Zawirusowany komp, pomocy

pootom · 29 Październik 2007 23:23

proszę o sprawdzenie loga i o pomoc:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:21:17, on 2007-10-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Kalendarz XP\Kalendarz.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\SAGEM WiFi manager\WLANUTL.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\RtkBtMnt.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\hiplpn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [Kalendarz XP] “C:\Program Files\Kalendarz XP\Kalendarz.exe” O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’) O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Open With JPEGCompress - res://C:\Program Files\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe – End of file - 5327 bytes

EDIT:

dodam jeszcze że NOD32 co chwila pokazuje mi komunikat o wirusie:

Zdarzenie miało miejsce w trakcie modyfikowania pliku przez aplikację: C:\WINDOWS\System32\svchost.exe. Plik został przeniesiony do kwarantanny.

EDIT2: dodam jeszcze że co chwilę też wyskakuje mi czarny ekran i pisze tam:

C://WINOWS/System32/cmd.exe

Gutek · 30 Październik 2007 00:11

usuń wpisy HJT i oczyść TEMP

Daj log z ComboFix

pootom · 30 Październik 2007 00:30

nie moge znalesc tego wpisu i jak oczyscic TEMP?

Gutek · 30 Październik 2007 00:35

Użyj ATF-Cleaner - http://www.atribune.org/ccount/click.php?id=1

Opis Combo - http://forum.dobreprogramy.pl/viewtopic.php?t=36654

pootom · 30 Październik 2007 00:40

log z Combo:

ComboFix 07-10-29.1** - Administrator 2007-10-30 1:34:24.1 - NTFSx86 Running from: C:\Documents and Settings\Administrator\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator\Pulpit\internet.lnk . ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 ))))))))))))))))))))))))))))))) . 2007-10-30 01:32 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-30 01:14 2007-10-30 01:14 2007-10-30 01:14 2007-10-30 01:14 2007-10-30 01:14 2007-10-30 01:00 2007-10-30 01:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-10-30 01:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-10-30 01:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-10-30 01:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-10-30 00:59 2007-10-30 00:59 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-30 00:36 2007-10-30 00:35 2007-10-30 00:35 2007-10-30 00:19 2007-10-29 23:52 2007-10-29 23:40 2007-10-28 12:34 2007-10-28 11:10 2007-10-28 01:18 2007-10-28 01:18 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll 2007-10-28 01:18 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL 2007-10-28 01:18 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin 2007-10-28 01:05 2007-10-27 14:30 2007-10-27 14:28 2007-10-27 13:44 2007-10-26 17:51 2007-10-26 08:55 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-10-26 01:39 143,360 --a------ C:\WINDOWS\system32\igfxres.dll 2007-10-26 00:23 2007-10-25 23:29 2007-10-25 17:44 2007-10-25 17:44 545 --a------ C:\WINDOWS\UC.PIF 2007-10-25 17:44 545 --a------ C:\WINDOWS\RAR.PIF 2007-10-25 17:44 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-10-25 17:44 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-10-25 17:44 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-10-25 17:44 545 --a------ C:\WINDOWS\LHA.PIF 2007-10-25 17:44 545 --a------ C:\WINDOWS\ARJ.PIF 2007-10-24 23:44 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-10-24 23:44 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-10-24 23:44 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-10-24 18:14 2007-10-24 18:11 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-10-24 17:51 2007-10-24 17:51 2007-10-24 17:50 2007-10-24 17:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-10-24 14:49 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-10-24 14:49 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-10-24 14:49 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-10-24 12:44 2007-10-24 12:44 954,368 --a------ C:\temp\abmaster.dll 2007-10-24 12:44 184,832 --a------ C:\temp\avfix.exe 2007-10-24 11:50 2007-10-24 11:48 2007-10-24 11:48 2007-10-24 11:39 2007-10-24 08:37 2007-10-24 08:36 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe 2007-10-24 08:36 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe 2007-10-24 08:35 2007-10-24 08:20 2007-10-24 08:20 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-10-24 08:20 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-10-24 08:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-10-22 22:54 2007-10-22 22:30 2007-10-22 22:21 2007-10-22 22:21 2007-10-22 20:29 2007-10-22 19:58 2007-10-22 19:58 1,536 --a------ C:\WINDOWS\mozver.dat 2007-10-22 19:58 4 --a------ C:\WINDOWS\system32\proc-1963933865.bin 2007-10-22 19:17 2007-10-22 19:17 2007-10-22 19:14 2007-10-22 19:14 2007-10-22 19:06 2007-10-22 18:32 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-10-22 18:18 2007-10-22 18:10 2007-10-22 18:10 2007-10-22 17:48 2007-10-22 17:41 135,168 --a------ C:\WINDOWS\system32\RtlCPAPI.dll 2007-10-22 17:41 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe 2007-10-22 17:40 2007-10-22 17:40 16,248,320 --a------ C:\WINDOWS\RTHDCPL.exe 2007-10-22 17:40 9,709,568 --a------ C:\WINDOWS\RTLCPL.exe 2007-10-22 17:40 4,304,384 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-10-22 17:40 2,879,488 --a------ C:\WINDOWS\SkyTel.exe 2007-10-22 17:40 2,808,832 --a------ C:\WINDOWS\alcwzrd.exe 2007-10-22 17:40 2,158,592 --a------ C:\WINDOWS\MicCal.exe 2007-10-22 17:40 364,544 --a------ C:\WINDOWS\RtlUpd.exe 2007-10-22 17:40 86,016 --a------ C:\WINDOWS\SoundMan.exe 2007-10-22 17:40 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2007-10-22 17:39 487,424 --a------ C:\WINDOWS\RtlExUpd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 10:10 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-22 16:39 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-10-22 13:10 --------- d-----w C:\Program Files\SAGEM WiFi manager 2007-10-22 13:09 --------- d-----w C:\Program Files\SAGEM 2007-10-22 13:09 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2007-10-22 12:18 --------- d-----w C:\Program Files\Real Alternative 2007-10-22 12:18 --------- d-----w C:\Program Files\QuickTime Alternative 2007-10-22 12:18 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-10-22 12:17 --------- d-----w C:\Program Files\Java 2007-10-22 12:16 --------- d-----w C:\Program Files\Common Files\Java 2007-10-22 12:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll 2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-07-28 01:23 86,073 ----a-w C:\WINDOWS\system32\usrfaxa.dll 2007-07-28 01:23 8,192 ----a-w C:\WINDOWS\system32\tsbyuv.dll 2007-07-28 01:23 8,192 ----a-w C:\WINDOWS\system32\streamci.dll 2007-07-28 01:23 77,891 ----a-w C:\WINDOWS\system32\usrmlnka.exe 2007-07-28 01:23 77,890 ----a-w C:\WINDOWS\system32\usrdpa.dll 2007-07-28 01:23 77,883 ----a-w C:\WINDOWS\system32\usrrtosa.dll 2007-07-28 01:23 72,192 ----a-w C:\WINDOWS\system32\sprio800.dll 2007-07-28 01:23 70,656 ----a-w C:\WINDOWS\system32\sprio600.dll 2007-07-28 01:23 69,700 ----a-w C:\WINDOWS\system32\usrshuta.exe 2007-07-28 01:23 69,699 ----a-w C:\WINDOWS\system32\usrcoina.dll 2007-07-28 01:23 69,632 ----a-w C:\WINDOWS\system32\spnike.dll 2007-07-28 01:23 61,508 ----a-w C:\WINDOWS\system32\usrprbda.exe 2007-07-28 01:23 61,500 ----a-w C:\WINDOWS\system32\usrcntra.dll 2007-07-28 01:23 57,856 ----a-w C:\WINDOWS\system32\dvdplay.exe 2007-07-28 01:23 55,296 ----a-w C:\WINDOWS\system32\dmutil.dll 2007-07-28 01:23 53,305 ----a-w C:\WINDOWS\system32\usrlbva.dll 2007-07-28 01:23 49,211 ----a-w C:\WINDOWS\system32\usrvpa.dll 2007-07-28 01:23 49,211 ----a-w C:\WINDOWS\system32\usrsdpia.dll 2007-07-28 01:23 49,209 ----a-w C:\WINDOWS\system32\usrv80a.dll 2007-07-28 01:23 49,152 ----a-w C:\WINDOWS\system32\cnbjmon.dll 2007-07-28 01:23 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll 2007-07-28 01:23 45,116 ----a-w C:\WINDOWS\system32\usrvoica.dll 2007-07-28 01:23 41,019 ----a-w C:\WINDOWS\system32\usrsvpia.dll 