Misiek102K utworzono 19 czerwca 2007 utworzono 19 czerwca 2007 Witam. Mam problem. Mianowicie podczas startu komputera, gdy pojawia się pulpit występuje komunikat: Wystąpił błąd podczas ładowania C:WINDOWSsystem32ungpvogn.dll Odmowa dostępu Proszę o pomoc. Gdy klikam na start -> Uruchom -> wpisuje msconfig -> zakładka uruchamianie, mam zaznaczone, że ten plik się uruchamia. Nie wiem czy go wyłączyć czy jest potrzebny. Proszę o pomoc najlepiej kogoś kto się zna. Z góry dziękuję.
Przemek komentarz 19 czerwca 2007 komentarz 19 czerwca 2007 Wylacz. Najwyzej w trybie awaryjnym wlaczysz.
CatchMe komentarz 19 czerwca 2007 komentarz 19 czerwca 2007 a wiecie, że C:WINDOWSsystem32ungpvogn.dll to jest wirus? Misiek102K wklej logi z HijackThis + Silent Runners + ComboFix
Misiek102K komentarz 19 czerwca 2007 Autor komentarz 19 czerwca 2007 Co ? Nie rozumiem nic z tych logów... I po co to trzeba wklejać ? Jeżeli to wirus to nie wystarczy wyłączyć ?
CatchMe komentarz 19 czerwca 2007 komentarz 19 czerwca 2007 http://www.forumpc.pl/viewtopic.php?t=11017 http://www.forumpc.pl/viewtopic.php?t=11018 Masz tu wszystko opisane. ps. nie wystarczy - wygląda na Vundo.
Misiek102K komentarz 19 czerwca 2007 Autor komentarz 19 czerwca 2007 Skoro tak mówisz.... spróbuję. Mam te loga tu wkleić, do sprawdzenia ? I co to znaczy - wklejamy w tagach ? Co da to, że wkleję te loga ? Jak usunąć tego wirusa ? Programem Cobmbofix, czy on też robi tylko loga ?
Misiek102K komentarz 20 czerwca 2007 Autor komentarz 20 czerwca 2007 Ok. Już mam logi. Ale co to znaczy wkleić w tagach ? [ Dodano: 2007-06-20, 16:12 ] A tu wklejam normalnie logo z HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 16:10:51, on 2007-06-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesTGTSoftStyleXPStyleXPService.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSsystem32ntvdm.exe C:WINDOWSsystem32nvsvc32.exe C:WINDOWSsystem32svchost.exe E:Program FilesCyberLinkPowerDVDPDVDServ.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Program FilesMessengermsmsgs.exe D:Program FilesGadu-Gadugg.exe C:Program FilesTGTSoftStyleXPStyleXP.exe C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe C:Program FilesRALINKCommonRaUI.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:WINDOWSsystem32wuauclt.exe C:Program FilesOperaOpera.exe C:Documents and SettingsuserPulpitHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza F3 - REG:win.ini: load=C:YDPDictwatch.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file) O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O2 - BHO: (no name) - {A416D604-EAA3-4618-958C-2ECA22414616} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:Program FilesTGTSoftStyleXPTGT_BHO.dll O2 - BHO: (no name) - {EA112E8A-F025-4D7F-B393-23E59683A6D8} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [RemoteControl] "E:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKLM..Run: [EasyTuneV] C:Program FilesGigabyteET5GUI.exe O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [Emurayden PSX Emulator] C:WINDOWSsystem32NeroCheck.exe O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" O4 - HKCU..Run: [Odkurzacz-MCD] C:Program FilesOdkurzaczodk_mcd.exe O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [sTYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide O4 - Global Startup: Ralink Wireless Utility.lnk = C:Program FilesRALINKCommonRaUI.exe O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW O8 - Extra context menu item: Download All by FlashGet - E:Program FilesFlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - E:Program FilesFlashGetjc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRA~1FlashGetflashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRA~1FlashGetflashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLMSystemCCSServicesTcpip..{B2D546C6-61B4-462A-B665-A92C04795E6A}: NameServer = 213.134.128.19,213.134.128.20 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - Winlogon Notify: ddaba - C:WINDOWSsystem32ddaba.dll (file missing) O20 - Winlogon Notify: rqromjh - rqromjh.dll (file missing) O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:Program FilesCommon FilesInstallShield SharedServiceInstallShield Licensing Service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:Program FilesTGTSoftStyleXPStyleXPService.exe [ Dodano: 2007-06-20, 16:20 ] A to z ComboFixa : ComboFix 07-06-18.2 - C:Documents and SettingsuserPulpitComboFix.exe "user" - 2007-06-20 16:16:06 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:Program FilesMyGlobalSearch C:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR C:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST C:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR C:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST C:Program FilesMyGlobalSearchbar1.binM9PLUGIN.DLL C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL C:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL C:Program FilesMyGlobalSearchbarCache0001055A C:Program FilesMyGlobalSearchbarCache00DBC9A0 C:Program FilesMyGlobalSearchbarCache00DBCC11 C:Program FilesMyGlobalSearchbarCachefiles.ini C:Program FilesMyGlobalSearchbarHistorysearch C:Program FilesMyGlobalSearchbarSettingsprevcfg.htm C:WINDOWShosts C:WINDOWSregedit.com C:WINDOWSsystem32msxml3a.dll C:WINDOWSsystem32taskmgr.com ((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 ))))))))))))))))))))))))))))))) 2007-06-20 16:15 49,152 --a------ C:WINDOWSnircmd.exe 2007-06-16 00:43 <DIR> d-------- C:Program FilesePSXe 2007-06-12 20:02 <DIR> d-------- C:Program FilesSystemRequirementsLab 2007-06-12 20:01 <DIR> d-------- C:DOCUME~1userSystemRequirementsLab 2007-06-07 16:02 149,376 --a------ C:WINDOWSsystem32driverstffsport.sys 2007-06-05 15:47 <DIR> d-------- C:Program FilesGTA2 2007-06-01 21:21 <DIR> d-------- C:Program FilesHamachi 2007-05-31 21:41 <DIR> d-------- C:Program FilesvanBasco's Karaoke Player 2007-05-29 15:34 <DIR> d-------- C:DOCUME~1userDANEAP~1SecondLife (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-06-16 22:05:51 -------- d-----w C:Program FilesTGTSoft 2007-06-19 22:15:07 -------- d-----w C:DOCUME~1userDANEAP~1Hamachi 2007-06-19 22:15:05 -------- d-----w C:DOCUME~1userDANEAP~1Skype 2007-06-17 18:33:15 -------- d-----w C:DOCUME~1userDANEAP~1Azureus 2007-06-17 18:33:02 -------- d-----w C:Program FilesOdkurzacz 2007-06-01 19:21:58 17,480 ----a-w C:WINDOWSsystem32drivershamachi.sys 2007-05-31 14:20:24 -------- d-----w C:Program FilesOpera 2007-05-19 12:00:49 -------- d-----w C:Program FilesASIO4ALL v2 2007-05-18 15:18:09 -------- d-----w C:Program FilesAzureus 2007-05-16 14:09:47 496,178 --sh--w C:WINDOWSsystem32abadd.ini2 2007-05-16 13:50:29 600,304 --sh--w C:WINDOWSsystem32abadd.bak2 2007-05-15 18:14:12 -------- d-----w C:Program FilesBearShare 2007-05-14 21:07:51 -------- d-----w C:Program FilesISO Commander 2007-05-11 23:33:00 67,298 ----a-w C:WINDOWSsystem32perfc015.dat 2007-05-11 23:33:00 436,322 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-11 23:31:37 -------- d-----w C:Program FilesMicrosoft Bootvis 2007-05-11 23:11:17 -------- d-----w C:Program FilesCCleaner 2007-05-09 13:15:57 613,494 --sh--w C:WINDOWSsystem32abadd.bak1 2007-05-06 18:06:56 -------- d-----w C:DOCUME~1userDANEAP~1gtk-2.0 2007-05-06 17:15:50 -------- d-----w C:Program FilesGIMP-2.0 2007-05-06 17:15:15 -------- d-----w C:Program FilesCommon FilesGTK 2007-04-30 15:46:10 745,600 ----a-w C:WINDOWSsystem32aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:WINDOWSsystem32driversaswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:WINDOWSsystem32driversaswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:WINDOWSsystem32driversaswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:WINDOWSsystem32driversaswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:WINDOWSsystem32driversaavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:WINDOWSsystem32AVASTSS.scr 2007-04-09 22:04:18 52,122 ----a-w C:WINDOWSWar3Unin.dat 2007-04-09 22:04:10 2,829 ----a-w C:WINDOWSWar3Unin.pif 2007-04-09 22:04:10 139,264 ----a-w C:WINDOWSWar3Unin.