Strasznie komp zamula i te błędy...Prosze o sprawdzenie loga

aska00704 · 26 Lipiec 2007 14:24

Jeżeli to tylko mozliwe to prosze o sprawdzenie do godz 18 bo pozniej wyjezdzam i niestesty nie bede miala internetu przez dłuższy czas ;(

Logfile of HijackThis v1.99.1 Scan saved at 16:22:04, on 2007-07-26 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\KB_963491.exe C:\WINDOWS\sysvx.exe C:\DOCUME~1(O3503~1.O)\USTAWI~1\Temp\svchots.exe C:\DOCUME~1(O3503~1.O)\USTAWI~1\Temp\svchots.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1(O3503~1.O)\USTAWI~1\Temp\Rar$EX00.875\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\sysvx.exe O2 - BHO: C:\WINDOWS\System32\mkkgf65h.dll - {25AD49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\System32\mkkgf65h.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [Winmplayer] “C:\WINDOWS\System32\KB_963491.exe” O4 - HKCU…\Run: [Hjsdf9ui9jkeftdf] C:\DOCUME~1(O3503~1.O)\USTAWI~1\Temp\svchots.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_74.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_34.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {881290B9-F53C-4676-8DAF-3DBEFC297308} (GameDesire Makao) - http://67.15.101.3/g_bin/pl/makao_2_0_0_24.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_40.cab O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\sjty.dll O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

adam9870 · 26 Lipiec 2007 14:32

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jeżeli któryś z nich będzie na żółto to go zostaw). Po użyciu narzędzia wymagany jest restart.

W logu:

C:\WINDOWS\sysvx.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\sysvx.exe O2 - BHO: C:\WINDOWS\System32\mkkgf65h.dll - {25AD49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\System32\mkkgf65h.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll O4 - HKLM…\Run: [Winmplayer] “C:\WINDOWS\System32\KB_963491.exe” O4 - HKCU…\Run: [Hjsdf9ui9jkeftdf] C:\DOCUME~1(O3503~1.O)\USTAWI~1\Temp\svchots.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll O21 - SSODL: DCOM Server 25319 - {2C1CD3D7-86AC-4068-93BC-A02304B25319} - C:\WINDOWS\System32\sjty.dll

Użyj narzędzia SmitFraudFix z opcji numer 2 w trybie awaryjnym.

Po wykonaniu wklej log z ComboFix. Aby zrobić w nim log należy go uruchomić => nacisnąć klawisz Y => czekać cierpliwie i log powinien być w formie pliku .txt o nazwie combofix na partycji C.

