x-kom hosting

Problem z wirusem

Gość

Gość

utworzono
utworzono

Mam taki problem, od jakiegoś czasu AVG znajduje wirusy... może to i dobrze, ale wirus za każdym nowym uruchomieniem windka się włącza...

Jest to taki wir: Trojan horse Proxy.PDK nazwa pliku: 428702ld.exe i znajduje się w katalogu C:WINDOWSSystem32 Jest tam jeszcze więcej takich plików... razem ok. 20, czy macie na to jakąś szczepionkę??

Vis Maior

Vis Maior

komentarz
komentarz

Stawiam na to ze masz wirusa w jeszcze jakimś miejscu i po usunięciu go z system 32 instaluje sie on tam na nowo z innego źródła. Zrób gruntowne skanowanie wszystkich dysków i zobacz, moze pomoze ;)

CatchMe

CatchMe

komentarz
komentarz

Pomoże na pewno wklejenie logów: HijackThis i ComboFix.

Gość

Gość

komentarz
komentarz

Log Z HJT

Logfile of HijackThis v1.99.1

Scan saved at 11:23:45, on 2007-07-07

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

D:Program FilesPC Tools Firewall PlusFWService.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

C:WINDOWSExplorer.EXE

D:PROGRA~1GrisoftAVG7avgamsvr.exe

D:PROGRA~1GrisoftAVG7avgupsvc.exe

D:PROGRA~1GrisoftAVG7avgemc.exe

C:Program FilesCommon FilesLightScribeLSSrvc.exe

C:WINDOWSSystem32nvsvc32.exe

D:PROGRA~1GrisoftAVG7avgcc.exe

D:Program FilesPC Tools Firewall PlusFirewallGUI.exe

D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe

D:Program FilesMozilla Firefoxfirefox.exe

D:Program FilesGadu-Gadugg.exe

C:DOCUME~1MegasUSTAWI~1TempARC56HijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.entretieneteds.vze.com

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sklep.gram.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O4 - HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [00PCTFW] "D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s

O4 - HKLM..Run: [!AVG Anti-Spyware] "D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSSystem32Wbemscrcons32.exe

O4 - HKLM..RunServices: [Windows File Upgrader] winupgrd.exe

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSSystem32Wbemscrcons32.exe

O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O17 - HKLMSystemCCSServicesTcpip..{DD312EBC-D14E-452D-9FD9-825E6539E0FA}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - D:Program FilesBullGuard SoftwareBullGuardBullGuardUpdate.exe

O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:WINDOWSsystemcsrrs.exe (file missing)

O23 - Service: hpdj - Unknown owner - C:DOCUME~1MegasUSTAWI~1Temphpdj.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:Program FilesPC Tools Firewall PlusFWService.exe

ComboFixa nie robiłem bo nie mam zaufanego źródła żeby to ściągnąć, jak wy macie to podajcie link i napewno wkleję także z CF

[ Dodano: 2007-07-08, 13:55 ]

Sprawdzi ktoś ten log??

CatchMe

CatchMe

komentarz
komentarz

Proszę o przeniesienie tematu do Bezpieczeństwa.

Masz trochę tego:

O4 - HKLM..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSSystem32Wbemscrcons32.exe

O4 - HKLM..RunServices: [Windows File Upgrader] winupgrd.exe

O4 - HKCU..RunServices: [WMI Standard Event Consumer - Scripting] C:WINDOWSSystem32Wbemscrcons32.exe

O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll

O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:WINDOWSsystemcsrrs.exe (file missing)

Jak temat zostanie przeniesiony napiszę Ci solucję usuwania. :)

//Przeniesiony ;)

//Przemek

Gość

Gość

komentarz
komentarz

Zafixowałem to co pisałeś i zrobiłem nowy skan:

