Ja usunąć trojany

Witam mam problem z trojanami takimi jak DNS. Downloader proszę pomóc mi je usunąć Spryware Doctor wykrywa ale nie usuwa. Trojan.DNS_Changer HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{521D9380-E3C7-4029-9C41-CD119AD2B69B}##NameServer Wysokie Trojan.DNS_Changer HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{521D9380-E3C7-4029-9C41-CD119AD2B69B}##NameServer Wysokie Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:27, on 2007-10-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Windows Defender\MSASCui.exe F:\Program Files\RivaTuner v2.05\RivaTuner.exe D:\Program Files\D-Tools\daemon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe D:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\swdoctor.exe D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\taskmgr.exe F:\HiJackThis\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.05\RivaTuner.exe" /S O4 - HKLM\..\Run: [RivaTuner] "F:\Program Files\RivaTuner v2.05\RivaTuner.exe" /T O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [TuneUp MemOptimizer] "D:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{521D9380-E3C7-4029-9C41-CD119AD2B69B}: NameServer = 85.255.115.46 85.255.112.213 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10318 bytes SmitFraudFix v2.242 Scan done at 22:02:32,75, 2007-10-28 Run from F:\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End i też nie usuwają prosze podać dokładnie jak to zrobić.. dzieki

OK, no problem meen :P

łajt-nyga

Dodano: 23.03.2008 21:27:08

Mamy nowego archeologa na forum i w dodatku reklamuje się [sądząc po nicku] jako Negr albinos, albo odwrotnie - nieco przypalony "białas" jak kto woli. A pracowity jak diabli. Odkopał już parę mumii.

Endrju

Dodano: 12.03.2008 15:04:02

łajt-nyga 16.03.2008 00:22:29

[quote=Endrju]Mamy nowego archeologa na forum i w dodatku reklamuje się [sądząc po nicku] jako Negr albinos, albo odwrotnie - nieco przypalony "białas" jak kto woli. A pracowity jak diabli. Odkopał już parę mumii.[/quote] Mogę zmienić nick jeśli kogoś obraziłem nieumyślnie.Czy coś nie tak napisałem, czy po prostu czepnąłeś się mnie tak dla profilaktyki?? ^^" Ekspercie....
Endrju 17.03.2008 08:08:27

[quote=łajt-nyga][quote=Endrju]Mamy nowego archeologa na forum i w dodatku reklamuje się [sądząc po nicku] jako Negr albinos, albo odwrotnie - nieco przypalony "białas" jak kto woli. A pracowity jak diabli. Odkopał już parę mumii.[/quote] Mogę zmienić nick jeśli kogoś obraziłem nieumyślnie.Czy coś nie tak napisałem, czy po prostu czepnąłeś się mnie tak dla profilaktyki?? ^^" Ekspercie....[/quote] Co do nicka nie czepnąłem się tylko zwróciłem uwagę na jego oryginalność, mnie na pewno nie obraziłeś nim :mryellow:, za innych się nie wypowiadam. Niemniej nie zmieniaj, bo gdyby coś było na rzeczy tobyś już otrzymał grzeczną prośbę o zmianę od zawiadujacych forum. Jedynie, co możesz i powinieneś uwzględnić to nie wyszukiwanie archiwalnych postów i odświeżanie ich na siłę, chyba, że zahaczają o Twój przypadek, wówczas jak najbardziej tak. Pozdrawiam Endrju

Small Mike - na jakiej ppodstawie tak twierdzisz ? BTW - Pomijam fakt, że temat już dobrze mchem obrośnięty jest ...

Żółty

Dodano: 12.03.2008 14:21:54

do sfixowania combofixem C:\WINDOWS\Explorer.EXE

Small Mike

Dodano: 10.03.2008 15:32:40

[b]HRABIA[/b] ja bym na twoim miejscu oprócz tego co radzi [b]Żółty[/b] zaopatrzyć się w Spybot Search&Destroy lub Windows Defender.Dobry firewall także byłby mile widziany.co do firewalli możesz wybierać między Kerio Personal Firewall, Zone alarm lub Comodo Personal Firewall.

