x-kom hosting

Błąd podczas ładowania pliku..... POMOCY !!!

Misiek102K
utworzono
utworzono

Witam. Mam problem. Mianowicie podczas startu komputera, gdy pojawia się pulpit występuje komunikat:

Wystąpił błąd podczas ładowania C:WINDOWSsystem32ungpvogn.dll

Odmowa dostępu

Proszę o pomoc. Gdy klikam na start -> Uruchom -> wpisuje msconfig -> zakładka uruchamianie, mam zaznaczone, że ten plik się uruchamia. Nie wiem czy go wyłączyć czy jest potrzebny. Proszę o pomoc najlepiej kogoś kto się zna. Z góry dziękuję.

Przemek
komentarz
komentarz

Wylacz.

Najwyzej w trybie awaryjnym wlaczysz.

CatchMe
komentarz
komentarz

a wiecie, że C:WINDOWSsystem32ungpvogn.dll to jest wirus?

Misiek102K wklej logi z HijackThis + Silent Runners + ComboFix

Misiek102K
komentarz
komentarz

Co ? Nie rozumiem nic z tych logów... I po co to trzeba wklejać ? Jeżeli to wirus to nie wystarczy wyłączyć ?

Misiek102K
komentarz
komentarz

Skoro tak mówisz.... spróbuję.

Mam te loga tu wkleić, do sprawdzenia ? I co to znaczy - wklejamy w tagach ?

Co da to, że wkleję te loga ?

Jak usunąć tego wirusa ? Programem Cobmbofix, czy on też robi tylko loga ?

CatchMe
komentarz
komentarz

Nic nie usunie sie samo. Wklej logi.

Misiek102K
komentarz
komentarz

Ok. Już mam logi. Ale co to znaczy wkleić w tagach ?

[ Dodano: 2007-06-20, 16:12 ]

A tu wklejam normalnie logo z HijackThis :

Logfile of HijackThis v1.99.1

Scan saved at 16:10:51, on 2007-06-20

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesTGTSoftStyleXPStyleXPService.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSsystem32ntvdm.exe

C:WINDOWSsystem32nvsvc32.exe

C:WINDOWSsystem32svchost.exe

E:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe

C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:Program FilesMessengermsmsgs.exe

D:Program FilesGadu-Gadugg.exe

C:Program FilesTGTSoftStyleXPStyleXP.exe

C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe

C:Program FilesRALINKCommonRaUI.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesOperaOpera.exe

C:Documents and SettingsuserPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

F3 - REG:win.ini: load=C:YDPDictwatch.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file)

O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O2 - BHO: (no name) - {A416D604-EAA3-4618-958C-2ECA22414616} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:Program FilesTGTSoftStyleXPTGT_BHO.dll

O2 - BHO: (no name) - {EA112E8A-F025-4D7F-B393-23E59683A6D8} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:PROGRA~1FlashGetfgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [RemoteControl] "E:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [EasyTuneV] C:Program FilesGigabyteET5GUI.exe

O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [Emurayden PSX Emulator] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"

O4 - HKCU..Run: [Odkurzacz-MCD] C:Program FilesOdkurzaczodk_mcd.exe

O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [sTYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide

O4 - Global Startup: Ralink Wireless Utility.lnk = C:Program FilesRALINKCommonRaUI.exe

O8 - Extra context menu item: &Search - http://kw.bar.need2find.com/KW/menusearch.html?p=KW

O8 - Extra context menu item: Download All by FlashGet - E:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: Download using FlashGet - E:Program FilesFlashGetjc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRA~1FlashGetflashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O17 - HKLMSystemCCSServicesTcpip..{B2D546C6-61B4-462A-B665-A92C04795E6A}: NameServer = 213.134.128.19,213.134.128.20

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - Winlogon Notify: ddaba - C:WINDOWSsystem32ddaba.dll (file missing)

O20 - Winlogon Notify: rqromjh - rqromjh.dll (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: InstallShield Licensing Service - Macrovision - C:Program FilesCommon FilesInstallShield SharedServiceInstallShield Licensing Service.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:Program FilesTGTSoftStyleXPStyleXPService.exe

[ Dodano: 2007-06-20, 16:20 ]

A to z ComboFixa :

ComboFix 07-06-18.2 - C:Documents and SettingsuserPulpitComboFix.exe

"user" - 2007-06-20 16:16:06 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:Program FilesMyGlobalSearch

C:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR

C:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST

C:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR

C:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST

C:Program FilesMyGlobalSearchbar1.binM9PLUGIN.DLL

C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

C:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL

C:Program FilesMyGlobalSearchbarCache0001055A

C:Program FilesMyGlobalSearchbarCache00DBC9A0

C:Program FilesMyGlobalSearchbarCache00DBCC11

C:Program FilesMyGlobalSearchbarCachefiles.ini

C:Program FilesMyGlobalSearchbarHistorysearch

C:Program FilesMyGlobalSearchbarSettingsprevcfg.htm

C:WINDOWShosts

C:WINDOWSregedit.com

C:WINDOWSsystem32msxml3a.dll

C:WINDOWSsystem32taskmgr.com

((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))

2007-06-20 16:15 49,152 --a------ C:WINDOWSnircmd.exe

2007-06-16 00:43 <DIR> d-------- C:Program FilesePSXe

2007-06-12 20:02 <DIR> d-------- C:Program FilesSystemRequirementsLab

2007-06-12 20:01 <DIR> d-------- C:DOCUME~1userSystemRequirementsLab

2007-06-07 16:02 149,376 --a------ C:WINDOWSsystem32driverstffsport.sys

2007-06-05 15:47 <DIR> d-------- C:Program FilesGTA2

2007-06-01 21:21 <DIR> d-------- C:Program FilesHamachi

2007-05-31 21:41 <DIR> d-------- C:Program FilesvanBasco's Karaoke Player

2007-05-29 15:34 <DIR> d-------- C:DOCUME~1userDANEAP~1SecondLife

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-06-16 22:05:51 -------- d-----w C:Program FilesTGTSoft

2007-06-19 22:15:07 -------- d-----w C:DOCUME~1userDANEAP~1Hamachi

2007-06-19 22:15:05 -------- d-----w C:DOCUME~1userDANEAP~1Skype

2007-06-17 18:33:15 -------- d-----w C:DOCUME~1userDANEAP~1Azureus

2007-06-17 18:33:02 -------- d-----w C:Program FilesOdkurzacz

2007-06-01 19:21:58 17,480 ----a-w C:WINDOWSsystem32drivershamachi.sys

2007-05-31 14:20:24 -------- d-----w C:Program FilesOpera

2007-05-19 12:00:49 -------- d-----w C:Program FilesASIO4ALL v2

2007-05-18 15:18:09 -------- d-----w C:Program FilesAzureus

2007-05-16 14:09:47 496,178 --sh--w C:WINDOWSsystem32abadd.ini2

2007-05-16 13:50:29 600,304 --sh--w C:WINDOWSsystem32abadd.bak2

2007-05-15 18:14:12 -------- d-----w C:Program FilesBearShare

2007-05-14 21:07:51 -------- d-----w C:Program FilesISO Commander

2007-05-11 23:33:00 67,298 ----a-w C:WINDOWSsystem32perfc015.dat

2007-05-11 23:33:00 436,322 ----a-w C:WINDOWSsystem32perfh015.dat

2007-05-11 23:31:37 -------- d-----w C:Program FilesMicrosoft Bootvis

2007-05-11 23:11:17 -------- d-----w C:Program FilesCCleaner

2007-05-09 13:15:57 613,494 --sh--w C:WINDOWSsystem32abadd.bak1

2007-05-06 18:06:56 -------- d-----w C:DOCUME~1userDANEAP~1gtk-2.0

2007-05-06 17:15:50 -------- d-----w C:Program FilesGIMP-2.0

2007-05-06 17:15:15 -------- d-----w C:Program FilesCommon FilesGTK

2007-04-30 15:46:10 745,600 ----a-w C:WINDOWSsystem32aswBoot.exe

2007-04-30 15:41:55 85,952 ----a-w C:WINDOWSsystem32driversaswmon.sys

2007-04-30 15:41:42 94,552 ----a-w C:WINDOWSsystem32driversaswmon2.sys

2007-04-30 15:39:41 23,416 ----a-w C:WINDOWSsystem32driversaswRdr.sys

2007-04-30 15:38:51 43,176 ----a-w C:WINDOWSsystem32driversaswTdi.sys

2007-04-30 15:37:23 26,888 ----a-w C:WINDOWSsystem32driversaavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w C:WINDOWSsystem32AVASTSS.scr