Logfile of HijackThis v1.99.1

Scan saved at 10:02:52, on 2007-07-09

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32svchost.exe

D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

D:PROGRA~1GrisoftAVG7avgamsvr.exe

D:PROGRA~1GrisoftAVG7avgupsvc.exe

D:PROGRA~1GrisoftAVG7avgemc.exe

D:PROGRA~1GrisoftAVG7avgcc.exe

D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe

C:Program FilesCommon FilesLightScribeLSSrvc.exe

C:WINDOWSSystem32nvsvc32.exe

D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe

D:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsMegasPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.entretieneteds.vze.com/

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sklep.gram.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

O4 - HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [00PCTFW] "D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s

O4 - HKLM..Run: [!AVG Anti-Spyware] "D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O17 - HKLMSystemCCSServicesTcpip..{DD312EBC-D14E-452D-9FD9-825E6539E0FA}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - D:Program FilesBullGuard SoftwareBullGuardBullGuardUpdate.exe

O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:WINDOWSsystemcsrrs.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:Program FilesPC Tools Firewall PlusFWService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe

CatchMe

CatchMe

komentarz
komentarz

Prawie Ci się udało. :)

Zablokuj porty programami WWDC i Seconfig XP

START >>> Uruchom >>> cmd >>> wpisz (i po każdej komendzie naciśnij ENTER):

sc stop CSRRS

sc delete CSRRS

Ściągnij OTMoveIt

* Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:

C:WINDOWSSystem32rpcc.dll

C:WINDOWSsystemcsrrs.exe

* Następnie wciśnij przycisk MoveIt!

* Wyskoczy komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów - wciśnij Yes.

* Po restarcie usuń ręcznie folder C:_OTMoveIt (Prawoklik >>> Usuń >>> Opróżnij Kosz).

W HijackThis kasujesz:

O20 - Winlogon Notify: rpcc - C:WINDOWSSystem32rpcc.dll

O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:WINDOWSsystemcsrrs.exe (file missing)

- Następnie wklejasz logi z HijackThis i ComboFix.

Gość

Gość

komentarz
komentarz

Zrobiłem wszystko tak jak kazałeś :) jak coś się będzie działo to napiszę, log:

Logfile of HijackThis v1.99.1

Scan saved at 17:24:18, on 2007-07-09

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

D:Program FilesPC Tools Firewall PlusFWService.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

D:PROGRA~1GrisoftAVG7avgamsvr.exe

D:PROGRA~1GrisoftAVG7avgcc.exe

D:Program FilesPC Tools Firewall PlusFirewallGUI.exe

D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe

D:Program FilesGadu-Gadugg.exe

D:PROGRA~1GrisoftAVG7avgupsvc.exe

D:PROGRA~1GrisoftAVG7avgemc.exe

C:Program FilesCommon FilesLightScribeLSSrvc.exe

C:WINDOWSSystem32nvsvc32.exe

D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe

D:Program FilesMozilla Firefoxfirefox.exe

C:Documents and SettingsMegasPulpitHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.entretieneteds.vze.com/

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sklep.gram.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

O4 - HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [00PCTFW] "D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s

O4 - HKLM..Run: [!AVG Anti-Spyware] "D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O17 - HKLMSystemCCSServicesTcpip..{DD312EBC-D14E-452D-9FD9-825E6539E0FA}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - D:Program FilesBullGuard SoftwareBullGuardBullGuardUpdate.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:Program FilesPC Tools Firewall PlusFWService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe

Przemek

Przemek

komentarz
komentarz

A gdzie log z ComboFixa ?

CatchMe

CatchMe

komentarz
komentarz

Log czysty ale:

A gdzie log z ComboFixa ?
- no właśnie :(
Gość

Gość

komentarz
komentarz

Przecież pisałem, że nie mam skąd to ściągnąć :( Jak podacie linka to wam podam log z combofixa...