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:Program FilesJavajre1.6.0_01binssv.dll [2007-03-14 03:43] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar2.dll [2007-01-20 00:55] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll [2008-06-17 11:12] {C333CF63-767F-4831-94AC-E683D962C63C}=C:Program FilesTGTSoftStyleXPTGT_BHO.dll [2006-05-10 01:13] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "nwiz"="nwiz.exe" [2005-06-15 11:20 C:WINDOWSsystem32nwiz.exe] "RemoteControl"="E:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2003-10-31 20:42] "EasyTuneV"="C:Program FilesGigabyteET5GUI.exe" [2004-06-14 11:54] "Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "Adobe Photo Downloader"="C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" [2005-06-06 23:46] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Odkurzacz-MCD"="C:Program FilesOdkurzaczodk_mcd.exe" [2006-08-03 00:46] "swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2008-06-17 11:12] "MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24] "Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-04-17 23:41] "STYLEXP"="C:Program FilesTGTSoftStyleXPStyleXP.exe" [2006-05-24 20:31] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyddaba] C:WINDOWSsystem32ddaba.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyrqromjh] rqromjh.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartCorel MEDIA FOLDERS INDEXER 8.LNK backup=C:WINDOWSpssCorel MEDIA FOLDERS INDEXER 8.LNKCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAd-Aware] "C:Program FilesLavasoftAd-Aware SE ProfessionalAd-Aware.exe" +c [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBearShare] "C:Program FilesBearShareBearShare.exe" /pause [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033 [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task] "E:Program FilesQuickTimeqttask.exe" -atboottime [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSemanticInsight] C:Program FilesRXToolBarSemantic InsightSemanticInsight.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9 [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVS Online] "C:Program FilesVS OnlineVSOnline.exe" /tray [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent] C:Program FilesWinampwinampa.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-20 16:17:55 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-20 16:18:19 C:ComboFix-quarantined-files.txt ... 2007-06-20 16:18 --- E O F ---
CatchMe komentarz 20 czerwca 2007 komentarz 20 czerwca 2007 1. Ściągnij: WWDC - Zmień wszystkie opcje z disable na enable i uruchom ponownie komputer. - Prawidłowy układ portów przedstawia zdjęcie: http://www.firewallleaktester.com/images_site/wwdc.jpg * NetBIOS może być żółty. Pobierz i uruchom narzędzie : The Avenger Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz: Files to delete: C:WINDOWSsystem32abadd.ini2 C:WINDOWSsystem32abadd.bak2 C:WINDOWSsystem32ddaba.dll C:WINDOWSsystem32rqromjh.dll C:WINDOWSsystem32ungpvogn.dll registry keys to delete: HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyrqromjh HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyddaba Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK. Po restarcie w HijackThis usuwasz wpis/wpisy: O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file) O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file) O2 - BHO: (no name) - {A416D604-EAA3-4618-958C-2ECA22414616} - (no file) O2 - BHO: (no name) - {EA112E8A-F025-4D7F-B393-23E59683A6D8} - (no file) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O8 - Extra context menu item: &Search - http://kw.bar.need2find.c...earch.html?p=KW O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file) O20 - Winlogon Notify: ddaba - C:WINDOWSsystem32ddaba.dll (file missing) O20 - Winlogon Notify: rqromjh - rqromjh.dll (file missing) O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix.
