x-kom hosting

sa problemy i bledy ?

Atomic

Atomic

utworzono
utworzono

Witam zrobilem profilatycznie:

Logfile of HijackThis v1.99.1

Scan saved at 10:47:54, on 2007-07-05

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:WINDOWSsystem32cisvc.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesJavajre1.5.0_04binjusched.exe

C:WINDOWSMixer.exe

C:PROGRA~1NEOSTR~1CnxMon.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:PROGRA~1NEOSTR~1TaskbarIcon.exe

C:Program FilesQuickTimeqttask.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:WINDOWSsystem32RunDll32.exe

C:Program FilesWindow KillerWndK.exe

C:Program FilesTlen.pltlen.exe

C:Program FilesSAGEM WiFi managerWLANUTL.exe

C:WINDOWSsystem32cidaemon.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:DOCUME~1MAREK~1.I9XUSTAWI~1TempRar$EX00.146HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl/

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:PROGRA~1INCRED~1BHOBHO.dll (file missing)

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

R3 - URLSearchHook: (no name) - - (no file)

O1 - Hosts: 12.129.205.209 search.netscape.com

O3 - Toolbar: SearchNugget Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:WindowsDOWNLO~1sbar.dll (file missing)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll (file missing)

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_04binjusched.exe

O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe

O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe

O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..Run: [Wimdow_Killer] C:Program FilesWindow KillerWndK.exe

O4 - HKLM..Run: [GPLv3] rundll32.exe "C:WINDOWSsystem32lclytaug.dll",realset

O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pltlen.exe

O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk =

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll

O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:WINDOWSacezlink.htm

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:WINDOWSsystem32shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: DomainService - Unknown owner - C:WINDOWSsystem32xpiviujb.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

[ Dodano: 2007-07-05, 10:53 ]

No i co mam zrobic teraz

[ Dodano: 2007-07-05, 11:21 ]

"marek" - 2007-07-05 10:59:17 - ComboFix 07-07-04.4 - Dodatek Service Pack 2 FAT32

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:WINDOWSsystem32lclytaug.dll

C:WINDOWSsystem32dcrglpvv.dll

C:WINDOWSsystem32pmyvcbnw.dll

C:WINDOWSsystem32mlllk.dll

C:WindowsSYSTEM32guatylcl.ini

C:WindowsSYSTEM32klllm.ini

C:WindowsSYSTEM32klllm.bak1

C:WindowsSYSTEM32bcefe.bak1

C:WindowsSYSTEM32bcefe.tmp

C:WindowsSYSTEM32bcefe.ini

C:WindowsSYSTEM32bcefe.bak2

C:WindowsSYSTEM32bcefe.ini2

C:WindowsSYSTEM32bcefe.bak1

C:WindowsSYSTEM32bcefe.tmp

C:WindowsSYSTEM32bcefe.ini

C:WindowsSYSTEM32bcefe.bak2

C:WindowsSYSTEM32bcefe.ini2

C:WindowsSYSTEM32bcefe.bak1

C:WindowsSYSTEM32bcefe.tmp

C:WindowsSYSTEM32bcefe.ini

C:WindowsSYSTEM32bcefe.bak2

C:WindowsSYSTEM32bcefe.ini2

C:WINDOWSsystem32efecb.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starware

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonsblocker.cur

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonscursorcafe.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonscursorcafeA.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsFindIt.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsFindItHot.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonsfindithotxp.png

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonsfinditxp.png

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonsgames.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsgamesA.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsHighlight.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsHighlightHot.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonshighlighthotxp.png

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonshighlightxp.png

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonslogo.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonslogoxp.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsmoviesA.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsPopupBlocker.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsPopupBlockerHot.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonspopupblockerhotxp.png

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonspopupblockerxp.png

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsReference.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsReferenceHot.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonsreferencehotxp.png

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonsreferencexp.png

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarebuttonsscreensaver.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarebuttonsscreensaverA.bmp

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarecontextserror.xml

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarecontextsrelated.xml

C:DOCUME~1ALLUSE~1.WINDANEAP~1.Starwarecontextstravel.xml

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwarecontextsTravel.xml.backup

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwareSimpleUpdateProductMessagingConfig.xml

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwareSimpleUpdateProductMessagingConfig.xml.ba

kup

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwareSimpleUpdateSimpleUpdateConfig.xml

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwareSimpleUpdateSimpleUpdateConfig.xml.backup

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwareSimpleUpdateTimerManagerConfig.xml

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwareSimpleUpdateTimerManagerConfig.xml.backup

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwareU0074381E.exe

C:DOCUME~1ALLUSE~1.WINDANEAP~1.StarwareU00F84F1B.exe

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP3B3A35EC.TMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP4DCAC4BC.TMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP63CFD724.TMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP6A6DDDDF.TMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP6EB57FE6.TMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP8947C79C.TMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP8AB6C1D7.TMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMP98DFF516.TMP

