od kilku tygodniu bezskutecznie probuje usunac dialera delsim, prosze o pomoc. posiadam windowsa 2000,
dodam ze nie moge uruchomic AVG Anti-Spyware.
Złączono Posta : 13.06.2007 (Sro) 23:17
nikt nie pomoze???
od kilku tygodniu bezskutecznie probuje usunac dialera delsim, prosze o pomoc. posiadam windowsa 2000,
dodam ze nie moge uruchomic AVG Anti-Spyware.
Złączono Posta : 13.06.2007 (Sro) 23:17
nikt nie pomoze???
Pobierz
ComboFix
http://cybertrash.pl/images/tata/ComboFix.html
SDFix
http://cybertrash.pl/images/tata/SDFix.html
ComboScan
http://cybertrash.pl/images/tata/ComboS … oScan.html
1.Odłącz komputer od sieci
Wyłącz usługi
Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz
Windows DHCP Client Service i Windows Tune service
Znajdż i jeżeli będą , w trybie awaryjnym usuń pliki pogrubione
config.exe i tune.exe oraz zafixuj w HJT.
3.Uruchom ComboFix-a.
4.Podłącz sieć i w trybie awaryjnym z obsługą sieci i uruchom SDFix-a.
5.Po powrocie do trybu normalnego uruchom ComboScan-a.
6.Podaj logi z w/w i HJT.
Instrukcje obsługi są na podanych linkach.
combofix log
ComboFix 07-06-13.3 - C:\Documents and Settings\Bober\Pulpit\ComboFix.exe
"Bober" - 2007-06-14 8:53:18 - Service Pack 4 NTFS [SAFE MODE]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\00734.exe
C:\WINNT\03443.exe
C:\WINNT\05474.exe
C:\WINNT\05735.exe
C:\WINNT\07811.exe
C:\WINNT\10552.exe
C:\WINNT\13060.exe
C:\WINNT\13563.exe
C:\WINNT\15855.exe
C:\WINNT\17612.exe
C:\WINNT\24438.exe
C:\WINNT\24816.exe
C:\WINNT\26044.exe
C:\WINNT\33605.exe
C:\WINNT\35842.exe
C:\WINNT\36766.exe
C:\WINNT\36830.exe
C:\WINNT\38572.exe
C:\WINNT\40324.exe
C:\WINNT\42744.exe
C:\WINNT\43612.exe
C:\WINNT\43757.exe
C:\WINNT\44064.exe
C:\WINNT\44767.exe
C:\WINNT\48724.exe
C:\WINNT\50256.exe
C:\WINNT\51640.exe
C:\WINNT\53085.exe
C:\WINNT\53326.exe
C:\WINNT\53812.exe
C:\WINNT\54767.exe
C:\WINNT\56147.exe
C:\WINNT\57431.exe
C:\WINNT\57436.exe
C:\WINNT\61065.exe
C:\WINNT\61351.exe
C:\WINNT\62575.exe
C:\WINNT\68324.exe
C:\WINNT\71605.exe
C:\WINNT\75751.exe
C:\WINNT\77111.exe
C:\WINNT\77502.exe
C:\WINNT\77812.exe
C:\WINNT\83081.exe
C:\WINNT\83516.exe
C:\WINNT\83837.exe
C:\WINNT\85655.exe
C:\WINNT\86106.exe
C:\WINNT\86671.exe
C:\WINNT\87575.exe
C:\WINNT\88015.exe
C:\WINNT\88308.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NWSAPAGENT
-------\nm
((((((((((((((((((((((((( Files Created from 2007-05-14 to 2007-06-14 )))))))))))))))))))))))))))))))
2007-06-14 08:53 49,152 --a------ C:\WINNT\nircmd.exe
2007-06-13 13:18 132,608 --a------ C:\x7g3a8d6u4c1.exe
2007-06-13 13:18
[b]combo scan log[/b]
[code]Deckard’s System Scanner v20070611.50 Run by Bober on 2007-06-14 at 09:23:36 Computer is in Normal Mode. -------------------------------------------------------------------------------- Performed disk cleanup. – HijackThis (run as Bober.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 09:23:43, on 2007-06-14 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\HPZipm12.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe D:\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe D:\HP\Digital Imaging\bin\hpqtra08.exe C:\WINNT\system32\svchost.exe D:\HP\Digital Imaging\bin\hpqSTE08.exe D:\HP\Digital Imaging\bin\hpqimzone.exe C:\WINNT\explorer.exe C:\Documents and Settings\Bober\Pulpit\dss.exe C:\DOCUME~1\Bober\Pulpit\Bober.