Misiek102K komentarz 20 czerwca 2007 Autor komentarz 20 czerwca 2007 Z Avangera : Logfile of The Avenger version 1, by Swandog46 Running from registry key: RegistryMachineSystemCurrentControlSetServicestuttcwyh ******************* Script file located at: ??C:cilflvrq.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:Avenger ******************* Beginning to process script file: File C:WINDOWSsystem32abadd.ini2 deleted successfully. File C:WINDOWSsystem32abadd.bak2 deleted successfully. File C:WINDOWSsystem32ddaba.dll not found! Deletion of file C:WINDOWSsystem32ddaba.dll failed! Could not process line: C:WINDOWSsystem32ddaba.dll Status: 0xc0000034 File C:WINDOWSsystem32rqromjh.dll not found! Deletion of file C:WINDOWSsystem32rqromjh.dll failed! Could not process line: C:WINDOWSsystem32rqromjh.dll Status: 0xc0000034 File C:WINDOWSsystem32ungpvogn.dll not found! Deletion of file C:WINDOWSsystem32ungpvogn.dll failed! Could not process line: C:WINDOWSsystem32ungpvogn.dll Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyrqromjh deleted successfully. Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyddaba deleted successfully. Completed script processing. ******************* Finished! Terminate. Z HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 18:51:21, on 2007-06-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesTGTSoftStyleXPStyleXPService.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe E:Program FilesCyberLinkPowerDVDPDVDServ.exe C:PROGRA~1ALWILS~1Avast4ashDisp.exe C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe C:Program FilesMessengermsmsgs.exe D:Program FilesGadu-Gadugg.exe C:Program FilesTGTSoftStyleXPStyleXP.exe C:WINDOWSsystem32nvsvc32.exe C:Program FilesRALINKCommonRaUI.exe C:WINDOWSsystem32svchost.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:Program FilesOperaOpera.exe C:WINDOWSsystem32wscntfy.exe C:Documents and SettingsuserPulpitTworzenie logaavenger.exe C:Documents and SettingsuserPulpitTworzenie logaHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:Program FilesTGTSoftStyleXPTGT_BHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:PROGRA~1FlashGetfgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [RemoteControl] "E:Program FilesCyberLinkPowerDVDPDVDServ.exe" O4 - HKLM..Run: [EasyTuneV] C:Program FilesGigabyteET5GUI.exe O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKCU..Run: [Odkurzacz-MCD] C:Program FilesOdkurzaczodk_mcd.exe O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [sTYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide O4 - Global Startup: Ralink Wireless Utility.lnk = C:Program FilesRALINKCommonRaUI.exe O8 - Extra context menu item: Download All by FlashGet - E:Program FilesFlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - E:Program FilesFlashGetjc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRA~1FlashGetflashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRA~1FlashGetflashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O17 - HKLMSystemCCSServicesTcpip..{B2D546C6-61B4-462A-B665-A92C04795E6A}: NameServer = 213.134.128.19,213.134.128.20 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:Program FilesCommon FilesInstallShield SharedServiceInstallShield Licensing Service.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:Program FilesTGTSoftStyleXPStyleXPService.exe Z Silent Runners : "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "Odkurzacz-MCD" = "C:Program FilesOdkurzaczodk_mcd.exe" ["Franmo Software"] "swg" = "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" ["Google Inc."] "MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS] "Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."] "STYLEXP" = "C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide" [empty string] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "RemoteControl" = ""E:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."] "EasyTuneV" = "C:Program FilesGigabyteET5GUI.exe" [empty string] "Sony Ericsson PC Suite" = ""C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"] "avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "Adobe Photo Downloader" = ""C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"" ["Adobe Systems Incorporated"] "NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Notifier BHO" InProcServer32(Default) = "C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll" ["Google Inc."] {C333CF63-767F-4831-94AC-E683D962C63C}(Default) = "TGTSoft Explorer Toolbar