:35:37 D:\ComboFix3.txt … 2007-05-29 21:25 D:\ComboFix-quarantined-files.txt … 2007-05-31 00:35 D:\ComboFix2.txt … 2007-05-31 00:10 — E O F —

Czy nadal mam próbować kosować pliki z HJ i próbować uruchomić SR?

Gutek · 30 Maj 2007 22:47

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

grejs · 30 Maj 2007 23:31

ok, zrobiłam tak jak napisałeś, daję nowe logi

Logfile of HijackThis v1.99.1 Scan saved at 01:23:52, on 2007-05-31 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe D:\Program Files\SiteAdvisor\6066\SAService.exe D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\WINDOWS\Explorer.EXE D:\Program Files\SiteAdvisor\6066\SiteAdv.exe D:\PROGRA~1\WANADOO\TaskbarIcon.exe D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe D:\WINDOWS\System32\wuauclt.exe D:\Documents and Settings\Kasia\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O4 - HKLM…\Run: [siteAdvisor] D:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM…\Run: [WOOWATCH] D:\PROGRA~1\WANADOO\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] D:\PROGRA~1\WANADOO\TaskbarIcon.exe O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [spyware Doctor] “D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 6571394826 O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\6066\SiteAdv.dll O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe O23 - Service: SiteAdvisor Service - McAfee, Inc. - D:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Złączono Posta : 31.05.2007 (Czw) 8:49

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Odkurzacz-MCD” = “D:\Program Files\Odkurzacz\odk_mcd.exe” [“Franmo Software”] “Spyware Doctor” = ““D:\Program Files\Spyware Doctor wer2.0\swdoctor.exe” /Q” [“PC Tools Research Pty Ltd”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SiteAdvisor” = “D:\Program Files\SiteAdvisor\6066\SiteAdv.exe” [“McAfee, Inc.”] “WOOWATCH” = “D:\PROGRA~1\WANADOO\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “D:\PROGRA~1\WANADOO\TaskbarIcon.exe” [“France Télécom R&D”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {089FD14D-132B-48FC-8861-0048AE113215}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\SiteAdvisor\6066\SiteAdv.dll” [“McAfee, Inc.”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{0BF43445-2F28-4351-9252-17FE6E806AA0}” = “McAfee SiteAdvisor” -> {HKLM…CLSID} = “McAfee SiteAdvisor” \InProcServer32(Default) = “D:\Program Files\SiteAdvisor\6066\SiteAdv.dll” [“McAfee, Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Machine Debug Manager, MDM, ““D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE”” [MS] PC Tools Spyware Doctor, SDhelper, “D:\Program Files\Spyware Doctor wer2.0\sdhelp.exe” [“PC Tools Research Pty Ltd”] SiteAdvisor Service, SiteAdvisor Service, “D:\Program Files\SiteAdvisor\6066\SAService.exe” [“McAfee, Inc.”] SoundMAX Agent Service, SoundMAX Agent Service (default), “D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe” [“Analog Devices, Inc.”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 2242 seconds, including 25 seconds for message boxes)

I znowu od rana miałam zawieszkę…na całego…pomóżcie,co mogę zrobić…

Gutek · 31 Maj 2007 14:24

Logi czyste