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM…\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [SpeedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [SDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = D:\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = D:\Office2000\Office\OSA9.EXE O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177186071612 O17 - HKLM\System\CCS\Services\Tcpip…{B8705CBE-6081-4BB6-B496-98B8A719F0C9}: NameServer = 194.204.159.1 194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{D7EDB0E5-3124-4D91-8671-131D331EF202}: NameServer = 194.204.159.1,194.204.152.34 O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: 01465 - Unknown owner - \83.23.216.11\Admin$\33605.exe (file missing) O23 - Service: 11053 - Unknown owner - \83.23.237.6\Admin$\83081.exe (file missing) O23 - Service: 21005 - Unknown owner - \83.23.192.14\Admin$\50256.exe (file missing) O23 - Service: 23843 - Unknown owner - \83.23.193.89\Admin$\13563.exe (file missing) O23 - Service: 26734 - Unknown owner - \83.23.220.64\Admin$\86671.exe (file missing) O23 - Service: 36133 - Unknown owner - \83.23.41.51\Admin$\48724.exe (file missing) O23 - Service: 40108 - Unknown owner - \83.23.239.80\Admin$\55078.exe (file missing) O23 - Service: 46260 - Unknown owner - \83.23.198.92\Admin$\35842.exe (file missing) O23 - Service: 55021 - Unknown owner - \83.23.41.25\Admin$\26044.exe (file missing) O23 - Service: 60044 - Unknown owner - \83.23.221.57\Admin$\83016.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe – File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*[/COLOR] – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\winnt\system32\drivers\alcan5wn.sys R3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - c:\winnt\system32\drivers\alcaudsl.sys S3 Winacpci - c:\winnt\system32\drivers\winacpci.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 Event (Events Log) - c:\winnt\system32\drivers\csrss.exe -k networkservice S2 PDSched (PDScheduler) - “c:\program files\raxco\perfectdisk\pdsched.exe” S3 01465 - \83.23.216.11\admin$\33605.exe (file missing) S3 11053 - \83.23.237.6\admin$\83081.exe (file missing) S3 21005 - \83.23.192.14\admin$\50256.exe (file missing) S3 23843 - \83.23.193.89\admin$\13563.exe (file missing) S3 26734 - \83.23.220.64\admin$\86671.exe (file missing) S3 36133 - \83.23.41.51\admin$\48724.exe (file missing) S3 40108 - \83.23.239.80\admin$\55078.exe (file missing) S3 46260 - \83.23.198.92\admin$\35842.exe (file missing) S3 55021 - \83.23.41.25\admin$\26044.exe (file missing) S3 60044 - \83.23.221.57\admin$\83016.exe (file missing) – Files created between 2007-05-14 and 2007-06-14 ----------------------------- 2007-06-14 09:37:05 245760 --a------ C:\WINNT\system32\drivers\csrss.exe 2007-06-13 13:18:54 0 d–h----- C:\Program Files\Common Files\delsim 2007-06-13 13:18:49 132608 --a------ C:\x7g3a8d6u4c1.exe 2007-06-08 10:44:21 554400 —h----- C:\WINNT\ShellIconCache 2007-06-08 09:59:01 0 d-------- C:\Program Files\EMCO Malware Destroyer 2007-06-04 08:48:00 499200 -r-hs---- C:\WINNT\VTTimer.exe 2007-05-29 11:56:41 0 d-------- C:\Program Files\Cartall – Find3M Report --------------------------------------------------------------- 2007-06-14 09:04:11 0 d-------- C:\Program Files\AutoConnect 2007-06-13 11:59:41 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Grisoft 2007-06-13 09:47:48 0 d-------- C:\Program Files\Spyware Doctor 2007-06-11 11:30:55 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\AVG7 2007-06-04 11:19:13 0 d-------- C:\Program Files\Yahoo! 