Changer" -> {HKLM...CLSID} = "CoTGT_BHO Class" InProcServer32(Default) = "C:Program FilesTGTSoftStyleXPTGT_BHO.dll" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{0A082D00-EC93-11D0-B1E6-80580BC10627}" = "Corel Media Folder Root Menu Handler" -> {HKLM...CLSID} = "Corel Media Folder Root Menu Handler" InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string] "{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}" = "Folder To Corel Media Folder Menu Handler" -> {HKLM...CLSID} = "Folder To Corel Media Folder Menu Handler" InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string] "{854AF161-1AE1-11D1-AB9B-00C0F00683EB}" = "Corel Media Folder" -> {HKLM...CLSID} = "Corel Media Folder" InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string] "{E856F161-1AE5-11d1-AB9B-00C0F00683EB}" = "Corel Media Folder" -> {HKLM...CLSID} = "Corel Media Folder" InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string] "{CDB89701-262F-11D1-AB9C-00C0F00683EB}" = "Corel Media Find Folder" -> {HKLM...CLSID} = "Corel Media Find Folder" InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string] "{F8152501-455F-11D1-B1E6-444553540000}" = "Corel Media Folder Copy Hook Handler" -> {HKLM...CLSID} = "Corel Media Folder Copy Hook Handler" InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string] "{8E524B0D-04F0-11D1-B74A-00A0C90646A4}" = "IconFactTemp.NSIconHandlerFactory" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:CorelGraphics8programsCNSFlt80.dll" ["Corel Corporation"] "{A2AC368A-F883-11D0-B745-00A0C90646A4}" = "NSFiltManDll.FiltManCom" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:CorelGraphics8programsCNSFlt80.dll" ["Corel Corporation"] "{B63FCD5A-2396-11D1-B762-00A0C90646A4}" = "*_" (unwritable string) -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "C:CorelGraphics8programsCMFFnd80.dll" ["Corel Corporation"] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" InProcServer32(Default) = "C:Program FilesSony EricssonMobile2File Managerfmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] VersionsMenu(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}" -> {HKLM...CLSID} = "Corel Versions" InProcServer32(Default) = "C:CORELVersionsCVersion.dll" ["Corel Corporation Limited"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "e:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers FolderToCorelMediaFolder(Default) = "{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}" -> {HKLM...CLSID} = "Folder To Corel Media Folder Menu Handler" InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "e:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] VersionsMenu(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}" -> {HKLM...CLSID} = "Corel Versions" InProcServer32(Default) = "C:CORELVersionsCVersion.dll" ["Corel Corporation Limited"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "e:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "C:Documents and SettingsuserUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp" Z ComboFix : ComboFix 07-06-18.2 - C:Documents and SettingsuserPulpitTworzenie logaComboFix.exe "user" - 2007-06-20 18:57:08 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 ))))))))))))))))))))))))))))))) 2007-06-20 16:22 <DIR> d-------- C:ComboFix i inne 2007-06-20 16:15 49,152 --a------ C:WINDOWSnircmd.exe 2007-06-16 00:43 <DIR> d-------- C:Program FilesePSXe 2007-06-12 20:02 <DIR> d-------- C:Program FilesSystemRequirementsLab 2007-06-12 20:01 <DIR> d-------- C:DOCUME~1userSystemRequirementsLab 2007-06-07 16:02 149,376 --a------ C:WINDOWSsystem32driverstffsport.sys 2007-06-05 15:47 <DIR> d-------- C:Program FilesGTA2 2007-06-01 21:21 <DIR> d-------- C:Program FilesHamachi 2007-05-31 21:41 <DIR> d-------- C:Program FilesvanBasco's Karaoke Player 2007-05-29 15:34 <DIR> d-------- C:DOCUME~1userDANEAP~1SecondLife (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2008-06-16 22:05:51 -------- d-----w C:Program FilesTGTSoft 2007-06-19 22:15:07 -------- d-----w C:DOCUME~1userDANEAP~1Hamachi 2007-06-19 22:15:05 -------- d-----w C:DOCUME~1userDANEAP~1Skype 2007-06-17 18:33:15 -------- d-----w C:DOCUME~1userDANEAP~1Azureus 2007-06-17 18:33:02 -------- d-----w C:Program FilesOdkurzacz 2007-06-01 19:21:58 17,480 ----a-w C:WINDOWSsystem32drivershamachi.sys 2007-05-31 14:20:24 -------- d-----w C:Program FilesOpera 2007-05-19 12:00:49 -------- d-----w C:Program FilesASIO4ALL v2 2007-05-18 15:18:09 -------- d-----w C:Program FilesAzureus 2007-05-15 18:14:12 -------- d-----w