Gość utworzono 6 lipca 2007 utworzono 6 lipca 2007 Mam taki problem, od jakiegoś czasu AVG znajduje wirusy... może to i dobrze, ale wirus za każdym nowym uruchomieniem windka się włącza... Jest to taki wir: Trojan horse Proxy.PDK nazwa pliku: 428702ld.exe i znajduje się w katalogu C:WINDOWSSystem32 Jest tam jeszcze więcej takich plików... razem ok. 20, czy macie na to jakąś szczepionkę??
Vis Maior komentarz 6 lipca 2007 komentarz 6 lipca 2007 Stawiam na to ze masz wirusa w jeszcze jakimś miejscu i po usunięciu go z system 32 instaluje sie on tam na nowo z innego źródła. Zrób gruntowne skanowanie wszystkich dysków i zobacz, moze pomoze
CatchMe komentarz 6 lipca 2007 komentarz 6 lipca 2007 Pomoże na pewno wklejenie logów: HijackThis i ComboFix.
Gość komentarz 7 lipca 2007 komentarz 7 lipca 2007 Log Z HJT Logfile of HijackThis v1.99.1 Scan saved at 11:23:45, on 2007-07-07 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe D:Program FilesPC Tools Firewall PlusFWService.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe C:WINDOWSExplorer.EXE D:PROGRA~1GrisoftAVG7avgamsvr.exe D:PROGRA~1GrisoftAVG7avgupsvc.exe D:PROGRA~1GrisoftAVG7avgemc.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSSystem32nvsvc32.exe D:PROGRA~1GrisoftAVG7avgcc.exe D:Program FilesPC Tools Firewall PlusFirewallGUI.exe D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe D:Program FilesMozilla Firefoxfirefox.exe D:Program FilesGadu-Gadugg.exe C:DOCUME~1MegasUSTAWI~1TempARC56HijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.entretieneteds.vze.com R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sklep.gram.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O4 - HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP O4 - HKLM..Run: [00PCTFW] "D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s O4 - HKLM..Run: [!AVG Anti-Spyware] "D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKLM..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSSystem32Wbemscrcons32.exe O4 - HKLM..RunServices: [Windows File Upgrader] winupgrd.exe O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSSystem32Wbemscrcons32.exe O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O17 - HKLMSystemCCSServicesTcpip..{DD312EBC-D14E-452D-9FD9-825E6539E0FA}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgemc.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - D:Program FilesBullGuard SoftwareBullGuardBullGuardUpdate.exe O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:WINDOWSsystemcsrrs.exe (file missing) O23 - Service: hpdj - Unknown owner - C:DOCUME~1MegasUSTAWI~1Temphpdj.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:Program FilesPC Tools Firewall PlusFWService.exe ComboFixa nie robiłem bo nie mam zaufanego źródła żeby to ściągnąć, jak wy macie to podajcie link i napewno wkleję także z CF [ Dodano: 2007-07-08, 13:55 ] Sprawdzi ktoś ten log??
CatchMe komentarz 8 lipca 2007 komentarz 8 lipca 2007 Proszę o przeniesienie tematu do Bezpieczeństwa. Masz trochę tego: O4 - HKLM..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSSystem32Wbemscrcons32.exe O4 - HKLM..RunServices: [Windows File Upgrader] winupgrd.exe O4 - HKCU..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSSystem32Wbemscrcons32.exe O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:WINDOWSsystemcsrrs.exe (file missing) Jak temat zostanie przeniesiony napiszę Ci solucję usuwania. //Przeniesiony //Przemek
