piotriwa
(Piotriwa)
22 Kwiecień 2006 11:35
#1
Witam. mój problem wygląda tak: Nie chcąco zainstalował mi się jakiś SPYWARE. Próbowałem pozbyć się tego na różne sposoby. Spybot S&D, Adaware itd… Prawie się udało. Niestety nie wszystko jest tak jak powinno. Nie działa mi SKYPE, oraz np Centrum Zabezpieczeń, przy próbie otwarcia Zapory systemowej wyświetla się info:
kolejna dziwna sprawa, w Avaście widzę w opcji “POCZTA” widzę ogromne ilości przelatujących plików…
Zrobiłem loga, może to coś wyjaśni.
Logfile of HijackThis v1.99.1 Scan saved at 13:26:20, on 2006-04-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\rpcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\GetRight\getright.exe D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\GetRight\getright.exe C:\WINDOWS\mtate20202\Madotate.exe D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\SARA~1.ER-\USTAWI~1\Temp\Rar$EX00.880\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dobreprogramy.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGI\spybotsd\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [rpcc] rpcc.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Skrót do Ad-Aware.lnk = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe O4 - Startup: Skrót do Madotate.lnk = C:\WINDOWS\mtate20202\Madotate.exe O4 - Startup: Stardock ObjectDock.lnk = D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y’z Shadow.lnk = D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y’z ToolBar.lnk = D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: MetaCafe.lnk = D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe O4 - Global Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ … canner.ocx O20 - Winlogon Notify: wxtwdx - C:\WINDOWS\SYSTEM32\wxtwdx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Czekam na jakąś radę.Pozdrawiam. :o
Gutek
(Gutek)
22 Kwiecień 2006 11:44
#2
usuń wpisy hijackiem a pliki ręcznie w trybie awaryjnym
Scan EWIDO po update
Daj log z Silenta- opis http://forum.dobreprogramy.pl/viewtopic.php?t=36654
nie wiem czy pomoże
piotriwa
(Piotriwa)
22 Kwiecień 2006 19:08
#3
nie mogę usunąć
nie bardzo wiem o jakich plikach piszesz
jeśli masz na myśli te zaznaczone na czerwono, to ich nie znalazłem.
To też nie zadziałało
Wszystko jest na : Nie skonfigurowane.
Dołączam nowy LOG z HIJACK
Logfile of HijackThis v1.99.1 Scan saved at 20:51:19, on 2006-04-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\GetRight\getright.exe D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\GetRight\getright.exe C:\WINDOWS\mtate20202\Madotate.exe D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\PROGI\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dobreprogramy.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGI\spybotsd\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Skrót do Ad-Aware.lnk = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe O4 - Startup: Skrót do Madotate.lnk = C:\WINDOWS\mtate20202\Madotate.exe O4 - Startup: Stardock ObjectDock.lnk = D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y’z Shadow.lnk = D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y’z ToolBar.lnk = D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: MetaCafe.lnk = D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe O4 - Global Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ … canner.ocx O20 - Winlogon Notify: wxtwdx - C:\WINDOWS\SYSTEM32\wxtwdx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
i Log z Silenta
“Silent Runners.vbs”, revision 44, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu Sp. z oo”] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “WheelMouse” = “C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe” [null data] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [“Sun Microsystems, Inc.”] “QuickTime Task” = ““C:\Program Files\QuickTime\qttask.exe” -atboottime” [“Apple Computer, Inc.”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Nero AG”] “WinampAgent” = “C:\Program Files\Winamp\winampa.exe” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}(Default) = (no title provided) -> {HKLM…CLSID} = “bho2gr Class” \InProcServer32(Default) = “C:\Program Files\GetRight\xx2gr.dll” [“Headlight Software, Inc.”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\PROGI\spybotsd\Spybot - Search & Destroy\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{21569614-B795-46b1-85F4-E737A8DC09AD}” = “Shell Search Band” -> {HKLM…CLSID} = “Shell Search Band” \InProcServer32(Default) = “C:\WINDOWS\system32\browseui.dll” [MS] “{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}” = “iTunes” -> {HKLM…CLSID} = “iTunes” \InProcServer32(Default) = “D:\PROGI\Quick\iTunesMiniPlayer.dll” [“Apple Computer, Inc.”] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{ABC70703-32AF-11d4-90C4-D483A70F4825}” = “CMenuExtender” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “D:\PROGI\Brico-pack\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices” -> {HKLM…CLSID} = “Portable Media Devices” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! wxtwdx\DLLName = “wxtwdx.dll” [** WMI GetObject error **] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ CMenuExtender(Default) = “{ABC70703-32AF-11d4-90C4-D483A70F4825}” -> {HKLM…CLSID} = “CMenuExtender” \InProcServer32(Default) = “D:\PROGI\Brico-pack\Vista Inspirat\iColorFolder\CMExt.dll” [“Revenger inc.”