Gość

Gość

komentarz
komentarz

Tu macie log z ComboFixa:

"Megas" - 2007-07-10 10:01:30 - ComboFix 07-07-10.1 FAT32

((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))

2007-07-10 09:56 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-08 20:53 31,232 --a------ C:WINDOWSsystem3253331012ld.exe

2007-07-08 20:12 31,232 --a------ C:WINDOWSsystem3212358672ld.exe

2007-07-08 20:01 <DIR> d-------- C:Program FilesSystemRequirementsLab

2007-07-08 15:21 <DIR> d-------- C:Program FilesElaborate Bytes

2007-07-08 14:36 249,482 --a------ C:WINDOWSAlcohol_Toolbar_Uninstaller_6428.exe

2007-07-08 14:36 <DIR> d-------- C:Program FilesAlcohol Toolbar

2007-07-07 21:36 <DIR> d-------- C:Program FilesDaemonTools_WhenUSave_Installer

2007-07-07 21:29 685,816 --a------ C:WINDOWSsystem32driverssptd.sys

2007-07-07 19:26 31,232 --a------ C:WINDOWSsystem3226504512ld.exe

2007-07-07 19:17 <DIR> d---s---- C:DOCUME~1MegasUserData

2007-07-07 18:46 31,232 --a------ C:WINDOWSsystem3245589552ld.exe

2007-07-07 18:34 <DIR> d-------- C:DOCUME~1MegasDANEAP~1MSN6

2007-07-07 18:34 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1MSN6

2007-07-07 18:25 31,232 --a------ C:WINDOWSsystem3225337442ld.exe

2007-07-04 11:49 <DIR> d-------- C:DOCUME~1Megas.thumbnails

2007-07-04 11:31 <DIR> d-------- C:DOCUME~1Megas.gimp-2.2

2007-07-04 11:00 <DIR> d-------- C:DOCUME~1MegasDANEAP~1Vso

2007-07-03 13:32 <DIR> d-------- C:DOCUME~1MegasDANEAP~1Ahead

2007-07-03 12:57 182,880 --a------ C:WINDOWSsystem32iuengine.dll

2007-07-03 12:52 327,168 --a------ C:WINDOWSIsUn0415.exe

2007-07-03 12:52 <DIR> d-------- C:Program FilesHewlett-Packard

2007-07-02 19:39 <DIR> d-------- C:GAMES

2007-07-02 09:57 306,688 --a------ C:WINDOWSIsUninst.exe

2007-06-30 22:07 <DIR> d-------- C:Program FilesLavalys

2007-06-30 17:15 <DIR> d--hs---- C:FOUND.000

2007-06-29 22:22 <DIR> d-------- C:Program FilesCommon FilesDirectX

2007-06-29 22:07 <DIR> d-------- C:DOCUME~1MegasDANEAP~1THQ

2007-06-29 21:53 <DIR> d-------- C:Program FilesSAMSUNG

2007-06-29 21:45 <DIR> d-------- C:WINDOWSpss

2007-06-29 21:13 2,916,352 --------- C:WINDOWSUNNMP.exe

2007-06-29 21:12 <DIR> d-------- C:Program FilesCommon FilesLightScribe

2007-06-29 21:11 155,648 --a------ C:WINDOWSsystem32NeroCheck.exe

2007-06-29 21:10 <DIR> d-------- C:Program FilesCommon FilesNero

2007-06-29 21:09 24,064 --------- C:WINDOWSsystem32msxml3a.dll

2007-06-29 21:09 2,977,792 --------- C:WINDOWSUNNeroVision.exe

2007-06-29 21:08 476,320 --------- C:WINDOWSsystem32ImagXpr7.dll

2007-06-29 21:08 471,040 --------- C:WINDOWSsystem32ImagXRA7.dll

2007-06-29 21:08 38,912 --------- C:WINDOWSsystem32picn20.dll

2007-06-29 21:08 364,544 --------- C:WINDOWSsystem32TwnLib4.dll

2007-06-29 21:08 262,144 --------- C:WINDOWSsystem32ImagXR7.dll

2007-06-29 21:08 106,496 --a------ C:WINDOWSsystem32TwnLib20.dll

2007-06-29 21:08 1,568,768 --------- C:WINDOWSsystem32ImagX7.dll