Gość komentarz 9 lipca 2007 komentarz 9 lipca 2007 Zafixowałem to co pisałeś i zrobiłem nowy skan: Logfile of HijackThis v1.99.1 Scan saved at 10:02:52, on 2007-07-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe C:WINDOWSSystem32svchost.exe D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe D:PROGRA~1GrisoftAVG7avgamsvr.exe D:PROGRA~1GrisoftAVG7avgupsvc.exe D:PROGRA~1GrisoftAVG7avgemc.exe D:PROGRA~1GrisoftAVG7avgcc.exe D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSSystem32nvsvc32.exe D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe D:Program FilesMozilla Firefoxfirefox.exe C:Documents and SettingsMegasPulpitHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.entretieneteds.vze.com/ R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sklep.gram.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll O4 - HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP O4 - HKLM..Run: [00PCTFW] "D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s O4 - HKLM..Run: [!AVG Anti-Spyware] "D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O17 - HKLMSystemCCSServicesTcpip..{DD312EBC-D14E-452D-9FD9-825E6539E0FA}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgemc.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - D:Program FilesBullGuard SoftwareBullGuardBullGuardUpdate.exe O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:WINDOWSsystemcsrrs.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:Program FilesPC Tools Firewall PlusFWService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe
CatchMe komentarz 9 lipca 2007 komentarz 9 lipca 2007 Prawie Ci się udało. Zablokuj porty programami WWDC i Seconfig XP START >>> Uruchom >>> cmd >>> wpisz (i po każdej komendzie naciśnij ENTER): sc stop CSRRS sc delete CSRRS Ściągnij OTMoveIt * Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki: C:WINDOWSSystem32rpcc.dll C:WINDOWSsystemcsrrs.exe * Następnie wciśnij przycisk MoveIt! * Wyskoczy komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów - wciśnij Yes. * Po restarcie usuń ręcznie folder C:_OTMoveIt (Prawoklik >>> Usuń >>> Opróżnij Kosz). W HijackThis kasujesz: O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:WINDOWSsystemcsrrs.exe (file missing) - Następnie wklejasz logi z HijackThis i ComboFix.
Gość komentarz 9 lipca 2007 komentarz 9 lipca 2007 Zrobiłem wszystko tak jak kazałeś jak coś się będzie działo to napiszę, log: Logfile of HijackThis v1.99.1 Scan saved at 17:24:18, on 2007-07-09 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe D:Program FilesPC Tools Firewall PlusFWService.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe D:PROGRA~1GrisoftAVG7avgamsvr.exe D:PROGRA~1GrisoftAVG7avgcc.exe D:Program FilesPC Tools Firewall PlusFirewallGUI.exe D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe D:Program FilesGadu-Gadugg.exe D:PROGRA~1GrisoftAVG7avgupsvc.exe D:PROGRA~1GrisoftAVG7avgemc.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSSystem32nvsvc32.exe D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe D:Program FilesMozilla Firefoxfirefox.exe C:Documents and SettingsMegasPulpitHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.entretieneteds.vze.com/ R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sklep.gram.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll O4 - HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP O4 - HKLM..Run: [00PCTFW] "D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s O4 - HKLM..Run: [!AVG Anti-Spyware] "D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O17 - HKLMSystemCCSServicesTcpip..{DD312EBC-D14E-452D-9FD9-825E6539E0FA}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgemc.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - D:Program FilesBullGuard SoftwareBullGuardBullGuardUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:Program FilesPC Tools Firewall PlusFWService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe
CatchMe komentarz 9 lipca 2007 komentarz 9 lipca 2007 Log czysty ale: A gdzie log z ComboFixa ? - no właśnie
Gość komentarz 9 lipca 2007 komentarz 9 lipca 2007 Przecież pisałem, że nie mam skąd to ściągnąć Jak podacie linka to wam podam log z combofixa...
CatchMe komentarz 9 lipca 2007 komentarz 9 lipca 2007 1. http://www.forumpc.pl/viewtopic.php?t=11018 2. http://stopwirusom.pl/index.php?option=com...19&Itemid=4 Wszędzie są informacje...