C:DOCUME~1ALLUSE~1.WINDANEAP~1.TEMPBDCD8531.TMP

C:DOCUME~1MAREK~1.I9XDANEAP~1.Starware

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareBrowserSearchBrowserSearch.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareBrowserSearchBrowserSearch.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareErrorSearchErrorSearchOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareErrorSearchErrorSearchOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareGamesGamesOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareGamesGamesOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareLayoutsPreferencesLayout.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareLayoutsPreferencesLayout.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareLayoutsToolbarLayout.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareLayoutsToolbarLayout.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareManagerManagerOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareManagerManagerOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareMoviesMoviesOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareMoviesMoviesOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwarePopupBlockerPopupBlockerOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwarePopupBlockerPopupBlockerOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareReferenceReferenceOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareReferenceReferenceOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareRelatedSearchRelatedSearchOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareRelatedSearchRelatedSearchOptions.xml.back

p

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareScreensaversScreensaversOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareScreensaversScreensaversOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareScreensaversMarketingSitePagerScreensavers

arketingSitePagerOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareScreensaversMarketingSitePagerScreensavers

arketingSitePagerOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareSearchAssistPlusSearchAssistPlusOptions.xm

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareSearchAssistPlusSearchAssistPlusOptions.xm

.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareSearchMatchSearchMatchOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareSearchMatchSearchMatchOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareToolbarTBProductsOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareToolbarTBProductsOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareToolbarLogoToolbarLogoOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareToolbarLogoToolbarLogoOptions.xml.backup

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareToolbarSearchToolbarSearchOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareToolbarSearchToolbarSearchOptions.xml.back

p

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareTravelSearchTravelSearchOptions.xml

C:DOCUME~1MAREK~1.I9XDANEAP~1.StarwareTravelSearchTravelSearchOptions.xml.backup

C:WINDOWSsystem32cemetrix.dll

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------LEGACY_DOMAINSERVICE

-------DomainService

((((((((((((((((((((((((( Files Created from 2007-06-05 to 2007-07-05 )))))))))))))))))))))))))))))))