2007-04-09 22:04:18 52,122 ----a-w C:WINDOWSWar3Unin.dat

2007-04-09 22:04:10 2,829 ----a-w C:WINDOWSWar3Unin.pif

2007-04-09 22:04:10 139,264 ----a-w C:WINDOWSWar3Unin.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:Program FilesJavajre1.6.0_01binssv.dll [2007-03-14 03:43]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar2.dll [2007-01-20 00:55]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll [2008-06-17 11:12]

{C333CF63-767F-4831-94AC-E683D962C63C}=C:Program FilesTGTSoftStyleXPTGT_BHO.dll [2006-05-10 01:13]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"nwiz"="nwiz.exe" [2005-06-15 11:20 C:WINDOWSsystem32nwiz.exe]

"RemoteControl"="E:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2003-10-31 20:42]

"EasyTuneV"="C:Program FilesGigabyteET5GUI.exe" [2004-06-14 11:54]

"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17]

"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]

"Adobe Photo Downloader"="C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" [2005-06-06 23:46]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Odkurzacz-MCD"="C:Program FilesOdkurzaczodk_mcd.exe" [2006-08-03 00:46]

"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2008-06-17 11:12]

"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24]

"Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-04-17 23:41]

"STYLEXP"="C:Program FilesTGTSoftStyleXPStyleXP.exe" [2006-05-24 20:31]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyddaba]

C:WINDOWSsystem32ddaba.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyrqromjh]

rqromjh.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk

backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartCorel MEDIA FOLDERS INDEXER 8.LNK

backup=C:WINDOWSpssCorel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAd-Aware]

"C:Program FilesLavasoftAd-Aware SE ProfessionalAd-Aware.exe" +c

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Photo Downloader]

"C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBearShare]

"C:Program FilesBearShareBearShare.exe" /pause

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]

"C:Program FilesD-Toolsdaemon.exe" -lang 1033

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGadu-Gadu]

"D:Program FilesGadu-Gadugg.exe" /tray

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]

RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

"E:Program FilesQuickTimeqttask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSemanticInsight]

C:Program FilesRXToolBarSemantic InsightSemanticInsight.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

"C:Program FilesJavajre1.6.0_01binjusched.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr]

C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVS Online]

"C:Program FilesVS OnlineVSOnline.exe" /tray

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]

C:Program FilesWinampwinampa.exe

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-20 16:17:55

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-20 16:18:19

C:ComboFix-quarantined-files.txt ... 2007-06-20 16:18

--- E O F ---

CatchMe
komentarz
komentarz

1. Ściągnij: WWDC

- Zmień wszystkie opcje z disable na enable i uruchom ponownie komputer.

- Prawidłowy układ portów przedstawia zdjęcie:

http://www.firewallleaktester.com/images_site/wwdc.jpg

* NetBIOS może być żółty.

Pobierz i uruchom narzędzie : The Avenger

Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:WINDOWSsystem32abadd.ini2

C:WINDOWSsystem32abadd.bak2

C:WINDOWSsystem32ddaba.dll

C:WINDOWSsystem32rqromjh.dll

C:WINDOWSsystem32ungpvogn.dll

registry keys to delete:

HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyrqromjh

HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyddaba

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Po restarcie w HijackThis usuwasz wpis/wpisy:

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file)

O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)

O2 - BHO: (no name) - {A416D604-EAA3-4618-958C-2ECA22414616} - (no file)

O2 - BHO: (no name) - {EA112E8A-F025-4D7F-B393-23E59683A6D8} - (no file)

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O8 - Extra context menu item: &Search - http://kw.bar.need2find.c...earch.html?p=KW

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - Winlogon Notify: ddaba - C:WINDOWSsystem32ddaba.dll (file missing)

O20 - Winlogon Notify: rqromjh - rqromjh.dll (file missing)

O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)

Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix.

Misiek102K
komentarz
komentarz

Z Avangera :

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

RegistryMachineSystemCurrentControlSetServicestuttcwyh

*******************

Script file located at: ??C:cilflvrq.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

File C:WINDOWSsystem32abadd.ini2 deleted successfully.

File C:WINDOWSsystem32abadd.bak2 deleted successfully.

File C:WINDOWSsystem32ddaba.dll not found!

Deletion of file C:WINDOWSsystem32ddaba.dll failed!

Could not process line:

C:WINDOWSsystem32ddaba.dll

Status: 0xc0000034

File C:WINDOWSsystem32rqromjh.dll not found!

Deletion of file C:WINDOWSsystem32rqromjh.dll failed!

