Poważny robak - NTkrnl

maciek001 · 12 Marzec 2007 19:42

Witam,

ostatnio moj komputer został zainfekowany robakiem, ktory strasznie spowalnia prace internetu (podstawowe portale ładują sie po kilka minut )

oraz bazgrze po ekranie, tworzac zakłocenia podobne do tych, ktore sa wywolywane przez dzwoniacy w poblizu telefon. Podobno rozprzestrzenia sie przez maila, ja jednak takiej wiadomosci nie dostalem, musialem to zlapac z jakiegos downloadu… Jak to usunąć? Log z hijacka:

Logfile of HijackThis v1.99.1 Scan saved at 20:36:36, on 2007-03-12 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\RUNDLL32.EXE D:\WINDOWS\System32\svcchosst.exe D:\Program Files\Eset\nod32krn.exe E:\Przeglądarki\Mozilla Firefox\firefox.exe D:\Documents and Settings\Ola\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Użytki\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Pobieranie\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [nod32kui] “D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [sYSTEM] windmupdr.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\Run: [Microsoft Directx clicks] directxclickers.exe O4 - HKLM…\Run: [Microsoft Directx push] directxpushup.exe O4 - HKLM…\Run: [symantec Antivirus professional] flushdns.exe O4 - HKLM…\Run: [Windows Service Agent] owlexf.exe O4 - HKLM…\Run: [] Upydate.exe O4 - HKLM…\Run: [lol] randomfile.exe O4 - HKLM…\Run: [msvccc66] svcchosst.exe O4 - HKLM…\Run: [staeck12] D:\Documents and Settings\Ola\2.exe O4 - HKLM…\Run: [melg34] D:\Documents and Settings\Maciek\4.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [sYSTEM] windmupdr.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [symantec Antivirus professional] flushdns.exe O4 - HKLM…\RunServices: [Microsoft Directx clicks] directxclickers.exe O4 - HKLM…\RunServices: [Microsoft Directx push] directxpushup.exe O4 - HKLM…\RunServices: [Windows Service Agent] owlexf.exe O4 - HKLM…\RunServices: [] Upydate.exe O4 - HKLM…\RunServices: [lol] randomfile.exe O4 - HKLM…\RunServices: [msvccc66] svcchosst.exe O4 - HKLM…\RunOnce: [symantec Antivirus professional] flushdns.exe O4 - HKLM…\RunOnce: [lol] randomfile.exe O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “E:\Komunikatory\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [sYSTEM] windmupdr.exe O4 - HKCU…\Run: [symantec Antivirus professional] flushdns.exe O4 - HKCU…\Run: [Microsoft Directx clicks] directxclickers.exe O4 - HKCU…\Run: [Microsoft Directx push] directxpushup.exe O4 - HKCU…\Run: [lol] randomfile.exe O4 - HKCU…\Run: [Windows Service Agent] owlexf.exe O4 - HKCU…\Run: [] Upydate.exe O4 - HKCU…\Run: [staeck12] D:\Documents and Settings\Ola\2.exe O4 - HKCU…\Run: [melg34] D:\Documents and Settings\Maciek\4.exe O4 - HKCU…\RunServices: [sYSTEM] windmupdr.exe O4 - HKCU…\RunServices: [Microsoft Directx push] directxpushup.exe O4 - HKCU…\RunServices: [Microsoft Directx clicks] directxclickers.exe O4 - HKCU…\RunOnce: [symantec Antivirus professional] flushdns.exe O4 - HKCU…\RunOnce: [lol] randomfile.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = E:\Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = E:\Office\Office\1045\OLFSNT40.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip…{6F68DA33-19EE-486A-8E80-5509A0700816}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: MySql - Unknown owner - D:/Program Files/xampp/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

Prosze o pomoc

adam9870 · 12 Marzec 2007 19:53

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

W trybie awaryjnym z wyłączonym przywracaniem systemu usuń:

O4 - HKLM…\Run: [mysvcig38] mysvcc.exe O4 - HKLM…\Run: [sYSTEM] windmupdr.exe O4 - HKLM…\Run: [msvcc25] svcchost.exe O4 - HKLM…\Run: [Microsoft Directx clicks] directxclickers.exe O4 - HKLM…\Run: [Microsoft Directx push] directxpushup.exe O4 - HKLM…\Run: [symantec Antivirus professional] flushdns.exe O4 - HKLM…\Run: [Windows Service Agent] owlexf.exe O4 - HKLM…\Run: [] Upydate.exe O4 - HKLM…\Run: [lol] randomfile.exe O4 - HKLM…\Run: [msvccc66] svcchosst.exe O4 - HKLM…\Run: [staeck12] D:\Documents and Settings\Ola\2.exe O4 - HKLM…\Run: [melg34] D:\Documents and Settings\Maciek\4.exe O4 - HKLM…\RunServices: [mysvcig38] mysvcc.exe O4 - HKLM…\RunServices: [sYSTEM] windmupdr.exe O4 - HKLM…\RunServices: [msvcc25] svcchost.exe O4 - HKLM…\RunServices: [symantec Antivirus professional] flushdns.exe O4 - HKLM…\RunServices: [Microsoft Directx clicks] directxclickers.exe O4 - HKLM…\RunServices: [Microsoft Directx push] directxpushup.exe O4 - HKLM…\RunServices: [Windows Service Agent] owlexf.exe O4 - HKLM…\RunServices: [] Upydate.exe O4 - HKLM…\RunServices: [lol] randomfile.exe O4 - HKLM…\RunServices: [msvccc66] svcchosst.exe O4 - HKLM…\RunOnce: [symantec Antivirus professional] flushdns.exe O4 - HKLM…\RunOnce: [lol] randomfile.exe O4 - HKCU…\Run: [sYSTEM] windmupdr.exe O4 - HKCU…\Run: [symantec Antivirus professional] flushdns.exe O4 - HKCU…\Run: [Microsoft Directx clicks] directxclickers.exe O4 - HKCU…\Run: [Microsoft Directx push] directxpushup.exe O4 - HKCU…\Run: [lol] randomfile.exe O4 - HKCU…\Run: [Windows Service Agent] owlexf.exe O4 - HKCU…\Run: [] Upydate.exe O4 - HKCU…\Run: [staeck12] D:\Documents and Settings\Ola\2.exe O4 - HKCU…\Run: [melg34] D:\Documents and Settings\Maciek\4.exe O4 - HKCU…\RunServices: [sYSTEM] windmupdr.exe O4 - HKCU…\RunServices: [Microsoft Directx push] directxpushup.exe O4 - HKCU…\RunServices: [Microsoft Directx clicks] directxclickers.exe O4 - HKCU…\RunOnce: [symantec Antivirus professional] flushdns.exe O4 - HKCU…\RunOnce: [lol] randomfile.exe

Pliki zaznaczone usuń ręcznie z dysku natomiast wpisy w HijackThis.

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Puść w ruch SDFix.

Przeskanuj http://www.kaspersky.pl/virusscanner.html i http://www.ewido.net/en/

Po wykonaniu wklej komplet logów:

[*:13bbc85a]HijackThis
SilentRunners

maciek001 · 13 Marzec 2007 16:29

Wszystko wykonałem, niestety robak nie ustapil mimo ze internet troche przyspieszyl, to zuzycie procesora jest nadal 100% i w dalszym ciagu pojawiaja sie te zakłocenia. Przedstawiam logi:

HijackThis

Logfile of HijackThis v1.99.1 Scan saved at 17:19:45, on 2007-03-13 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\RUNDLL32.EXE D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe D:\Program Files\Eset\nod32kui.exe E:\Office\Office\1045\OLFSNT40.EXE E:\Przeglądarki\Mozilla Firefox\firefox.exe D:\Documents and Settings\Maciek\Pulpit\usuwanie\Maciek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Użytki\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Pobieranie\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [nod32kui] “D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “E:\Komunikatory\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [sysms] D:\WINDOWS\system32\sysem.exe O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: WinMySQLadmin.lnk = D:\Program Files\xampp\mysql\bin\winmysqladmin.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = E:\Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = E:\Office\Office\1045\OLFSNT40.EXE O8 - Extra context menu item: Download all links using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip…{6F68DA33-19EE-486A-8E80-5509A0700816}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: MySql - Unknown owner - D:/Program Files/xampp/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