2007-07-05 10:57 51,200 --a------ C:Windowsnircmd.exe

2007-07-04 09:43 <DIR> d-------- C:Program FilesWindow Killer

2007-07-03 15:18 80,896 --a------ C:WindowsSYSTEM32charmap.exe

2007-07-03 15:18 73,216 --a------ C:WindowsSYSTEM32avwav.dll

2007-07-03 15:18 605,696 --a------ C:WindowsSYSTEM32getuname.dll

2007-07-03 15:18 57,344 --a------ C:WindowsSYSTEM32sol.exe

2007-07-03 15:18 5,632 --a------ C:WindowsSYSTEM32write.exe

2007-07-03 15:18 44,544 --a------ C:WindowsSYSTEM32hticons.dll

2007-07-03 15:18 35,328 --a------ C:WindowsSYSTEM32winchat.exe

2007-07-03 15:18 231,424 --a------ C:WindowsSYSTEM32avtapi.dll

2007-07-03 15:18 16,384 --a------ C:WindowsSYSTEM32avmeter.dll

2007-07-03 15:18 139,264 --a------ C:WindowsSYSTEM32sndvol32.exe

2007-07-03 15:18 115,200 --a------ C:WindowsSYSTEM32calc.exe

2007-07-03 15:17 55,808 --a------ C:WindowsSYSTEM32freecell.exe

2007-07-03 15:17 539,136 --a------ C:WindowsSYSTEM32spider.exe

2007-07-03 15:17 351,744 --a------ C:WindowsSYSTEM32hypertrm.dll

2007-07-03 15:17 345,088 --a------ C:WindowsSYSTEM32mspaint.exe

2007-07-03 15:17 187,904 --a------ C:WindowsSYSTEM32accwiz.exe

2007-07-03 15:17 132,608 --a------ C:WindowsSYSTEM32sndrec32.exe

2007-07-03 15:17 128,000 --a------ C:WindowsSYSTEM32mshearts.exe

2007-07-03 15:17 124,928 --a------ C:WindowsSYSTEM32mplay32.exe

2007-07-03 15:17 119,808 --a------ C:WindowsSYSTEM32winmine.exe

2007-07-03 15:17 103,424 --a------ C:WindowsSYSTEM32clipbrd.exe

2007-07-03 11:17 <DIR> d-------- C:Program FilesDialer Killer

2007-07-02 09:29 6,550 --a------ C:Windowsjautoexp.dat

2007-07-02 09:29 46,352 --a------ C:Windowssetdebug.exe

2007-07-02 09:29 139,536 --a------ C:WindowsSYSTEM32javaee.dll

2007-07-02 09:29 113 --a------ C:WindowsSYSTEM32zonedon.reg

2007-07-02 09:29 113 --a------ C:WindowsSYSTEM32zonedoff.reg

2007-06-30 11:57 <DIR> d-------- C:WindowsSYSTEM32SoftwareDistribution

2007-06-30 11:49 <DIR> d-------- C:WindowsPrefetch

2007-06-30 11:38 168 --a------ C:WindowsSYSTEM32Wga.cmd

2007-06-30 11:38 <DIR> d-------- C:WindowsSYSTEM32WGA

2007-06-30 11:37 <DIR> d--h----- C:Windows$hf_mig$

2007-06-30 11:25 24,661 --a------ C:WindowsSYSTEM32spxcoins.dll

2007-06-30 11:25 13,312 --a------ C:WindowsSYSTEM32irclass.dll

2007-06-30 10:21 <DIR> d-------- C:WindowsSYSTEM32PreInstall

2007-06-30 10:21 <DIR> d-------- C:WindowsNLDRV

2007-06-30 10:12 <DIR> d-------- C:Windowssetup.pss

2007-06-29 09:53 499,712 --a------ C:WindowsSYSTEM32msvcp71.dll

2007-06-29 09:53 348,160 --a------ C:WindowsSYSTEM32msvcr71.dll

2007-06-24 19:57 <DIR> d-------- C:Program FilesiWin.com

2007-06-24 19:31 <DIR> d-------- C:Program FilesiWin Games

2007-06-24 19:31 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1iWin Games

2007-06-23 19:50 <DIR> d-------- C:Program FilesSecrets Of Great Art

2007-06-22 16:48 <DIR> d-------- C:Program FilesThe Magicians Handbook Cursed Valley

2007-06-14 11:32 <DIR> d--hs---- C:FOUND.008

2007-06-12 18:38 <DIR> d--hs---- C:FOUND.007

2007-06-09 13:16 420,240 --a------ C:WindowsSYSTEM32mpg4c32.dll

2007-06-05 14:47 <DIR> d-------- C:Program FilesMirror Magic

2007-06-05 13:51 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1SpinTop Games

2007-06-05 13:41 <DIR> d-------- C:DOCUME~1ALLUSE~1.WINDANEAP~1PlayFirst

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-03 13:20:02 64,342 ----a-w C:WINDOWSsystem32perfc015.dat

2007-07-03 13:20:02 429,946 ----a-w C:WINDOWSsystem32perfh015.dat

2007-06-30 09:31:26 23,640 ----a-w C:WINDOWSsystem32emptyregdb.dat

2007-06-02 16:40:12 -------- d-----w C:DOCUME~1MAREK~1.I9XDANEAP~1Magic Academy

2007-05-31 14:02:34 -------- d-----w C:Program Filesbfgclient

2007-05-27 14:32:34 -------- d-----w C:DOCUME~1MAREK~1.I9XDANEAP~1FloodLightGames

2007-05-25 12:26:30 638,712 --sh--w C:WINDOWSsystem32suuvw.ini2

2007-05-25 11:53:02 641,478 --sh--w C:WINDOWSsystem32suuvw.bak2

2007-05-23 16:10:00 -------- d-----w C:Program FilesSAGEM WiFi manager

2007-05-23 16:09:44 -------- d-----w C:Program FilesSAGEM

2007-05-16 15:30:58 683,520 ----a-w C:WINDOWSsystem32inetcomm.dll

2007-05-15 17:01:38 12,601 ----a-w C:WINDOWSmozver.dat

2007-05-13 14:35:32 -------- d-----w C:DOCUME~1MAREK~1.I9XDANEAP~1Shareaza

2007-04-25 14:23:30 144,896 ----a-w C:WINDOWSsystem32schannel.dll

2007-04-18 16:14:32 2,854,400 ----a-w C:WINDOWSsystem32msi.dll

2007-04-16 20:47:36 33,624 ----a-w C:WINDOWSsystem32wups.dll

2007-04-16 20:45:54 1,710,936 ----a-w C:WINDOWSsystem32wuaueng.dll

2007-04-16 20:45:48 549,720 ----a-w C:WINDOWSsystem32wuapi.dll

2007-04-16 20:45:42 325,976 ----a-w C:WINDOWSsystem32wucltui.dll

2007-04-16 20:45:36 203,096 ----a-w C:WINDOWSsystem32wuweb.dll

2007-04-16 20:45:28 92,504 ----a-w C:WINDOWSsystem32cdm.dll

2007-04-16 20:45:20 53,080 ----a-w C:WINDOWSsystem32wuauclt.exe

2007-04-16 20:45:20 43,352 ----a-w C:WINDOWSsystem32wups2.dll

2007-04-05 18:27:32 488,502 --sh--w C:WINDOWSsystem32suuvw.bak1

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2003-11-04 00:17 54248 --a------ C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{269B6797-664E-48AA-B283-B012BDF6E525}]