C:Program FilesBearShare 2007-05-14 21:07:51 -------- d-----w C:Program FilesISO Commander 2007-05-11 23:33:00 67,298 ----a-w C:WINDOWSsystem32perfc015.dat 2007-05-11 23:33:00 436,322 ----a-w C:WINDOWSsystem32perfh015.dat 2007-05-11 23:31:37 -------- d-----w C:Program FilesMicrosoft Bootvis 2007-05-11 23:11:17 -------- d-----w C:Program FilesCCleaner 2007-05-09 13:15:57 613,494 --sh--w C:WINDOWSsystem32abadd.bak1 2007-05-06 18:06:56 -------- d-----w C:DOCUME~1userDANEAP~1gtk-2.0 2007-05-06 17:15:50 -------- d-----w C:Program FilesGIMP-2.0 2007-05-06 17:15:15 -------- d-----w C:Program FilesCommon FilesGTK 2007-04-30 15:46:10 745,600 ----a-w C:WINDOWSsystem32aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:WINDOWSsystem32driversaswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:WINDOWSsystem32driversaswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:WINDOWSsystem32driversaswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:WINDOWSsystem32driversaswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:WINDOWSsystem32driversaavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:WINDOWSsystem32AVASTSS.scr 2007-04-09 22:04:18 52,122 ----a-w C:WINDOWSWar3Unin.dat 2007-04-09 22:04:10 2,829 ----a-w C:WINDOWSWar3Unin.pif 2007-04-09 22:04:10 139,264 ----a-w C:WINDOWSWar3Unin.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:Program FilesJavajre1.6.0_01binssv.dll [2007-03-14 03:43] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar2.dll [2007-01-20 00:55] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll [2008-06-17 11:12] {C333CF63-767F-4831-94AC-E683D962C63C}=C:Program FilesTGTSoftStyleXPTGT_BHO.dll [2006-05-10 01:13] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "nwiz"="nwiz.exe" [2005-06-15 11:20 C:WINDOWSsystem32nwiz.exe] "RemoteControl"="E:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2003-10-31 20:42] "EasyTuneV"="C:Program FilesGigabyteET5GUI.exe" [2004-06-14 11:54] "Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17] "avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42] "Adobe Photo Downloader"="C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" [2005-06-06 23:46] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Odkurzacz-MCD"="C:Program FilesOdkurzaczodk_mcd.exe" [2006-08-03 00:46] "swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2008-06-17 11:12] "MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24] "Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-04-17 23:41] "STYLEXP"="C:Program FilesTGTSoftStyleXPStyleXP.exe" [2006-05-24 20:31] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK] path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartCorel MEDIA FOLDERS INDEXER 8.LNK backup=C:WINDOWSpssCorel MEDIA FOLDERS INDEXER 8.LNKCommon Startup [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAd-Aware] "C:Program FilesLavasoftAd-Aware SE ProfessionalAd-Aware.exe" +c [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBearShare] "C:Program FilesBearShareBearShare.exe" /pause [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033] "C:Program FilesD-Toolsdaemon.exe" -lang 1033 [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task] "E:Program FilesQuickTimeqttask.exe" -atboottime [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSemanticInsight] C:Program FilesRXToolBarSemantic InsightSemanticInsight.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched] "C:Program FilesJavajre1.6.0_01binjusched.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr] C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9 [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVS Online] "C:Program FilesVS OnlineVSOnline.exe" /tray [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent] C:Program FilesWinampwinampa.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-20 18:58:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-20 18:58:42 C:ComboFix-quarantined-files.txt ... 2007-06-20 18:58 --- E O F --- [ Dodano: 2007-06-20, 18:59 ] Dużo tego.... Ale co dalej robić ?
CatchMe komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 Wystarczy ciachnąć C:WINDOWSsystem32abadd.bak1 i będzie ok.
Misiek102K komentarz 22 czerwca 2007 Autor komentarz 22 czerwca 2007 Ciachnąć czyli usunąć ? Wejść w C -> Windows i tak dalej ... ? Nic się nie zepsuję ? Chyba że to nie o to chodzi....
CatchMe komentarz 23 czerwca 2007 komentarz 23 czerwca 2007 Tak, usuń. Ten plik to pozostałości po Vundo.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.