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Startup items in “SARA” & “All Users” startup folders: ------------------------------------------------------ C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Menu Start\Programy\Autostart “Skrót do Ad-Aware” -> shortcut to: “C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe” [“Lavasoft Sweden”] “Skrót do Madotate” -> shortcut to: “C:\WINDOWS\mtate20202\Madotate.exe” [null data] “Stardock ObjectDock” -> shortcut to: “D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe” [“Stardock”] “UberIcon” -> shortcut to: “D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe” [null data] “Y’z Shadow” -> shortcut to: “D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe” [“Y’z@Home”] “Y’z ToolBar” -> shortcut to: “D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe” [“Y’z@Home”] C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart “GetRight - Tray Icon” -> shortcut to: “C:\Program Files\GetRight\getright.exe” [“Headlight Software, Inc.”] “MetaCafe” -> shortcut to: “D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe /startup” [empty string] “Szybkie uruchamianie programu Microsoft Office OneNote 2003” -> shortcut to: “C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE /tsr” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “c:\program files\google\googletoolbar2.dll” [“Google Inc.”] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Pml Driver HPZ12, Pml Driver HPZ12, “C:\WINDOWS\system32\HPZipm12.exe” [“HP”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ HP Standard TCP/IP Port\Driver = “HpTcpMon.dll” [“Hewlett Packard”] hpzsnt12\Driver = “hpzsnt12.dll” [“HP”] Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer “No” at the first message box. ---------- (total run time: 152 seconds, including 18 seconds for message boxes)
Złączono Posta : 22.04.2006 (Sob) 21:27
Myślę, że to to robi kłopocik…Powieliło się to 26 razy…w/g EWIDO
Ściągnij Pocket Killbox >>>uruchom>>>zaznacz opcje “Delete on Reboot”>>>w polu “Full path of file” wklej:
C:\WINDOWS\SYSTEM32\wxtwdx.dll
Klikasz X i reset kompa
Kasujesz wpis w hjt:
nowe logi
piotriwa
(Piotriwa)
22 Kwiecień 2006 19:55
#5
i jeszcze raport z EWIDO
--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 21:55:28, 2006-04-22 + Report-Checksum: F0A5B6E + Scan result: [1316] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1456] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1472] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1632] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1800] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1932] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1940] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1984] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2012] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2036] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [152] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [180] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [236] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [252] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [268] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [280] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [352] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [364] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [376] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [388] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [396] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1612] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2076] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2984] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2860] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [3432] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning C:\WINDOWS\system32\fuxx32.dll -> Backdoor.Haxdoor.fm : Cleaned with backup C:\WINDOWS\system32\senssrv.dll -> Downloader.Agent.afl : Cleaned with backup C:\WINDOWS\system32\taskdir~.exe -> Not-A-Virus.SpamTool.Win32.Agent.g : Cleaned with backup ::Report End
Złączono Posta : 22.04.2006 (Sob) 22:21
Ups…
Jeśli chodzi o Killbox to:
…a więc nici z usunięcia:
…a co za tym idzie, nici z usunięcia przy pomocy HJ
EWIDO niby usunął, ale dalej się pojawia:
i to jest właśnie ten syf, który się odnawia i nie mogę go wywalić. Firewall windowsa nie działa, skype nie działa, pół dnia klikam i nic!
…ale tak łatwo się nie poddam! Walka do końca! Formatowi : NIE !
Czyli: HELP…
Złączono Posta : 22.04.2006 (Sob) 22:23
może jeszcze coś tu jest…:
Logfile of HijackThis v1.99.1 Scan saved at 22:13:02, on 2006-04-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\PROGI\evido\ewido anti-malware\ewidoctrl.exe D:\PROGI\evido\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\GetRight\getright.exe D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\Program Files\GetRight\getright.exe C:\WINDOWS\mtate20202\Madotate.exe D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe D:\PROGI\HijackThis.exe D:\PROGI\evido\ewido anti-malware\securitysuite.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dobreprogramy.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGI\spybotsd\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Skrót do Ad-Aware.lnk = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe O4 - Startup: Skrót do Madotate.lnk = C:\WINDOWS\mtate20202\Madotate.exe O4 - Startup: Stardock ObjectDock.lnk = D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y’z Shadow.lnk = D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y’z ToolBar.lnk = D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: MetaCafe.lnk = D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe O4 - Global Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ … canner.ocx O20 - Winlogon Notify: wxtwdx - C:\WINDOWS\SYSTEM32\wxtwdx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - D:\PROGI\evido\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\PROGI\evido\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Daj log z Gmera 1.0.9 , ściągnij>>>uruchom>>>przejdź do zakładki “rootkit”>>>wybierz “szukaj”>>>czekaż cierpliwie aż program zakończy prace>>>klikasz “kopiuj”>>>ctrl + v i wklej do posta.