Gość komentarz 10 lipca 2007 komentarz 10 lipca 2007 Tu macie log z ComboFixa: "Megas" - 2007-07-10 10:01:30 - ComboFix 07-07-10.1 FAT32 ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 ))))))))))))))))))))))))))))))) 2007-07-10 09:56 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-08 20:53 31,232 --a------ C:WINDOWSsystem3253331012ld.exe 2007-07-08 20:12 31,232 --a------ C:WINDOWSsystem3212358672ld.exe 2007-07-08 20:01 <DIR> d-------- C:Program FilesSystemRequirementsLab 2007-07-08 15:21 <DIR> d-------- C:Program FilesElaborate Bytes 2007-07-08 14:36 249,482 --a------ C:WINDOWSAlcohol_Toolbar_Uninstaller_6428.exe 2007-07-08 14:36 <DIR> d-------- C:Program FilesAlcohol Toolbar 2007-07-07 21:36 <DIR> d-------- C:Program FilesDaemonTools_WhenUSave_Installer 2007-07-07 21:29 685,816 --a------ C:WINDOWSsystem32driverssptd.sys 2007-07-07 19:26 31,232 --a------ C:WINDOWSsystem3226504512ld.exe 2007-07-07 19:17 <DIR> d---s---- C:DOCUME~1MegasUserData 2007-07-07 18:46 31,232 --a------ C:WINDOWSsystem3245589552ld.exe 2007-07-07 18:34 <DIR> d-------- C:DOCUME~1MegasDANEAP~1MSN6 2007-07-07 18:34 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1MSN6 2007-07-07 18:25 31,232 --a------ C:WINDOWSsystem3225337442ld.exe 2007-07-04 11:49 <DIR> d-------- C:DOCUME~1Megas.thumbnails 2007-07-04 11:31 <DIR> d-------- C:DOCUME~1Megas.gimp-2.2 2007-07-04 11:00 <DIR> d-------- C:DOCUME~1MegasDANEAP~1Vso 2007-07-03 13:32 <DIR> d-------- C:DOCUME~1MegasDANEAP~1Ahead 2007-07-03 12:57 182,880 --a------ C:WINDOWSsystem32iuengine.dll 2007-07-03 12:52 327,168 --a------ C:WINDOWSIsUn0415.exe 2007-07-03 12:52 <DIR> d-------- C:Program FilesHewlett-Packard 2007-07-02 19:39 <DIR> d-------- C:GAMES 2007-07-02 09:57 306,688 --a------ C:WINDOWSIsUninst.exe 2007-06-30 22:07 <DIR> d-------- C:Program FilesLavalys 2007-06-30 17:15 <DIR> d--hs---- C:FOUND.000 2007-06-29 22:22 <DIR> d-------- C:Program FilesCommon FilesDirectX 2007-06-29 22:07 <DIR> d-------- C:DOCUME~1MegasDANEAP~1THQ 2007-06-29 21:53 <DIR> d-------- C:Program FilesSAMSUNG 2007-06-29 21:45 <DIR> d-------- C:WINDOWSpss 2007-06-29 21:13 2,916,352 --------- C:WINDOWSUNNMP.exe 2007-06-29 21:12 <DIR> d-------- C:Program FilesCommon FilesLightScribe 2007-06-29 21:11 155,648 --a------ C:WINDOWSsystem32NeroCheck.exe 2007-06-29 21:10 <DIR> d-------- C:Program FilesCommon FilesNero 2007-06-29 21:09 24,064 --------- C:WINDOWSsystem32msxml3a.dll 2007-06-29 21:09 2,977,792 --------- C:WINDOWSUNNeroVision.exe 2007-06-29 21:08 476,320 --------- C:WINDOWSsystem32ImagXpr7.dll 2007-06-29 21:08 471,040 --------- C:WINDOWSsystem32ImagXRA7.dll 2007-06-29 21:08 38,912 --------- C:WINDOWSsystem32picn20.dll 2007-06-29 21:08 364,544 --------- C:WINDOWSsystem32TwnLib4.dll 2007-06-29 21:08 262,144 --------- C:WINDOWSsystem32ImagXR7.dll 2007-06-29 21:08 106,496 --a------ C:WINDOWSsystem32TwnLib20.dll 2007-06-29 21:08 1,568,768 --------- C:WINDOWSsystem32ImagX7.dll 2007-06-29 21:08 <DIR> d-------- C:Program FilesCommon FilesAhead 2007-06-29 21:08 <DIR> d-------- C:Program FilesAhead 2007-06-29 21:08 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Ahead 2007-06-29 20:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-06-29 20:18 997,888 --a------ C:WINDOWSsystem32wmvdmoe2.dll 2007-06-29 20:18 981,504 --a------ C:WINDOWSsystem32wmnetmgr.dll 2007-06-29 20:18 892,416 --a------ C:WINDOWSsystem32wmspdmoe.dll 2007-06-29 20:18 816,264 --a------ C:WINDOWSsystem32wmvdmod.dll 2007-06-29 20:18 81,408 --a------ C:WINDOWSsystem32logagent.exe 2007-06-29 20:18 760,968 --a------ C:WINDOWSsystem32wmsdmod.dll 2007-06-29 20:18 670,208 --a------ C:WINDOWSsystem32wmadmoe.dll 