Problem z usunieciem dialera delsim

kuba.b · 13 Czerwiec 2007 07:59

od kilku tygodniu bezskutecznie probuje usunac dialera delsim, prosze o pomoc. posiadam windowsa 2000,

Logfile of HijackThis v1.99.1 Scan saved at 09:49:32, on 2007-06-13 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\Explorer.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe D:\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\AutoConnect\AutoConnect.exe D:\HP\Digital Imaging\bin\hpqtra08.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\nvsvc32.exe D:\HP\Digital Imaging\bin\hpqimzone.exe D:\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINNT\system32\HPZipm12.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\system32\mmc.exe C:\WINNT\system32\wuauclt.exe C:\Documents and Settings\Bober\Moje dokumenty\hj\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [Windows Config System] config.exe O4 - HKLM…\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [MRT] “C:\WINNT\system32\MRT.exe” /R O4 - HKLM…\RunServices: [Windows Config System] config.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = D:\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = D:\Office2000\Office\OSA9.EXE O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7186071612 O17 - HKLM\System\CCS\Services\Tcpip…{B8705CBE-6081-4BB6-B496-98B8A719F0C9}: NameServer = 194.204.159.1 194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{D7EDB0E5-3124-4D91-8671-131D331EF202}: NameServer = 194.204.159.1,194.204.152.34 O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: 01465 - Unknown owner - \83.23.216.11\Admin$\33605.exe (file missing) O23 - Service: 11053 - Unknown owner - \83.23.237.6\Admin$\83081.exe (file missing) O23 - Service: 21005 - Unknown owner - \83.23.192.14\Admin$\50256.exe (file missing) O23 - Service: 23843 - Unknown owner - \83.23.193.89\Admin$\13563.exe (file missing) O23 - Service: 26734 - Unknown owner - \83.23.220.64\Admin$\86671.exe (file missing) O23 - Service: 36133 - Unknown owner - \83.23.41.51\Admin$\48724.exe (file missing) O23 - Service: 40108 - Unknown owner - \83.23.239.80\Admin$\55078.exe (file missing) O23 - Service: 46260 - Unknown owner - \83.23.198.92\Admin$\35842.exe (file missing) O23 - Service: 55021 - Unknown owner - \83.23.41.25\Admin$\26044.exe (file missing) O23 - Service: 60044 - Unknown owner - \83.23.221.57\Admin$\83016.exe (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing) O23 - Service: Microsoft Internet Explorer - Unknown owner - C:\WINNT\iexplore.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: Windows DHCP Client Service - Unknown owner - C:\WINNT\dhcp.exe O23 - Service: Windows Tune service - Unknown owner - C:\WINNT\tune.exe (file missing)

dodam ze nie moge uruchomic AVG Anti-Spyware.

Złączono Posta : 13.06.2007 (Sro) 23:17

nikt nie pomoze???

M_i_r · 13 Czerwiec 2007 22:16

Pobierz

ComboFix

http://cybertrash.pl/images/tata/ComboFix.html

SDFix

http://cybertrash.pl/images/tata/SDFix.html

ComboScan

http://cybertrash.pl/images/tata/ComboS … oScan.html

1.Odłącz komputer od sieci

Wyłącz usługi

Start => Uruchom => wpisz services.msc => zatrzymaj i wyłącz

Windows DHCP Client Service i Windows Tune service

Znajdż i jeżeli będą , w trybie awaryjnym usuń pliki pogrubione

config.exe i tune.exe oraz zafixuj w HJT.

3.Uruchom ComboFix-a.

4.Podłącz sieć i w trybie awaryjnym z obsługą sieci i uruchom SDFix-a.

5.Po powrocie do trybu normalnego uruchom ComboScan-a.

6.Podaj logi z w/w i HJT.