Could not process line:

C:WINDOWSsystem32rqromjh.dll

Status: 0xc0000034

File C:WINDOWSsystem32ungpvogn.dll not found!

Deletion of file C:WINDOWSsystem32ungpvogn.dll failed!

Could not process line:

C:WINDOWSsystem32ungpvogn.dll

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyrqromjh deleted successfully.

Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyddaba deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Z HijackThis :

Logfile of HijackThis v1.99.1

Scan saved at 18:51:21, on 2007-06-20

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesTGTSoftStyleXPStyleXPService.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

E:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe

C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

C:Program FilesMessengermsmsgs.exe

D:Program FilesGadu-Gadugg.exe

C:Program FilesTGTSoftStyleXPStyleXP.exe

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesRALINKCommonRaUI.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesOperaOpera.exe

C:WINDOWSsystem32wscntfy.exe

C:Documents and SettingsuserPulpitTworzenie logaavenger.exe

C:Documents and SettingsuserPulpitTworzenie logaHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_01binssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:Program FilesTGTSoftStyleXPTGT_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:PROGRA~1FlashGetfgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [RemoteControl] "E:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [EasyTuneV] C:Program FilesGigabyteET5GUI.exe

O4 - HKLM..Run: [sony Ericsson PC Suite] "C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [Odkurzacz-MCD] C:Program FilesOdkurzaczodk_mcd.exe

O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [sTYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide

O4 - Global Startup: Ralink Wireless Utility.lnk = C:Program FilesRALINKCommonRaUI.exe

O8 - Extra context menu item: Download All by FlashGet - E:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: Download using FlashGet - E:Program FilesFlashGetjc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_01binssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRA~1FlashGetflashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:PROGRA~1FlashGetflashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O17 - HKLMSystemCCSServicesTcpip..{B2D546C6-61B4-462A-B665-A92C04795E6A}: NameServer = 213.134.128.19,213.134.128.20

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: InstallShield Licensing Service - Macrovision - C:Program FilesCommon FilesInstallShield SharedServiceInstallShield Licensing Service.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: StyleXPService - Unknown owner - C:Program FilesTGTSoftStyleXPStyleXPService.exe

Z Silent Runners :

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"Odkurzacz-MCD" = "C:Program FilesOdkurzaczodk_mcd.exe" ["Franmo Software"]

"swg" = "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" ["Google Inc."]

"MSMSGS" = ""C:Program FilesMessengermsmsgs.exe" /background" [MS]

"Gadu-Gadu" = ""D:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]

"STYLEXP" = "C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide" [empty string]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"RemoteControl" = ""E:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]

"EasyTuneV" = "C:Program FilesGigabyteET5GUI.exe" [empty string]

"Sony Ericsson PC Suite" = ""C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"]

"avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]

"Adobe Photo Downloader" = ""C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"" ["Adobe Systems Incorporated"]

"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

InProcServer32(Default) = "C:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"

InProcServer32(Default) = "C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll" ["Google Inc."]

{C333CF63-767F-4831-94AC-E683D962C63C}(Default) = "TGTSoft Explorer Toolbar Changer"

-> {HKLM...CLSID} = "CoTGT_BHO Class"

InProcServer32(Default) = "C:Program FilesTGTSoftStyleXPTGT_BHO.dll" [null data]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{0A082D00-EC93-11D0-B1E6-80580BC10627}" = "Corel Media Folder Root Menu Handler"

-> {HKLM...CLSID} = "Corel Media Folder Root Menu Handler"

InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string]

"{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}" = "Folder To Corel Media Folder Menu Handler"

-> {HKLM...CLSID} = "Folder To Corel Media Folder Menu Handler"

InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string]

"{854AF161-1AE1-11D1-AB9B-00C0F00683EB}" = "Corel Media Folder"

-> {HKLM...CLSID} = "Corel Media Folder"

InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string]

"{E856F161-1AE5-11d1-AB9B-00C0F00683EB}" = "Corel Media Folder"

-> {HKLM...CLSID} = "Corel Media Folder"

InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string]

"{CDB89701-262F-11D1-AB9C-00C0F00683EB}" = "Corel Media Find Folder"

-> {HKLM...CLSID} = "Corel Media Find Folder"

InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string]

"{F8152501-455F-11D1-B1E6-444553540000}" = "Corel Media Folder Copy Hook Handler"

-> {HKLM...CLSID} = "Corel Media Folder Copy Hook Handler"

InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string]