2007-06-29 20:18 6,656 --a------ C:WINDOWSsystem32laprxy.dll 2007-06-29 20:18 486,536 --a------ C:WINDOWSsystem32wmspdmod.dll 2007-06-29 20:18 410,248 --a------ C:WINDOWSsystem32wmadmod.dll 2007-06-29 20:18 384,512 --a------ C:WINDOWSsystem32mp4sdmod.dll 2007-06-29 20:18 316,040 --a------ C:WINDOWSsystem32mp43dmod.dll 2007-06-29 20:18 241,664 --a------ C:WINDOWSsystem32qasf.dll 2007-06-29 20:18 241,664 --a------ C:WINDOWSsystem32mpg4dmod.dll 2007-06-29 20:18 143,360 --a------ C:WINDOWSsystem32wmidx.dll 2007-06-29 20:18 1,111,040 --a------ C:WINDOWSsystem32wmsdmoe2.dll 2007-06-29 20:17 82,432 --a------ C:WINDOWSsystem32drmstor.dll 2007-06-29 20:17 678,912 --a------ C:WINDOWSsystem32drmv2clt.dll 2007-06-29 20:17 301,712 --a------ C:WINDOWSsystem32drmclien.dll 2007-06-29 20:17 253,952 --a------ C:WINDOWSsystem32msnetobj.dll 2007-06-29 20:17 232,960 --a------ C:WINDOWSsystem32blackbox.dll 2007-06-29 20:17 218,112 --a------ C:WINDOWSsystem32wmasf.dll 2007-06-29 19:58 <DIR> d-------- C:Program FilesSilkroad 2007-06-28 10:29 <DIR> d-------- C:DOCUME~1MegasDANEAP~1PCToolsFirewallPlus 2007-06-28 10:26 10,872 --a------ C:WINDOWSsystem32driversAvgAsCln.sys 2007-06-28 10:21 499,712 --a------ C:WINDOWSsystem32msvcp71.dll 2007-06-28 10:21 348,160 --a------ C:WINDOWSsystem32msvcr71.dll 2007-06-28 10:11 55,904 --a------ C:WINDOWSsystem32driverspctfw.sys 2007-06-28 10:11 100,448 --a------ C:WINDOWSsystem32driverspctfw1.sys 2007-06-28 10:09 3,968 --a------ C:WINDOWSsystem32driversAvgArCln.sys 2007-06-27 16:14 921,600 --a------ C:WINDOWSsystem32vorbisenc.dll 2007-06-27 16:14 237,568 --a------ C:WINDOWSsystem32OggDS.dll 2007-06-27 16:14 188,416 --a------ C:WINDOWSsystem32vorbis.dll 2007-06-27 16:13 45,056 --a------ C:WINDOWSsystem32ogg.dll 2007-06-27 16:12 9,216 --a------ C:WINDOWSsystem32cpuinf32.dll 2007-06-27 16:12 245,760 --a------ C:WINDOWSsystem32mplvpx.dll 2007-06-27 16:11 765,952 --a------ C:WINDOWSsystem32xvidcore.dll 2007-06-27 16:11 639,066 --a------ C:WINDOWSsystem32DivX.dll 2007-06-27 11:20 <DIR> d-------- C:DOCUME~1Megas.jpi_cache 2007-06-27 10:54 90,112 --a------ C:WINDOWSunvise32.exe 2007-06-27 10:42 <DIR> d-------- C:Program FilesYahoo! 2007-06-26 21:00 <DIR> d-------- C:Program FilesArmy Operations 2007-06-26 14:03 847,872 --a------ C:WINDOWSsystem32msimsg.dll 2007-06-26 14:03 63,488 --a------ C:WINDOWSsystem32msiexec.exe 2007-06-26 14:03 39,936 --a------ C:WINDOWSsystem32msisip.dll 2007-06-26 14:03 304,640 --a------ C:WINDOWSsystem32msihnd.dll 2007-06-26 14:03 2,044,928 --a------ C:WINDOWSsystem32msi.dll 2007-06-26 13:49 208,896 --a------ C:WINDOWSsystem32NVUNINST.EXE 2007-06-26 13:49 208,896 --a------ C:WINDOWSsystem32nvudisp.exe 2007-06-26 13:49 <DIR> d-------- C:WINDOWSnview 2007-06-26 13:47 68,888 --a------ C:WINDOWSsystem32xinput1_3.dll 2007-06-26 13:47 3,426,072 --a------ C:WINDOWSsystem32d3dx9_32.dll 2007-06-26 13:47 255,848 --a------ C:WINDOWSsystem32xactengine2_6.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-02 08:20:44 28,624 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-06-28 08:35:26 49,712 ----a-w C:WINDOWSsystem32perfc015.dat 2007-06-28 08:35:26 355,830 ----a-w C:WINDOWSsystem32perfh015.dat 2007-06-26 11:09:04 -------- d-----w C:Program FilesUsługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{52D06F97-5511-43FA-8FDA-C481864FD26E}] 2007-07-08 14:36 798720 --a------ C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AVG7_CC"="D:PROGRA~1GrisoftAVG7avgcc.exe" [2007-06-28 10:21] "00PCTFW"="D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" [2007-04-28 08:13] "!AVG Anti-Spyware"="D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36] [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunservices] "WMI