SmitFraudFix

SmitFraudFix v2.148 Scan done at 15:02:10,78, 2007-03-13 Run from D:\Documents and Settings\Administrator\Pulpit\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !Attention, following keys are not inevitably infected! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “System”="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !Attention, following keys are not inevitably infected! SrchSTS.exe by S!Ri Search SharedTaskScheduler’s .dll »»»»»»»»»»»»»»»»»»»»»»»» End ComboScan ComboScan v20070306.20 run by Maciek on 2007-03-13 at 17:00:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable…success. – Last 1 Restore Point(s) – 1: 2007-03-13 16:00:13 UTC - RP1 - Punkt kontrolny systemu Performed disk cleanup. – HijackThis (run as Maciek.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:03:14, on 2007-03-13 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\RUNDLL32.EXE D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe D:\Program Files\Eset\nod32kui.exe E:\Office\Office\1045\OLFSNT40.EXE D:\Documents and Settings\Maciek\Pulpit\comboscan.exe D:\DOCUME~1\Maciek\Pulpit\usuwanie\Maciek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Użytki\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Pobieranie\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [nod32kui] “D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “E:\Komunikatory\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [sysms] D:\WINDOWS\system32\sysem.exe O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: WinMySQLadmin.lnk = D:\Program Files\xampp\mysql\bin\winmysqladmin.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = E:\Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = E:\Office\Office\1045\OLFSNT40.EXE O8 - Extra context menu item: Download all links using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip…{6F68DA33-19EE-486A-8E80-5509A0700816}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: MySql - Unknown owner - D:/Program Files/xampp/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe – HijackThis Fixed Entries (D:\DOCUME~1\Maciek\Pulpit\usuwanie\backups) ------ backup-20070313-154636-283 O4 - HKLM…\Run: [symantec Antivirus professional] flushdns.exe backup-20070313-154636-810 O4 - HKLM…\Run: [lol] randomfile.exe backup-20070313-154636-262 O4 - HKLM…\RunServices: [symantec Antivirus professional] flushdns.exe backup-20070313-154636-392 O4 - HKLM…\RunServices: [lol] randomfile.exe backup-20070313-154636-878 O4 - HKLM…\RunOnce: [symantec Antivirus professional] flushdns.exe backup-20070313-154637-326 O4 - HKLM…\RunOnce: [lol] randomfile.exe backup-20070313-154637-260 O4 - HKCU…\Run: [symantec Antivirus professional] flushdns.exe backup-20070313-154637-319 O4 - HKCU…\Run: [lol] randomfile.exe backup-20070313-154637-486 O4 - HKCU…\RunOnce: [symantec Antivirus professional] flushdns.exe backup-20070313-154637-264 O4 - HKCU…\RunOnce: [lol] randomfile.exe backup-20070313-154727-738 O4 - HKCU…\Run: [sYSTEM] windmupdr.exe – File Associations ----------------------------------------------------------- .bat - batfile - “%1” %* .chm - chm.file - “D:\WINDOWS\hh.exe” %1 .cmd - cmdfile - “%1” %* .com - comfile - “%1” %* .exe - exefile - “%1” %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe “%1” %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - “%1” %* .reg - regfile - regedit.exe “%1” .scr - scrfile - “%1” /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe “%1” %* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3S 61883 (Urządzenie jednostkowe 61883) - D:\WINDOWS\system32\drivers\61883.sys 3R actser - D:\WINDOWS\system32\drivers\actser.sys 3R alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - D:\WINDOWS\system32\drivers\alcan5wn.sys 3R alcaudsl (SpeedTouch ADSL Modem ATM Transport) - D:\WINDOWS\system32\drivers\alcaudsl.sys 2R AMON - D:\WINDOWS\system32\drivers\amon.sys 3S Arp1394 (Protokół klienta 1394 ARP) - D:\WINDOWS\system32\drivers\arp1394.sys 3S Avc (Urządzenie AVC) - D:\WINDOWS\system32\drivers\avc.sys 3S basic2 - D:\WINDOWS\system32\drivers\HSF_BSC2.sys 3S CCDECODE (Closed Caption Decoder) - D:\WINDOWS\system32\drivers\ccdecode.sys 3R ctlsb16 (Sterownik Creative SB16/AWE32/AWE64 (WDM)) - D:\WINDOWS\system32\drivers\ctlsb16.sys 2R Fallback - D:\WINDOWS\system32\drivers\HSF_FALL.sys 2R Fsks - D:\WINDOWS\system32\drivers\HSF_FSKS.sys 3S hamachi (Hamachi Network Interface) - D:\WINDOWS\system32\drivers\hamachi.sys 3R hidusb (Sterownik Microsoft klasy HID) - D:\WINDOWS\system32\drivers\hidusb.sys 3S hsf_msft - D:\WINDOWS\system32\drivers\HSF_MSFT.sys 2R K56 - D:\WINDOWS\system32\drivers\HSF_K56K.sys 3S MODEMCSA (Urządzenie filtru strumieniowego usługi Unimodem) - D:\WINDOWS\system32\drivers\MODEMCSA.sys 3R mouhid (Sterownik myszy HID) - D:\WINDOWS\system32\drivers\mouhid.sys 3S msdirectxpushup - D:\Documents and Settings\Ola\msdirectxpush.sys (not found) 3S MSDV (Microsoft DV Camera and VCR) - D:\WINDOWS\system32\drivers\msdv.sys 3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - D:\WINDOWS\system32\drivers\mstee.sys 3S NABTSFEC (NABTS/FEC VBI Codec) - D:\WINDOWS\system32\drivers\nabtsfec.sys 3S NdisIP (Microsoft TV/Video Connection) - D:\WINDOWS\system32\drivers\ndisip.sys 3S NIC1394 (Sterownik sieci 1394) - D:\WINDOWS\system32\drivers\nic1394.sys 1R nod32drv - D:\WINDOWS\system32\drivers\nod32drv.sys 3R nv - D:\WINDOWS\system32\drivers\nv4_mini.sys 0R ohci1394 (Kontroler hosta IEEE 1394 VIA zgodny z OHCI) - D:\WINDOWS\system32\drivers\ohci1394.sys 1R oreans32 - D:\WINDOWS\system32\drivers\oreans32.sys 3R pfc (Padus ASPI Shell) - D:\WINDOWS\system32\drivers\pfc.sys 0R PxHelp20 - D:\WINDOWS\system32\drivers\pxhelp20.sys 3S Rksample - D:\WINDOWS\system32\drivers\HSF_SAMP.sys 3S SLIP (BDA Slip De-Framer) - D:\WINDOWS\system32\drivers\slip.sys 2R SoftFax - D:\WINDOWS\system32\drivers\HSF_FAXX.sys 2R SpeakerPhone - D:\WINDOWS\system32\drivers\HSF_SPKP.sys 3S streamip (BDA IPSink) - D:\WINDOWS\system32\drivers\streamip.sys 2R Tones - D:\WINDOWS\system32\drivers\HSF_TONE.sys 3S usbprint (Klasa PRINTER USB Microsoft) - D:\WINDOWS\system32\drivers\usbprint.sys 3S usbscan (Sterownik skanera USB) - D:\WINDOWS\system32\drivers\usbscan.sys 3S USBSTOR (Sterownik magazynu masowego USB) - D:\WINDOWS\system32\drivers\USBSTOR.SYS 2R V124 - D:\WINDOWS\system32\drivers\HSF_V124.sys 0R viaagp (Filtr magistrali AGP VIA) - D:\WINDOWS\system32\drivers\VIAAGP.SYS 3R WS2IFSL (Środowisko wspomagające dostawcę usług innych niż IFS - Windows Socket 2.0) - D:\WINDOWS\system32\drivers\ws2ifsl.sys 3S WSTCODEC (World Standard Teletext Codec) - D:\WINDOWS\system32\drivers\wstcodec.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- 2S Apache2.2 - “D:\Program Files\xampp\apache\bin\apache.exe” -k runservice 2R Autodesk Licensing Service - “D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe” 2S FileZilla Server (FileZilla Server FTP server) - D:\Program Files\xampp\filezillaftp\filezillaserver.exe 2S MySql - D:/Program Files/xampp/mysql/bin/mysqld-nt.exe 2R NOD32krn (NOD32 Kernel Service) - “D:\Program Files\Eset\nod32krn.exe” 2R NVSvc (NVIDIA Display Driver Service) - D:\WINDOWS\System32\nvsvc32.exe 3S SCardDrv (Pomocnik karty inteligentnej) - D:\WINDOWS\System32\SCardSvr.exe 2R uploadmgr (Menedżer przekazywania) - D:\WINDOWS\System32\svchost.exe -k netsvcs 2R WmdmPmSp (Numer seryjny nośnika przenośnego) - D:\WINDOWS\System32\svchost.exe -k netsvcs – Files created between 2007-02-13 and 2007-03-13 ----------------------------- 2007-03-13 14:58:21 0 d-------- D:\SDFix 2007-03-13 14:57:39 0 d-------- D:\WINDOWS\CSC 2007-03-13 14:43:50 1970 --a------ D:\WINDOWS\System32\tmp.reg 2007-03-12 20:20:14 0 d-------- D:\WINDOWS\pss 2007-03-12 15:20:10 0 d–hs---- D:\FOUND.008 2007-03-12 14:33:24 0 d–hs---- D:\FOUND.007 2007-03-11 20:21:56 0 d–hs---- D:\FOUND.006 2007-03-11 20:13:30 0 d–hs---- D:\FOUND.005 2007-03-10 23:35:30 0 d–hs---- D:\FOUND.004 2007-03-10 21:11:04 0 d-------- D:\MaNGOS 2007-03-10 14:56:58 0 d–hs---- D:\FOUND.003 2007-03-10 13:50:47 10345 --a------ D:\WINDOWS\System32\drivers\hamachi.sys 2007-03-10 13:50:46 0 d-------- D:\Program Files\Hamachi 2007-03-10 10:57:56 0 d–hs---- D:\FOUND.002 2007-03-09 18:12:11 33952 --a------ D:\WINDOWS\System32\drivers\oreans32.sys 2007-03-08 14:13:43 0 --a------ D:\WINDOWS\System32\waucult.exe 2007-03-07 15:04:23 540672 --a------ D:\WINDOWS\System32\livemsgr.exe 2007-03-05 