2007-05-13 20:28:37 0 d-------- C:\Program Files\Common Files\Raxco 2007-05-13 20:28:36 0 d-------- C:\Program Files\Raxco 2007-05-13 17:56:32 199680 -r-hs---- C:\WINNT\system32\upx202-adtp.exe 2007-05-13 17:56:32 22016 -r-hs---- C:\WINNT\system32\hoko.dll 2007-05-13 17:56:32 6656 -r-hs---- C:\WINNT\system32\hguard.dll 2007-05-13 17:48:08 0 d-------- C:\Program Files\Dialer Killer 2007-05-13 13:19:25 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-05-13 11:46:36 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Lavasoft 2007-05-13 11:46:27 0 d-------- C:\Program Files\Lavasoft 2007-05-13 11:45:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-10 13:12:34 422596 --a------ C:\WINNT\system32\perfh015.dat 2007-05-10 13:12:34 63428 --a------ C:\WINNT\system32\perfc015.dat 2007-05-10 12:17:18 0 d-------- C:\Program Files\CCleaner 2007-05-10 02:09:12 0 d-------- C:\Program Files\FlashGet 2007-05-09 17:04:52 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\PC Tools 2007-05-09 14:26:23 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-05-09 14:01:06 0 d-------- C:\Program Files\AIDA32 - Personal System Information 2007-05-09 14:00:24 0 d-------- C:\Program Files\Alwil Software 2007-05-09 13:12:24 37 --a------ C:\WINNT~ 2007-05-08 09:52:19 96048 --a------ C:\WINNT\system32\sfc.dll 2007-05-06 21:57:49 37 --a------ C:\WINNT; 2007-05-04 00:02:56 53248 --a------ C:\WINNT\PSEXESVC.EXE 2007-05-01 18:20:10 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\FlashGet 2007-04-26 11:19:36 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\AdobeUM 2007-04-25 12:18:31 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Microsoft Web Folders 2007-04-25 12:18:14 0 d-------- C:\Program Files\microsoft frontpage 2007-04-25 10:42:46 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Help 2007-04-24 22:01:14 0 d-------- C:\Program Files\Common Files\Adobe 2007-04-24 22:01:14 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Adobe 2007-04-24 17:49:43 0 d-------- C:\Program Files\UIU 2007-04-24 16:57:37 41 --a------ C:\WINNT\WFXDEL.BAT 2007-04-24 08:01:24 0 d-------- C:\Program Files\MSXML 4.0 2007-04-24 06:25:33 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Gadu-Gadu 2007-04-23 14:38:53 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\HP 2007-04-23 09:29:47 0 d-------- C:\Program Files\Gadu-Gadu 2007-04-23 08:53:38 37 --a------ C:\WINNT\2 2007-04-22 16:11:02 109723 --a------ C:\WINNT\hpoins08.dat 2007-04-22 15:54:57 0 d-------- C:\Program Files\Common Files\Sonic Shared 2007-04-22 15:54:32 0 d-------- C:\Program Files\Common Files\HP 2007-04-22 15:50:44 0 d-------- C:\Program Files\Hewlett-Packard 2007-04-22 15:44:22 0 d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-04-22 15:40:53 0 d-------- C:\Program Files\HP 2007-04-22 15:32:57 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Macromedia 2007-04-22 15:26:52 