C:PROGRA~1INCRED~1BHOBHO.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}]

C:WindowsDOWNLO~1sbar.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{8CA5ED52-F3FB-4414-A105-2E3491156990}]

2007-01-31 11:58 78848 --a------ C:PROGRA~1IWINGA~1IWINGA~1.DLL

[HKEY_LOCAL_MACHINE~Browser Helper Objects{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE}]

C:WINDOWSsystem32urqrppm.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SunJavaUpdateSched"="C:Program FilesJavajre1.5.0_04binjusched.exe" [2005-06-03 03:52]

"C-Media Mixer"="Mixer.exe" [2004-08-11 05:44 C:Windowsmixer.exe]

"WooCnxMon"="C:PROGRA~1NEOSTR~1CnxMon.exe" [2003-10-16 19:07]

"SpeedTouch USB Diagnostics"="C:Program FilesThomsonSpeedTouch USBDragdiag.exe" [2004-01-26 11:38]

"WOOWATCH"="C:PROGRA~1NEOSTR~1Watch.exe" [2003-10-16 19:07]

"WOOTASKBARICON"="C:PROGRA~1NEOSTR~1TaskbarIcon.exe" [2003-10-16 19:07]

"QuickTime Task"="C:Program FilesQuickTimeqttask.exe" [2006-09-01 15:57]

"AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe" [2007-06-30 12:22]

"Cmaudio"="cmicnfg.cpl" []

"Wimdow_Killer"="C:Program FilesWindow KillerWndK.exe" [2006-06-11 12:20]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Komunikator"="C:Program FilesTlen.pltlen.exe" [2006-10-11 11:48]

"NBJ"="C:Program FilesAheadNero BackItUpNBJ.exe" [2005-08-09 14:28]

"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-01-30 16:58]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]

"nlpo_01"=rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg

"nlpo_02"=rundll32 advpack.dll,LaunchINFSection nlite.inf,S

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo

s]

"{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE}"="C:WINDOWSsystem32urqrppm.dll" []

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyComPlusSetup]

C:WINDOWSsystem32catsrvut.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyurqrppm]

urqrppm.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifywvuus]

C:WINDOWSsystem32wvuus.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregj2201834]

rundll32 C:WINDOWSsystem32j2201834.dll sook

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]

"wscsvc"=2 (0x2)

Contents of the 'Scheduled Tasks' folder

2007-06-16 08:25:06 C:WINDOWStasksAppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-05 11:16:02

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-05 11:18:17 - machine was rebooted

C:ComboFix-quarantined-files.txt ... 2007-07-05 11:18

--- E O F ---

CatchMe

CatchMe

komentarz
komentarz

Zablokuj porty programami WWDC i Seconfig XP.

Masz Vundo... USUWANIE:

Pobierz i uruchom narzędzie : The Avenger

Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:WINDOWSsystem32lclytaug.dll

C:WINDOWSacezlink.htm

C:WINDOWSsystem32xpiviujb.exe

C:WINDOWSsystem32suuvw.ini2

C:WINDOWSsystem32suuvw.bak2

C:WINDOWSsystem32suuvw.bak1

C:WINDOWSsystem32urqrppm.dll

C:WINDOWSsystem32wvuus.dll

C:WINDOWSsystem32j2201834.dll

Folders to delete:

C:PROGRA~1INCRED~1

C:WindowsDOWNLO~1

C:PROGRA~1IWINGA~1

Drivers to unload:

DomainService

registry keys to delete:

HKEY_LOCAL_MACHINE~Browser Helper Objects{269B6797-664E-48AA-B283-B012BDF6E525}

HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}

HKEY_LOCAL_MACHINE~Browser Helper Objects{8CA5ED52-F3FB-4414-A105-2E3491156990}

HKEY_LOCAL_MACHINE~Browser Helper Objects{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE}

HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyurqrppm

HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifywvuus

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregj2201834

registry values to delete:

HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices | wscsvc

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Po restarcie w HijackThis usuwasz wpis/wpisy:

R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:PROGRA~1INCRED~1BHOBHO.dll (file missing)

R3 - URLSearchHook: (no name) - - (no file)

O1 - Hosts: 12.129.205.209 search.netscape.com

O3 - Toolbar: SearchNugget Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:WindowsDOWNLO~1sbar.dll (file missing)

O4 - HKLM..Run: [GPLv3] rundll32.exe "C:WINDOWSsystem32lclytaug.dll",realset

O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:WINDOWSacezlink.htm

O23 - Service: DomainService - Unknown owner - C:WINDOWSsystem32xpiviujb.exe (file missing)

Zastosuj i wklej raporty: VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone

Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z Silent Runners + log z ComboFix

Atomic

Atomic

komentarz
  • Autor
komentarz

Zrobilem to kasowanie dalem restart i wyskoczylo mi takie:

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

RegistryMachineSystemCurrentControlSetServicescelkrvak

*******************

Script file located at: ??C:Program Filessjrdnjcv.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

File C:WINDOWSsystem32lclytaug.dll not found!