łajt-nyga

Dodano: 09.03.2008 18:24:22

mam problem z usunieciem okna micro bill systems otwiera sie juz na 10 minut mam avasta czy on to zdziala ?

mariolaborowiecka

Dodano: 02.11.2007 00:13:37

HRABIO - czy to są logi "Hijack, SilentRunners, Combofix i FixwareOut " ?? Nie będziemy sie tak bawić w nieskończoność - albo dajesz logi i działamy dalej albo zapytaj o to czego nie rozumiesz albo zwijamy temat w rulonik i pieczętujemy kłódeczką.

Żółty

Dodano: 30.10.2007 12:04:58

Gdzie są logi o które prosiłem ??

Żółty

Dodano: 29.10.2007 02:57:42

HRABIA 30.10.2007 11:07:56

[quote=Żółty]Gdzie są logi o które prosiłem ??[/quote] nie wiem ale chyba to jest to ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:02:42, on 2007-10-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Spyware Doctor\svcntaux.exe D:\Program Files\Spyware Doctor\swdsvc.exe D:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Messenger\msmsgs.exe F:\HiJackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{521D9380-E3C7-4029-9C41-CD119AD2B69B}: NameServer = 85.255.115.46 85.255.112.213 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10207 bytes

Użyj FizwareOut -> [url]http://cybertrash.pl/images/tata/FixwareOut.html[/url] Po robocie logi pokaż - Hijack, SilentRunners, Combofix i FixwareOut