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Symantec 2007-04-22 14:38:04 0 d-------- C:\Program Files\STREAM soft 2007-04-21 21:54:58 0 d-------- C:\Program Files\Borland 2007-04-21 21:50:27 0 d-a------ C:\Program Files\Common Files\ODBC 2007-04-21 21:33:43 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Talkback 2007-04-21 21:33:36 0 --a------ C:\WINNT\nsreg.dat 2007-04-21 21:33:27 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Mozilla 2007-04-21 21:31:46 37 --a------ C:\WINNT\r007 2007-04-21 21:31:44 37 --a------ C:\WINNT= 2007-04-21 21:29:46 0 d-a------ C:\Program Files\Panda Software 2007-04-21 21:18:12 0 d-------- C:\Program Files\Alcatel 2007-04-21 21:14:49 0 d-------- C:\Program Files\Intel 2007-04-21 21:14:14 0 d-------- C:\Program Files\Common Files\InstallShield 2007-04-21 21:11:37 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Identities 2007-04-21 21:05:06 0 -rahs---- C:\MSDOS.SYS 2007-04-21 21:05:06 0 -rahs---- C:\IO.SYS 2007-04-21 21:05:06 0 —h----- C:\CONFIG.SYS 2007-04-21 21:05:06 0 —h----- C:\AUTOEXEC.BAT 2007-04-21 21:03:39 15144 --a------ C:\WINNT\system32\emptyregdb.dat 2007-04-21 21:02:30 0 d-ah----- C:\Program Files\WindowsUpdate 2007-04-21 21:02:24 0 d-------- C:\Program Files\Windows NT 2007-04-21 21:02:10 0 d-------- C:\Program Files\Accessories – Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} D:\Adobe\Reader\ActiveX\AcroIEHelper.dll {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll {53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “Synchronization Manager”=“mobsync.exe /logon” “nwiz”=“nwiz.exe /install” “SpeedTouch USB Diagnostics”="“C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon" “HP Software Update”=“D:\HP\HP Software Update\HPWuSchd2.exe” “SDTray”="“C:\Program Files\Spyware Doctor\SDTrayApp.exe”" “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “^SetupICWDesktop”=“C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “internat.exe”=“internat.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Dialer Toolkit Pro] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ADTP” “hkey”=“HKCU” “command”=“C:\Documents and Settings\Bober\Pulpit\adtp20\ADTP.EXE /t” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialerKiller] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“DialKill” “hkey”=“HKLM” “command”=“C:\Program Files\Dialer Killer\DialKill.exe -h” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“internat” “hkey”=“HKCU” “command”=“internat.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] rpcss REG_MULTI_SZ RpcSs\0\0 wugroup REG_MULTI_SZ wuauserv\0\0 BITSgroup REG_MULTI_SZ BITS\0\0 – End of Deckard’s System Scanner: finished at 2007-06-14 at 09:40:51 ---------
sdfix log
SDFix: Version 1.87
Run by Bober on Cz 2007-06-14 at 8:59
Microsoft Windows 2000 [Wersja 5.00.2195]
Running From: C:\DOCUME~1\Bober\Pulpit\SDFix
Safe Mode:
Checking Services:
Name:
Microsoft Internet Explorer
Windows DHCP Client Service
Windows Tune service
ImagePath:
"C:\WINNT\iexplore.exe"
"C:\WINNT\dhcp.exe"
"C:\WINNT\tune.exe"
Microsoft Internet Explorer - Deleted
Windows DHCP Client Service - Deleted
Windows Tune service - Deleted
C:\WINNT\system32\Microsoft\backup.ftp Found...
C:\WINNT\system32\Microsoft\backup.tftp Found...