Deletion of file C:WINDOWSsystem32lclytaug.dll failed!

Could not process line:

C:WINDOWSsystem32lclytaug.dll

Status: 0xc0000034

File C:WINDOWSacezlink.htm deleted successfully.

File C:WINDOWSsystem32xpiviujb.exe not found!

Deletion of file C:WINDOWSsystem32xpiviujb.exe failed!

Could not process line:

C:WINDOWSsystem32xpiviujb.exe

Status: 0xc0000034

File C:WINDOWSsystem32suuvw.ini2 deleted successfully.

File C:WINDOWSsystem32suuvw.bak2 deleted successfully.

File C:WINDOWSsystem32suuvw.bak1 deleted successfully.

File C:WINDOWSsystem32urqrppm.dll not found!

Deletion of file C:WINDOWSsystem32urqrppm.dll failed!

Could not process line:

C:WINDOWSsystem32urqrppm.dll

Status: 0xc0000034

File C:WINDOWSsystem32wvuus.dll not found!

Deletion of file C:WINDOWSsystem32wvuus.dll failed!

Could not process line:

C:WINDOWSsystem32wvuus.dll

Status: 0xc0000034

File C:WINDOWSsystem32j2201834.dll not found!

Deletion of file C:WINDOWSsystem32j2201834.dll failed!

Could not process line:

C:WINDOWSsystem32j2201834.dll

Status: 0xc0000034

Folder C:PROGRA~1INCRED~1 not found!

Deletion of folder C:PROGRA~1INCRED~1 failed!

Could not process line:

C:PROGRA~1INCRED~1

Status: 0xc0000034

Folder C:WindowsDOWNLO~1 deleted successfully.

Folder C:PROGRA~1IWINGA~1 deleted successfully.

Registry key RegistryMachineSystemCurrentControlSetServicesDomainService not found!

Unload of driver DomainService failed!

Could not process line:

DomainService

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE~Browser Helper Objects{269B6797-664E-48AA-B283-B012BDF6E525} not found!

Deletion of registry key HKEY_LOCAL_MACHINE~Browser Helper Objects{269B6797-664E-48AA-B283-B012BDF6E525} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} not found!

Deletion of registry key HKEY_LOCAL_MACHINE~Browser Helper Objects{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE~Browser Helper Objects{8CA5ED52-F3FB-4414-A105-2E3491156990} not found!

Deletion of registry key HKEY_LOCAL_MACHINE~Browser Helper Objects{8CA5ED52-F3FB-4414-A105-2E3491156990} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE~Browser Helper Objects{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE} not found!

Deletion of registry key HKEY_LOCAL_MACHINE~Browser Helper Objects{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyurqrppm deleted successfully.

Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifywvuus deleted successfully.

Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregj2201834 deleted successfully.

Registry value HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices|wscsvc deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Czy dalej jest to co pisales koniecznością czy to tylko sprawdzenie ?

CatchMe

CatchMe

komentarz
komentarz

Po pierwsze... jak piszesz do mnie na gg to mógłbyś mnie odblokować...

Poza tym gdzie są logi, o które prosiłem?

Atomic

Atomic

komentarz
  • Autor
komentarz

Logfile of HijackThis v1.99.1

Scan saved at 11:19:21, on 2007-07-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesJavajre1.5.0_04binjusched.exe

C:WINDOWSMixer.exe

C:PROGRA~1NEOSTR~1CnxMon.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:PROGRA~1NEOSTR~1TaskbarIcon.exe

C:Program FilesQuickTimeqttask.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:WINDOWSsystem32RunDll32.exe

C:Program FilesWindow KillerWndK.exe

C:Program FilesTlen.pltlen.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesSAGEM WiFi managerWLANUTL.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesWinRARWinRAR.exe

C:DOCUME~1MAREK~1.I9XUSTAWI~1TempRar$EX00.492HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:PROGRA~1INCRED~1BHOBHO.dll (file missing)

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

O2 - BHO: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:PROGRA~1INCRED~1BHOBHO.dll (file missing)

O2 - BHO: SearchNugget Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:WindowsDOWNLO~1sbar.dll (file missing)

O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:PROGRA~1IWINGA~1IWINGA~1.DLL (file missing)

O2 - BHO: (no name) - {CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE} - C:WINDOWSsystem32urqrppm.dll (file missing)

O3 - Toolbar: SearchNugget Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:WindowsDOWNLO~1sbar.dll (file missing)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll (file missing)

