chyba mam rootkita co teraz :(((((((((((((((

01.01.07, 15:12
Mam podobny problem jak grg, też zanikający avast, nie mogę zainstalować
żadnych antywirusów, i innych tego typu programów.Wysyłam logi z hijackthis,
silent runners i gmer > twierdzi, że jest w sys rootkit hldrrr.exe.
czy konieczny będzie c: format :((((((((((((((((((((((((((((((?
pomocy

{quote} Logfile of HijackThis v1.99.1
Scan saved at 13:42:36, on 2007-01-01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\programy\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Documents and Settings\Administrator\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet3_88.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} -
C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -
C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} -
C:\Program Files\FraudEliminator\2.3.0\FETB.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD
Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\programy\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop
Architect\datray.exe" -S
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download
Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Creative Detector] "C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\swdoctor.exe" /Q
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = E:\Program
Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O17 -
HKLM\System\CCS\Services\Tcpip\..\{348EA440-5DF5-493D-AC58-4ED035178A2B}:
NameServer = 213.218.113.80,10.40.0.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{5BF11B2F-6764-4188-9AFA-DD2139CF1D9E}:
NameServer = 213.218.113.80,194.204.152.34
O17 -
HKLM\System\CS1\Services\Tcpip\..\{348EA440-5DF5-493D-AC58-4ED035178A2B}:
NameServer = 213.218.113.80,10.40.0.1
O17 -
HKLM\System\CS2\Services\Tcpip\..\{348EA440-5DF5-493D-AC58-4ED035178A2B}:
NameServer = 213.218.113.80,10.40.0.1
O17 -
HKLM\System\CS3\Services\Tcpip\..\{348EA440-5DF5-493D-AC58-4ED035178A2B}:
NameServer = 213.218.113.80,10.40.0.1
O18 - Protocol: textwareilluminatorbase -
{CE5CD329-1650-414A-8DB0-4CBF72FAED87} -
C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -
C:\Program Files\CyberLink\Shared Files\RichVideo.exe

------------------
"Silent Runners.vbs", revision 49, www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"NCLaunch" = "C:\WINDOWS\NCLAUNCH.EXe" ["Northcode Inc."]
"Desktop Architect" = ""C:\Program Files\Desktop Architect\datray.exe" -S"
["Ken Foster"]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z o.o."]
"Free Download Manager" = "C:\Program Files\Free Download Manager\fdm.exe
-autorun" [null data]
"Creative Detector" = ""C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe" /R" ["Creative Technology Ltd"]
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" [file
not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
["ATI Technologies, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Device Detector" = ""C:\Program Files\Common Files\ACD
Systems\EN\DevDetect.exe" -autorun" ["ACD Systems, Ltd."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime"
["Apple Computer, Inc."]
"avast!" = "e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [file not found]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe""
["Cyb
    • Gość: Kolobos Re: chyba mam rootkita co teraz :((((((((((((((( IP: *.crowley.pl 01.01.07, 15:36
      Przeciez pisalem, wyslij na mail'a.
      Wystarczy mi log z gmera.
    • Gość: grg Re: chyba mam rootkita co teraz :((((((((((((((( IP: *.gdynia.mm.pl 01.01.07, 17:40
      ten programik poradzil sobie w 5 minut z tym:
      pxnow.prevx.com/zeroL/InstallPREVX102000619.exe
      • Gość: Kolobos Re: chyba mam rootkita co teraz :((((((((((((((( IP: *.crowley.pl 01.01.07, 19:28
        Usuniecie go przy pomocy gmera to pare sekund...
      • Gość: grg Re: chyba mam rootkita co teraz :((((((((((((((( IP: *.gdynia.mm.pl 01.01.07, 20:46
        5 min wraz ze sciagnieciem progosika;-))))
    • medeach Re: chyba mam rootkita co teraz :((((((((((((((( 01.01.07, 23:13
      dzięki
      Udało mi się zainstalować avasta, ale chyba nadal mam rootkita bo przed chwilą
      znowu łączył się sam komp z dziwną stroną i znów mi zniknął. To chyba nie będzie
      takie proste...

      • Gość: Kolobos Re: chyba mam rootkita co teraz :((((((((((((((( IP: *.crowley.pl 01.01.07, 23:39
        Nie zrobilas tego o co prosilem i zapewne sciagnelo sie znowu.
        Zrob jeszcze raz to samo tylko tym razem usun plik, teraz jeden pominelas i to jest powodem.
Pełna wersja