aska00704 · 26 Lipiec 2007 15:26

“(O…O)” - 2007-07-26 17:16:04 [GMT 2:00] - ComboFix 07-07-24 NTFS Rootkit driver pe386 is present. … attempting disinfection pe386 … driver unloaded successfully. ADS removed - system32: deleted 66600 bytes in 1 streams. ADS removed - svchost.exe: deleted 53760 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) Infected copy of C:\WINDOWS\system32\drivers\ndis.sys was found & disinfected C:\DOCUME~1(O3503~1.O)\DANEAP~1\Microsoft\25319.dat C:\i C:\WINDOWS\10917359.exe C:\WINDOWS\12119015.exe C:\WINDOWS\1241156.exe C:\WINDOWS\1241390.exe C:\WINDOWS\1287140.exe C:\WINDOWS\1297984.exe C:\WINDOWS\1304062.exe C:\WINDOWS\1377375.exe C:\WINDOWS\1453375.exe C:\WINDOWS\175437.exe C:\WINDOWS\196796.exe C:\WINDOWS\2442281.exe C:\WINDOWS\2482000.exe C:\WINDOWS\2493156.exe C:\WINDOWS\2500390.exe C:\WINDOWS\2508703.exe C:\WINDOWS\2578468.exe C:\WINDOWS\2654718.exe C:\WINDOWS\3644828.exe C:\WINDOWS\3684421.exe C:\WINDOWS\3694843.exe C:\WINDOWS\3701390.exe C:\WINDOWS\38984.exe C:\WINDOWS\39062.exe C:\WINDOWS\40062.exe C:\WINDOWS\47681728.exe C:\WINDOWS\4849000.exe C:\WINDOWS\4886328.exe C:\WINDOWS\4896421.exe C:\WINDOWS\5078109.exe C:\WINDOWS\58953.exe C:\WINDOWS\6055750.exe C:\WINDOWS\6091250.exe C:\WINDOWS\68531.exe C:\WINDOWS\7320500.exe C:\WINDOWS\82812.exe C:\WINDOWS\8514546.exe C:\WINDOWS\8522593.exe C:\WINDOWS\9129837.exe C:\WINDOWS\9716343.exe C:\WINDOWS\bdir C:\WINDOWS\bdir\ffmiu\er v2.6.2 by NiTROUS.zip C:\WINDOWS\bdir\ffmiu\File Monster v1.23 Keygen.zip C:\WINDOWS\bdir\ffmiu\File Monster v1.23 Serial by TCA.zip C:\WINDOWS\bdir\ffmiu\File Monster v1.23 Serial by TNT.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.0.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.01 by LasH.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.01.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.02.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.1.001.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.1.2.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.1.4.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.1.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.2.1 by Lucid.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.2.1.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.3 by NiTROUS.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.3 by SND.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.3.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.4.3 by Chic.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.4.3 by Lucid.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.5.1 by Chic.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.5.1 by NiTROUS.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.5.1.zip C:\WINDOWS\bdir\ffmiu\File Monster v2.x.zip C:\WINDOWS\bdir\ffmiu\File Notes Organizer v3.0.4.2 by EVC.zip C:\WINDOWS\bdir\ffmiu\File Parse 2.2.12 by Laxity.zip C:\WINDOWS\bdir\ffmiu\File Parse 2.2.12 by PC.zip C:\WINDOWS\bdir\ffmiu\File Parse 2.4.3.zip C:\WINDOWS\bdir\ffmiu\File Patcher v3.0 by Saltine.zip C:\WINDOWS\bdir\ffmiu\File Patcher v3.0 by TSRH.zip C:\WINDOWS\bdir\ffmiu\File Patcher v4.0.zip C:\WINDOWS\bdir\ffmiu\File Peek 1.1.zip C:\WINDOWS\bdir\ffmiu\File Point v3.0.2 for PalmOS.zip C:\WINDOWS\bdir\ffmiu\File Properties Changer v1.02.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 SE v1.16.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 SE v1.18.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 SE v1.19.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 SE v2.03.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 Special Edition v1.18 by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 Special Edition v2.00.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 Special Edition v2.05 by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 v1.0 for WinNT 2000.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 v1.10.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 v1.15.zip C:\WINDOWS\bdir\ffmiu\File Protector 2000 v2.00 Special Edition.zip C:\WINDOWS\bdir\ffmiu\File Protector 2001 SE v2.0.0.5.zip C:\WINDOWS\bdir\ffmiu\File Protector 2001 Special Edition v2.05.zip C:\WINDOWS\bdir\ffmiu\File Protector 2001 v2.05 Special Edition.zip C:\WINDOWS\bdir\ffmiu\File Protector Special Edition v2.05b.zip C:\WINDOWS\bdir\ffmiu\File Protector v1.01.zip C:\WINDOWS\bdir\ffmiu\File Protector v1.60.zip C:\WINDOWS\bdir\ffmiu\File Protector v1.60b.zip C:\WINDOWS\bdir\ffmiu\File Pulverizer 5.zip C:\WINDOWS\bdir\ffmiu\File Pulverizer v4.0 by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Pulverizer v4.0 by LasH.zip C:\WINDOWS\bdir\ffmiu\File Pulverizer v4.0 Loader by RP2K.zip C:\WINDOWS\bdir\ffmiu\File Pulverizer v4.0 Serial by RP2K.zip C:\WINDOWS\bdir\ffmiu\File Pulverizer v4.0.zip C:\WINDOWS\bdir\ffmiu\File Pulverizer v4.2 by The Scorpion.zip C:\WINDOWS\bdir\ffmiu\File Recover 2000 v2.22d.zip C:\WINDOWS\bdir\ffmiu\File Recover 2000.zip C:\WINDOWS\bdir\ffmiu\File Recovery Pro v3.0 build 1219.zip C:\WINDOWS\bdir\ffmiu\File Renamer Basic v2.1.1.zip C:\WINDOWS\bdir\ffmiu\File Renamer Ultra 2000 v1.4.202.zip C:\WINDOWS\bdir\ffmiu\File Renamer v1.0 build 9 Datecode 20030911.zip C:\WINDOWS\bdir\ffmiu\File Renamer v1.0 build 9 DC 20030911.zip C:\WINDOWS\bdir\ffmiu\File Renamer v1.0 by FFF.zip C:\WINDOWS\bdir\ffmiu\File Renamer v1.0.9 by DBZ.zip C:\WINDOWS\bdir\ffmiu\File Renamer v1.0.9…zip C:\WINDOWS\bdir\ffmiu\File Renamer v1.0.9.zip C:\WINDOWS\bdir\ffmiu\File Renamer v1.0.zip C:\WINDOWS\bdir\ffmiu\File Renamer v2.3.1.zip C:\WINDOWS\bdir\ffmiu\File Rescue 2.5.zip C:\WINDOWS\bdir\ffmiu\File Rescue v2.7 for Windows NT-2000-XP.zip C:\WINDOWS\bdir\ffmiu\File Rescue v2.7.zip C:\WINDOWS\bdir\ffmiu\File Save 2000.