Problem z svchost - komunikat Windows Worms Doors Cleaner

groove021 · 3 Czerwiec 2007 16:02

Podczas robienia porządków z komputerem ww program wyświetlił mi informacje o podejrzeniu infekcji. Przeskanowałem komputer kilkoma programami usuwając sporą ilość śmieci jednak problem pozostał nadal. Proszę o pomoc w rozwiązaniu bo skończyły mi się pomysły co z tym dalej zrobić;) Z góry dziękuje. Poniżej wklejam komunikat jaki wyświetlił wwdc.

P.S. Poprawiłem shoot’a

adam9870 · 3 Czerwiec 2007 16:48

Komunikat programu WWDC informujący o innym niż standardowy rozmiar pliku svchost nie musi wcale oznaczać nic złego. Plik svchost.exe może zostać zmodyfikowany przez jakąś całkowicie niegroźną aplikację, a nie szkodnika. Jeśli jednak chcesz możesz podmienić plik svchost.exe na orginalny z płyty instalacyjnej systemu. W tym celu uruchom Konsolę odzyskiwania CD i wydaj następujące polecenia:

Dla wykluczenia syfu możesz wrzucić log z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

groove021 · 3 Czerwiec 2007 18:01

Dziękuje za pomoc. Poniżej wklejam loga z ComboFix:

“Pawe” - 2007-06-03 19:55:24 Dodatek Service Pack 2 ComboFix 07-05.27.BV - Running from: “C:\Documents and Settings\Pawe\Moje dokumenty\Moje programy\Ochrona\ComboFix” ((((((((((((((((((((((((((((((( Files Created from 2007-05-03 to 2007-06-03 )))))))))))))))))))))))))))))))))) 2007-06-03 19:24 2007-06-03 19:16 2007-06-03 19:14 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe 2007-06-03 19:13 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-06-03 16:29 2007-06-03 16:28 2007-06-03 16:22 2007-06-03 16:00 2007-05-28 17:32 2007-05-28 17:32 2007-05-23 19:06 2007-05-23 18:43 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys 2007-05-23 18:43 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys 2007-05-23 18:43 2007-05-23 18:06 2007-05-10 01:48 2007-05-10 00:03 2007-05-10 00:03 2007-05-10 00:03 2007-05-07 19:20 2007-05-07 19:01 2007-05-07 18:18 2007-05-07 17:57 2007-05-07 17:49 2007-05-07 17:48 2007-05-07 17:47 2007-05-07 17:46 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-05-07 17:46 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-05-07 17:46 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-05-07 17:46 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-05-07 17:33 2007-05-07 17:19 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-03 17:17:13 8 ----a-w C:\WINDOWS\system32\nvModes.dat 2007-06-03 15:04:14 -------- d-----w C:\Program Files\SUPERAntiSpyware 2007-06-03 14:31:17 -------- d-----w C:\DOCUME~1\PAWE~1\DANEAP~1\Skype 2007-06-03 14:29:44 -------- d-----w C:\Program Files\Skype 2007-06-03 14:02:35 -------- d-----w C:\DOCUME~1\PAWE~1\DANEAP~1\Real 2007-06-03 14:00:31 -------- d-----w C:\Program Files\Common Files\Real 2007-05-23 16:27:15 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-05-08 19:06:07 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-08 19:06:07 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-08 19:04:40 -------- d-----w C:\Program Files\Microsoft Bootvis 2007-05-08 17:33:48 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe 2007-05-07 17:29:57 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-07 17:01:43 4,355 ----a-w C:\WINDOWS\mozver.dat 2007-05-07 16:29:58 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-05-07 15:51:06 -------- d-----w C:\DOCUME~1\PAWE~1\DANEAP~1\Nokia 2007-05-07 15:50:22 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-07 15:48:21 -------- d-----w C:\Program Files\Common Files\PCSuite 2007-05-07 15:48:19 -------- d-----w C:\Program Files\Nokia 2007-04-30 21:52:59 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-22 21:45:54 -------- d-----w C:\Program Files\Jufsoft 2007-04-19 11:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll 2007-04-19 11:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-04-19 11:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-04-19 11:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll 2007-04-19 11:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-04-19 11:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-04-19 11:26:00 5,255,168 ----a-w C:\WINDOWS\system32\nvdispsr.dll 2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-04-19 11:26:00 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll 2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-04-19 11:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll 2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll 2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll 2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll 2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll 2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll 2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll 2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll 2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-04-19 11:26:00 3,988,384 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-04-19 11:26:00 3,203,072 ----a-w C:\WINDOWS\system32\nvgamesr.dll 2007-04-19 11:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll 2007-04-19 11:26:00 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll 2007-04-19 11:26:00 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll 2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll 2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll 2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-04-19 11:26:00 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll 2007-04-19 11:26:00 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll 2007-04-19 11:26:00 278,528 ----a-w C:\WINDOWS\system32\nvrsfr.dll 2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsit.dll 2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrses.dll 2007-04-19 11:26:00 274,432 ----a-w C:\WINDOWS\system32\nvrsel.dll 2007-04-19 11:26:00 270,336 ----a-w C:\WINDOWS\system32\nvrsde.dll 2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrspt.dll 2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsnl.dll 2007-04-19 11:26:00 266,240 ----a-w C:\WINDOWS\system32\nvrsesm.dll 2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsru.dll 2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsptb.dll 2007-04-19 11:26:00 262,144 ----a-w C:\WINDOWS\system32\nvrsja.dll 2007-04-19 11:26:00 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll 2007-04-19 11:26:00 253,952 ----a-w C:\WINDOWS\system32\nvrshu.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrstr.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssl.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrssk.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrspl.dll 2007-04-19 11:26:00 249,856 ----a-w C:\WINDOWS\system32\nvrsno.dll 2007-04-19 11:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrssv.dll 2007-04-19 11:26:00 245,760 ----a-w C:\WINDOWS\system32\nvrsda.dll 2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrsfi.dll 2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrseng.dll 2007-04-19 11:26:00 241,664 ----a-w C:\WINDOWS\system32\nvrscs.dll 2007-04-19 11:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-04-19 11:26:00 221,184 ----a-w C:\WINDOWS\system32\nvrszhc.dll 2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvwrsja.dll 2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-04-19 11:26:00 2,973,696 ----a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-04-19 11:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-04-19 11:26:00 2,859,008 ----a-w C:\WINDOWS\system32\nvmoblsr.dll 2007-04-19 11:26:00 196,608 ----a-w C:\WINDOWS\system32\nvwrsko.dll 2007-04-19 11:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll 2007-04-19 11:26:00 167,936 ----a-w C:\WINDOWS\system32\nvwrszht.dll 2007-04-19 11:26:00 163,840 ----a-w C:\WINDOWS\system32\nvwrszhc.dll 2007-04-19 11:26:00 159,810 ----a-w C:\WINDOWS\system32\nvsvc32.exe 2007-04-19 11:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe 2007-04-19 11:26:00 118,784 ----a-w C:\WINDOWS\system32\nvrszht.dll 2007-04-19 11:26:00 1,732,608 ----a-w C:\WINDOWS\system32\nvwssr.dll 2007-04-19 11:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll 2007-04-19 11:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe 2007-04-19 11:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll 2007-04-19 11:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe 2007-04-19 11:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-04-19 11:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll 2007-04-19 11:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-09 11:38:22 -------- d-----w C:\DOCUME~1\PAWE~1\DANEAP~1\Nokia Multimedia Player 2007-04-08 19:22:03 -------- d-----w C:\DOCUME~1\PAWE~1\DANEAP~1\MegauploadToolbar 2007-04-07 12:48:46 -------- d-----w C:\Program Files\MegauploadToolbar 2007-04-07 11:24:56 -------- d-----w C:\DOCUME~1\PAWE~1\DANEAP~1\PC Suite 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-03-07 23:51:00 129,784 ------w C:\WINDOWS\system32\pxafs.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 08:55] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “SoundMan”=“SOUNDMAN.EXE” [] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-06-03 16:00] “nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 14:00] “csharpshell”=“C:\Windows\System32\csharpshell.exe” [2006-11-14 21:52] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t “Nokia.PCSync”=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2006-09-28 16:13] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “AVG Anti-Spyware Guard”=2 (0x2) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{83d21c37-3c16-11db-8af2-806d6172696f}] AutoRun\command- D:\Setupx.exe Contents of the ‘Scheduled Tasks’ folder 2007-05-25 15:50:23 C:\WINDOWS\tasks\1-Click Maintenance.job 2007-06-03 17:19:13 C:\WINDOWS\tasks\MP Scheduled Scan.job 2007-05-25 23:16:58 C:\WINDOWS\tasks\Nowe zadanie.job ******************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-03 19:56:40 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-06-03 19:57:08 — E O F —