Instrukcje obsługi są na podanych linkach.

kuba.b · 14 Czerwiec 2007 07:59

combofix log

ComboFix 07-06-13.3 - C:\Documents and Settings\Bober\Pulpit\ComboFix.exe

"Bober" - 2007-06-14 8:53:18 - Service Pack 4 NTFS [SAFE MODE]



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



C:\WINNT\00734.exe

C:\WINNT\03443.exe

C:\WINNT\05474.exe

C:\WINNT\05735.exe

C:\WINNT\07811.exe

C:\WINNT\10552.exe

C:\WINNT\13060.exe

C:\WINNT\13563.exe

C:\WINNT\15855.exe

C:\WINNT\17612.exe

C:\WINNT\24438.exe

C:\WINNT\24816.exe

C:\WINNT\26044.exe

C:\WINNT\33605.exe

C:\WINNT\35842.exe

C:\WINNT\36766.exe

C:\WINNT\36830.exe

C:\WINNT\38572.exe

C:\WINNT\40324.exe

C:\WINNT\42744.exe

C:\WINNT\43612.exe

C:\WINNT\43757.exe

C:\WINNT\44064.exe

C:\WINNT\44767.exe

C:\WINNT\48724.exe

C:\WINNT\50256.exe

C:\WINNT\51640.exe

C:\WINNT\53085.exe

C:\WINNT\53326.exe

C:\WINNT\53812.exe

C:\WINNT\54767.exe

C:\WINNT\56147.exe

C:\WINNT\57431.exe

C:\WINNT\57436.exe

C:\WINNT\61065.exe

C:\WINNT\61351.exe

C:\WINNT\62575.exe

C:\WINNT\68324.exe

C:\WINNT\71605.exe

C:\WINNT\75751.exe

C:\WINNT\77111.exe

C:\WINNT\77502.exe

C:\WINNT\77812.exe

C:\WINNT\83081.exe

C:\WINNT\83516.exe

C:\WINNT\83837.exe

C:\WINNT\85655.exe

C:\WINNT\86106.exe

C:\WINNT\86671.exe

C:\WINNT\87575.exe

C:\WINNT\88015.exe

C:\WINNT\88308.exe



((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))



-------\LEGACY_NWSAPAGENT

-------\nm



((((((((((((((((((((((((( Files Created from 2007-05-14 to 2007-06-14 )))))))))))))))))))))))))))))))



2007-06-14 08:53	49,152	--a------	C:\WINNT\nircmd.exe

2007-06-13 13:18	132,608	--a------	C:\x7g3a8d6u4c1.exe

2007-06-13 13:18	




[b]combo scan log[/b]