Żółty

Dodano: 28.10.2007 23:52:33

HRABIA 29.10.2007 02:10:47

[quote=Żółty]Użyj FizwareOut -> [url]http://cybertrash.pl/images/tata/FixwareOut.html[/url] Po robocie logi pokaż - Hijack, SilentRunners, Combofix i FixwareOut[/quote] przeskanowałem nie wiem czy dobrze zainstalowałem otworzył się dos zrestartował się system i ok //..spyware doctor.. Nazwa infekcji Lokalizacja Ryzyko Trojan.DNS_Changer HKLM\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{521D9380-E3C7-4029-9C41-CD119AD2B69B}##NameServer Wysokie Trojan.DNS_Changer HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{521D9380-E3C7-4029-9C41-CD119AD2B69B}##NameServer Wysokie Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:43:56, on 2007-10-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Messenger\msmsgs.exe F:\HiJackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{521D9380-E3C7-4029-9C41-CD119AD2B69B}: NameServer = 85.255.115.46 85.255.112.213 O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - D:\Program Files\Spik\url_wpmsg.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9975 bytes **** Run Keys **** RUN: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide RUN: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup RUN: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe RUN: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" RUN: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" RUN: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q RUN: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe RUN: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler RUN: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe RUN: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" RUN: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit **** Browser Helper Objects **** BHO: [Adobe PDF Reader Link Helper] C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll BHO: [Windows Live Sign-in Helper] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: [CNisExtBho Class] C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll BHO: [CNavExtBho Class] C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll **** IE Toolbars **** TOOLBAR: [Norton Internet Security] C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll **** IE Extensions **** IEExt: [] IEExt: [Badanie] IEExt: [Badanie] IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe **** Hosts File Entries **** HOSTS: 127.0.0.1 localhost HOSTS: 127.0.0.1 localhost **** IE Settings **** Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch **** IE Context Menu (Right click) **** IEContext: [E&ksport do programu Microsoft Excel] res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 **** Layered Service Providers **** LSP: MSAFD Irda [IrDA] LSP: MSAFD Tcpip [TCP/IP] LSP: MSAFD Tcpip [UDP/IP] LSP: RSVP UDP Service Provider LSP: RSVP TCP Service Provider LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CEFCA3B0-7479-4CD5-884E-6A6122077630}] SEQPACKET 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CEFCA3B0-7479-4CD5-884E-6A6122077630}] DATAGRAM 5 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E91B3C1-BCAD-47EF-8B23-602C06D1C700}] SEQPACKET 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4E91B3C1-BCAD-47EF-8B23-602C06D1C700}] DATAGRAM 4 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{870FC580-5B3F-486A-8A52-FE25D5BFF5C4}] SEQPACKET 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{870FC580-5B3F-486A-8A52-FE25D5BFF5C4}] DATAGRAM 1 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A7278796-919F-4217-A9BB-FEEA66968723}] SEQPACKET 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A7278796-919F-4217-A9BB-FEEA66968723}] DATAGRAM 2 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{521D9380-E3C7-4029-9C41-CD119AD2B69B}] SEQPACKET 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{521D9380-E3C7-4029-9C41-CD119AD2B69B}] DATAGRAM 0 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A47C5BC7-9E41-4890-82C6-4B27E94CF32E}] SEQPACKET 3 LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A47C5BC7-9E41-4890-82C6-4B27E94CF32E}] DATAGRAM 3 **** Blocked Control Panel Items **** BLOCKED: [ncpa.cpl] No BLOCKED: [odbccp32.cpl] No **** Downloaded Program Files **** {33564D57-0000-0010-8000-00AA00389B71} [http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB] {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab] **** Windows Services **** [Alerter] %SystemRoot%\system32\svchost.exe -k LocalService [ALG] %SystemRoot%\System32\alg.exe [Apple Mobile Device] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs [aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [BITS] %SystemRoot%\system32\svchost.exe -k netsvcs [Browser] %SystemRoot%\system32\svchost.exe -k netsvcs [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" [ccProxy] "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" [ccPwdSvc] "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" [CiSvc] %SystemRoot%\system32\cisvc.exe [ClipSrv] %SystemRoot%\system32\clipsrv.exe [clr_optimization_v2.0.50727_32] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch [Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs [dmadmin] %SystemRoot%\System32\dmadmin.exe /com [dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs [Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService [ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs [Eventlog] %SystemRoot%\system32\services.exe [EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs [FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs [FontCache3.0.0.0] C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [gusvc] "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [Harmonogram automatycznej usługi LiveUpdate] "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs [HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter [IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [idsvc] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [ImapiService] C:\WINDOWS\system32\imapi.exe [Irmon] %SystemRoot%\system32\svchost.exe -k netsvcs [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe" [lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs [lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs [LiveUpdate] "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService [MDM] "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs [mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe [MSDTC] C:\WINDOWS\system32\msdtc.exe [MSIServer] C:\WINDOWS\system32\msiexec.exe /V [MSSQL$INSERTGT] "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINSERTGT [MSSQLServerADHelper] "C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [navapsvc] "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" [NBService] C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe [NetDDE] %SystemRoot%\system32\netdde.exe [NetDDEdsdm] %SystemRoot%\system32\netdde.exe [Netlogon] %SystemRoot%\system32\lsass.exe [Netman] %SystemRoot%\System32\svchost.exe -k netsvcs [NetTcpPortSharing] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [Nla] %SystemRoot%\system32\svchost.exe -k netsvcs [NMIndexingService] "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [NtLmSsp] %SystemRoot%\system32\lsass.exe [NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs [NVSvc] %SystemRoot%\system32\nvsvc32.exe [OODefrag] C:\WINDOWS\system32\oodag.exe [ose] "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [PlugPlay] %SystemRoot%\system32\services.exe [Pml Driver HPZ12] C:\WINDOWS\system32\HPZipm12.exe [PolicyAgent] %SystemRoot%\system32\lsass.exe [Prime95 Service] [ProtectedStorage] %SystemRoot%\system32\lsass.exe [RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs [RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs [RDSessMgr] C:\WINDOWS\system32\sessmgr.exe [RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs [RpcLocator] %SystemRoot%\system32\locator.exe [RpcSs] %SystemRoot%\system32\svchost -k rpcss [RSVP] %SystemRoot%\system32\rsvp.exe [SamSs] %SystemRoot%\system32\lsass.exe [SAVScan] "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" [SBService] C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [SCardSvr] %SystemRoot%\System32\SCardSvr.exe [Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs [SDhelper] C:\Program Files\Spyware Doctor\sdhelp.exe [seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs [SENS] %SystemRoot%\system32\svchost.exe -k netsvcs [ServiceLayer] "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" [SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs [ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs [SNDSrvc] "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" [SPBBCSvc] "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" [Spooler] %SystemRoot%\system32\spoolsv.exe [SQLBrowser] "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [SQLWriter] "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [srservice] %SystemRoot%\system32\svchost.exe -k netsvcs [SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService [stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc [SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{0D1F040F-6C5D-4684-A906-D72C7D8C90C9} [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [SysmonLog] %SystemRoot%\system32\smlogsvc.exe [TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs [TermService] %SystemRoot%\System32\svchost -k DComLaunch [Themes] %SystemRoot%\System32\svchost.exe -k netsvcs [TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs [upnphost] %SystemRoot%\system32\svchost.exe -k LocalService [UPS] %SystemRoot%\System32\ups.exe [VSS] %SystemRoot%\System32\vssvc.exe [W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs [WebClient] %SystemRoot%\system32\svchost.exe -k LocalService [WinDefend] "C:\Program Files\Windows Defender\MsMpEng.exe" [winmgmt] %systemroot%\system32\svchost.exe -k netsvcs [WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs [WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe [WMPNetworkSvc] "C:\Program Files\Windows Media Player\WMPNetwk.exe" [wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs [wuauserv] %systemroot%\system32\svchost.exe -k netsvcs [WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup [WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs [xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs **** Custom IE Search Items **** SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SEARCH: [AutoSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm SEARCH: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch **** Complete IE Options **** IEOPT: [NoUpdateCheck] IEOPT: [NoJITSetup] IEOPT: [Disable Script Debugger] no IEOPT: [Show_ChannelBand] No IEOPT: [Anchor Underline] yes IEOPT: [Cache_Update_Frequency] Once_Per_Session IEOPT: [Display Inline Images] yes IEOPT: [Do404Search] IEOPT: [Save_Session_History_On_Exit] no IEOPT: [Show_FullURL] no IEOPT: [Show_StatusBar] yes IEOPT: [Show_ToolBar] yes IEOPT: [Show_URLinStatusBar] yes IEOPT: [Show_URLToolBar] yes IEOPT: [Use_DlgBox_Colors] yes IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IEOPT: [FullScreen] no IEOPT: [Window_Placement] , IEOPT: [NotifyDownloadComplete] no IEOPT: [XMLHTTP] IEOPT: [UseClearType] yes IEOPT: [Enable Browser Extensions] yes IEOPT: [Play_Background_Sounds] yes IEOPT: [Play_Animations] yes IEOPT: [CompatibilityFlags] IEOPT: [SearchMigrated] IEOPT: [ShowedCheckBrowser] Yes IEOPT: [Check_Associations] no IEOPT: [AlwaysShowMenus] IEOPT: [RunOnceHasShown] IEOPT: [RunOnceComplete] IEOPT: [Use FormSuggest] yes IEOPT: [Move System Caret] no IEOPT: [Expand Alt Text] no IEOPT: [Print_Background] no IEOPT: [Show image placeholders] IEOPT: [Enable AutoImageResize] yes IEOPT: [Friendly http errors] yes IEOPT: [EnableSearchPane] IEOPT: [SmoothScroll] IEOPT: [AllowWindowReuse] IEOPT: [Page_Transitions] IEOPT: [FavIntelliMenus] no IEOPT: [UseThemes] IEOPT: [DisableScriptDebuggerIE] yes IEOPT: [Force Offscreen Composition] IEOPT: [Error Dlg Displayed On Every Error] no IEOPT: [NscSingleExpand] IEOPT: [AutoSearch] IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IEOPT: [Use Custom Search URL] IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IEOPT: [Enable_Disk_Cache] yes IEOPT: [Cache_Percent_of_Disk] IEOPT: [Delete_Temp_Files_On_Exit] yes IEOPT: [Anchor_Visitation_Horizon] IEOPT: [Use_Async_DNS] yes IEOPT: [Placeholder_Width] IEOPT: [Placeholder_Height] IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IEOPT: [CompanyName] Microsoft Corporation IEOPT: [Custom_Key] MICROSO IEOPT: [Wizard_Version] 6.0.2600.0000 IEOPT: [FullScreen] no IEOPT: [Default_Secondary_Page_URL] IEOPT: [Extensions Off Page] about:NoAdd-ons IEOPT: [Security Risk Page] about:SecurityRisk IEOPT: [Check_Associations] yes SmitFraudFix v2.242 Scan done at 0:45:24,29, 2007-10-29 Run from F:\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

Ja usunąć trojany

Odpowiedzi: 9