Standard Event Consumer - Scripting"=C:WINDOWSSystem32Wbemscrcons32.exe [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun] "WMI Standard Event Consumer - Scripting"=C:WINDOWSSystem32Wbemscrcons32.exe [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo s] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:Program FilesGrisoftAVG Anti-Spyware 7.5shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] WMI Standard Event Consumer - Scripting C:WINDOWSSystem32Wbemscrcons32.exe [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalAVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalAVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck] %systemroot%system32dumprep 0 -k [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregName of App] C:Program FilesSAMSUNGFW LiveUpdateFWManager.exe r [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} rundll32 iesetup.dll,IEAccessUserInst ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 10:03:24 Windows 5.1.2600 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-10 10:03:55 --- E O F ---
CatchMe komentarz 10 lipca 2007 komentarz 10 lipca 2007 Pobierz program SDFix * Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix) * Zrestartuj komputer i wejdź do trybu awaryjnego z obsługą sieci (klawisz F8 przed bootem Windowsa) * Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat * Wciśnij Y nastąpi proces usuwania. * Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera. * Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie. * Pokaż Report.txt znajdujący się w folderze SDFix. -------------------------------------------------------- Ściągnij OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe * Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki: C:WINDOWSnircmd.exe C:WINDOWSsystem3253331012ld.exe C:WINDOWSsystem3212358672ld.exe C:WINDOWSAlcohol_Toolbar_Uninstaller_6428.exe C:Program FilesAlcohol Toolbar C:Program FilesDaemonTools_WhenUSave_Installer C:WINDOWSsystem3226504512ld.exe C:WINDOWSsystem3245589552ld.exe C:WINDOWSsystem3225337442ld.exe C:FOUND.00 C:WINDOWSunvise32.exe C:WINDOWSSystem32Wbemscrcons32.exe * Następnie wciśnij przycisk MoveIt! * Wyskoczy komunikat, że jest potrzebny restart do usunięcia podanego pliku/folderu - wciśnij Yes. * Po restarcie usuń ręcznie folder C:_OTMoveIt (Prawoklik >>> Usuń >>> Opróżnij Kosz). -------------------------------------------------------- - Używasz msn? 2007-07-07 18:34 <DIR> d-------- C:DOCUME~1MegasDANEAP~1MSN62007-07-07 18:34 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1MSN6 Jeżeli nie to kasujesz pogrubione foldery. -------------------------------------------------------- Otwórz Notatnik i wklej w nim to: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE~Browser Helper Objects{52D06F97-5511-43FA-8FDA-C481864FD26E}] [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunservices] "WMI Standard Event Consumer - Scripting"=- [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun] "WMI Standard Event Consumer - Scripting"=- [-HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> Uruchom plik FIX.REG w trybie awaryjnym >>> Uruchom ponownie komputer. -------------------------------------------------------- - Wklejasz nowy log z ComboFix i HijackThis.
Gość komentarz 10 lipca 2007 komentarz 10 lipca 2007 catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 15:07:55 Windows 5.1.2600 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0
CatchMe komentarz 10 lipca 2007 komentarz 10 lipca 2007 Co to ma być? :zez: - CAŁY log z ComboFIX i HIJACKTHIS. Bez tego jestem bezradny.
