Prolemy z mozilla i IE- prosze o sprawdzenie loga

onlybarca · 6 Lipiec 2007 07:53

Ostatnio system znacznie zwolnil. W IE co jakis czas wyskakuja rozne reklamy. W mozilli wyskakuja bledy, lub sama sie wylacza co jakis czas. Po wlaczeniu innych programow rowniez ukazuje sie okienko z bledem (czy wyslac raport, czy tez nie)… Skanowalem juz system mks virem, ad-aware i spybotem, znalazlo kilka smieci lecz po ich usunieciu nic sie nie zmienilo. Zalaczam logi z HijackThis oraz Silent Runners. Prosze o pomoc!

Dzieki wielkie

Logfile of HijackThis v1.99.1 Scan saved at 8:47:22 AM, on 7/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\wjmhfcdk.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dlcxcoms.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\wuauclt.exe ?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Documents and Settings\Adrian Dudzinski\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c … bd=3070619 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usu … channel=uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usu … channel=uk R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau … l=en&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/defau … l=en&s=gen R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co.uk/hws/sb/dell-usu … channel=uk R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c … bd=3070619 O4 - HKLM…\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [PCMService] “C:\Program Files\Dell\MediaDirect\PCMService.exe” O4 - HKLM…\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 O4 - HKLM…\Run: [icq.com] rundll32.exe “C:\WINDOWS\system32\legdepiq.dll”,forkonce O4 - HKCU…\Run: [VoipCheapCom] “C:\Program Files\VoipCheapCom\VoipCheapCom.exe” -nosplash -minimized O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{6FEC4A85-126C-4E4B-BD7D-145A58E9F603}: NameServer = 212.139.132.7 212.139.132.6 O17 - HKLM\System\CS1\Services\Tcpip…{6FEC4A85-126C-4E4B-BD7D-145A58E9F603}: NameServer = 212.139.132.7 212.139.132.6 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe O23 - Service: DomainService - - C:\WINDOWS\system32\wjmhfcdk.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “VoipCheapCom” = ““C:\Program Files\VoipCheapCom\VoipCheapCom.exe” -nosplash -minimized” [“VoipCheapCom”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “DAEMON Tools” = ““C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033” [“DT Soft Ltd.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “dla” = “C:\WINDOWS\system32\dla\tfswctrl.exe” [“Sonic Solutions”] “ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup” [“InstallShield Software Corporation”] “PCMService” = ““C:\Program Files\Dell\MediaDirect\PCMService.exe”” [“CyberLink Corp.”] “DLCXCATS” = “rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16” [MS] “icq.com” = “rundll32.exe “C:\WINDOWS\system32\legdepiq.dll”,forkonce” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {066A2CDC-319E-4460-BA45-C24562CD51AA}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\tuvvwvw.dll” [null data] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {1F6581D5-AA53-4b73-A6F9-41420C6B61F1}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\tlydeyvj.dll” [null data] {27F3D6D6-8818-48AA-94AF-C78BB16C1B16}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\vtsqr.dll” [null data] {5CA3D70E-1895-11CF-8E15-001234567890}(Default) = (no