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_04binjusched.exe

O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe

O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe

O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..Run: [Wimdow_Killer] C:Program FilesWindow KillerWndK.exe

O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pltlen.exe

O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll

O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:WINDOWSacezlink.htm (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:WINDOWSsystem32shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O20 - Winlogon Notify: ComPlusSetup - C:WINDOWSsystem32catsrvut.dll

O20 - Winlogon Notify: WgaLogon - C:WINDOWS

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

[ Dodano: 2007-07-06, 11:33 ]

Deckard's System Scanner v20070611.50

Run by marek on 2007-07-06 at 11:29:20

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

11: 2007-07-06 09:29:33 UTC - RP11 - Deckard's System Scanner Restore Point

10: 2007-07-05 08:01:47 UTC - RP10 - Software Distribution Service 3.0

9: 2007-07-05 07:44:43 UTC - RP9 - Software Distribution Service 3.0

8: 2007-07-03 09:40:46 UTC - RP8 - Spyware Terminator - restore point

7: 2007-07-02 07:21:17 UTC - RP7 - Software Distribution Service 3.0

-- First Restore Point --

1: 2007-06-30 09:54:02 UTC - RP1 - Punkt kontrolny systemu

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as marek.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 11:31:24, on 2007-07-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:PROGRA~1GrisoftAVG7avgamsvr.exe

C:PROGRA~1GrisoftAVG7avgupsvc.exe

C:PROGRA~1GrisoftAVG7avgemc.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSExplorer.EXE

C:Program FilesJavajre1.5.0_04binjusched.exe

C:WINDOWSMixer.exe

C:PROGRA~1NEOSTR~1CnxMon.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:PROGRA~1NEOSTR~1TaskbarIcon.exe

C:Program FilesQuickTimeqttask.exe

C:PROGRA~1GrisoftAVG7avgcc.exe

C:WINDOWSsystem32RunDll32.exe

C:Program FilesWindow KillerWndK.exe

C:Program FilesTlen.pltlen.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesSAGEM WiFi managerWLANUTL.exe

C:WINDOWSsystem32wuauclt.exe

C:Program FilesMozilla Firefoxfirefox.exe

D:dss.exe

C:PROGRA~1HIJACK~1marek.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neostrada.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:PROGRA~1INCRED~1BHOBHO.dll (file missing)

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

O2 - BHO: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:PROGRA~1INCRED~1BHOBHO.dll (file missing)

O2 - BHO: SearchNugget Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:WindowsDOWNLO~1sbar.dll (file missing)

O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:PROGRA~1IWINGA~1IWINGA~1.DLL (file missing)

O2 - BHO: (no name) - {CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE} - C:WINDOWSsystem32urqrppm.dll (file missing)

O3 - Toolbar: SearchNugget Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:WindowsDOWNLO~1sbar.dll (file missing)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll (file missing)

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre1.5.0_04binjusched.exe

O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon.exe

O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch.exe

O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon.exe

O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..Run: [Wimdow_Killer] C:Program FilesWindow KillerWndK.exe

O4 - HKCU..Run: [Komunikator] C:Program FilesTlen.pltlen.exe

O4 - HKCU..Run: [NBJ] "C:Program FilesAheadNero BackItUpNBJ.exe"

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll

O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:WINDOWSacezlink.htm (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:WINDOWSsystem32shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O20 - Winlogon Notify: ComPlusSetup - C:WINDOWSsystem32catsrvut.dll

O20 - Winlogon Notify: WgaLogon - C:WINDOWS

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shellcplopencommand - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.cpl - cplfile - shellrunascommand - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*

.scr - scrfile - shellopencommand - "%1" /S "%3"

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:windowssystem32driverszdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S3 catchme - c:docume~1marek~1.i9xustawi~1tempcatchme.sys (file missing)

S3 cmpci (C-Media PCI Audio Driver (WDM)) - c:windowssystem32driverscmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>

S3 EL90X (Sterownik karty 3Com EtherLink XL 90X) - c:windowssystem32driversel90xnd5.sys (file missing)

S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:windowssystem32pcandis5.sys (file missing)

S3 ZDCndis5 (ZDCndis5 Protocol Driver) - c:windowssystem32zdcndis5.sys (file missing)

S3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - c:windowssystem32zdpndis5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Scheduled Tasks -------------------------------------------------------------

2007-06-16 10:25:06 284 --a------ C:WINDOWSTasksAppleSoftwareUpdate.job

-- Files created between 2007-06-06 and 2007-07-06 -----------------------------

2007-07-06 11:09:36 0 d-------- C:avenger

2007-07-05 13:29:05 0 d-------- C:Program FilesHidden Expedition Titanic

2007-07-04 09:43:58 0 d-------- C:Program FilesWindow Killer

2007-07-03 11:33:59 0 d-------- C:Documents and Settingsmarek.I9XKO9VV2PBQAEOApplication Data