piotriwa
(Piotriwa)
22 Kwiecień 2006 21:44
#7
to już jutro…
a na dzisiaj jeszcze log z EWIDO… zamiast mniej, to więcej…
--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 23:46:15, 2006-04-22 + Report-Checksum: C579A4CF + Scan result: [1280] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1460] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1488] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1624] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1660] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1720] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1880] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2024] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2036] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [168] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [196] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [236] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [324] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [340] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [388] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [440] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [448] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [464] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [820] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1044] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1188] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [1992] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2100] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2188] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning [2740] C:\WINDOWS\system32\wxtwdx.dll -> Backdoor.Haxdoor.fm : Error during cleaning C:!KillBox\wxtwdx.dll( 1) -> Backdoor.Haxdoor.fm : Cleaned with backup :mozilla.21:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup :mozilla.22:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup :mozilla.23:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup :mozilla.25:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.26:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.27:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.28:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.29:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.33:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup :mozilla.38:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup :mozilla.42:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.43:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.44:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.45:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.46:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.47:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.48:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.49:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.55:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.56:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.68:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.69:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.70:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.71:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.72:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.73:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.81:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.82:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.83:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.84:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.85:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.86:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.90:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.91:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.102:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.103:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.104:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.112:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup :mozilla.123:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.124:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.141:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup :mozilla.145:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.146:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.157:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup :mozilla.161:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup :mozilla.169:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.177:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.178:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.215:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup :mozilla.221:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.222:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.223:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.224:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.225:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.227:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.228:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.229:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.238:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.239:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.240:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.241:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.242:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.243:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.244:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.245:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.246:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.282:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.286:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.287:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.288:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.289:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.290:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.310:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.311:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.312:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.313:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.314:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.318:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup :mozilla.333:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.335:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.336:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.343:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tfag : Cleaned with backup :mozilla.344:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tfag : Cleaned with backup :mozilla.345:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tfag : Cleaned with backup :mozilla.346:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Tfag : Cleaned with backup :mozilla.401:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.422:C:\Documents and Settings\SARA.ER-CD0C00EA85EE\Dane aplikacji\Mozilla\Firefox\Profiles\icq2ci6m.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup C:\Program Files\Internet Explorer\update.exe -> Adware.BHO : Cleaned with backup C:\WINDOWS\system32\fuxx32.dll -> Backdoor.Haxdoor.fm : Cleaned with backup ::Report End
Złączono Posta : 23.04.2006 (Nie) 10:35
Nie wykonalne. Po rozpoczęciu skanowania wywala kompa. Natychmiastowy restart, bez zamykania systemu. od razu, cyk i znika wszystko, potem odpala się system od nowa i wyskakuje alert o poważnym błędzie i nie właściwym zamknięciu systemu.
Jeszcze jedno:
takie info pojawia mi się z AVASTA podczas rozruchu, a następnie wyświetla mi się info z EWIDO, że : znaleziono infekcję
MaYsTeR
(Mayster X)
24 Kwiecień 2006 10:16
#8
piotriwa:
Po rozpoczęciu skanowania wywala kompa. Natychmiastowy restart, bez zamykania systemu. od razu, cyk i znika wszystko, potem odpala się system od nowa i wyskakuje alert o poważnym błędzie i nie właściwym zamknięciu systemu. Jeszcze jedno:
poczytaj :
http://www.searchengines.pl/phpbb203/in … entry65395
piotriwa
(Piotriwa)
24 Kwiecień 2006 13:17
#9
Poczytałem i… nic. Do nie SSAS jest problemem a Backdoor.Haxdoor.fm
SSAS próbuje wjechać, ale avast nie puszcza. Poczytaj cały opis, proszę. Dzięki za czas, ale chyba się poddam i zrobię formata. Nie mogę za długo experymentować, a widzę, że kicha. Dzięki wszystkim.
adam9870
(adam9870)
24 Kwiecień 2006 13:19
#10
piotriwa Format to ostateczność Daj na fourm loga z Hijacka to się zobaczy co nowego masz
Log z hijacka jest tu zbędny.
piotriwa spróbuj jeszcze raz odpalić gmera (opis wyżej)
piotriwa
(Piotriwa)
24 Kwiecień 2006 13:27
#12
LOG to nie problem, GMER nie wykonalny!