Gutek · 3 Czerwiec 2007 18:09

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Po czyszczeniu daj log z Silneta ponieważ jest:

groove021 · 3 Czerwiec 2007 23:05

Przeczyściłem rejestr jv16 PowerTools i TuneUp Utilities 2006. Log z silent runners po czyszczeniu wygląda tak:

“Silent Runners.vbs”, revision 49, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “ctfmon.exe” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “csharpshell” = “C:\Windows\System32\csharpshell.exe” [null data] “NBJ” = ““C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”” [“Ahead Software AG”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] “swcpshell” = “C:\Windows\System32\csharpshell.exe” [null data] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “Rozszerzenie ikony HyperTerminalu” \InProcServer32(Default) = “hticons.dll” [file not found] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” = “TuneUp Shredder Shell Extension” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] “{44440D00-FF19-4AFC-B765-9A0970567D97}” = “TuneUp Theme Extension” -> {HKLM…CLSID} = “TuneUp Theme Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\uxtuneup.dll” [“TuneUp Software GmbH”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WINDOW~4\MpShHook.dll” [MS] <> “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}” = “AVG Anti-Spyware 7.5” -> {HKLM…CLSID} = “CShellExecuteHookImpl Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [“Anti-Malware Development a.s.”] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”| [file not found]| [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> !SASWinLogon\DLLName = “C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL” [“SUPERAntiSpyware.com”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware(Default) = “{8934FCEF-F5B8-468f-951F-78A921CD3920}” -> {HKLM…CLSID} = “CContextScan Object” \InProcServer32(Default) = “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll” [“Anti-Malware Development a.s.”] TuneUp Shredder Shell Extension(Default) = “{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}” -> {HKLM…CLSID} = “TuneUp Shredder Shell Extension” \InProcServer32(Default) = “C:\Program Files\TuneUp Utilities 2006\SDShelEx-win32.dll” [“TuneUp Software GmbH”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “ClearRecentDocsOnExit” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Scheduled Tasks: ------------------------ “1-Click Maintenance” -> launches: “C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart” [“TuneUp Software GmbH”] “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] “Nowe zadanie” -> launches: “C:\WINDOWS\system32\shutdown.exe -s -f” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{F2CF5485-4E02-4F68-819C-B92DE9277049}” -> {HKLM…CLSID} = “&Links” \InProcServer32(Default) = “C:\WINDOWS\system32\ieframe.dll” [MS] “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <> “TuneUp” = “file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css” [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] TuneUp Design Expansion, UxTuneUp, “C:\WINDOWS\System32\svchost.exe -k netsvcs” {“C:\WINDOWS\System32\uxtuneup.dll” [“TuneUp Software GmbH”]} Windows Defender, WinDefend, ““C:\Program Files\Windows Defender\MsMpEng.exe”” [MS] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, “C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup” {“C:\WINDOWS\System32\WUDFSvc.dll” [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 41 seconds. ---------- (total run time: 98 seconds)

Gutek · 3 Czerwiec 2007 23:08

Już Ok, ale zrób jeszcze to, otwórz notatnik i wklej:

Plik >>> Zapisz jako >>> Ustaw rozszerzenie z TXT na Wszystkie pliki >>> zapisz pod nazwą FIX.REG >>> kliknij podwójnie zrobiony plik i potwierdź >>> reset kompa

groove021 · 3 Czerwiec 2007 23:19

Już zrobione Dziękuje wam po raz kolejny. Dodam że komunikat wwdc o podejrzeniu infekcji znikł.