2007-06-29 21:08 <DIR> d-------- C:Program FilesCommon FilesAhead

2007-06-29 21:08 <DIR> d-------- C:Program FilesAhead

2007-06-29 21:08 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Ahead

2007-06-29 20:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll

2007-06-29 20:18 997,888 --a------ C:WINDOWSsystem32wmvdmoe2.dll

2007-06-29 20:18 981,504 --a------ C:WINDOWSsystem32wmnetmgr.dll

2007-06-29 20:18 892,416 --a------ C:WINDOWSsystem32wmspdmoe.dll

2007-06-29 20:18 816,264 --a------ C:WINDOWSsystem32wmvdmod.dll

2007-06-29 20:18 81,408 --a------ C:WINDOWSsystem32logagent.exe

2007-06-29 20:18 760,968 --a------ C:WINDOWSsystem32wmsdmod.dll

2007-06-29 20:18 670,208 --a------ C:WINDOWSsystem32wmadmoe.dll

2007-06-29 20:18 6,656 --a------ C:WINDOWSsystem32laprxy.dll

2007-06-29 20:18 486,536 --a------ C:WINDOWSsystem32wmspdmod.dll

2007-06-29 20:18 410,248 --a------ C:WINDOWSsystem32wmadmod.dll

2007-06-29 20:18 384,512 --a------ C:WINDOWSsystem32mp4sdmod.dll

2007-06-29 20:18 316,040 --a------ C:WINDOWSsystem32mp43dmod.dll

2007-06-29 20:18 241,664 --a------ C:WINDOWSsystem32qasf.dll

2007-06-29 20:18 241,664 --a------ C:WINDOWSsystem32mpg4dmod.dll

2007-06-29 20:18 143,360 --a------ C:WINDOWSsystem32wmidx.dll

2007-06-29 20:18 1,111,040 --a------ C:WINDOWSsystem32wmsdmoe2.dll

2007-06-29 20:17 82,432 --a------ C:WINDOWSsystem32drmstor.dll

2007-06-29 20:17 678,912 --a------ C:WINDOWSsystem32drmv2clt.dll

2007-06-29 20:17 301,712 --a------ C:WINDOWSsystem32drmclien.dll

2007-06-29 20:17 253,952 --a------ C:WINDOWSsystem32msnetobj.dll

2007-06-29 20:17 232,960 --a------ C:WINDOWSsystem32blackbox.dll

2007-06-29 20:17 218,112 --a------ C:WINDOWSsystem32wmasf.dll

2007-06-29 19:58 <DIR> d-------- C:Program FilesSilkroad

2007-06-28 10:29 <DIR> d-------- C:DOCUME~1MegasDANEAP~1PCToolsFirewallPlus

2007-06-28 10:26 10,872 --a------ C:WINDOWSsystem32driversAvgAsCln.sys

2007-06-28 10:21 499,712 --a------ C:WINDOWSsystem32msvcp71.dll

2007-06-28 10:21 348,160 --a------ C:WINDOWSsystem32msvcr71.dll

2007-06-28 10:11 55,904 --a------ C:WINDOWSsystem32driverspctfw.sys

2007-06-28 10:11 100,448 --a------ C:WINDOWSsystem32driverspctfw1.sys

2007-06-28 10:09 3,968 --a------ C:WINDOWSsystem32driversAvgArCln.sys

2007-06-27 16:14 921,600 --a------ C:WINDOWSsystem32vorbisenc.dll

2007-06-27 16:14 237,568 --a------ C:WINDOWSsystem32OggDS.dll

2007-06-27 16:14 188,416 --a------ C:WINDOWSsystem32vorbis.dll

2007-06-27 16:13 45,056 --a------ C:WINDOWSsystem32ogg.dll

2007-06-27 16:12 9,216 --a------ C:WINDOWSsystem32cpuinf32.dll

2007-06-27 16:12 245,760 --a------ C:WINDOWSsystem32mplvpx.dll

2007-06-27 16:11 765,952 --a------ C:WINDOWSsystem32xvidcore.dll

2007-06-27 16:11 639,066 --a------ C:WINDOWSsystem32DivX.dll

2007-06-27 11:20 <DIR> d-------- C:DOCUME~1Megas.jpi_cache

2007-06-27 10:54 90,112 --a------ C:WINDOWSunvise32.exe

2007-06-27 10:42 <DIR> d-------- C:Program FilesYahoo!