Gość komentarz 10 lipca 2007 komentarz 10 lipca 2007 Myślałem że ci chodziło o log z tamtego programiku.. Log z HiJackThis: Logfile of HijackThis v1.99.1 Scan saved at 16:19, on 2007-07-10 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe D:Program FilesPC Tools Firewall PlusFWService.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe D:PROGRA~1GrisoftAVG7avgcc.exe D:PROGRA~1GrisoftAVG7avgamsvr.exe D:Program FilesPC Tools Firewall PlusFirewallGUI.exe D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe D:Program FilesGadu-Gadugg.exe D:PROGRA~1GrisoftAVG7avgupsvc.exe D:PROGRA~1GrisoftAVG7avgemc.exe C:Program FilesCommon FilesLightScribeLSSrvc.exe C:WINDOWSSystem32nvsvc32.exe D:Program FilesMozilla Firefoxfirefox.exe C:WINDOWSsystem32cmd.exe C:WINDOWSsystem32cmd.exe C:Documents and SettingsMegasPulpitHijackThis.exe C:WINDOWSsystem32cmd.exe C:WINDOWSsystem32findstr.exe C:ComboFixmtee.cfexe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.entretieneteds.vze.com/ R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sklep.gram.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = L1cza O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll (file missing) O4 - HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP O4 - HKLM..Run: [00PCTFW] "D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s O4 - HKLM..Run: [!AVG Anti-Spyware] "D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O17 - HKLMSystemCCSServicesTcpip..{DD312EBC-D14E-452D-9FD9-825E6539E0FA}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgemc.exe O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - D:Program FilesBullGuard SoftwareBullGuardBullGuardUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:Program FilesPC Tools Firewall PlusFWService.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe Log z ComboFixa: "Megas" - 2007-07-10 16:17:58 - ComboFix 07-07-10.1 FAT32 ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 ))))))))))))))))))))))))))))))) 2007-07-10 16:17 51,200 --a------ C:WINDOWSnircmd.exe 2007-07-10 15:06 <DIR> d--hs---- C:WINDOWSCSC 2007-07-10 14:59 <DIR> d--hs---- C:FOUND.001 2007-07-10 12:31 50,112 --a------ C:WINDOWSsystem32driversVIADSK.SYS 2007-07-10 12:31 41,208 -ra------ C:WINDOWSsystem32driversviaudio.sys 2007-07-10 12:31 <DIR> d-------- C:VIADMATOOL 2007-07-10 12:30 3,033 --a------ C:WINDOWSsystem32driversVIAPFD.SYS 2007-07-10 12:30 <DIR> d-------- C:DOCUME~1MegasWINDOWS 2007-07-10 12:26 545 --a------ C:WINDOWSUC.PIF 2007-07-10 12:26 545 --a------ C:WINDOWSRAR.PIF 2007-07-10 12:26 545 --a------ C:WINDOWSPKZIP.PIF 2007-07-10 12:26 545 --a------ C:WINDOWSPKUNZIP.PIF 2007-07-10 12:26 545 --a------ C:WINDOWSNOCLOSE.PIF 2007-07-10 12:26 545 --a------ C:WINDOWSLHA.PIF 2007-07-10 12:26 545 --a------ C:WINDOWSARJ.PIF 2007-07-10 12:06 5,600 --a------ C:WINDOWSsystemWINASPI.DLL 2007-07-10 12:06 45,056 --a------ C:WINDOWSsystem32WNASPI32.DLL 2007-07-10 12:06 4,672 --a------ C:WINDOWSsystemWOWPOST.EXE 2007-07-10 12:06 16,877 --a------ C:WINDOWSsystem32driversASPI32.SYS 2007-07-10 11:47 524,288 --ah----- C:DOCUME~1ADMINI~1NTUSER.DAT 2007-07-10 11:47 <DIR> dr-h----- C:DOCUME~1ADMINI~1Dane aplikacji 2007-07-10 11:47 <DIR> dr------- C:DOCUME~1ADMINI~1Menu Start 2007-07-10 11:47 <DIR> d--h----- C:DOCUME~1ADMINI~1Ustawienia lokalne 2007-07-10 11:47 <DIR> d--h----- C:DOCUME~1ADMINI~1Szablony 2007-07-10 