[code]Deckard’s System Scanner v20070611.50 Run by Bober on 2007-06-14 at 09:23:36 Computer is in Normal Mode. -------------------------------------------------------------------------------- Performed disk cleanup. – HijackThis (run as Bober.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 09:23:43, on 2007-06-14 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\SYSTEM32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\HPZipm12.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe D:\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe D:\HP\Digital Imaging\bin\hpqtra08.exe C:\WINNT\system32\svchost.exe D:\HP\Digital Imaging\bin\hpqSTE08.exe D:\HP\Digital Imaging\bin\hpqimzone.exe C:\WINNT\explorer.exe C:\Documents and Settings\Bober\Pulpit\dss.exe C:\DOCUME~1\Bober\Pulpit\Bober.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM…\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [SpeedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [SDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = D:\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = D:\Office2000\Office\OSA9.EXE O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177186071612 O17 - HKLM\System\CCS\Services\Tcpip…{B8705CBE-6081-4BB6-B496-98B8A719F0C9}: NameServer = 194.204.159.1 194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip…{D7EDB0E5-3124-4D91-8671-131D331EF202}: NameServer = 194.204.159.1,194.204.152.34 O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: 01465 - Unknown owner - \83.23.216.11\Admin$\33605.exe (file missing) O23 - Service: 11053 - Unknown owner - \83.23.237.6\Admin$\83081.exe (file missing) O23 - Service: 21005 - Unknown owner - \83.23.192.14\Admin$\50256.exe (file missing) O23 - Service: 23843 - Unknown owner - \83.23.193.89\Admin$\13563.exe (file missing) O23 - Service: 26734 - Unknown owner - \83.23.220.64\Admin$\86671.exe (file missing) O23 - Service: 36133 - Unknown owner - \83.23.41.51\Admin$\48724.exe (file missing) O23 - Service: 40108 - Unknown owner - \83.23.239.80\Admin$\55078.exe (file missing) O23 - Service: 46260 - Unknown owner - \83.23.198.92\Admin$\35842.exe (file missing) O23 - Service: 55021 - Unknown owner - \83.23.41.25\Admin$\26044.exe (file missing) O23 - Service: 60044 - Unknown owner - \83.23.221.57\Admin$\83016.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe – File Associations ----------------------------------------------------------- [COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%*[/COLOR] – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\winnt\system32\drivers\alcan5wn.sys R3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - c:\winnt\system32\drivers\alcaudsl.sys S3 Winacpci - c:\winnt\system32\drivers\winacpci.sys – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- S2 Event (Events Log) - c:\winnt\system32\drivers\csrss.exe -k networkservice S2 PDSched (PDScheduler) - “c:\program files\raxco\perfectdisk\pdsched.exe” S3 01465 - \83.23.216.11\admin$\33605.exe (file missing) S3 11053 - \83.23.237.6\admin$\83081.exe (file missing) S3 21005 - \83.23.192.14\admin$\50256.exe (file missing) S3 23843 - \83.23.193.89\admin$\13563.exe (file missing) S3 26734 - \83.23.220.64\admin$\86671.exe (file missing) S3 36133 - \83.23.41.51\admin$\48724.exe (file missing) S3 40108 - \83.23.239.80\admin$\55078.exe (file missing) S3 46260 - \83.23.198.92\admin$\35842.exe (file missing) S3 55021 - \83.23.41.25\admin$\26044.exe (file missing) S3 60044 - \83.23.221.57\admin$\83016.exe (file missing) – Files created between 2007-05-14 and 2007-06-14 ----------------------------- 2007-06-14 09:37:05 245760 --a------ C:\WINNT\system32\drivers\csrss.exe 2007-06-13 13:18:54 0 d–h----- C:\Program Files\Common Files\delsim 2007-06-13 13:18:49 132608 --a------ C:\x7g3a8d6u4c1.exe 2007-06-08 10:44:21 554400 —h----- C:\WINNT\ShellIconCache 2007-06-08 09:59:01 0 d-------- C:\Program Files\EMCO Malware Destroyer 2007-06-04 08:48:00 499200 -r-hs---- C:\WINNT\VTTimer.exe 2007-05-29 11:56:41 0 d-------- C:\Program Files\Cartall – Find3M Report --------------------------------------------------------------- 2007-06-14 09:04:11 0 d-------- C:\Program Files\AutoConnect 2007-06-13 11:59:41 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Grisoft 2007-06-13 09:47:48 0 d-------- C:\Program Files\Spyware Doctor 2007-06-11 11:30:55 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\AVG7 2007-06-04 11:19:13 0 d-------- C:\Program Files\Yahoo! 