2007-06-26 21:00 <DIR> d-------- C:Program FilesArmy Operations

2007-06-26 14:03 847,872 --a------ C:WINDOWSsystem32msimsg.dll

2007-06-26 14:03 63,488 --a------ C:WINDOWSsystem32msiexec.exe

2007-06-26 14:03 39,936 --a------ C:WINDOWSsystem32msisip.dll

2007-06-26 14:03 304,640 --a------ C:WINDOWSsystem32msihnd.dll

2007-06-26 14:03 2,044,928 --a------ C:WINDOWSsystem32msi.dll

2007-06-26 13:49 208,896 --a------ C:WINDOWSsystem32NVUNINST.EXE

2007-06-26 13:49 208,896 --a------ C:WINDOWSsystem32nvudisp.exe

2007-06-26 13:49 <DIR> d-------- C:WINDOWSnview

2007-06-26 13:47 68,888 --a------ C:WINDOWSsystem32xinput1_3.dll

2007-06-26 13:47 3,426,072 --a------ C:WINDOWSsystem32d3dx9_32.dll

2007-06-26 13:47 255,848 --a------ C:WINDOWSsystem32xactengine2_6.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-02 08:20:44 28,624 ----a-w C:WINDOWSsystem32driverssecdrv.sys

2007-06-28 08:35:26 49,712 ----a-w C:WINDOWSsystem32perfc015.dat

2007-06-28 08:35:26 355,830 ----a-w C:WINDOWSsystem32perfh015.dat

2007-06-26 11:09:04 -------- d-----w C:Program FilesUsługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{52D06F97-5511-43FA-8FDA-C481864FD26E}]

2007-07-08 14:36 798720 --a------ C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AVG7_CC"="D:PROGRA~1GrisoftAVG7avgcc.exe" [2007-06-28 10:21]

"00PCTFW"="D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" [2007-04-28 08:13]

"!AVG Anti-Spyware"="D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunservices]

"WMI Standard Event Consumer - Scripting"=C:WINDOWSSystem32Wbemscrcons32.exe

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]

"WMI Standard Event Consumer - Scripting"=C:WINDOWSSystem32Wbemscrcons32.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo

s]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:Program FilesGrisoftAVG Anti-Spyware 7.5shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

WMI Standard Event Consumer - Scripting C:WINDOWSSystem32Wbemscrcons32.exe

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalAVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalAVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]

%systemroot%system32dumprep 0 -k

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregName of App]

C:Program FilesSAMSUNGFW LiveUpdateFWManager.exe r

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

C:WINDOWSsystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]

RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}

rundll32 iesetup.dll,IEAccessUserInst

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-10 10:03:24

Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-10 10:03:55

--- E O F ---

CatchMe

CatchMe

komentarz
komentarz

Pobierz program SDFix

* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix)

* Zrestartuj komputer i wejdź do trybu awaryjnego z obsługą sieci (klawisz F8 przed bootem Windowsa)

* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat

* Wciśnij Y nastąpi proces usuwania.

* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.

* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.

* Pokaż Report.txt znajdujący się w folderze SDFix.

--------------------------------------------------------

Ściągnij OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:

C:WINDOWSnircmd.exe

C:WINDOWSsystem3253331012ld.exe

C:WINDOWSsystem3212358672ld.exe

C:WINDOWSAlcohol_Toolbar_Uninstaller_6428.exe

C:Program FilesAlcohol Toolbar

C:Program FilesDaemonTools_WhenUSave_Installer

C:WINDOWSsystem3226504512ld.exe

C:WINDOWSsystem3245589552ld.exe

C:WINDOWSsystem3225337442ld.exe

C:FOUND.00

C:WINDOWSunvise32.exe

C:WINDOWSSystem32Wbemscrcons32.exe

* Następnie wciśnij przycisk MoveIt!