2007-07-03 11:17:19 0 d-------- C:Program FilesDialer Killer

2007-07-02 09:29:47 46352 --a------ C:WINDOWSsetdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>

2007-07-02 09:29:45 139536 --a------ C:WINDOWSsystem32javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>

2007-07-02 09:29:45 6550 --a------ C:WINDOWSjautoexp.dat

2007-07-02 09:29:19 113 --a------ C:WINDOWSsystem32zonedon.reg

2007-07-02 09:29:18 113 --a------ C:WINDOWSsystem32zonedoff.reg

2007-06-30 11:57:48 0 d-------- C:WINDOWSsystem32SoftwareDistribution

2007-06-30 11:49:16 0 d-------- C:WINDOWSPrefetch

2007-06-30 11:38:37 168 --a------ C:WINDOWSsystem32Wga.cmd

2007-06-30 11:38:36 0 d-------- C:WINDOWSsystem32WGA

2007-06-30 11:37:57 0 d--h----- C:WINDOWS$hf_mig$

2007-06-30 10:21:08 0 d-------- C:WINDOWSsystem32PreInstall

2007-06-30 10:21:08 0 d-------- C:WINDOWSNLDRV

2007-06-30 10:12:41 0 d-------- C:WINDOWSsetup.pss

2007-06-29 15:02:27 0 dr-h----- C:$VAULT$.AVG

2007-06-24 19:57:26 0 d-------- C:Program FilesiWin.com

2007-06-23 19:50:31 0 d-------- C:Program FilesSecrets Of Great Art

2007-06-22 16:48:15 0 d-------- C:Program FilesThe Magicians Handbook Cursed Valley

2007-06-14 11:32:58 0 d--hs---- C:FOUND.008

2007-06-12 18:38:14 0 d--hs---- C:FOUND.007

-- Find3M Report ---------------------------------------------------------------

2007-07-03 15:20:02 429946 --a------ C:WINDOWSsystem32perfh015.dat

2007-07-03 15:20:02 64342 --a------ C:WINDOWSsystem32perfc015.dat

2007-06-30 11:31:26 23640 --a------ C:WINDOWSsystem32emptyregdb.dat

2007-06-29 14:55:58 0 d-------- C:Documents and Settingsmarek.I9XKO9VV2PBQAEODane aplikacjiAVG7

2007-06-05 14:47:36 0 d-------- C:Program FilesMirror Magic

2007-06-02 18:40:12 0 d-------- C:Documents and Settingsmarek.I9XKO9VV2PBQAEODane aplikacjiMagic Academy

2007-05-31 16:02:34 0 d-------- C:Program Filesbfgclient

2007-05-27 16:32:34 0 d-------- C:Documents and Settingsmarek.I9XKO9VV2PBQAEODane aplikacjiFloodLightGames

2007-05-23 18:10:00 0 d-------- C:Program FilesSAGEM WiFi manager

2007-05-23 18:09:44 0 d-------- C:Program FilesSAGEM

2007-05-15 19:01:38 12601 --a------ C:WINDOWSmozver.dat

2007-05-13 16:35:32 0 d-------- C:Documents and Settingsmarek.I9XKO9VV2PBQAEODane aplikacjiShareaza

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]

{02478D38-C3F9-4efb-9B51-7695ECA05670} C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll [x]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:Program FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll

{269B6797-664E-48AA-B283-B012BDF6E525} C:PROGRA~1INCRED~1BHOBHO.dll [x]

{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} C:WindowsDOWNLO~1sbar.dll [x]

{8CA5ED52-F3FB-4414-A105-2E3491156990} C:PROGRA~1IWINGA~1IWINGA~1.DLL [x]

{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE} C:WINDOWSsystem32urqrppm.dll [x]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun]

"SunJavaUpdateSched"="C:Program FilesJavajre1.5.0_04binjusched.exe"

"C-Media Mixer"="Mixer.exe /startup"

"WooCnxMon"="C:PROGRA~1NEOSTR~1CnxMon.exe"

"SpeedTouch USB Diagnostics"=""C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon"

"WOOWATCH"="C:PROGRA~1NEOSTR~1Watch.exe"

"WOOTASKBARICON"="C:PROGRA~1NEOSTR~1TaskbarIcon.exe"

"QuickTime Task"=""C:Program FilesQuickTimeqttask.exe" -atboottime"

"AVG7_CC"="C:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP"

"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"

"Wimdow_Killer"="C:Program FilesWindow KillerWndK.exe"

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun]

"Komunikator"="C:Program FilesTlen.pltlen.exe"

"NBJ"=""C:Program FilesAheadNero BackItUpNBJ.exe""

"Gadu-Gadu"=""C:Program FilesGadu-Gadugg.exe" /tray"