14:24:51 12800 --a------ D:\WINDOWS\System32\my.exe 2007-02-27 15:57:50 0 d-------- D:\Program Files\PremiumSoft 2007-02-27 15:57:32 0 d-------- D:\Navicat 2007-02-27 15:35:27 0 d-------- D:\Program Files\xampp 2007-02-27 15:08:26 121856 --a------ D:\WINDOWS\System32\flushdns.exe 2007-02-25 10:20:47 1380352 -r-hs---- D:\WINDOWS\System32\Upydate.exe 2007-02-24 16:50:02 1265664 --a------ D:\WINDOWS\System32\randomfile.exe 2007-02-24 13:39:27 761856 --a------ D:\WINDOWS\System32\xvidcore.dll 2007-02-24 13:39:25 180224 --a------ D:\WINDOWS\System32\xvidvfw.dll 2007-02-24 13:39:24 0 d-------- D:\Program Files\XviD 2007-02-24 13:38:31 109568 -----n— D:\WINDOWS\System32\pxinsi64.exe 2007-02-24 13:38:31 108544 -----n— D:\WINDOWS\System32\pxcpyi64.exe 2007-02-24 13:38:12 0 d-------- D:\Program Files\DivX 2007-02-22 19:41:44 0 d-------- D:\WINDOWS\Sun 2007-02-22 19:39:11 0 d-------- D:\Program Files\Java 2007-02-22 19:36:23 0 d-------- D:\Program Files\Common Files\Java 2007-02-22 16:48:51 0 d-------- D:\Program Files\MegauploadToolbar 2007-02-22 16:31:51 139264 --a------ D:\WINDOWS\NeoUninstall.exe 2007-02-19 19:41:12 0 d-------- D:\Program Files\Common Files\Canopus Shared 2007-02-19 19:41:09 0 d-------- D:\Program Files\Canopus 2007-02-19 17:56:29 13780 --a------ D:\WINDOWS\System32\drivers\pfc.sys 2007-02-19 17:56:09 0 d-------- D:\Program Files\Sonic Solutions 2007-02-19 17:55:18 86016 --a------ D:\WINDOWS\unvise32qt.exe 2007-02-19 17:54:34 28672 --a------ D:\WINDOWS\System32\qttask.exe 2007-02-19 17:54:23 0 d-------- D:\WINDOWS\System32\QuickTime 2007-02-19 17:54:22 0 d-------- D:\Program Files\QuickTime 2007-02-19 17:53:53 94208 --a------ D:\WINDOWS\System32\TCPreset202.dll 2007-02-19 17:53:53 0 d-------- D:\Program Files\TCWorks 2007-02-19 17:53:31 572752 --a------ D:\WINDOWS\System32\wmvdmoe.dll 2007-02-19 17:53:31 665424 --a------ D:\WINDOWS\System32\wmv8dmoe.dll 2007-02-19 17:53:31 438608 --a------ D:\WINDOWS\System32\wmv8dmod.dll 2007-02-19 17:53:30 1683792 --a------ D:\WINDOWS\System32\wmvcore2.dll 2007-02-19 17:53:30 117072 --a------ D:\WINDOWS\System32\wmsdmoe.dll 2007-02-19 17:53:20 0 d-------- D:\Program Files\directx 2007-02-19 17:39:49 299520 --a------ D:\WINDOWS\uninst.exe 2007-02-18 20:38:31 0 d-------- D:\Program Files\Common Files\Skype 2007-02-17 14:48:01 50688 --a------ D:\WINDOWS\System32\vfwwdm32.dll 2007-02-17 14:47:49 35584 --a------ D:\WINDOWS\System32\drivers\avc.sys 2007-02-17 14:39:30 45952 --a------ D:\WINDOWS\System32\drivers\61883.sys 2007-02-17 14:03:25 55424 --a------ D:\WINDOWS\System32\drivers\ohci1394.sys 2007-02-17 14:02:55 6400 --a------ D:\WINDOWS\System32\drivers\enum1394.sys 2007-02-17 14:02:02 49536 --a------ D:\WINDOWS\System32\drivers\1394bus.sys 2007-02-17 13:44:01 141 --a------ D:\WINDOWS\System32\imon1.dat 2007-02-14 20:05:05 0 d-------- D:\Program Files\Skype – Find3M Report --------------------------------------------------------------- 2007-03-12 14:48:24 355820 --a------ D:\WINDOWS\System32\perfh015.dat 2007-03-12 14:48:24 49608 --a------ D:\WINDOWS\System32\perfc015.dat 2007-03-06 16:35:36 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Nvu 2007-02-22 19:41:44 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Sun 2007-02-22 19:40:44 3415 --a------ D:\WINDOWS\mozver.dat 2007-02-22 16:48:52 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\MegauploadToolbar 2007-02-14 20:05:42 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Skype 2007-02-12 19:48:52 21840 --a------ D:\WINDOWS\System32\SIntfNT.dll 2007-02-12 19:48:52 17212 --a------ D:\WINDOWS\System32\SIntf32.dll 2007-02-12 19:48:52 12067 --a------ D:\WINDOWS\System32\SIntf16.dll 2007-02-12 19:17:28 25359 --a------ D:\WINDOWS\DIIUnin.dat 2007-02-12 19:10:50 2829 --a------ D:\WINDOWS\DIIUnin.pif 2007-02-12 19:10:50 106496 --a------ D:\WINDOWS\DIIUnin.exe 2007-02-07 21:24:44 14688 --a------ D:\WINDOWS\War3Unin.dat 2007-02-07 21:24:30 2829 --a------ D:\WINDOWS\War3Unin.pif 2007-02-07 21:24:30 126976 --a------ D:\WINDOWS\War3Unin.exe 2007-02-06 18:49:06 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Lavasoft 2007-02-03 21:53:56 0 d-------- D:\Program Files\backburner 2 2007-02-03 21:53:54 0 d-------- D:\Program Files\Common Files\Autodesk Shared 2007-02-03 19:51:38 2560 --a------ D:\WINDOWS\System32\BitCometRes.dll 2007-01-26 20:31:58 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Adobe 2007-01-23 17:37:18 554 --a------ D:\WINDOWS\eReg.dat 2007-01-23 17:36:02 737280 --a------ D:\WINDOWS\iun6002.exe 2007-01-23 14:48:06 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Ahead 2007-01-22 23:01:10 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Macromedia 2007-01-22 16:31:30 0 d-------- D:\Program Files\Przegladarka migawek 2007-01-22 16:15:38 0 d-------- D:\Program Files\Przeglądarka migawek 2007-01-22 16:14:48 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Microsoft Web Folders 2007-01-22 16:04:54 298104 --a------ D:\WINDOWS\System32\imon.dll 2007-01-22 15:34:12 0 d-------- D:\Program Files\Thomson 2007-01-22 14:54:50 0 d–h----- D:\Program Files\InstallShield Installation Information 2007-01-22 14:54:06 0 d-------- D:\Program Files\Common Files\XCPCSync.OEM 2007-01-22 14:53:18 0 d-------- D:\Program Files\Common Files\InstallShield 2007-01-22 14:47:42 0 d-------- D:\Program Files\Common Files\Adobe 2007-01-22 14:32:02 0 d-------- D:\Program Files\Common Files\Ahead 2007-01-22 14:30:44 0 --a------ D:\WINDOWS\nsreg.dat 2007-01-22 14:30:40 100489 --a------ D:\WINDOWS\UninstallFirefox.exe 2007-01-22 14:30:30 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Mozilla 2007-01-22 13:20:54 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Identities 2007-01-22 13:11:26 0 d-------- D:\Program Files\microsoft frontpage 2007-01-22 13:08:08 0 d-------- D:\Program Files\Movie Maker 2007-01-22 13:07:20 0 d-------- D:\Program Files\Common Files\MSSoap 2007-01-22 13:06:26 21856 --a------ D:\WINDOWS\System32\emptyregdb.dat 2007-01-22 13:05:54 0 d–h----- D:\Program Files\WindowsUpdate 2007-01-22 13:05:54 0 d-------- D:\Program Files\Usługi online 2007-01-22 13:05:46 0 d-------- D:\Program Files\Messenger 2007-01-22 13:05:36 0 d-------- D:\Program Files\MSN Gaming Zone 2007-01-22 13:05:22 0 d-------- D:\Program Files\Windows NT 2007-01-22 12:58:20 0 d-------- D:\Program Files\Common Files\ODBC 2007-01-22 12:58:16 0 d-------- D:\Program Files\Common Files\SpeechEngines 2007-01-22 12:57:48 62 --ahs---- D:\Documents and Settings\Maciek\Dane aplikacji\desktop.ini 2007-01-22 12:57:30 0 d—s---- D:\Documents and Settings\Maciek\Dane aplikacji\Microsoft – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “MSMSGS”="“D:\Program Files\Messenger\msmsgs.exe” /background" “Gadu-Gadu”="“E:\Komunikatory\Gadu-Gadu\gg.exe” /tray" “sysms”=“D:\WINDOWS\system32\sysem.exe” “Skype”="“D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” “NvMediaCenter”=“RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “SpeedTouch USB Diagnostics”="“D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “nod32kui”="“D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “Symantec Antivirus professional”=“flushdns.exe” “lol”=“randomfile.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “SYSTEM”=“windmupdr.exe” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] “Symantec Antivirus professional”=“flushdns.exe” “lol”=“randomfile.exe” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices] “SYSTEM”=“windmupdr.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” “SYSTEM”=“windmupdr.exe” @=“Upydate.exe” “Symantec Antivirus professional”=“flushdns.exe” “Windows Service Agent”=“owlexf.exe” “Live-Help”=“lmns.exe” “Windows-Xordate”=“wuauclt6.exe” “lol”=“randomfile.exe” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” “SYSTEM”=“windmupdr.exe” @=“Upydate.exe” “Symantec Antivirus professional”=“flushdns.exe” “Windows Service Agent”=“owlexf.exe” “Live-Help”=“lmns.exe” “Windows-Xordate”=“wuauclt6.exe” “lol”=“randomfile.exe” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-13 at 17:04:57 ------------------------ Aha i zapomniałem dodać że każde urochomienie gry/programu wymagającego sporej pracy procka powoduje zawieszenie. Według mnie najwieksze zużycie procesora powoduje ten proces: D:\WINDOWS\system32\svchost.exe Mam nadzieje że da sie cos z tym zrobic i ominie mnie format :? Logi z Gmer dodam poźniej, musze odpocząc od tego migającego ekranu :shock:

adam9870 · 13 Marzec 2007 17:13

Otwórz Notatnik i wklej w nim to:

gmer -del service msdirectxpushup gmer -del file D:\FOUND.008 gmer -del file D:\FOUND.007 gmer -del file D:\FOUND.006 gmer -del file D:\FOUND.005 gmer -del file D:\FOUND.004 gmer -del file D:\FOUND.003 gmer -del file D:\FOUND.002 gmer -del file D:\WINDOWS\System32\waucult.exe gmer -del file D:\WINDOWS\System32\livemsgr.exe gmer -del file D:\WINDOWS\System32\my.exe gmer -del file D:\WINDOWS\System32\flushdns.exe gmer -del file D:\WINDOWS\System32\Upydate.exe gmer -del file D:\WINDOWS\System32\randomfile.exe gmer -del file D:\WINDOWS\DIIUnin.exe gmer -del file D:\WINDOWS\system32\sysem.exe gmer -del file D:\Documents and Settings\Ola\msdirectxpush.sys gmer -del file D:\WINDOWS\system32\owlexf.exe gmer -del file D:\WINDOWS\system32\lmns.exe gmer -del file D:\WINDOWS\system32\wuauclt6.exe gmer -del file D:\WINDOWS\system32\windmupdr.exe gmer -reboot

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Pobierz Gmer’a.

Teraz czynności będziesz wykonywał w Gmerze więc uruchom go, poczekaj chwilkę, kliknij na zakładkę >>> w celu otworzenia pozostałych.

W zakładce Procesy wybierz Gmer awaryjny. Komputer się zrestartuje i zostanie tylko okienko Gmer’a
W zakładce Procesy przez … (trzy kropki) wskaż plik FIX.BAT. Przez chwilkę mignie ekran i komputer się zrestartuje. Jeśli pokażą się jakieś błędy - nie przejmuj się nimi, bo dałem wszystko co możliwe do usunięcia po tym co widać w logu.
Po resecie otwórz Gmer’a i do zakładki CMD z zaznaczoną opcją REGEDIT.EXE wklej:

Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “sysms”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “Symantec Antivirus professional”=- “lol”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\runservices] “SYSTEM”=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] “Symantec Antivirus professional”=- “lol”=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runservices] “SYSTEM”=- [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “SYSTEM”=- @=- “Symantec Antivirus professional”=- “Windows Service Agent”=- “Live-Help”=- “Windows-Xordate”=- “lol”=- [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “SYSTEM”=- @=- “Symantec Antivirus professional”=- “Windows Service Agent”=- “Live-Help”=- “Windows-Xordate”=- “lol”=-

Kliknij Uruchom i reset.

Usuń wpis HJT jeśli będzie.

Po wykonaniu wklej nowy log z ComboScan i dwa logi z Gmer’a wykonane przy takich ustawieniach:

Zakładka Rootkit >>> zaznaczone wszystko oprócz Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta
Zakładka Rootkit >>> zaznaczone tylko Usługi i Pokazuj wszystko >>> kliknij Szukaj >>> czekaj cierpliwie aż skończy >>> Kopiuj >>> wklej do posta

Jeśli wszystkie logi nie zmieszczą się bezpośrednio do posta, to umieść je w jakimś serwisie hostingowym jako pliki *.txt, a tu tylko zlinkuj.

http://forum.dobreprogramy.pl/viewtopic.php?t=96929

maciek001 · 14 Marzec 2007 14:48

wykonane, robak w dalszym ciagu nie ustapil. Logi Gmer’a:

Opcja 1: wykonałem 2 skanowania, za jednym razem pokazał tylko to

a za drugim http://www.sendspace.com/file/predxr

Opcja 2:

GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-14 15:17:05 Windows 5.1.2600 ---- Services - GMER 1.0.12 ---- Service D:\WINDOWS\System32\DRIVERS\61883.sys [MANUAL] 61883 Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service D:\WINDOWS\System32\DRIVERS\ACPI.sys [bOOT] ACPI Service [DISABLED] ACPIEC Service D:\WINDOWS\system32\drivers\actser.sys [MANUAL] actser Service [DISABLED] adpu160m Service D:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service D:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service D:\WINDOWS\System32\DRIVERS\alcan5wn.sys [MANUAL] alcan5wn Service D:\WINDOWS\System32\DRIVERS\alcaudsl.sys [MANUAL] alcaudsl Service D:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service D:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service D:\WINDOWS\system32\drivers\amon.sys [AUTO] AMON Service [DISABLED] amsint Service D:\Program Files\xampp\apache\bin\apache.exe [AUTO] Apache2.2 Service D:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service D:\WINDOWS\System32\DRIVERS\arp1394.sys [MANUAL] Arp1394 Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service D:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service D:\WINDOWS\System32\DRIVERS\atapi.sys [bOOT] atapi Service [DISABLED] Atdisk Service D:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service D:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service D:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [AUTO] Autodesk Licensing Service Service D:\WINDOWS\System32\DRIVERS\avc.sys [MANUAL] Avc Service D:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [MANUAL] basic2 Service BattC Service [sYSTEM] Beep Service D:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service D:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service D:\WINDOWS\System32\DRIVERS\CCDECODE.sys [MANUAL] CCDECODE Service [DISABLED] cd20xrnt Service [sYSTEM] Cdaudio Service [DISABLED] Cdfs Service D:\WINDOWS\System32\DRIVERS\cdrom.sys [sYSTEM] Cdrom Service [sYSTEM] Changer Service D:\WINDOWS\System32\cisvc.exe [MANUAL] cisvc Service D:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service D:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service D:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service D:\WINDOWS\system32\drivers\ctlsb16.sys [MANUAL] ctlsb16 Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service D:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service D:\WINDOWS\System32\DRIVERS\disk.sys [bOOT] Disk Service D:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service D:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service D:\WINDOWS\System32\drivers\dmio.sys [bOOT] dmio Service D:\WINDOWS\System32\drivers\dmload.sys [bOOT] dmload Service D:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service D:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service D:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service D:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service D:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service D:\WINDOWS\system32\services.exe [AUTO] Eventlog Service D:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service D:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [AUTO] Fallback Service [DISABLED] Fastfat Service D:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service D:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service D:\Program [AUTO] FileZilla Server Service [sYSTEM] Fips Service D:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service D:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [AUTO] Fsks Service [sYSTEM] Fs_Rec Service D:\WINDOWS\System32\DRIVERS\ftdisk.sys [bOOT] Ftdisk Service D:\WINDOWS\System32\DRIVERS\gameenum.sys [MANUAL] gameenum Service D:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service D:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service D:\WINDOWS\System32\DRIVERS\hamachi.sys [MANUAL] hamachi Service D:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service D:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service D:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [DISABLED] hpt3xx Service D:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [MANUAL] hsf_msft Service [sYSTEM] i2omgmt Service [DISABLED] i2omp Service D:\WINDOWS\System32\DRIVERS\i8042prt.sys [sYSTEM] i8042prt Service [sYSTEM] Imapi Service D:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service D:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service D:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service D:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service D:\WINDOWS\System32\DRIVERS\ipsec.sys [sYSTEM] IPSec Service D:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service D:\WINDOWS\System32\DRIVERS\isapnp.sys [bOOT] isapnp Service D:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [AUTO] K56 Service D:\WINDOWS\System32\DRIVERS\kbdclass.sys [sYSTEM] Kbdclass Service D:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [bOOT] KSecDD Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service D:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [sYSTEM] lbrtfdc Service ldap Service LicenseService Service D:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service D:\WINDOWS\System32\svchost.exe [DISABLED] Messenger Service [sYSTEM] mnmdd Service D:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service D:\WINDOWS\system32\drivers\MODEMCSA.sys [MANUAL] MODEMCSA Service D:\WINDOWS\System32\DRIVERS\mouclass.sys [sYSTEM] Mouclass Service D:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [bOOT] MountMgr Service [DISABLED] mraid35x Service D:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service D:\WINDOWS\System32\DRIVERS\mrxsmb.sys [sYSTEM] MRxSmb Service D:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service D:\WINDOWS\System32\DRIVERS\msdv.sys [MANUAL] MSDV Service [sYSTEM] Msfs Service D:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service D:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service D:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service D:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service D:\WINDOWS\system32\drivers\MSTEE.sys [MANUAL] MSTEE Service [bOOT] Mup Service D:/Program [AUTO] MySql Service D:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [MANUAL] NABTSFEC Service [bOOT] NDIS Service D:\WINDOWS\System32\DRIVERS\NdisIP.sys [MANUAL] NdisIP Service D:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service D:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service D:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service D:\WINDOWS\System32\DRIVERS\netbios.sys [sYSTEM] NetBIOS Service D:\WINDOWS\System32\DRIVERS\netbt.sys [MANUAL] NetBT Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service D:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service D:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service D:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service D:\WINDOWS\System32\DRIVERS\nic1394.sys [MANUAL] NIC1394 Service D:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service D:\WINDOWS\system32\drivers\nod32drv.sys [sYSTEM] nod32drv Service D:\Program Files\Eset\nod32krn.exe [AUTO] NOD32krn Service [sYSTEM] Npfs Service [DISABLED] Ntfs Service D:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service D:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [sYSTEM] Null Service D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [MANUAL] nv Service D:\WINDOWS\System32\nvsvc32.exe [AUTO] NVSvc Service D:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service D:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service D:\WINDOWS\System32\DRIVERS\ohci1394.sys [bOOT] ohci1394 Service D:\WINDOWS\system32\drivers\oreans32.sys [sYSTEM] oreans32 Service D:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [bOOT] PartMgr Service [AUTO] ParVdm Service D:\WINDOWS\System32\DRIVERS\pci.sys [bOOT] PCI Service [sYSTEM] PCIDump Service [DISABLED] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service D:\WINDOWS\system32\drivers\pfc.sys [MANUAL] pfc Service D:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service D:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service D:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service D:\WINDOWS\System32\DRIVERS\processr.sys [sYSTEM] Processor Service D:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service D:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service D:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service D:\WINDOWS\System32\DRIVERS\PxHelp20.sys [bOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service D:\WINDOWS\System32\DRIVERS\rasacd.sys [sYSTEM] RasAcd Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service D:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service D:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service D:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service D:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service D:\WINDOWS\System32\DRIVERS\rdbss.sys [sYSTEM] Rdbss Service D:\WINDOWS\System32\DRIVERS\RDPCDD.sys [sYSTEM] RDPCDD Service RDPDD Service D:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service D:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service D:\WINDOWS\System32\DRIVERS\redbook.sys [sYSTEM] redbook Service D:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service D:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service D:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [MANUAL] Rksample Service D:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service D:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service D:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service D:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service D:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service D:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service D:\WINDOWS\System32\DRIVERS\secdrv.sys [AUTO] Secdrv Service D:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service D:\WINDOWS\system32\svchost.exe [AUTO] SENS Service D:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service D:\WINDOWS\System32\DRIVERS\serial.sys [sYSTEM] Serial Service [sYSTEM] Sfloppy Service D:\WINDOWS\System32\svchost.exe [AUTO] SharedAccess Service D:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service D:\WINDOWS\System32\DRIVERS\SLIP.sys [MANUAL] SLIP Service D:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [AUTO] SoftFax Service [DISABLED] Sparrow Service D:\WINDOWS\System32\DRIVERS\HSF_SPKP.sys [AUTO] SpeakerPhone Service D:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service D:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service D:\WINDOWS\System32\DRIVERS\sr.sys [bOOT] sr Service D:\WINDOWS\System32\svchost.exe [AUTO] srservice Service D:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service D:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service D:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service D:\WINDOWS\System32\DRIVERS\StreamIP.sys [MANUAL] streamip Service D:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service D:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service D:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service D:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service D:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service D:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service D:\WINDOWS\System32\DRIVERS\tcpip.sys [sYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service D:\WINDOWS\System32\DRIVERS\termdd.sys [sYSTEM] TermDD Service D:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service D:\WINDOWS\System32\svchost.exe [AUTO] Themes Service D:\WINDOWS\System32\tlntsvr.exe [MANUAL] TlntSvr Service D:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [AUTO] Tones Service [DISABLED] TosIde Service D:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service D:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service D:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service D:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service D:\WINDOWS\System32\ups.exe [MANUAL] UPS Service D:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service D:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service D:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan Service D:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service D:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service D:\WINDOWS\System32\DRIVERS\HSF_V124.sys [AUTO] V124 Service D:\WINDOWS\System32\drivers\vga.sys [sYSTEM] VgaSave Service D:\WINDOWS\System32\DRIVERS\viaagp.sys [bOOT] viaagp Service D:\WINDOWS\System32\DRIVERS\viaide.sys [bOOT] ViaIde Service [bOOT] VolSnap Service D:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service D:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service D:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service D:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service D:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service D:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service D:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service D:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service D:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service D:\WINDOWS\System32\drivers\ws2ifsl.sys [MANUAL] WS2IFSL Service [AUTO] wscsvc Service D:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [MANUAL] WSTCODEC Service D:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service D:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {420B1AF9-D8F2-4786-BCE4-FD0E624B7D63} Service {7F8DC5C6-A5D3-4736-9AF3-F371C7E6DCF3} Service {F766B7CB-A578-4B5E-878C-3B9E91CAB2A1} ---- EOF - GMER 1.0.12 ----

EDIT:

zapomniałem o ComboScan, dodaję.