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.1.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.2.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.3.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.4.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.5 Crack.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.5 Keygen.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.5 Patch.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.6.001 by Embrace.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.6.001 by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.6.001 by TNT.zip C:\WINDOWS\bdir\ffmiu\File Scanner Pro v1.8.002.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v1.40.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v1.40a.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v1.40b.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v1.40c.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v2.0b.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v2.1 Release Candidate 10.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v2.1 Release Candidate 11.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v2.1 Revision 14.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v2.1.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v2.1u.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v2.1v RC10.zip C:\WINDOWS\bdir\ffmiu\File Scavenger v2.1v.zip C:\WINDOWS\bdir\ffmiu\File Search for LAN v1.1.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.23.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.31.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.40.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.41 by N-GeN.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.41.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.42.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.43.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.51 by ARTeam.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.51.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.53.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.54 by Madman Hercules.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.54.zip C:\WINDOWS\bdir\ffmiu\File Securer v3.60.zip C:\WINDOWS\bdir\ffmiu\File Sharing v1.5.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2.7.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2.8.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2.9 Keygen.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2.9 Serial by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2.9 Serial by FHCF.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.0 by Eminence.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.0 by EVC.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.0 by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.0 by TCA.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.1 by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.1 by LasH.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.1 Keygen by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.1 Keygen by jHT.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.2 - v3.3.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.3 by EViDENCE.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.3 by IMS.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.3 by LasH.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.3 by MP2K.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.3 by TSRH.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.3.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.4.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.6.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.7 by Natabec.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.7.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.x by AAOCG.