2007-07-28 01:23 35,328 ----a-w C:\WINDOWS\system32\pid.dll 2007-07-28 01:23 323,641 ----a-w C:\WINDOWS\system32\usrdtea.dll 2007-07-28 01:23 3,200 ----a-w C:\WINDOWS\system32\wowfax.dll 2007-07-28 01:23 20,992 ----a-w C:\WINDOWS\system32\hid.dll 2007-07-28 01:23 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll 2007-07-28 01:23 157,696 ----a-w C:\WINDOWS\system32\paqsp.dll 2007-07-28 01:23 15,360 ----a-w C:\WINDOWS\system32\pjlmon.dll 2007-07-28 01:23 147,968 ----a-w C:\WINDOWS\system32\mdwmdmsp.dll 2007-07-28 01:23 13,824 ----a-w C:\WINDOWS\system32\wowfaxui.dll 2007-07-28 01:23 102,457 ----a-w C:\WINDOWS\system32\usrv42a.dll 2007-07-28 01:15 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-07-28 01:15 140,800 ----a-w C:\WINDOWS\system32\sfc_os.dll 2007-07-27 19:47 1,548,288 ----a-w C:\WINDOWS\system32\sfcfiles.dll 2007-07-27 19:33 991,744 ----a-w C:\WINDOWS\system32\syssetup.dll 2007-07-27 19:33 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll 2007-07-27 19:33 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll 2007-07-27 19:33 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll 2007-07-27 19:33 1,329,152 ----a-w C:\WINDOWS\system32\wmspdmoe.dll 2007-07-27 19:32 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll 2007-07-27 19:32 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-07-27 19:32 534,528 ----a-w C:\WINDOWS\system32\wmdrmsdk.dll 2007-07-27 19:32 499,766 ----a-w C:\WINDOWS\system32\dxmasf.dll 2007-07-27 19:32 414,720 ----a-w C:\WINDOWS\system32\msscp.dll 2007-07-27 19:32 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll 2007-07-27 19:32 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll 2007-07-27 19:32 1,117,696 ----a-w C:\WINDOWS\system32\wmadmoe.dll 2007-07-27 19:31 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-07-27 19:31 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-07-27 19:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-07-27 19:30 343,040 ----a-w C:\WINDOWS\system32\msvcrt.dll 2007-07-27 19:30 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-07-27 19:30 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll 2007-07-27 19:30 1,844,224 ----a-w C:\WINDOWS\system32\win32k.sys 2007-07-27 19:29 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll 2007-07-27 19:29 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll 2007-07-27 19:29 36,352 ----a-w C:\WINDOWS\system32\tsgqec.dll 2007-07-27 19:29 288,768 ----a-w C:\WINDOWS\system32\rhttpaa.dll 2007-07-27 19:29 116,736 ----a-w C:\WINDOWS\system32\aaclient.dll 2007-07-27 19:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-07-27 19:28 714,240 ----a-w C:\WINDOWS\system32\sxs.dll 2007-07-27 19:28 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll 2007-07-27 19:28 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll 2007-07-27 19:28 143,360 ----a-w C:\WINDOWS\system32\nwprovau.dll 2007-07-27 19:28 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll 2007-07-27 19:28 123,392 ----a-w C:\WINDOWS\system32\oledlg.dll 2007-07-27 19:27 72,704 ----a-w C:\WINDOWS\system32\hlink.dll 2007-07-27 19:27 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll 2007-07-27 19:27 23,040 ----a-w C:\WINDOWS\system32\fltMc.exe 2007-07-27 19:27 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll 2007-07-27 19:27 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll 2007-07-27 19:27 1,439,744 ----a-w C:\WINDOWS\system32\query.dll 2007-07-27 19:26 96,792 ----a-w C:\WINDOWS\system32\basecsp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] “{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-07-19 08:42 C:\WINDOWS\SkyTel.exe] “Kalendarz XP”=“C:\Program Files\Kalendarz XP\Kalendarz.exe” [2007-05-06 16:41] “RTHDCPL”=“RTHDCPL.EXE” [2006-07-19 08:42 C:\WINDOWS\RTHDCPL.exe] “AzMixerSel”=“C:\Program Files\Realtek\InstallShield\AzMixerSel.exe” [2006-07-19 08:41] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-10-10 06:28] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-10-24 23:42] “igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [2006-06-13 08:57] “igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [2006-06-13 08:57] “igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [2006-06-13 08:57] “SDTray”=“X:\Spyware Doctor\SDTrayApp.exe” [2007-10-30 01:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09] “SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “nltide_2”=regsvr32 /s /n /i:U shell32 “nltide_3”=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,4,N C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 09:45:32] Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe [2007-10-22 14:10:14] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “DisableStatusMessages”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”=1 (0x1) “NoSMConfigurePrograms”=1 (0x1) “NoSMHelp”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “NoResolveTrack”=1 (0x1) “NoResolveSearch”=1 (0x1) [HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer] “NoSMMyPictures”=1 (0x1) “NoSMConfigurePrograms”=1 (0x1) “NoSMHelp”=1 (0x1) “NoRecentDocsMenu”=1 (0x1) “NoRecentDocsHistory”=1 (0x1) “NoResolveTrack”=1 (0x1) “NoResolveSearch”=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;??\C:\WINDOWS\system32\ZDCndis5.SYS [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService WebClient LmHosts upnphost SSDPSRV *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-30 01:37:11 Windows 5.1.2600 Dodatek Service Pack 2 NTFS detected NTDLL code modification: ZwClose scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-30 1:38:16 . — E O F —

Gutek · 30 Październik 2007 00:54

Na koniec

Pobierz program SDFix

pootom · 30 Październik 2007 01:10

Gutek2222 a oto Report:

SDFix: Version 1.112


Run by Administrator on 2007-10-30 at 02:02


Microsoft Windows XP [Wersja 5.1.2600]


Running From: C:\SDFix


Safe Mode:

Checking Services: 



Restoring Windows Registry Values

Restoring Windows Default Hosts File


Rebooting...



Normal Mode:

Checking Files: 


No Trojan Files Found





Removing Temp Files...


ADS Check:


C:\WINDOWS

No streams found. 


C:\WINDOWS\system32

No streams found. 


C:\WINDOWS\system32\svchost.exe

No streams found.


C:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


Remaining Services:

------------------




Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


Remaining Files:

---------------



Files with Hidden Attributes:



Finished!

jessica · 30 Październik 2007 06:51

SDFix też już niczego nie wykrył.

jessi