ComboScan v20070306.20 run by Maciek on 2007-03-13 at 20:16:17 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Maciek.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 20:16:27, on 2007-03-13 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\RUNDLL32.EXE D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe D:\Program Files\Eset\nod32kui.exe D:\Program Files\Messenger\msmsgs.exe E:\Office\Office\1045\OLFSNT40.EXE D:\Documents and Settings\Maciek\Pulpit\comboscan.exe D:\DOCUME~1\Maciek\Pulpit\usuwanie\Maciek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Użytki\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Pobieranie\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [nod32kui] “D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [Microsoft Security Monitor Process] mmp.exe O4 - HKLM…\RunServices: [Microsoft Security Monitor Process] mmp.exe O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “E:\Komunikatory\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: WinMySQLadmin.lnk = D:\Program Files\xampp\mysql\bin\winmysqladmin.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = E:\Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = E:\Office\Office\1045\OLFSNT40.EXE O8 - Extra context menu item: Download all links using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip…{6F68DA33-19EE-486A-8E80-5509A0700816}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: MySql - Unknown owner - D:/Program Files/xampp/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - D:\WINDOWS\System32\nvsvc32.exe (file missing) – Files created between 2007-02-13 and 2007-03-13 ----------------------------- 2007-03-13 18:36:48 934 --a------ D:\WINDOWS\gmer.reg 2007-03-13 18:29:10 28160 --ah----- D:\WINDOWS\System32\miila.exe 2007-03-13 18:19:51 80 --a------ D:\WINDOWS\gmer_uninstall.cmd 2007-03-13 14:58:21 0 d-------- D:\SDFix 2007-03-13 14:57:39 0 d-------- D:\WINDOWS\CSC 2007-03-13 14:43:50 1970 --a------ D:\WINDOWS\System32\tmp.reg 2007-03-12 20:20:14 0 d-------- D:\WINDOWS\pss 2007-03-12 15:20:10 0 d-a------ D:\FOUND.008 2007-03-12 14:33:24 0 d-a------ D:\FOUND.007 2007-03-11 20:21:56 0 d-a------ D:\FOUND.006 2007-03-11 20:13:30 0 d-a------ D:\FOUND.005 2007-03-10 23:35:30 0 d-a------ D:\FOUND.004 2007-03-10 21:11:04 0 d-------- D:\MaNGOS 2007-03-10 14:56:58 0 d-a------ D:\FOUND.003 2007-03-10 13:50:47 10345 --a------ D:\WINDOWS\System32\drivers\hamachi.sys 2007-03-10 13:50:46 0 d-------- D:\Program Files\Hamachi 2007-03-10 10:57:56 0 d-a------ D:\FOUND.002 2007-03-09 18:12:11 33952 --a------ D:\WINDOWS\System32\drivers\oreans32.sys 2007-02-27 15:57:50 0 d-------- D:\Program Files\PremiumSoft 2007-02-27 15:57:32 0 d-------- D:\Navicat 2007-02-27 15:35:27 0 d-------- D:\Program Files\xampp 2007-02-24 13:39:27 761856 --a------ D:\WINDOWS\System32\xvidcore.dll 2007-02-24 13:39:25 180224 --a------ D:\WINDOWS\System32\xvidvfw.dll 2007-02-24 13:39:24 0 d-------- D:\Program Files\XviD 2007-02-24 13:38:31 109568 -----n— D:\WINDOWS\System32\pxinsi64.exe 2007-02-24 13:38:31 108544 -----n— D:\WINDOWS\System32\pxcpyi64.exe 2007-02-24 13:38:12 0 d-------- D:\Program Files\DivX 2007-02-22 19:41:44 0 d-------- D:\WINDOWS\Sun 2007-02-22 19:39:11 0 d-------- D:\Program Files\Java 2007-02-22 19:36:23 0 d-------- D:\Program Files\Common Files\Java 2007-02-22 16:48:51 0 d-------- D:\Program Files\MegauploadToolbar 2007-02-22 16:31:51 139264 --a------ D:\WINDOWS\NeoUninstall.exe 2007-02-19 19:41:12 0 d-------- D:\Program Files\Common Files\Canopus Shared 2007-02-19 19:41:09 0 d-------- D:\Program Files\Canopus 2007-02-19 17:56:29 13780 --a------ D:\WINDOWS\System32\drivers\pfc.sys 2007-02-19 17:56:09 0 d-------- D:\Program Files\Sonic Solutions 2007-02-19 17:55:18 86016 --a------ D:\WINDOWS\unvise32qt.exe 2007-02-19 17:54:34 28672 --a------ D:\WINDOWS\System32\qttask.exe 2007-02-19 17:54:23 0 d-------- D:\WINDOWS\System32\QuickTime 2007-02-19 17:54:22 0 d-------- D:\Program Files\QuickTime 2007-02-19 17:53:53 94208 --a------ D:\WINDOWS\System32\TCPreset202.dll 2007-02-19 17:53:53 0 d-------- D:\Program Files\TCWorks 2007-02-19 17:53:31 572752 --a------ D:\WINDOWS\System32\wmvdmoe.dll 2007-02-19 17:53:31 665424 --a------ D:\WINDOWS\System32\wmv8dmoe.dll 2007-02-19 17:53:31 438608 --a------ D:\WINDOWS\System32\wmv8dmod.dll 2007-02-19 17:53:30 1683792 --a------ D:\WINDOWS\System32\wmvcore2.dll 2007-02-19 17:53:30 117072 --a------ D:\WINDOWS\System32\wmsdmoe.dll 2007-02-19 17:53:20 0 d-------- D:\Program Files\directx 2007-02-19 17:39:49 299520 --a------ D:\WINDOWS\uninst.exe 2007-02-18 20:38:31 0 d-------- D:\Program Files\Common Files\Skype 2007-02-17 14:48:01 50688 --a------ D:\WINDOWS\System32\vfwwdm32.dll 2007-02-17 14:47:49 35584 --a------ D:\WINDOWS\System32\drivers\avc.sys 2007-02-17 14:39:30 45952 --a------ D:\WINDOWS\System32\drivers\61883.sys 2007-02-17 14:03:25 55424 --a------ D:\WINDOWS\System32\drivers\ohci1394.sys 2007-02-17 14:02:55 6400 --a------ D:\WINDOWS\System32\drivers\enum1394.sys 2007-02-17 14:02:02 49536 --a------ D:\WINDOWS\System32\drivers\1394bus.sys 2007-02-17 13:44:01 141 --a------ D:\WINDOWS\System32\imon1.dat 2007-02-14 20:05:05 0 d-------- D:\Program Files\Skype – Find3M Report --------------------------------------------------------------- 2007-03-12 14:48:24 355820 --a------ D:\WINDOWS\System32\perfh015.dat 2007-03-12 14:48:24 49608 --a------ D:\WINDOWS\System32\perfc015.dat 2007-03-06 16:35:36 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Nvu 2007-02-22 19:41:44 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Sun 2007-02-22 19:40:44 3415 --a------ D:\WINDOWS\mozver.dat 2007-02-22 16:48:52 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\MegauploadToolbar 2007-02-14 20:05:42 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Skype 2007-02-12 19:48:52 21840 --a------ D:\WINDOWS\System32\SIntfNT.dll 2007-02-12 19:48:52 17212 --a------ D:\WINDOWS\System32\SIntf32.dll 2007-02-12 19:48:52 12067 --a------ D:\WINDOWS\System32\SIntf16.dll 2007-02-12 19:17:28 25359 --a------ D:\WINDOWS\DIIUnin.dat 2007-02-12 19:10:50 2829 --a------ D:\WINDOWS\DIIUnin.pif 2007-02-07 21:24:44 14688 --a------ D:\WINDOWS\War3Unin.dat 2007-02-07 21:24:30 2829 --a------ D:\WINDOWS\War3Unin.pif 2007-02-07 21:24:30 126976 --a------ D:\WINDOWS\War3Unin.exe 2007-02-06 18:49:06 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Lavasoft 2007-02-03 21:53:56 0 d-------- D:\Program Files\backburner 2 2007-02-03 21:53:54 0 d-------- D:\Program Files\Common Files\Autodesk Shared 2007-02-03 19:51:38 2560 --a------ D:\WINDOWS\System32\BitCometRes.dll 2007-01-26 20:31:58 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Adobe 2007-01-23 17:37:18 554 --a------ D:\WINDOWS\eReg.dat 2007-01-23 17:36:02 737280 --a------ D:\WINDOWS\iun6002.exe 2007-01-23 14:48:06 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Ahead 2007-01-22 23:01:10 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Macromedia 2007-01-22 16:31:30 0 d-------- D:\Program Files\Przegladarka migawek 2007-01-22 16:15:38 0 d-------- D:\Program Files\Przeglądarka migawek 2007-01-22 16:14:48 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Microsoft Web Folders 2007-01-22 16:04:54 298104 --a------ D:\WINDOWS\System32\imon.dll 2007-01-22 15:34:12 0 d-------- D:\Program Files\Thomson 2007-01-22 14:54:50 0 d–h----- D:\Program Files\InstallShield Installation Information 2007-01-22 14:54:06 0 d-------- D:\Program Files\Common Files\XCPCSync.OEM 2007-01-22 14:53:18 0 d-------- D:\Program Files\Common Files\InstallShield 2007-01-22 14:47:42 0 d-------- D:\Program Files\Common Files\Adobe 2007-01-22 14:32:02 0 d-------- D:\Program Files\Common Files\Ahead 2007-01-22 14:30:44 0 --a------ D:\WINDOWS\nsreg.dat 2007-01-22 14:30:40 100489 --a------ D:\WINDOWS\UninstallFirefox.exe 2007-01-22 14:30:30 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Mozilla 2007-01-22 13:20:54 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Identities 2007-01-22 13:11:26 0 d-------- D:\Program Files\microsoft frontpage 2007-01-22 13:08:08 0 d-------- D:\Program Files\Movie Maker 2007-01-22 13:07:20 0 d-------- D:\Program Files\Common Files\MSSoap 2007-01-22 13:06:26 21856 --a------ D:\WINDOWS\System32\emptyregdb.dat 2007-01-22 13:05:54 0 d–h----- D:\Program Files\WindowsUpdate 2007-01-22 13:05:54 0 d-------- D:\Program Files\Usługi online 2007-01-22 13:05:46 0 d-------- D:\Program Files\Messenger 2007-01-22 13:05:36 0 d-------- D:\Program Files\MSN Gaming Zone 2007-01-22 13:05:22 0 d-------- D:\Program Files\Windows NT 2007-01-22 12:58:20 0 d-------- D:\Program Files\Common Files\ODBC 2007-01-22 12:58:16 0 d-------- D:\Program Files\Common Files\SpeechEngines 2007-01-22 12:57:48 62 --ahs---- D:\Documents and Settings\Maciek\Dane aplikacji\desktop.ini 2007-01-22 12:57:30 0 d—s---- D:\Documents and Settings\Maciek\Dane aplikacji\Microsoft – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “MSMSGS”="“D:\Program Files\Messenger\msmsgs.exe” /background" “Gadu-Gadu”="“E:\Komunikatory\Gadu-Gadu\gg.exe” /tray" “Skype”="“D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” “NvMediaCenter”=“RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “SpeedTouch USB Diagnostics”="“D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “nod32kui”="“D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" “Microsoft Security Monitor Process”=“mmp.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Microsoft Security Monitor Process”=“mmp.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-13 at 20:19:36 ------------------------