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v3.x by AmoK.zip C:\WINDOWS\bdir\ffmiu\File Shredder 2000 v4.1.zip C:\WINDOWS\bdir\ffmiu\File Shredder v3.4.zip C:\WINDOWS\bdir\ffmiu\File Shredder v3.x.zip C:\WINDOWS\bdir\ffmiu\File Slicer 1.0.zip C:\WINDOWS\bdir\ffmiu\File Slicer v2.0 build 09001 by Eclipse.zip C:\WINDOWS\bdir\ffmiu\File Slicer v2.0 build 09001 by NetDog.zip C:\WINDOWS\bdir\ffmiu\File Slicer v2.0 build 09001 by PiTcH SiLoW.zip C:\WINDOWS\bdir\ffmiu\File Slicer v2.0 build 09001 by TNT.zip C:\WINDOWS\bdir\ffmiu\File Slicer v2.0 build 09001 by UCU.zip C:\WINDOWS\bdir\ffmiu\File Slicer v2.0.zip C:\WINDOWS\bdir\sdflkj4.exe C:\WINDOWS\new_drv.sys C:\WINDOWS\servicepackfiles\free.exe C:\WINDOWS\ServicePackFiles\free.exe.bak C:\WINDOWS\servicepackfiles\i386\mswsock.dll C:\WINDOWS\ServicePackFiles\msproxy.exe.bak C:\WINDOWS\servicepackfiles\services.exe C:\WINDOWS\servicepackfiles\www.google.com C:\WINDOWS\servicepackfiles\www.google.com\favicon.ico C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp0.gif C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp1.gif C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp2.gif C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp3.gif C:\WINDOWS\servicepackfiles\www.google.com\images\toolbar_uninstall.gif C:\WINDOWS\servicepackfiles\www.google.com\index.html C:\WINDOWS\servicepackfiles\www.google.com\thank.html C:\WINDOWS\system32\722205947.dll C:\WINDOWS\system32\723115255.dll C:\WINDOWS\system32\8_exception.nls C:\WINDOWS\system32\arcac.exe C:\WINDOWS\system32\arcac.exe.bak C:\WINDOWS\system32\dllcache\mswsock.dll C:\WINDOWS\system32\drivers\asc3550u.sys C:\WINDOWS\system32\drivers\etc\hosts.tim C:\WINDOWS\system32\drivers\ip6fw.sys C:\WINDOWS\system32\drivers\runtime2.sys C:\WINDOWS\system32\drivers\secdrv.sys C:\WINDOWS\system32\gmc.exe.exe C:\WINDOWS\system32\KB01783647.exe C:\WINDOWS\system32\KB05895697.exe C:\WINDOWS\system32\KB08029373.exe C:\WINDOWS\system32\KB36474388.exe C:\WINDOWS\system32\KB51695342.exe C:\WINDOWS\system32\KB73765802.exe C:\WINDOWS\system32\KB83367426.exe C:\WINDOWS\system32\KB85596307.exe C:\WINDOWS\system32\KB98692774.exe C:\WINDOWS\system32\koos.exe C:\WINDOWS\system32\kprof C:\WINDOWS\system32\mm.ini C:\WINDOWS\system32\poof C:\WINDOWS\system32\s.dll C:\WINDOWS\system32\sjty.dll C:\WINDOWS\system32\svcp.csv C:\WINDOWS\system32\winsub.xml C:\WINDOWS\winvip.exe C:\WINDOWS\winvip.exe.bak Restored copy from - C:\WINDOWS\system32\dllcache\ndis.sys ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_FWDRV.SYS -------\LEGACY_NEW_DRV -------\LEGACY_POOF -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 -------\asc3550u -------\fwdrv.sys -------\kprof -------\new_drv -------\poof -------\runtime ((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 ))))))))))))))))))))))))))))))) 2007-07-26 17:12 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-26 16:52 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-26 16:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-26 16:52 474 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-26 16:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-26 12:20 2,859 --a-s---- C:\WINDOWS\system32\drivers\wfprotect.sys 2007-07-26 12:20 2,048 --a-s---- C:\WINDOWS\system32\drivers\wfprotects.sys 2007-07-26 12:20 2,048 --a------ C:\WINDOWS\system32\drivers\ndissdt.sys 2007-07-26 12:17 13,697 --a------ C:\WINDOWS\system32\KB_963491.exe 2007-07-26 12:17 10,000 --a------ C:\WINDOWS\system32\mkkgf65h.dll 2007-07-24 12:45 2007-07-24 11:43 2007-07-24 10:34 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-07-24 10:34 2007-07-23 13:38 2007-07-23 13:19 2007-07-23 12:48 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-07-23 12:48 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-07-22 23:21 2007-07-22 22:56 7,923 --a------ C:\WINDOWS\system32\DefLib.sys 2007-07-22 22:56 2007-07-17 19:00 2007-07-17 18:59 2007-07-17 14:46 901 --a------ C:\WINDOWS\unins002.dat 2007-07-17 14:46 673,610 --a------ C:\WINDOWS\unins002.exe 2007-07-16 19:34 25,088 --a------ C:\WINDOWS\sysvx.exe 2007-07-16 19:34 25,088 --a------ C:\sysvx.exe 2007-07-15 21:47 2007-07-15 21:29 2007-07-10 15:03 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-07-10 15:03 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-07-10 15:03 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-07-10 15:03 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-07-09 14:45 2007-07-09 11:59 2007-07-06 18:52 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-07-06 18:52 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-07-06 18:52 331,776 --a------ C:\WINDOWS\system32\winhttp.dll 2007-07-06 18:52 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-07-06 18:46 2007-07-06 18:42 549,720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-06 18:42 33,624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-06 18:42 325,976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-06 18:42 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-06 18:42 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-07-06 18:42 170,264 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-07-06 18:42 2007-07-06 12:02 2007-07-06 12:02 2007-07-05 10:51 2007-07-04 21:38 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-26 10:20:34 2,082 --s-a-w C:\WINDOWS\system32\drivers\netbios.sys 2007-07-23 