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunonce]

"nlpo_01"=hex(2):72,75,6e,64,6c,6c,33,32,20,61,64,76,70,61,63,6b,2e,64,6c,6c,

2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,6e,6c,69,74,65,2e,69,

6e,66,2c,6e,4c,69,74,65,52,65,67,00

"nlpo_02"=hex(2):72,75,6e,64,6c,6c,33,32,20,61,64,76,70,61,63,6b,2e,64,6c,6c,

2c,4c,61,75,6e,63,68,49,4e,46,53,65,63,74,69,6f,6e,20,6e,6c,69,74,65,2e,69,

6e,66,2c,53,00

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellexecutehoo

s]

"{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE}"=""

HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyComPlusSetup

HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa

Authentication Packages REG_MULTI_SZ msv1_000

Security Packages REG_MULTI_SZ kerberos0msv1_00schannel0wdigest00

Notification Packages REG_MULTI_SZ scecli00

[HKEY_LOCAL_MACHINEsoftwareMicrosoftWindows NTCurrentVersionSvchost]

LocalService REG_MULTI_SZ Alerter0WebClient0LmHosts0RemoteRegistry0upnphost0SSDPSRV00

NetworkService REG_MULTI_SZ DnsCache00

rpcss REG_MULTI_SZ RpcSs00

imgsvc REG_MULTI_SZ StiSvc00

termsvcs REG_MULTI_SZ TermService00

HTTPFilter REG_MULTI_SZ HTTPFilter00

DcomLaunch REG_MULTI_SZ DcomLaunch0TermService00

-- End of Deckard's System Scanner: finished at 2007-07-06 at 11:32:56 ---------

[ Dodano: 2007-07-06, 12:05 ]

sprawdzilem te gry co tak lepiej chodzily gdy mialem mmniej virusów i dalej tak jest ze mi sie ciagle scina!

Mam jeszce pytanie czy oprocz tego virusa v**** JEST JAKIS INNY ?

CatchMe

CatchMe

komentarz
komentarz

Zablokuj porty programami WWDC i Seconfig XP

Pobierz i uruchom narzędzie : The Avenger

Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:WINDOWSsystem32shdocvw.dll

C:WINDOWSsystem32Wga.cmd

C:Program FilesiWin.com

Folders to delete:

C:WINDOWSsystem32WGA

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.

Po restarcie w HijackThis usuwasz wpis/wpisy:

R3 - URLSearchHook: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:PROGRA~1INCRED~1BHOBHO.dll (file missing)

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll (file missing)

O2 - BHO: eUnivBHO Class - {269B6797-664E-48AA-B283-B012BDF6E525} - C:PROGRA~1INCRED~1BHOBHO.dll (file missing)

O2 - BHO: SearchNugget Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:WindowsDOWNLO~1sbar.dll (file missing)

O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:PROGRA~1IWINGA~1IWINGA~1.DLL (file missing)

O2 - BHO: (no name) - {CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE} - C:WINDOWSsystem32urqrppm.dll (file missing)

O3 - Toolbar: SearchNugget Toolbar - {4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D} - C:WindowsDOWNLO~1sbar.dll (file missing)

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnycomp5_5_7_0.dll (file missing)

O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - C:WINDOWSacezlink.htm (file missing)

O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:WINDOWSsystem32shdocvw.dll

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{269B6797-664E-48AA-B283-B012BDF6E525}]

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}]

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{8CA5ED52-F3FB-4414-A105-2E3491156990}]

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE}]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellexecutehoo

s]

"{CF215C6E-5FF2-4F92-A3ED-72832CBD2BFE}"=-

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> Uruchom plik FIX.REG w trybie awaryjnym >>> Uruchom ponownie komputer.

Kasujesz ręcznie z dysku plik: C:Avengerbackup.zip i wklejasz na forum raport: C:avenger.txt + log z HijackThis + log z ComboScan.

Atomic

Atomic

komentarz
  • Autor
komentarz

Jak mam usunąc logi w hijackhis?

CatchMe

CatchMe

komentarz
komentarz

C:Avengerbackup.zip - tylko to kasujesz. Jak zrobiłeś już wszystko to wklej log z HijackThis + log z ComboScan

Atomic

Atomic

komentarz
  • Autor
komentarz

zajebiście pomogłes po tym jak wkleiłem to w avenger po resecie nie miałem ikonek i nc system padł więc musiałem częśc windowsa instalować od nowa!

CatchMe

CatchMe

komentarz
komentarz

Weź nie rozśmieszaj bo padnę. Nic takiego nie mogło się stać. Masz kopię tego pozatym więc nie rozpaczaj. :evil:

ps. jak można część windowsa zainstalować? :| Kunszt techniki...

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

Zadaj pytanie bez logowania
Przejdź do listy tematów
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.

  Akceptuję