2007-05-13 20:28:37 0 d-------- C:\Program Files\Common Files\Raxco 2007-05-13 20:28:36 0 d-------- C:\Program Files\Raxco 2007-05-13 17:56:32 199680 -r-hs---- C:\WINNT\system32\upx202-adtp.exe 2007-05-13 17:56:32 22016 -r-hs---- C:\WINNT\system32\hoko.dll 2007-05-13 17:56:32 6656 -r-hs---- C:\WINNT\system32\hguard.dll 2007-05-13 17:48:08 0 d-------- C:\Program Files\Dialer Killer 2007-05-13 13:19:25 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-05-13 11:46:36 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Lavasoft 2007-05-13 11:46:27 0 d-------- C:\Program Files\Lavasoft 2007-05-13 11:45:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-10 13:12:34 422596 --a------ C:\WINNT\system32\perfh015.dat 2007-05-10 13:12:34 63428 --a------ C:\WINNT\system32\perfc015.dat 2007-05-10 12:17:18 0 d-------- C:\Program Files\CCleaner 2007-05-10 02:09:12 0 d-------- C:\Program Files\FlashGet 2007-05-09 17:04:52 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\PC Tools 2007-05-09 14:26:23 0 d–h----- C:\Program Files\InstallShield Installation Information 2007-05-09 14:01:06 0 d-------- C:\Program Files\AIDA32 - Personal System Information 2007-05-09 14:00:24 0 d-------- C:\Program Files\Alwil Software 2007-05-09 13:12:24 37 --a------ C:\WINNT~ 2007-05-08 09:52:19 96048 --a------ C:\WINNT\system32\sfc.dll 2007-05-06 21:57:49 37 --a------ C:\WINNT; 2007-05-04 00:02:56 53248 --a------ C:\WINNT\PSEXESVC.EXE 2007-05-01 18:20:10 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\FlashGet 2007-04-26 11:19:36 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\AdobeUM 2007-04-25 12:18:31 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Microsoft Web Folders 2007-04-25 12:18:14 0 d-------- C:\Program Files\microsoft frontpage 2007-04-25 10:42:46 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Help 2007-04-24 22:01:14 0 d-------- C:\Program Files\Common Files\Adobe 2007-04-24 22:01:14 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Adobe 2007-04-24 17:49:43 0 d-------- C:\Program Files\UIU 2007-04-24 16:57:37 41 --a------ C:\WINNT\WFXDEL.BAT 2007-04-24 08:01:24 0 d-------- C:\Program Files\MSXML 4.0 2007-04-24 06:25:33 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Gadu-Gadu 2007-04-23 14:38:53 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\HP 2007-04-23 09:29:47 0 d-------- C:\Program Files\Gadu-Gadu 2007-04-23 08:53:38 37 --a------ C:\WINNT\2 2007-04-22 16:11:02 109723 --a------ C:\WINNT\hpoins08.dat 2007-04-22 15:54:57 0 d-------- C:\Program Files\Common Files\Sonic Shared 2007-04-22 15:54:32 0 d-------- C:\Program Files\Common Files\HP 2007-04-22 15:50:44 0 d-------- C:\Program Files\Hewlett-Packard 2007-04-22 15:44:22 0 d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-04-22 15:40:53 0 d-------- C:\Program Files\HP 2007-04-22 15:32:57 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Macromedia 2007-04-22 15:26:52 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Symantec 2007-04-22 14:38:04 0 d-------- C:\Program Files\STREAM soft 2007-04-21 21:54:58 0 d-------- C:\Program Files\Borland 2007-04-21 21:50:27 0 d-a------ C:\Program Files\Common Files\ODBC 2007-04-21 21:33:43 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Talkback 2007-04-21 21:33:36 0 --a------ C:\WINNT\nsreg.dat 2007-04-21 21:33:27 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Mozilla 2007-04-21 21:31:46 37 --a------ C:\WINNT\r007 2007-04-21 21:31:44 37 --a------ C:\WINNT= 2007-04-21 21:29:46 0 d-a------ C:\Program Files\Panda Software 2007-04-21 21:18:12 0 d-------- C:\Program Files\Alcatel 2007-04-21 21:14:49 0 d-------- C:\Program Files\Intel 2007-04-21 21:14:14 0 d-------- C:\Program Files\Common Files\InstallShield 2007-04-21 21:11:37 0 d-------- C:\Documents and Settings\Bober\Dane aplikacji\Identities 2007-04-21 21:05:06 0 -rahs---- C:\MSDOS.SYS 2007-04-21 21:05:06 0 -rahs---- C:\IO.SYS 2007-04-21 21:05:06 0 —h----- C:\CONFIG.SYS 2007-04-21 21:05:06 0 —h----- C:\AUTOEXEC.BAT 2007-04-21 21:03:39 15144 --a------ C:\WINNT\system32\emptyregdb.dat 2007-04-21 21:02:30 0 d-ah----- C:\Program Files\WindowsUpdate 2007-04-21 21:02:24 0 d-------- C:\Program Files\Windows NT 2007-04-21 21:02:10 0 d-------- C:\Program Files\Accessories – Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} D:\Adobe\Reader\ActiveX\AcroIEHelper.dll {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} C:\Program Files\FlashGet\jccatch.dll {53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {F156768E-81EF-470C-9057-481BA8380DBA} C:\Program Files\FlashGet\getflash.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “Synchronization Manager”=“mobsync.exe /logon” “nwiz”=“nwiz.exe /install” “SpeedTouch USB Diagnostics”="“C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon" “HP Software Update”=“D:\HP\HP Software Update\HPWuSchd2.exe” “SDTray”="“C:\Program Files\Spyware Doctor\SDTrayApp.exe”" “AVG7_CC”=“C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP” “!AVG Anti-Spyware”="“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “^SetupICWDesktop”=“C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop” [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “internat.exe”=“internat.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“AVG Anti-Spyware 7.5” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Dialer Toolkit Pro] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“ADTP” “hkey”=“HKCU” “command”=“C:\Documents and Settings\Bober\Pulpit\adtp20\ADTP.EXE /t” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DialerKiller] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“DialKill” “hkey”=“HKLM” “command”=“C:\Program Files\Dialer Killer\DialKill.exe -h” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“internat” “hkey”=“HKCU” “command”=“internat.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] rpcss REG_MULTI_SZ RpcSs\0\0 wugroup REG_MULTI_SZ wuauserv\0\0 BITSgroup REG_MULTI_SZ BITS\0\0 – End of Deckard’s System Scanner: finished at 2007-06-14 at 09:40:51 ---------
sdfix log