* Wyskoczy komunikat, że jest potrzebny restart do usunięcia podanego pliku/folderu - wciśnij Yes.

* Po restarcie usuń ręcznie folder C:_OTMoveIt (Prawoklik >>> Usuń >>> Opróżnij Kosz).

--------------------------------------------------------

- Używasz msn?

2007-07-07 18:34 <DIR> d-------- C:DOCUME~1MegasDANEAP~1MSN6

2007-07-07 18:34 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1MSN6

Jeżeli nie to kasujesz pogrubione foldery.

--------------------------------------------------------

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE~Browser Helper Objects{52D06F97-5511-43FA-8FDA-C481864FD26E}]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrunservices]

"WMI Standard Event Consumer - Scripting"=-

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]

"WMI Standard Event Consumer - Scripting"=-

[-HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> Uruchom plik FIX.REG w trybie awaryjnym >>> Uruchom ponownie komputer.

--------------------------------------------------------

- Wklejasz nowy log z ComboFix i HijackThis.

Gość

Gość

komentarz
komentarz

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-10 15:07:55

Windows 5.1.2600 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

CatchMe

CatchMe

komentarz
komentarz

Co to ma być? :zez:

- CAŁY log z ComboFIX i HIJACKTHIS. Bez tego jestem bezradny. :)

Gość

Gość

komentarz
komentarz

Myślałem że ci chodziło o log z tamtego programiku..

Log z HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 16:19, on 2007-07-10

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

D:Program FilesPC Tools Firewall PlusFWService.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32spoolsv.exe

D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

D:PROGRA~1GrisoftAVG7avgcc.exe

D:PROGRA~1GrisoftAVG7avgamsvr.exe

D:Program FilesPC Tools Firewall PlusFirewallGUI.exe

D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe

D:Program FilesGadu-Gadugg.exe

D:PROGRA~1GrisoftAVG7avgupsvc.exe

D:PROGRA~1GrisoftAVG7avgemc.exe

C:Program FilesCommon FilesLightScribeLSSrvc.exe

C:WINDOWSSystem32nvsvc32.exe

D:Program FilesMozilla Firefoxfirefox.exe

C:WINDOWSsystem32cmd.exe

C:WINDOWSsystem32cmd.exe

C:Documents and SettingsMegasPulpitHijackThis.exe

C:WINDOWSsystem32cmd.exe

C:WINDOWSsystem32findstr.exe

C:ComboFixmtee.cfexe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.entretieneteds.vze.com/

R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://sklep.gram.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = L1cza

O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll (file missing)

O4 - HKLM..Run: [AVG7_CC] D:PROGRA~1GrisoftAVG7avgcc.exe /STARTUP

O4 - HKLM..Run: [00PCTFW] "D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" -s

O4 - HKLM..Run: [!AVG Anti-Spyware] "D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" /minimized

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKCU..Run: [Gadu-Gadu] "D:Program FilesGadu-Gadugg.exe" /tray

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O17 - HKLMSystemCCSServicesTcpip..{DD312EBC-D14E-452D-9FD9-825E6539E0FA}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:Program FilesGrisoftAVG Anti-Spyware 7.5guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:PROGRA~1GrisoftAVG7avgemc.exe

O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - D:Program FilesBullGuard SoftwareBullGuardBullGuardUpdate.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - D:Program FilesPC Tools Firewall PlusFWService.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:Program FilesAlcohol SoftAlcohol 52StarWindStarWindServiceAE.exe

Log z ComboFixa:

"Megas" - 2007-07-10 16:17:58 - ComboFix 07-07-10.1 FAT32

((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))