Co robić?

adam9870 · 14 Marzec 2007 15:33

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

D:\WINDOWS\System32\miila.exe

D:\WINDOWS\System32\mmp.exe

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart. Jeśli po wklejeniu którejś ze ścieżek pokaże się jakiś błąd, nie przejmuj się nim tylko przejdź do wykonywania dalszych czynności.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Usuń wpisy HJT jeśli będą.

Po wykonaniu wklej nowy log z Cobmbo i SilentRunners.

maciek001 · 14 Marzec 2007 16:31

i dalej to samo

Comboscan

ComboScan v20070306.20 run by Maciek on 2007-03-14 at 17:01:01 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as Maciek.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 17:01:02, on 2007-03-14 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\RUNDLL32.EXE D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe D:\Program Files\Eset\nod32kui.exe E:\Office\Office\1045\OLFSNT40.EXE D:\Documents and Settings\Maciek\Pulpit\comboscan.exe D:\DOCUME~1\Maciek\Pulpit\usuwanie\Maciek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Użytki\Adobe Reader\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Pobieranie\BitComet\tools\BitCometBHO.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [speedTouch USB Diagnostics] “D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [nod32kui] “D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [Msn Messenger] msnmsgr.exe O4 - HKLM…\RunServices: [Msn Messenger] msnmsgr.exe O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “E:\Komunikatory\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Startup: WinMySQLadmin.lnk = D:\Program Files\xampp\mysql\bin\winmysqladmin.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = E:\Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = E:\Office\Office\1045\OLFSNT40.EXE O8 - Extra context menu item: Download all links using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://E:\Pobieranie\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip…{6F68DA33-19EE-486A-8E80-5509A0700816}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apache2.2 - Unknown owner - D:\Program Files\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - D:\Program Files\xampp\filezillaftp\filezillaserver.exe (file missing) O23 - Service: MySql - Unknown owner - D:/Program Files/xampp/mysql/bin/mysqld-nt.exe (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - D:\WINDOWS\System32\nvsvc32.exe (file missing) – Files created between 2007-02-14 and 2007-03-14 ----------------------------- 2007-03-14 16:40:46 0 d-------- D:!KillBox 2007-03-13 18:36:48 934 --a------ D:\WINDOWS\gmer.reg 2007-03-13 18:19:51 80 --a------ D:\WINDOWS\gmer_uninstall.cmd 2007-03-13 14:58:21 0 d-------- D:\SDFix 2007-03-13 14:57:39 0 d-------- D:\WINDOWS\CSC 2007-03-13 14:43:50 1970 --a------ D:\WINDOWS\System32\tmp.reg 2007-03-12 20:20:14 0 d-------- D:\WINDOWS\pss 2007-03-12 15:20:10 0 d-a------ D:\FOUND.008 2007-03-12 14:33:24 0 d-a------ D:\FOUND.007 2007-03-11 20:21:56 0 d-a------ D:\FOUND.006 2007-03-11 20:13:30 0 d-a------ D:\FOUND.005 2007-03-10 23:35:30 0 d-a------ D:\FOUND.004 2007-03-10 21:11:04 0 d-------- D:\MaNGOS 2007-03-10 14:56:58 0 d-a------ D:\FOUND.003 2007-03-10 13:50:47 10345 --a------ D:\WINDOWS\System32\drivers\hamachi.sys 2007-03-10 13:50:46 0 d-------- D:\Program Files\Hamachi 2007-03-10 10:57:56 0 d-a------ D:\FOUND.002 2007-03-09 18:12:11 33952 --a------ D:\WINDOWS\System32\drivers\oreans32.sys 2007-02-27 15:57:50 0 d-------- D:\Program Files\PremiumSoft 2007-02-27 15:57:32 0 d-------- D:\Navicat 2007-02-27 15:35:27 0 d-------- D:\Program Files\xampp 2007-02-24 13:39:27 761856 --a------ D:\WINDOWS\System32\xvidcore.dll 2007-02-24 13:39:25 180224 --a------ D:\WINDOWS\System32\xvidvfw.dll 2007-02-24 13:39:24 0 d-------- D:\Program Files\XviD 2007-02-24 13:38:31 109568 -----n— D:\WINDOWS\System32\pxinsi64.exe 2007-02-24 13:38:31 108544 -----n— D:\WINDOWS\System32\pxcpyi64.exe 2007-02-24 13:38:12 0 d-------- D:\Program Files\DivX 2007-02-22 19:41:44 0 d-------- D:\WINDOWS\Sun 2007-02-22 19:39:11 0 d-------- D:\Program Files\Java 2007-02-22 19:36:23 0 d-------- D:\Program Files\Common Files\Java 2007-02-22 16:48:51 0 d-------- D:\Program Files\MegauploadToolbar 2007-02-22 16:31:51 139264 --a------ D:\WINDOWS\NeoUninstall.exe 2007-02-19 19:41:12 0 d-------- D:\Program Files\Common Files\Canopus Shared 2007-02-19 19:41:09 0 d-------- D:\Program Files\Canopus 2007-02-19 17:56:29 13780 --a------ D:\WINDOWS\System32\drivers\pfc.sys 2007-02-19 17:56:09 0 d-------- D:\Program Files\Sonic Solutions 2007-02-19 17:55:18 86016 --a------ D:\WINDOWS\unvise32qt.exe 2007-02-19 17:54:34 28672 --a------ D:\WINDOWS\System32\qttask.exe 2007-02-19 17:54:23 0 d-------- D:\WINDOWS\System32\QuickTime 2007-02-19 17:54:22 0 d-------- D:\Program Files\QuickTime 2007-02-19 17:53:53 94208 --a------ D:\WINDOWS\System32\TCPreset202.dll 2007-02-19 17:53:53 0 d-------- D:\Program Files\TCWorks 2007-02-19 17:53:31 572752 --a------ D:\WINDOWS\System32\wmvdmoe.dll 2007-02-19 17:53:31 665424 --a------ D:\WINDOWS\System32\wmv8dmoe.dll 2007-02-19 17:53:31 438608 --a------ D:\WINDOWS\System32\wmv8dmod.dll 2007-02-19 17:53:30 1683792 --a------ D:\WINDOWS\System32\wmvcore2.dll 2007-02-19 17:53:30 117072 --a------ D:\WINDOWS\System32\wmsdmoe.dll 2007-02-19 17:53:20 0 d-------- D:\Program Files\directx 2007-02-19 17:39:49 299520 --a------ D:\WINDOWS\uninst.exe 2007-02-18 20:38:31 0 d-------- D:\Program Files\Common Files\Skype 2007-02-17 14:48:01 50688 --a------ D:\WINDOWS\System32\vfwwdm32.dll 2007-02-17 14:47:49 35584 --a------ D:\WINDOWS\System32\drivers\avc.sys 2007-02-17 14:39:30 45952 --a------ D:\WINDOWS\System32\drivers\61883.sys 2007-02-17 14:03:25 55424 --a------ D:\WINDOWS\System32\drivers\ohci1394.sys 