Checking files:
Genuine:
C:\WINNT\system32\Microsoft\backup.ftp
C:\WINNT\system32\Microsoft\backup.tftp
Dummy:
C:\WINNT\system32\ftp.exe
C:\WINNT\system32\tftp.exe
C:\WINNT\system32\dllcache\ftp.exe
C:\WINNT\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINNT\system32\Microsoft\backup.ftp
C:\WINNT\system32\Microsoft\backup.tftp
C:\WINNT\system32\ftp.exe
C:\WINNT\system32\tftp.exe
C:\WINNT\system32\dllcache\ftp.exe
C:\WINNT\system32\dllcache\tftp.exe
Dummy:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINNT\eraseme_61322.exe - Deleted
C:\WINNT\dhcp.exe - Deleted
C:\WINNT\system32\Microsoft\backup.ftp - Deleted
C:\WINNT\system32\Microsoft\backup.tftp - Deleted
C:\WINNT\system32\TFTP1096 - Deleted
C:\WINNT\system32\TFTP200 - Deleted
C:\WINNT\system32\TFTP2572 - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINNT\
C:\WINNT
No streams found.
Checking C:\WINNT\system32
C:\WINNT\system32
No streams found.
Checking C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
No streams found.
Checking C:\WINNT\system32\ntoskrnl.exe
C:\WINNT\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Bober\Pulpit\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\WINNT\system32\hguard.dll
C:\WINNT\system32\hoko.dll
C:\WINNT\VTTimer.exe
C:\WINNT\system32\upx202-adtp.exe
C:\WINNT\system32\config\default.tmp.LOG
C:\WINNT\system32\config\SAM.tmp.LOG
C:\WINNT\system32\config\SECURITY.tmp.LOG
C:\WINNT\system32\config\software.tmp.LOG
C:\WINNT\system32\config\system.tmp.LOG
Listing User Accounts:
Konta uľytkownik˘w dla \\
Administrator ASPNET Bober
Go˜†
Zakoäczono wykonywanie polecenia, przy czym wystĄpiˆ przynajmniej jeden bˆĄd.
Finished
hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 09:23:43, on 2007-06-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
D:\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
D:\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINNT\system32\svchost.exe
D:\HP\Digital Imaging\bin\hpqSTE08.exe
D:\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINNT\explorer.exe
C:\Documents and Settings\Bober\Pulpit\dss.exe
C:\DOCUME~1\Bober\Pulpit\Bober.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe”
O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = D:\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office2000\Office\OSA9.EXE
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7186071612
O17 - HKLM\System\CCS\Services\Tcpip…{B8705CBE-6081-4BB6-B496-98B8A719F0C9}: NameServer = 194.204.159.1 194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{D7EDB0E5-3124-4D91-8671-131D331EF202}: NameServer = 194.204.159.1,194.204.152.34
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: 01465 - Unknown owner - \83.23.216.11\Admin$\33605.exe (file missing)
O23 - Service: 11053 - Unknown owner - \83.23.237.6\Admin$\83081.exe (file missing)
O23 - Service: 21005 - Unknown owner - \83.23.192.14\Admin$\50256.exe (file missing)
O23 - Service: 23843 - Unknown owner - \83.23.193.89\Admin$\13563.exe (file missing)
O23 - Service: 26734 - Unknown owner - \83.23.220.64\Admin$\86671.exe (file missing)
O23 - Service: 36133 - Unknown owner - \83.23.41.51\Admin$\48724.exe (file missing)
O23 - Service: 40108 - Unknown owner - \83.23.239.80\Admin$\55078.exe (file missing)
O23 - Service: 46260 - Unknown owner - \83.23.198.92\Admin$\35842.exe (file missing)
O23 - Service: 55021 - Unknown owner - \83.23.41.25\Admin$\26044.exe (file missing)
O23 - Service: 60044 - Unknown owner - \83.23.221.57\Admin$\83016.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
[
W trybie awaryjnym z obsługą sieci przeskanuj skanerami on-line np.
http://housecall60.trendmicro.com/en/st … sp?id=scan
Ponownie wklej logi scanera i ComboScan-a(dss.exe).