"{8E524B0D-04F0-11D1-B74A-00A0C90646A4}" = "IconFactTemp.NSIconHandlerFactory"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:CorelGraphics8programsCNSFlt80.dll" ["Corel Corporation"]

"{A2AC368A-F883-11D0-B745-00A0C90646A4}" = "NSFiltManDll.FiltManCom"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:CorelGraphics8programsCNSFlt80.dll" ["Corel Corporation"]

"{B63FCD5A-2396-11D1-B762-00A0C90646A4}" = "*_" (unwritable string)

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:CorelGraphics8programsCMFFnd80.dll" ["Corel Corporation"]

"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"

-> {HKLM...CLSID} = "Sony Ericsson File Manager"

InProcServer32(Default) = "C:Program FilesSony EricssonMobile2File Managerfmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]

HKLMSoftwareClassesFoldershellexColumnHandlers

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

InProcServer32(Default) = "C:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

VersionsMenu(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}"

-> {HKLM...CLSID} = "Corel Versions"

InProcServer32(Default) = "C:CORELVersionsCVersion.dll" ["Corel Corporation Limited"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "e:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

FolderToCorelMediaFolder(Default) = "{0FBF99C1-4127-11D1-B1E6-C17E96D9180A}"

-> {HKLM...CLSID} = "Folder To Corel Media Folder Menu Handler"

InProcServer32(Default) = "C:CorelGraphics8programsCMFFld80.dll" [empty string]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "e:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

VersionsMenu(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}"

-> {HKLM...CLSID} = "Corel Versions"

InProcServer32(Default) = "C:CORELVersionsCVersion.dll" ["Corel Corporation Limited"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "e:Program FilesWinRARrarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "C:Documents and SettingsuserUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Z ComboFix :

ComboFix 07-06-18.2 - C:Documents and SettingsuserPulpitTworzenie logaComboFix.exe

"user" - 2007-06-20 18:57:08 - Dodatek Service Pack 2 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))

2007-06-20 16:22 <DIR> d-------- C:ComboFix i inne

2007-06-20 16:15 49,152 --a------ C:WINDOWSnircmd.exe

2007-06-16 00:43 <DIR> d-------- C:Program FilesePSXe

2007-06-12 20:02 <DIR> d-------- C:Program FilesSystemRequirementsLab

2007-06-12 20:01 <DIR> d-------- C:DOCUME~1userSystemRequirementsLab

2007-06-07 16:02 149,376 --a------ C:WINDOWSsystem32driverstffsport.sys

2007-06-05 15:47 <DIR> d-------- C:Program FilesGTA2

2007-06-01 21:21 <DIR> d-------- C:Program FilesHamachi

2007-05-31 21:41 <DIR> d-------- C:Program FilesvanBasco's Karaoke Player

2007-05-29 15:34 <DIR> d-------- C:DOCUME~1userDANEAP~1SecondLife

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-06-16 22:05:51 -------- d-----w C:Program FilesTGTSoft