Złączono Posta : 24.04.2006 (Pon) 15:31
Logfile of HijackThis v1.99.1 Scan saved at 15:30:25, on 2006-04-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\PROGI\evido\ewido anti-malware\ewidoctrl.exe D:\PROGI\evido\ewido anti-malware\ewidoguard.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\GetRight\getright.exe C:\Program Files\GetRight\getright.exe D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE C:\WINDOWS\mtate20202\Madotate.exe D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE D:\PROGI\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dobreprogramy.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGI\spybotsd\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WheelMouse] C:\PROGRA~1\Trust\270KDS~1\Mouse\Amoumain.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: Skrót do Ad-Aware.lnk = C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe O4 - Startup: Skrót do Madotate.lnk = C:\WINDOWS\mtate20202\Madotate.exe O4 - Startup: Stardock ObjectDock.lnk = D:\PROGI\Brico-pack\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: UberIcon.lnk = D:\PROGI\Brico-pack\Vista Inspirat\UberIcon\UberIcon Manager.exe O4 - Startup: Y’z Shadow.lnk = D:\PROGI\Brico-pack\Vista Inspirat\YzShadow\YzShadow.exe O4 - Startup: Y’z ToolBar.lnk = D:\PROGI\Brico-pack\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: MetaCafe.lnk = D:\PROGI\meta cafe\Metacafe\MetacafeAgent.exe O4 - Global Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ … canner.ocx O20 - Winlogon Notify: wxtwdx - C:\WINDOWS\SYSTEM32\wxtwdx.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - D:\PROGI\evido\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\PROGI\evido\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
próbowałem wywalić to HJ, ale nie da rady…
Ponieważ to jedna z wersji rootkita haxdoora, który ma ukryty sterownik.
Spróbujemy starego RR, ściągnij stąd , odpal>>kliknij scan i daj mu pracować ( nie wykonuj żadnych czynności, ponieważ komp będzie strasznie mulił), daj loga, którego wygenerował.
Daj treść błędu. który pokazał się przy próbie uruchomienia gmera, spróbuj uruchomić go w trybie awaryjnym…
piotriwa
(Piotriwa)
24 Kwiecień 2006 13:35
#14
Nie było treści błędu przy GMERze. Poprostu znika wszystko i restart. Próbuje zrobić to co piszesz.
Złączono Posta : 24.04.2006 (Pon) 17:14
Rootkit LOG:
i jeszcze jedno. Co chwilę wyświetla mi się info z EWIDO, że:
Po kliknięciu polecenia : USUŃ, w/w info wyświetla się na nowo…
Ot zagwozdka…
Złączono Posta : 24.04.2006 (Pon) 20:30
RESTART I FORMAT>>>>>
Złączono Posta : 24.04.2006 (Pon) 22:50
Zrobiłem scan GMERem w awaryjnym, ale nie wiem gdzie on zapisał plik
Złączono Posta : 24.04.2006 (Pon) 23:00
Pocket Killbox version 2.0.0.648 Running on Windows XP as SARA(Administrator) was started @ sobota, kwiecień 22, 2006, 10:00 PM # 1 [Files to Delete] Path = C:\WINDOWS\SYSTEM32\wxtwdx.dll *This File could not be Deleted Killbox Closed(Exit) @ 10:01:42 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as SARA(Administrator) was started @ sobota, kwiecień 22, 2006, 10:03 PM # 1 [Files to Delete] Path = C:\WINDOWS\SYSTEM32\wxtwdx.dll *This File could not be Deleted Killbox Closed(Exit) @ 10:05:11 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as SARA(Administrator) was started @ sobota, kwiecień 22, 2006, 10:14 PM # 1 [Files to Delete] Path = C:\WINDOWS\SYSTEM32\wxtwdx.dll *This File could not be Deleted Killbox Closed(Exit) @ 10:18:13 PM __________________________________________________
Złączono Posta : 25.04.2006 (Wto) 12:32
Przegrałem nie równą walkę z robalami…Po formacie… Może następnym razem…