SDFix: Version 1.87


Run by Bober on Cz 2007-06-14 at 8:59 


Microsoft Windows 2000 [Wersja 5.00.2195]


Running From: C:\DOCUME~1\Bober\Pulpit\SDFix


Safe Mode:

Checking Services: 


Name:

Microsoft Internet Explorer

Windows DHCP Client Service

Windows Tune service


ImagePath:

"C:\WINNT\iexplore.exe" 

"C:\WINNT\dhcp.exe" 

"C:\WINNT\tune.exe" 


Microsoft Internet Explorer - Deleted

Windows DHCP Client Service - Deleted

Windows Tune service - Deleted



C:\WINNT\system32\Microsoft\backup.ftp Found...

C:\WINNT\system32\Microsoft\backup.tftp Found...


Checking files: 


Genuine:

C:\WINNT\system32\Microsoft\backup.ftp

C:\WINNT\system32\Microsoft\backup.tftp


Dummy:

C:\WINNT\system32\ftp.exe

C:\WINNT\system32\tftp.exe

C:\WINNT\system32\dllcache\ftp.exe

C:\WINNT\system32\dllcache\tftp.exe 


Files copied to SDFix\Backups 


Restoring files if backups are found


Final Check:


Genuine:

C:\WINNT\system32\Microsoft\backup.ftp

C:\WINNT\system32\Microsoft\backup.tftp

C:\WINNT\system32\ftp.exe

C:\WINNT\system32\tftp.exe

C:\WINNT\system32\dllcache\ftp.exe

C:\WINNT\system32\dllcache\tftp.exe 


Dummy:




Restoring Windows Registry Values

Restoring Windows Default Hosts File 


Rebooting...



Normal Mode:

Checking Files:


Below files will be copied to Backups folder then removed:


C:\WINNT\eraseme_61322.exe - Deleted

C:\WINNT\dhcp.exe - Deleted

C:\WINNT\system32\Microsoft\backup.ftp - Deleted

C:\WINNT\system32\Microsoft\backup.tftp - Deleted

C:\WINNT\system32\TFTP1096 - Deleted

C:\WINNT\system32\TFTP200 - Deleted

C:\WINNT\system32\TFTP2572 - Deleted




Removing Temp Files...