title provided) -> {HKLM…CLSID} = “DriveLetterAccess” \InProcServer32(Default) = “C:\WINDOWS\system32\dla\tfswshx.dll” [“Sonic Solutions”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] {CA6319C0-31B7-401E-A518-A07C3DB8F777}(Default) = “Browser Address Error Redirector” -> {HKLM…CLSID} = “CBrowserHelperObject Object” \InProcServer32(Default) = “C:\Program Files\BAE\BAE.dll” [“Dell Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Display Panning CPL Extension” -> {HKLM…CLSID} = “Display Panning CPL Extension” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal Icon Ext” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{2F603045-309F-11CF-9774-0020AFD0CFF6}” = “Synaptics Control Panel” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Synaptics\SynTP\SynTPCpl.dll” [“Synaptics, Inc.”] “{5CA3D70E-1895-11CF-8E15-001234567890}” = “DriveLetterAccess” -> {HKLM…CLSID} = “DriveLetterAccess” \InProcServer32(Default) = “C:\WINDOWS\system32\dla\tfswshx.dll” [“Sonic Solutions”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{066A2CDC-319E-4460-BA45-C24562CD51AA}” = “*i” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\tuvvwvw.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] <> tuvvwvw\DLLName = “tuvvwvw.dll” [null data] <> vtsqr\DLLName = “C:\WINDOWS\system32\vtsqr.dll” [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ <> application/x-internet-signup\CLSID = “{A173B69A-1F9B-4823-9FDA-412F641E65D6}” -> {HKLM…CLSID} = “INSMimeFilterPP Class” \InProcServer32(Default) = “C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Adrian Dudzinski\Local Settings\Application Data\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Adrian Dudzinski” & “All Users” startup folders: ------------------------------------------------------------------ C:\Documents and Settings\All Users\Start Menu\Programs\Startup “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “C:\Program Files\Bonjour\mdnsNSP.dll” [“Apple Computer, Inc.”] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_06” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll” [“Sun Microsystems, Inc.”] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ““C:\Program Files\Bonjour\mDNSResponder.exe”” [“Apple Computer, Inc.”] .NET Runtime Optimization Service v2.0.50727_X86, clr_optimization_v2.0.50727_32, “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe” [MS] Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] dlcx_device, dlcx_device, “C:\WINDOWS\system32\dlcxcoms.exe -service” [" “] DomainService, DomainService, “C:\WINDOWS\system32\wjmhfcdk.exe /service” [” "] Intel® PROSet/Wireless Event Log, EvtEng, “C:\Program Files\Intel\Wireless\Bin\EvtEng.exe” [“Intel Corporation”] Intel® PROSet/Wireless Registry Service, RegSrvc, “C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe” [“Intel Corporation”] Intel® PROSet/Wireless Service, S24EventMonitor, “C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe” ["Intel Corporation “] Intel® PROSet/Wireless SSO Service, WLANKEEPER, “C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe” [“Intel® Corporation”] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Dell 926 Port\Driver = “dlcxlmpm.dll” [” "] Microsoft Shared Fax Monitor\Driver = “FXSMON.DLL” [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 64 seconds. ---------- (total run time: 96 seconds)