11:47 <DIR> d-------- C:DOCUME~1ADMINI~1Ulubione 2007-07-10 11:47 <DIR> d-------- C:DOCUME~1ADMINI~1Pulpit 2007-07-10 11:47 <DIR> d-------- C:DOCUME~1ADMINI~1Moje dokumenty 2007-07-08 20:01 <DIR> d-------- C:Program FilesSystemRequirementsLab 2007-07-08 15:21 <DIR> d-------- C:Program FilesElaborate Bytes 2007-07-07 21:29 685,816 --a------ C:WINDOWSsystem32driverssptd.sys 2007-07-07 19:17 <DIR> d---s---- C:DOCUME~1MegasUserData 2007-07-04 11:49 <DIR> d-------- C:DOCUME~1Megas.thumbnails 2007-07-04 11:31 <DIR> d-------- C:DOCUME~1Megas.gimp-2.2 2007-07-04 11:00 <DIR> d-------- C:DOCUME~1MegasDANEAP~1Vso 2007-07-03 13:32 <DIR> d-------- C:DOCUME~1MegasDANEAP~1Ahead 2007-07-03 12:57 182,880 --a------ C:WINDOWSsystem32iuengine.dll 2007-07-03 12:52 327,168 --a------ C:WINDOWSIsUn0415.exe 2007-07-03 12:52 <DIR> d-------- C:Program FilesHewlett-Packard 2007-07-02 19:39 <DIR> d-------- C:GAMES 2007-07-02 09:57 306,688 --a------ C:WINDOWSIsUninst.exe 2007-06-30 22:07 <DIR> d-------- C:Program FilesLavalys 2007-06-30 17:15 <DIR> d--hs---- C:FOUND.000 2007-06-29 22:22 <DIR> d-------- C:Program FilesCommon FilesDirectX 2007-06-29 22:07 <DIR> d-------- C:DOCUME~1MegasDANEAP~1THQ 2007-06-29 21:53 <DIR> d-------- C:Program FilesSAMSUNG 2007-06-29 21:45 <DIR> d-------- C:WINDOWSpss 2007-06-29 21:13 2,916,352 --------- C:WINDOWSUNNMP.exe 2007-06-29 21:12 <DIR> d-------- C:Program FilesCommon FilesLightScribe 2007-06-29 21:11 155,648 --a------ C:WINDOWSsystem32NeroCheck.exe 2007-06-29 21:10 <DIR> d-------- C:Program FilesCommon FilesNero 2007-06-29 21:09 24,064 --------- C:WINDOWSsystem32msxml3a.dll 2007-06-29 21:09 2,977,792 --------- C:WINDOWSUNNeroVision.exe 2007-06-29 21:08 476,320 --------- C:WINDOWSsystem32ImagXpr7.dll 2007-06-29 21:08 471,040 --------- C:WINDOWSsystem32ImagXRA7.dll 2007-06-29 21:08 38,912 --------- C:WINDOWSsystem32picn20.dll 2007-06-29 21:08 364,544 --------- C:WINDOWSsystem32TwnLib4.dll 2007-06-29 21:08 262,144 --------- C:WINDOWSsystem32ImagXR7.dll 2007-06-29 21:08 106,496 --a------ C:WINDOWSsystem32TwnLib20.dll 2007-06-29 21:08 1,568,768 --------- C:WINDOWSsystem32ImagX7.dll 2007-06-29 21:08 <DIR> d-------- C:Program FilesCommon FilesAhead 2007-06-29 21:08 <DIR> d-------- C:Program FilesAhead 2007-06-29 21:08 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Ahead 2007-06-29 20:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2007-06-29 20:18 997,888 --a------ C:WINDOWSsystem32wmvdmoe2.dll 2007-06-29 20:18 981,504 --a------ C:WINDOWSsystem32wmnetmgr.dll 2007-06-29 20:18 892,416 --a------ C:WINDOWSsystem32wmspdmoe.dll 2007-06-29 20:18 816,264 --a------ C:WINDOWSsystem32wmvdmod.dll 2007-06-29 20:18 81,408 --a------ C:WINDOWSsystem32logagent.exe 2007-06-29 20:18 760,968 --a------ C:WINDOWSsystem32wmsdmod.dll 2007-06-29 20:18 670,208 --a------ C:WINDOWSsystem32wmadmoe.dll 2007-06-29 20:18 6,656 --a------ C:WINDOWSsystem32laprxy.dll 2007-06-29 20:18 486,536 --a------ C:WINDOWSsystem32wmspdmod.dll 2007-06-29 20:18 410,248 --a------ C:WINDOWSsystem32wmadmod.dll 2007-06-29 20:18 384,512 --a------ C:WINDOWSsystem32mp4sdmod.dll 2007-06-29 20:18 316,040 --a------ C:WINDOWSsystem32mp43dmod.dll 2007-06-29 20:18 241,664 --a------ C:WINDOWSsystem32qasf.dll 2007-06-29 20:18 241,664 --a------ C:WINDOWSsystem32mpg4dmod.dll 2007-06-29 20:18 143,360 --a------ C:WINDOWSsystem32wmidx.dll 2007-06-29 20:18 1,111,040 --a------ C:WINDOWSsystem32wmsdmoe2.dll 2007-06-29 20:17 82,432 --a------ C:WINDOWSsystem32drmstor.dll 2007-06-29 20:17 678,912 --a------ C:WINDOWSsystem32drmv2clt.dll 2007-06-29 20:17 301,712 --a------ C:WINDOWSsystem32drmclien.dll 2007-06-29 20:17 253,952 --a------ C:WINDOWSsystem32msnetobj.dll 2007-06-29 20:17 232,960 --a------ C:WINDOWSsystem32blackbox.dll 2007-06-29 20:17 218,112 --a------ C:WINDOWSsystem32wmasf.dll 2007-06-29 19:58 <DIR> d-------- C:Program FilesSilkroad 2007-06-28 10:29 <DIR> d-------- C:DOCUME~1MegasDANEAP~1PCToolsFirewallPlus 2007-06-28 10:26 10,872 --a------ C:WINDOWSsystem32driversAvgAsCln.sys 2007-06-28 10:21 499,712 --a------ C:WINDOWSsystem32msvcp71.dll 2007-06-28 10:21 348,160 --a------ C:WINDOWSsystem32msvcr71.dll 2007-06-28 10:11 55,904 --a------ C:WINDOWSsystem32driverspctfw.sys 2007-06-28 10:11 100,448 --a------ C:WINDOWSsystem32driverspctfw1.sys 2007-06-28 10:09 3,968 --a------ C:WINDOWSsystem32driversAvgArCln.sys 2007-06-27 16:14 921,600 --a------ C:WINDOWSsystem32vorbisenc.dll 2007-06-27 16:14 237,568 --a------ C:WINDOWSsystem32OggDS.dll 2007-06-27 16:14 188,416 --a------ C:WINDOWSsystem32vorbis.dll 2007-06-27 16:13 45,056 --a------ C:WINDOWSsystem32ogg.dll 2007-06-27 16:12 9,216 --a------ C:WINDOWSsystem32cpuinf32.dll 2007-06-27 16:12 245,760 --a------ C:WINDOWSsystem32mplvpx.dll 2007-06-27 16:11 765,952 --a------ C:WINDOWSsystem32xvidcore.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-10 09:04:08 49,712 ----a-w C:WINDOWSsystem32perfc015.dat 2007-07-10 09:04:08 355,830 ----a-w C:WINDOWSsystem32perfh015.dat 2007-07-02 08:20:44 28,624 ----a-w C:WINDOWSsystem32driverssecdrv.sys 2007-06-26 11:09:04 -------- d-----w C:Program FilesUsługi online ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~Browser Helper Objects{52D06F97-5511-43FA-8FDA-C481864FD26E}] C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AVG7_CC"="D:PROGRA~1GrisoftAVG7avgcc.exe" [2007-06-28 10:21] "00PCTFW"="D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" [2007-04-28 08:13] "!AVG Anti-Spyware"="D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo s] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:Program FilesGrisoftAVG Anti-Spyware 7.5shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalAVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalAVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck] %systemroot%system32dumprep 0 -k [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregName of App] C:Program FilesSAMSUNGFW LiveUpdateFWManager.exe r [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{ACC563BC-4266-43f0-B6ED-9D38C4202C7E} rundll32 iesetup.dll,IEAccessUserInst ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 16:20:51 Windows 5.1.2600 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-10 16:22:00 C:ComboFix2.txt ... 2007-07-10 10:03 --- E O F ---
CatchMe komentarz 10 lipca 2007 komentarz 10 lipca 2007 Usuń folder: C:ComboFix W HijackThis kasujesz resztki po toolbarze: O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll (file missing) O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll (file missing) - Poza tym czysty. Czy masz jakiś problem jeszcze?
Gość komentarz 11 lipca 2007 komentarz 11 lipca 2007 Wszystko działa teraz super !! Wielki plus dla ciebie!! Temat do zamknięcia!!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.