ADS Check:


Checking C:\WINNT\

C:\WINNT

No streams found. 


Checking C:\WINNT\system32

C:\WINNT\system32

No streams found. 


Checking C:\WINNT\system32\svchost.exe

C:\WINNT\system32\svchost.exe

No streams found.


Checking C:\WINNT\system32\ntoskrnl.exe

C:\WINNT\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


Remaining Services:

------------------




Remaining Files:

---------------


Backups Folder: - C:\DOCUME~1\Bober\Pulpit\SDFix\backups\backups.zip


Listing Files with Hidden Attributes:


C:\WINNT\system32\hguard.dll

C:\WINNT\system32\hoko.dll

C:\WINNT\VTTimer.exe

C:\WINNT\system32\upx202-adtp.exe

C:\WINNT\system32\config\default.tmp.LOG

C:\WINNT\system32\config\SAM.tmp.LOG

C:\WINNT\system32\config\SECURITY.tmp.LOG

C:\WINNT\system32\config\software.tmp.LOG

C:\WINNT\system32\config\system.tmp.LOG


Listing User Accounts:


Konta uľytkownik˘w dla \\



Administrator ASPNET Bober                    

Go˜†                     

Zakoäczono wykonywanie polecenia, przy czym wystĄpiˆ przynajmniej jeden bˆĄd.




                                 Finished

hijackthis log

Logfile of HijackThis v1.99.1

Scan saved at 09:23:43, on 2007-06-14

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\csrss.exe

C:\WINNT\SYSTEM32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\nvsvc32.exe

C:\WINNT\system32\HPZipm12.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

D:\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\AutoConnect\AutoConnect.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

D:\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINNT\system32\svchost.exe

D:\HP\Digital Imaging\bin\hpqSTE08.exe

D:\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINNT\explorer.exe

C:\Documents and Settings\Bober\Pulpit\dss.exe

C:\DOCUME~1\Bober\Pulpit\Bober.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: FGCatchUrl - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx

O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe”

O4 - HKLM…\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized

O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = D:\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Office2000\Office\OSA9.EXE

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 7186071612

O17 - HKLM\System\CCS\Services\Tcpip…{B8705CBE-6081-4BB6-B496-98B8A719F0C9}: NameServer = 194.204.159.1 194.204.152.34

O17 - HKLM\System\CCS\Services\Tcpip…{D7EDB0E5-3124-4D91-8671-131D331EF202}: NameServer = 194.204.159.1,194.204.152.34

O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll

O23 - Service: 01465 - Unknown owner - \83.23.216.11\Admin$\33605.exe (file missing)

O23 - Service: 11053 - Unknown owner - \83.23.237.6\Admin$\83081.exe (file missing)

O23 - Service: 21005 - Unknown owner - \83.23.192.14\Admin$\50256.exe (file missing)

O23 - Service: 23843 - Unknown owner - \83.23.193.89\Admin$\13563.exe (file missing)

O23 - Service: 26734 - Unknown owner - \83.23.220.64\Admin$\86671.exe (file missing)

O23 - Service: 36133 - Unknown owner - \83.23.41.51\Admin$\48724.exe (file missing)

O23 - Service: 40108 - Unknown owner - \83.23.239.80\Admin$\55078.exe (file missing)

O23 - Service: 46260 - Unknown owner - \83.23.198.92\Admin$\35842.exe (file missing)

O23 - Service: 55021 - Unknown owner - \83.23.41.25\Admin$\26044.exe (file missing)

O23 - Service: 60044 - Unknown owner - \83.23.221.57\Admin$\83016.exe (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

[

M_i_r · 15 Czerwiec 2007 10:08

W trybie awaryjnym z obsługą sieci przeskanuj skanerami on-line np.

http://housecall60.trendmicro.com/en/st … sp?id=scan

Ponownie wklej logi scanera i ComboScan-a(dss.exe).