Gutek · 6 Lipiec 2007 08:11

Użyj w trybie awaryjnym VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone.

Daj log z Combofix

onlybarca · 6 Lipiec 2007 09:46

Przeskanowalem system programami ktore mi podales, znalazlo jakies syfy i wszystko usunalem… Oto nowy log z combofix:

“Adrian Dudzinski” - 2007-07-06 10:40:20 - ComboFix 07-07-04.4 - Service Pack 2 (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\fmycfgfx.dll C:\WINDOWS\system32\legdepiq.dll C:\WINDOWS\system32\tlydeyvj.dll C:\WINDOWS\system32\qipedgel.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\aqfnlgif.exe C:\WINDOWS\system32\iqoqeafq.exe C:\WINDOWS\system32\lhmcpkti.exe C:\WINDOWS\system32\lwnwsfjc.exe C:\WINDOWS\system32\lxafyfmq.exe C:\WINDOWS\system32\qtkslvvv.exe C:\WINDOWS\system32\tidlqkdx.exe C:\WINDOWS\system32\wianothn.exe C:\WINDOWS\system32\wjmhfcdk.exe C:\WINDOWS\system32\xfumwtcy.exe C:\WINDOWS\system32\ylbncqjf.exe ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 ))))))))))))))))))))))))))))))) 2007-07-06 10:39 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-06 10:25 2007-07-05 22:08 2007-07-05 22:05 2007-07-05 22:04 2007-07-05 22:03 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-07-05 20:08 2007-07-05 20:03 2007-07-05 19:49 2007-06-26 12:30 2007-06-26 12:29 2007-06-24 19:29 2007-06-24 19:24 2007-06-24 19:15 2007-06-24 19:15 2007-06-24 12:19 2007-06-24 12:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-24 12:12 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-06-24 12:07 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-06-24 11:36 2007-06-23 14:06 2007-06-23 09:08 31,254 --a------ C:\WINDOWS\system32\tuvvwvw.dll.vir 2007-06-23 09:08 2007-06-23 08:46 2007-06-23 07:53 2007-06-22 18:44 2007-06-22 17:29 2007-06-22 17:28 2007-06-22 17:28 2007-06-22 17:22 2007-06-22 17:04 2007-06-22 17:04 2007-06-22 17:04 2007-06-22 17:03 2007-06-22 16:02 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-06-22 16:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-06-22 16:02 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-22 16:02 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-06-22 16:02 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-06-22 16:02 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-22 16:02 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-22 16:02 2007-06-22 16:01 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-06-22 16:01 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-06-22 16:01 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-06-22 16:00 2007-06-22 15:55 1,156 --a------ C:\WINDOWS\mozver.dat 2007-06-22 15:35 2007-06-22 15:19 2007-06-22 15:19 2007-06-22 15:19 2007-06-22 15:19 2007-06-22 15:14 2007-06-22 15:14 2007-06-22 15:13 2007-06-22 15:06 2007-06-22 15:06 2007-06-22 15:01 2007-06-22 15:01 2007-06-22 15:00 0 --a------ C:\WINDOWS\nsreg.dat 2007-06-22 14:47 2007-06-22 14:46 2007-06-22 14:39 2007-06-22 14:33 2007-06-22 14:23 2007-06-22 14:09 2007-06-22 14:04 2007-06-22 14:03 2007-06-22 14:01 2007-06-22 13:54 2007-06-22 13:42 53,248 --a------ C:\WINDOWS\setFireWall.exe 2007-06-22 13:41 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-06-22 13:41 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-06-22 13:41 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-06-22 13:41 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-06-22 13:41 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-06-22 13:41 127,065 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-06-22 13:41 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-06-22 13:41 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-06-22 13:40 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-06-22 13:40 184 --a------ C:\setuplog.exe 2007-06-22 13:40 143,360 --a------ C:\WINDOWS\autoclk.exe 2007-06-22 13:40 2007-06-22 13:39 2007-06-22 13:31 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-06-22 13:26 2007-06-22 13:25 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2007-06-22 13:25 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2007-06-22 13:25 2007-06-22 13:24 389,120 --a------ C:\WINDOWS\system32\dlcxinst.dll 2007-06-22 13:24 2007-06-22 13:24 2007-06-22 13:24 2007-06-22 13:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-06-22 13:23 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-06-22 13:23 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-06-22 13:23 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-06-22 13:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-06-22 12:29 2007-06-22 11:59 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-24 11:11:20 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-06-19 19:40:41 -------- d-----w C:\Program Files\Messenger 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{5CA3D70E-1895-11CF-8E15-001234567890}] 2004-12-06 01:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2005-11-10 13:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{CA6319C0-31B7-401E-A518-A07C3DB8F777}] 2006-11-17 04:44 98304 --a------ C:\Program Files\BAE\BAE.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{E3652869-6A87-4289-B0F4-B4B39E84190C}] C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-07-27 16:50] “PCMService”=“C:\Program Files\Dell\MediaDirect\PCMService.exe” [2007-05-02 18:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “VoipCheapCom”=“C:\Program Files\VoipCheapCom\VoipCheapCom.exe” [2007-02-20 14:23] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-03 23:29] ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-06 10:43:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-06 10:43:51 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-07-06 10:43 — E O F —

Gutek · 6 Lipiec 2007 09:52

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Skan AVG Anti-Spyware 7.5 po update

I po tym daj jeszcze raz log z combofix

onlybarca · 6 Lipiec 2007 10:50

Oto nowy log, po wszelkich skanach:

“Adrian Dudzinski” - 2007-07-06 11:41:55 - ComboFix 07-07-04.4 - Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-06-06 to 2007-07-06 ))))))))))))))))))))))))))))))) 2007-07-06 10:57 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-06 10:56 23 --ahs---- C:\WINDOWS\system32\fcec4_r.dll 2007-07-06 10:56 2007-07-06 10:53 2007-07-06 10:39 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-06 10:25 2007-07-05 22:08 2007-07-05 22:05 2007-07-05 22:04 2007-07-05 22:03 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-07-05 20:08 2007-07-05 20:03 2007-07-05 19:49 2007-06-26 12:30 2007-06-26 12:29 2007-06-24 19:29 2007-06-24 19:24 2007-06-24 19:15 2007-06-24 19:15 2007-06-24 12:19 2007-06-24 12:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-24 12:12 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-06-24 12:07 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-06-24 11:36 2007-06-23 14:06 2007-06-23 09:08 31,254 --a------ C:\WINDOWS\system32\tuvvwvw.dll.vir 2007-06-23 09:08 2007-06-23 08:46 2007-06-23 07:53 2007-06-22 18:44 2007-06-22 17:29 2007-06-22 17:28 2007-06-22 17:28 2007-06-22 17:22 2007-06-22 17:04 2007-06-22 17:04 2007-06-22 17:04 2007-06-22 17:03 2007-06-22 16:02 740,442 --a------ C:\WINDOWS\system32\divx.dll 2007-06-22 16:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-06-22 16:02 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-22 16:02 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-06-22 16:02 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-06-22 16:02 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-22 16:02 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-22 16:02 2007-06-22 16:01 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-06-22 16:01 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-06-22 16:01 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-06-22 16:00 2007-06-22 15:55 1,156 --a------ C:\WINDOWS\mozver.dat 2007-06-22 15:35 2007-06-22 15:19 2007-06-22 15:19 2007-06-22 15:19 2007-06-22 15:19 2007-06-22 15:14 2007-06-22 15:14 2007-06-22 15:13 2007-06-22 15:06 2007-06-22 15:06 2007-06-22 15:01 2007-06-22 15:01 2007-06-22 15:00 0 --a------ C:\WINDOWS\nsreg.dat 2007-06-22 14:47 2007-06-22 14:46 2007-06-22 14:39 2007-06-22 14:33 2007-06-22 14:23 2007-06-22 14:09 2007-06-22 14:04 2007-06-22 14:03 2007-06-22 14:01 2007-06-22 13:54 2007-06-22 13:42 53,248 --a------ C:\WINDOWS\setFireWall.exe 2007-06-22 13:41 50,007 --a------ C:\WINDOWS\system32\drivers\adildr.sys 2007-06-22 13:41 46,892 --a------ C:\WINDOWS\system32\adadix16.dll 2007-06-22 13:41 4,981 --a------ C:\WINDOWS\system32\adadix2k.dll 2007-06-22 13:41 155,648 --a------ C:\WINDOWS\system32\adadix32.dll 2007-06-22 13:41 127,456 --a------ C:\WINDOWS\system32\ipdetect.exe 2007-06-22 13:41 127,065 --a------ C:\WINDOWS\system32\drivers\adiusbaw.sys 2007-06-22 13:41 114,688 --a------ C:\WINDOWS\system32\unaddrv.exe 2007-06-22 13:41 106,496 --a------ C:\WINDOWS\system32\coclassfast.dll 2007-06-22 13:40 22,395 --a------ C:\WINDOWS\system32\drivers\fpga.bin 2007-06-22 13:40 184 --a------ C:\setuplog.exe 2007-06-22 13:40 143,360 --a------ C:\WINDOWS\autoclk.exe 2007-06-22 13:40 2007-06-22 13:39 2007-06-22 13:31 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-06-22 13:26 2007-06-22 13:25 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL 2007-06-22 13:25 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL 2007-06-22 13:25 2007-06-22 13:24 389,120 --a------ C:\WINDOWS\system32\dlcxinst.dll 2007-06-22 13:24 2007-06-22 13:24 2007-06-22 13:24 2007-06-22 13:23 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-06-22 13:23 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll 2007-06-22 13:23 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-24 11:11:20 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-06-19 19:40:41 -------- d-----w C:\Program Files\Messenger 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{5CA3D70E-1895-11CF-8E15-001234567890}] 2004-12-06 01:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2005-11-10 13:22 184423 --a------ C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{CA6319C0-31B7-401E-A518-A07C3DB8F777}] 2006-11-17 04:44 98304 --a------ C:\Program Files\BAE\BAE.dll [HKEY_LOCAL_MACHINE~\Browser Helper Objects{E3652869-6A87-4289-B0F4-B4B39E84190C}] C:\WINDOWS\system32\vtsqr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-07-27 16:50] “PCMService”=“C:\Program Files\Dell\MediaDirect\PCMService.exe” [2007-05-02 18:16] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 10:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “VoipCheapCom”=“C:\Program Files\VoipCheapCom\VoipCheapCom.exe” [2007-02-20 14:23] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-03 23:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 13:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] *Newly Created Service* - AVGASCLN ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-06 11:44:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-06 11:44:26 C:\ComboFix-quarantined-files.txt … 2007-07-06 11:44 C:\ComboFix2.txt … 2007-07-06 10:43 — E O F —

Gutek · 6 Lipiec 2007 11:19

pliki do kasacji

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

onlybarca · 6 Lipiec 2007 11:24

Nie moge znalezc tych plikow w system32-- szukalem tez w ukrytych i nie ma tam zadnego z nich :?

Gutek · 6 Lipiec 2007 11:36

Zrób fix-a i daj log z combofix