2007-02-17 14:02:55 6400 --a------ D:\WINDOWS\System32\drivers\enum1394.sys 2007-02-17 14:02:02 49536 --a------ D:\WINDOWS\System32\drivers\1394bus.sys 2007-02-17 13:44:01 141 --a------ D:\WINDOWS\System32\imon1.dat 2007-02-14 20:05:05 0 d-------- D:\Program Files\Skype – Find3M Report --------------------------------------------------------------- 2007-03-12 14:48:24 355820 --a------ D:\WINDOWS\System32\perfh015.dat 2007-03-12 14:48:24 49608 --a------ D:\WINDOWS\System32\perfc015.dat 2007-03-06 16:35:36 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Nvu 2007-02-22 19:41:44 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Sun 2007-02-22 19:40:44 3415 --a------ D:\WINDOWS\mozver.dat 2007-02-22 16:48:52 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\MegauploadToolbar 2007-02-14 20:05:42 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Skype 2007-02-12 19:48:52 21840 --a------ D:\WINDOWS\System32\SIntfNT.dll 2007-02-12 19:48:52 17212 --a------ D:\WINDOWS\System32\SIntf32.dll 2007-02-12 19:48:52 12067 --a------ D:\WINDOWS\System32\SIntf16.dll 2007-02-12 19:17:28 25359 --a------ D:\WINDOWS\DIIUnin.dat 2007-02-12 19:10:50 2829 --a------ D:\WINDOWS\DIIUnin.pif 2007-02-07 21:24:44 14688 --a------ D:\WINDOWS\War3Unin.dat 2007-02-07 21:24:30 2829 --a------ D:\WINDOWS\War3Unin.pif 2007-02-07 21:24:30 126976 --a------ D:\WINDOWS\War3Unin.exe 2007-02-06 18:49:06 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Lavasoft 2007-02-03 21:53:56 0 d-------- D:\Program Files\backburner 2 2007-02-03 21:53:54 0 d-------- D:\Program Files\Common Files\Autodesk Shared 2007-02-03 19:51:38 2560 --a------ D:\WINDOWS\System32\BitCometRes.dll 2007-01-26 20:31:58 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Adobe 2007-01-23 17:37:18 554 --a------ D:\WINDOWS\eReg.dat 2007-01-23 17:36:02 737280 --a------ D:\WINDOWS\iun6002.exe 2007-01-23 14:48:06 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Ahead 2007-01-22 23:01:10 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Macromedia 2007-01-22 16:31:30 0 d-------- D:\Program Files\Przegladarka migawek 2007-01-22 16:15:38 0 d-------- D:\Program Files\Przeglądarka migawek 2007-01-22 16:14:48 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Microsoft Web Folders 2007-01-22 16:04:54 298104 --a------ D:\WINDOWS\System32\imon.dll 2007-01-22 15:34:12 0 d-------- D:\Program Files\Thomson 2007-01-22 14:54:50 0 d–h----- D:\Program Files\InstallShield Installation Information 2007-01-22 14:54:06 0 d-------- D:\Program Files\Common Files\XCPCSync.OEM 2007-01-22 14:53:18 0 d-------- D:\Program Files\Common Files\InstallShield 2007-01-22 14:47:42 0 d-------- D:\Program Files\Common Files\Adobe 2007-01-22 14:32:02 0 d-------- D:\Program Files\Common Files\Ahead 2007-01-22 14:30:44 0 --a------ D:\WINDOWS\nsreg.dat 2007-01-22 14:30:40 100489 --a------ D:\WINDOWS\UninstallFirefox.exe 2007-01-22 14:30:30 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Mozilla 2007-01-22 13:20:54 0 d-------- D:\Documents and Settings\Maciek\Dane aplikacji\Identities 2007-01-22 13:11:26 0 d-------- D:\Program Files\microsoft frontpage 2007-01-22 13:08:08 0 d-------- D:\Program Files\Movie Maker 2007-01-22 13:07:20 0 d-------- D:\Program Files\Common Files\MSSoap 2007-01-22 13:06:26 21856 --a------ D:\WINDOWS\System32\emptyregdb.dat 2007-01-22 13:05:54 0 d–h----- D:\Program Files\WindowsUpdate 2007-01-22 13:05:54 0 d-------- D:\Program Files\Usługi online 2007-01-22 13:05:46 0 d-------- D:\Program Files\Messenger 2007-01-22 13:05:36 0 d-------- D:\Program Files\MSN Gaming Zone 2007-01-22 13:05:22 0 d-------- D:\Program Files\Windows NT 2007-01-22 12:58:20 0 d-------- D:\Program Files\Common Files\ODBC 2007-01-22 12:58:16 0 d-------- D:\Program Files\Common Files\SpeechEngines 2007-01-22 12:57:48 62 --ahs---- D:\Documents and Settings\Maciek\Dane aplikacji\desktop.ini 2007-01-22 12:57:30 0 d—s---- D:\Documents and Settings\Maciek\Dane aplikacji\Microsoft – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “MSMSGS”="“D:\Program Files\Messenger\msmsgs.exe” /background" “Gadu-Gadu”="“E:\Komunikatory\Gadu-Gadu\gg.exe” /tray" “Skype”="“D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “NvCplDaemon”=“RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” “NvMediaCenter”=“RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit” “SpeedTouch USB Diagnostics”="“D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon" “nod32kui”="“D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" “Msn Messenger”=“msnmsgr.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] “NoChange”=“1” “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Msn Messenger”=“msnmsgr.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“D:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 – End of ComboScan: finished at 2007-03-14 at 17:01:25 ------------------------

A przy SilentRunners wywala mi jakis błąd przy uruchamianiu.

Aha i jesli to pomoże - to nazwa tego robaka znaleziona na jednej stronce W32.Cervivec.A@mm. A takim ekranem objawia sie jego uruchomienie przy starcie systemu http://domi-mikolka.w.interia.pl/NTkrnl.jpg

I cytat ze strony Kaspersky -

Ale tu wystepuje pod nazwa I-Worm.Cervivec.

adam9870 · 14 Marzec 2007 16:52

W logach nic nie widać ale zastanawia mnie ten msnmsgr.exe uruchamiany z kluczy:

Skoro Messenger jest już:

Poszukaj pliku msnmsgr.exe w katalogu c:\windows a jeśli będzie, to go usuń, a dodatkowo usuń wartość Msn Messenger z start => uruchom => regedit =>

Możesz usunąć ręcznie foldery narzędzi.

W żadnych z logów, które zamieściłeś go nie widać. Zresztą sam możesz sprawdzić w logu Combo czy w kluczu:

masz auto-run.

Na koniec możesz przeskanować http://www.kaspersky.pl/virusscanner.html

O problemach z silentem poczytaj TUTAJ.