17:45:18 -------- d-----w C:\Program Files\Google 2007-07-22 21:00:42 229,888 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-07-22 20:57:51 12,800 ----a-w C:\WINDOWS\system32\svchost.exe 2007-07-16 10:35:56 -------- d-----w C:\Program Files\Gadu-Gadu 2007-07-15 19:30:57 73,532 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-15 19:30:57 495,436 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-07-10 13:48:46 -------- d-----w C:\Program Files\Winamp 2007-07-09 14:25:49 -------- d-----w C:\Program Files\Generator haseł 1.0 2007-07-06 16:42:50 -------- d–h--w C:\Program Files\WindowsUpdate 2007-07-06 10:02:16 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-06-21 12:10:07 1,216 ----a-w C:\WINDOWS\unins001.dat 2007-06-19 17:44:26 -------- d-----w C:\Program Files\Activision Value 2007-06-19 05:56:28 -------- d-----w C:\Program Files\Diagnostic Tool for the Microsoft VM 2007-06-18 17:36:27 -------- d-----w C:\Program Files\Native Instruments 2007-06-18 16:27:24 -------- d-----w C:\DOCUME~1(O3503~1.O)\DANEAP~1\Google 2007-06-17 21:33:31 -------- d-----w C:\Program Files\BearShare Applications 2007-06-17 20:15:27 4 ----a-w C:\WINDOWS\system32\proc-220146841.bin 2007-06-17 20:15:27 -------- d-----w C:\DOCUME~1(O3503~1.O)\DANEAP~1\GanymedeNet 2007-06-15 08:42:34 -------- d-----w C:\DOCUME~1(O3503~1.O)\DANEAP~1\Gadu-Gadu 2007-06-15 08:15:48 613 ----a-w C:\WINDOWS\unins000.dat 2007-06-15 08:14:50 -------- d-----w C:\Program Files\VIA Technologies, INC 2007-06-15 08:13:25 -------- d-----w C:\Program Files\Gigabyte 2007-06-14 23:25:07 -------- d-----w C:\Program Files\Messenger 2007-06-14 23:07:41 -------- d-----w C:\Program Files\microsoft frontpage 2007-06-14 23:07:18 0 --sha-r C:\MSDOS.SYS 2007-06-14 23:07:18 0 --sha-r C:\IO.SYS 2007-06-14 23:07:18 0 ----a-w C:\CONFIG.SYS 2007-06-14 23:07:18 0 ----a-w C:\AUTOEXEC.BAT 2007-06-14 23:05:56 -------- d-----w C:\Program Files\Usługi online 2007-06-14 23:05:25 -------- d-----w C:\Program Files\Movie Maker 2007-06-14 23:04:39 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-06-14 23:03:58 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-14 23:03:23 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-06-14 23:03:22 -------- d-----w C:\Program Files\Windows NT 2007-06-14 22:21:55 -------- d-----w C:\Program Files\Common Files\ODBC 2007-06-14 22:21:53 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-06-07 19:10:48 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe C:\WINDOWS\system32\mswsock.dll … is infected ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25AD49A2-94F3-42BD-F434-2604812C897D}] 2007-07-26 12:17 10000 --a------ C:\WINDOWS\System32\mkkgf65h.dll [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “tlz”=C:\WINDOWS\47681728.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] “{25AD49A2-94F3-42BD-F434-2604812C897D}”= C:\WINDOWS\System32\mkkgf65h.dll [2007-07-26 12:17 10000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg] C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll 2007-07-26 12:17 12709 C:\Documents and Settings\All Users\Dokumenty\Settings\partnership.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] C:\WINDOWS\ServicePackFiles\winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xem] C:\WINDOWS\ServicePackFiles\winlogon.exe R2 ndisstd;ndisstd;??\C:\WINDOWS\system32\drivers\ndissdt.sys R2 wfprotect;wfprotect;??\C:\WINDOWS\System32\drivers\wfprotect.sys R2 wfprotects;wfprotects;??\C:\WINDOWS\System32\drivers\wfprotects.sys R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\System32\DRIVERS\fetnd5b.sys R3 rtl8180;PLANET WL-8303 Wireless PCI Adapter NT Driver;C:\WINDOWS\System32\DRIVERS\RTL8180.SYS R3 usbhub;Koncentrator z obsugĄ USB2;C:\WINDOWS\System32\DRIVERS\usbhub.sys R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft;C:\WINDOWS\System32\DRIVERS\usbuhci.sys S2 FCI;MS Internet Countermeasures Framework2b;C:\WINDOWS\System32\svchost.exe:ext.exe S3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:\WINDOWS\System32\DRIVERS\fetnd5.sys S3 NTSIM;NTSIM;??\C:\WINDOWS\System32\ntsim.sys S3 qqd.sys;qqd.sys;??\C:\qqd.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Stop Pending2 amstr32;Windows Audio Control Service;C:\WINDOWS\System32\svchost.exe -k netsvcs HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs amstr32 ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-26 17:19:13 Windows 5.1.2600 NTFS scanning hidden processes … C:\WINDOWS\system32\amstr32.exe [1928] 0x81571238 scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … C:\WINDOWS\system32\amstr32.dll C:\WINDOWS\system32\amstr32.exe scan completed successfully hidden files: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FCI] “ImagePath”=“C:\WINDOWS\System32\svchost.exe:ext.exe” Completion time: 2007-07-26 17:20:00 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-07-26 17:19 — E O F — Złączono Posta: 26.07.2007 (Czw) 18:31 no i jak?

Gutek · 27 Lipiec 2007 07:34

Pobierz program SDFix