2007-07-10 16:17 51,200 --a------ C:WINDOWSnircmd.exe

2007-07-10 15:06 <DIR> d--hs---- C:WINDOWSCSC

2007-07-10 14:59 <DIR> d--hs---- C:FOUND.001

2007-07-10 12:31 50,112 --a------ C:WINDOWSsystem32driversVIADSK.SYS

2007-07-10 12:31 41,208 -ra------ C:WINDOWSsystem32driversviaudio.sys

2007-07-10 12:31 <DIR> d-------- C:VIADMATOOL

2007-07-10 12:30 3,033 --a------ C:WINDOWSsystem32driversVIAPFD.SYS

2007-07-10 12:30 <DIR> d-------- C:DOCUME~1MegasWINDOWS

2007-07-10 12:26 545 --a------ C:WINDOWSUC.PIF

2007-07-10 12:26 545 --a------ C:WINDOWSRAR.PIF

2007-07-10 12:26 545 --a------ C:WINDOWSPKZIP.PIF

2007-07-10 12:26 545 --a------ C:WINDOWSPKUNZIP.PIF

2007-07-10 12:26 545 --a------ C:WINDOWSNOCLOSE.PIF

2007-07-10 12:26 545 --a------ C:WINDOWSLHA.PIF

2007-07-10 12:26 545 --a------ C:WINDOWSARJ.PIF

2007-07-10 12:06 5,600 --a------ C:WINDOWSsystemWINASPI.DLL

2007-07-10 12:06 45,056 --a------ C:WINDOWSsystem32WNASPI32.DLL

2007-07-10 12:06 4,672 --a------ C:WINDOWSsystemWOWPOST.EXE

2007-07-10 12:06 16,877 --a------ C:WINDOWSsystem32driversASPI32.SYS

2007-07-10 11:47 524,288 --ah----- C:DOCUME~1ADMINI~1NTUSER.DAT

2007-07-10 11:47 <DIR> dr-h----- C:DOCUME~1ADMINI~1Dane aplikacji

2007-07-10 11:47 <DIR> dr------- C:DOCUME~1ADMINI~1Menu Start

2007-07-10 11:47 <DIR> d--h----- C:DOCUME~1ADMINI~1Ustawienia lokalne

2007-07-10 11:47 <DIR> d--h----- C:DOCUME~1ADMINI~1Szablony

2007-07-10 11:47 <DIR> d-------- C:DOCUME~1ADMINI~1Ulubione

2007-07-10 11:47 <DIR> d-------- C:DOCUME~1ADMINI~1Pulpit

2007-07-10 11:47 <DIR> d-------- C:DOCUME~1ADMINI~1Moje dokumenty

2007-07-08 20:01 <DIR> d-------- C:Program FilesSystemRequirementsLab

2007-07-08 15:21 <DIR> d-------- C:Program FilesElaborate Bytes

2007-07-07 21:29 685,816 --a------ C:WINDOWSsystem32driverssptd.sys

2007-07-07 19:17 <DIR> d---s---- C:DOCUME~1MegasUserData

2007-07-04 11:49 <DIR> d-------- C:DOCUME~1Megas.thumbnails

2007-07-04 11:31 <DIR> d-------- C:DOCUME~1Megas.gimp-2.2

2007-07-04 11:00 <DIR> d-------- C:DOCUME~1MegasDANEAP~1Vso

2007-07-03 13:32 <DIR> d-------- C:DOCUME~1MegasDANEAP~1Ahead

2007-07-03 12:57 182,880 --a------ C:WINDOWSsystem32iuengine.dll

2007-07-03 12:52 327,168 --a------ C:WINDOWSIsUn0415.exe

2007-07-03 12:52 <DIR> d-------- C:Program FilesHewlett-Packard

2007-07-02 19:39 <DIR> d-------- C:GAMES

2007-07-02 09:57 306,688 --a------ C:WINDOWSIsUninst.exe

2007-06-30 22:07 <DIR> d-------- C:Program FilesLavalys

2007-06-30 17:15 <DIR> d--hs---- C:FOUND.000

2007-06-29 22:22 <DIR> d-------- C:Program FilesCommon FilesDirectX

2007-06-29 22:07 <DIR> d-------- C:DOCUME~1MegasDANEAP~1THQ

2007-06-29 21:53 <DIR> d-------- C:Program FilesSAMSUNG

2007-06-29 21:45 <DIR> d-------- C:WINDOWSpss