2007-06-19 22:15:07 -------- d-----w C:DOCUME~1userDANEAP~1Hamachi

2007-06-19 22:15:05 -------- d-----w C:DOCUME~1userDANEAP~1Skype

2007-06-17 18:33:15 -------- d-----w C:DOCUME~1userDANEAP~1Azureus

2007-06-17 18:33:02 -------- d-----w C:Program FilesOdkurzacz

2007-06-01 19:21:58 17,480 ----a-w C:WINDOWSsystem32drivershamachi.sys

2007-05-31 14:20:24 -------- d-----w C:Program FilesOpera

2007-05-19 12:00:49 -------- d-----w C:Program FilesASIO4ALL v2

2007-05-18 15:18:09 -------- d-----w C:Program FilesAzureus

2007-05-15 18:14:12 -------- d-----w C:Program FilesBearShare

2007-05-14 21:07:51 -------- d-----w C:Program FilesISO Commander

2007-05-11 23:33:00 67,298 ----a-w C:WINDOWSsystem32perfc015.dat

2007-05-11 23:33:00 436,322 ----a-w C:WINDOWSsystem32perfh015.dat

2007-05-11 23:31:37 -------- d-----w C:Program FilesMicrosoft Bootvis

2007-05-11 23:11:17 -------- d-----w C:Program FilesCCleaner

2007-05-09 13:15:57 613,494 --sh--w C:WINDOWSsystem32abadd.bak1

2007-05-06 18:06:56 -------- d-----w C:DOCUME~1userDANEAP~1gtk-2.0

2007-05-06 17:15:50 -------- d-----w C:Program FilesGIMP-2.0

2007-05-06 17:15:15 -------- d-----w C:Program FilesCommon FilesGTK

2007-04-30 15:46:10 745,600 ----a-w C:WINDOWSsystem32aswBoot.exe

2007-04-30 15:41:55 85,952 ----a-w C:WINDOWSsystem32driversaswmon.sys

2007-04-30 15:41:42 94,552 ----a-w C:WINDOWSsystem32driversaswmon2.sys

2007-04-30 15:39:41 23,416 ----a-w C:WINDOWSsystem32driversaswRdr.sys

2007-04-30 15:38:51 43,176 ----a-w C:WINDOWSsystem32driversaswTdi.sys

2007-04-30 15:37:23 26,888 ----a-w C:WINDOWSsystem32driversaavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w C:WINDOWSsystem32AVASTSS.scr

2007-04-09 22:04:18 52,122 ----a-w C:WINDOWSWar3Unin.dat

2007-04-09 22:04:10 2,829 ----a-w C:WINDOWSWar3Unin.pif

2007-04-09 22:04:10 139,264 ----a-w C:WINDOWSWar3Unin.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:Program FilesJavajre1.6.0_01binssv.dll [2007-03-14 03:43]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:program filesgooglegoogletoolbar2.dll [2007-01-20 00:55]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:Program FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll [2008-06-17 11:12]

{C333CF63-767F-4831-94AC-E683D962C63C}=C:Program FilesTGTSoftStyleXPTGT_BHO.dll [2006-05-10 01:13]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"nwiz"="nwiz.exe" [2005-06-15 11:20 C:WINDOWSsystem32nwiz.exe]

"RemoteControl"="E:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2003-10-31 20:42]

"EasyTuneV"="C:Program FilesGigabyteET5GUI.exe" [2004-06-14 11:54]

"Sony Ericsson PC Suite"="C:Program FilesSony EricssonMobile2Application LauncherApplication Launcher.exe" [2005-10-26 16:17]

"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]

"Adobe Photo Downloader"="C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe" [2005-06-06 23:46]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Odkurzacz-MCD"="C:Program FilesOdkurzaczodk_mcd.exe" [2006-08-03 00:46]

"swg"="C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2008-06-17 11:12]

"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24]

"Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-04-17 23:41]

"STYLEXP"="C:Program FilesTGTSoftStyleXPStyleXP.exe" [2006-05-24 20:31]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk

backup=C:WINDOWSpssAdobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupfolderC:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Corel MEDIA FOLDERS INDEXER 8.LNK]

path=C:Documents and SettingsAll UsersMenu StartProgramyAutostartCorel MEDIA FOLDERS INDEXER 8.LNK

backup=C:WINDOWSpssCorel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAd-Aware]

"C:Program FilesLavasoftAd-Aware SE ProfessionalAd-Aware.exe" +c

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Photo Downloader]

"C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregBearShare]

"C:Program FilesBearShareBearShare.exe" /pause

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools-1033]

"C:Program FilesD-Toolsdaemon.exe" -lang 1033

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGadu-Gadu]

"D:Program FilesGadu-Gadugg.exe" /tray

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvMediaCenter]

RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

"E:Program FilesQuickTimeqttask.exe" -atboottime

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSemanticInsight]

C:Program FilesRXToolBarSemantic InsightSemanticInsight.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSoundMan]

SOUNDMAN.EXE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]

"C:Program FilesJavajre1.6.0_01binjusched.exe"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregupdateMgr]

C:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregVS Online]

"C:Program FilesVS OnlineVSOnline.exe" /tray

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]

C:Program FilesWinampwinampa.exe

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-20 18:58:10

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-20 18:58:42

C:ComboFix-quarantined-files.txt ... 2007-06-20 18:58

--- E O F ---

[ Dodano: 2007-06-20, 18:59 ]

Dużo tego.... Ale co dalej robić ?

CatchMe
komentarz
komentarz

Wystarczy ciachnąć C:WINDOWSsystem32abadd.bak1 i będzie ok. :)

Misiek102K
komentarz
komentarz

Ciachnąć czyli usunąć ? Wejść w C -> Windows i tak dalej ... ? Nic się nie zepsuję ?

Chyba że to nie o to chodzi....

CatchMe
komentarz
komentarz

Tak, usuń. Ten plik to pozostałości po Vundo.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.