2007-06-29 21:13 2,916,352 --------- C:WINDOWSUNNMP.exe

2007-06-29 21:12 <DIR> d-------- C:Program FilesCommon FilesLightScribe

2007-06-29 21:11 155,648 --a------ C:WINDOWSsystem32NeroCheck.exe

2007-06-29 21:10 <DIR> d-------- C:Program FilesCommon FilesNero

2007-06-29 21:09 24,064 --------- C:WINDOWSsystem32msxml3a.dll

2007-06-29 21:09 2,977,792 --------- C:WINDOWSUNNeroVision.exe

2007-06-29 21:08 476,320 --------- C:WINDOWSsystem32ImagXpr7.dll

2007-06-29 21:08 471,040 --------- C:WINDOWSsystem32ImagXRA7.dll

2007-06-29 21:08 38,912 --------- C:WINDOWSsystem32picn20.dll

2007-06-29 21:08 364,544 --------- C:WINDOWSsystem32TwnLib4.dll

2007-06-29 21:08 262,144 --------- C:WINDOWSsystem32ImagXR7.dll

2007-06-29 21:08 106,496 --a------ C:WINDOWSsystem32TwnLib20.dll

2007-06-29 21:08 1,568,768 --------- C:WINDOWSsystem32ImagX7.dll

2007-06-29 21:08 <DIR> d-------- C:Program FilesCommon FilesAhead

2007-06-29 21:08 <DIR> d-------- C:Program FilesAhead

2007-06-29 21:08 <DIR> d-------- C:DOCUME~1ALLUSE~1DANEAP~1Ahead

2007-06-29 20:45 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll

2007-06-29 20:18 997,888 --a------ C:WINDOWSsystem32wmvdmoe2.dll

2007-06-29 20:18 981,504 --a------ C:WINDOWSsystem32wmnetmgr.dll

2007-06-29 20:18 892,416 --a------ C:WINDOWSsystem32wmspdmoe.dll

2007-06-29 20:18 816,264 --a------ C:WINDOWSsystem32wmvdmod.dll

2007-06-29 20:18 81,408 --a------ C:WINDOWSsystem32logagent.exe

2007-06-29 20:18 760,968 --a------ C:WINDOWSsystem32wmsdmod.dll

2007-06-29 20:18 670,208 --a------ C:WINDOWSsystem32wmadmoe.dll

2007-06-29 20:18 6,656 --a------ C:WINDOWSsystem32laprxy.dll

2007-06-29 20:18 486,536 --a------ C:WINDOWSsystem32wmspdmod.dll

2007-06-29 20:18 410,248 --a------ C:WINDOWSsystem32wmadmod.dll

2007-06-29 20:18 384,512 --a------ C:WINDOWSsystem32mp4sdmod.dll

2007-06-29 20:18 316,040 --a------ C:WINDOWSsystem32mp43dmod.dll

2007-06-29 20:18 241,664 --a------ C:WINDOWSsystem32qasf.dll

2007-06-29 20:18 241,664 --a------ C:WINDOWSsystem32mpg4dmod.dll

2007-06-29 20:18 143,360 --a------ C:WINDOWSsystem32wmidx.dll

2007-06-29 20:18 1,111,040 --a------ C:WINDOWSsystem32wmsdmoe2.dll

2007-06-29 20:17 82,432 --a------ C:WINDOWSsystem32drmstor.dll

2007-06-29 20:17 678,912 --a------ C:WINDOWSsystem32drmv2clt.dll

2007-06-29 20:17 301,712 --a------ C:WINDOWSsystem32drmclien.dll

2007-06-29 20:17 253,952 --a------ C:WINDOWSsystem32msnetobj.dll

2007-06-29 20:17 232,960 --a------ C:WINDOWSsystem32blackbox.dll

2007-06-29 20:17 218,112 --a------ C:WINDOWSsystem32wmasf.dll

2007-06-29 19:58 <DIR> d-------- C:Program FilesSilkroad

2007-06-28 10:29 <DIR> d-------- C:DOCUME~1MegasDANEAP~1PCToolsFirewallPlus

2007-06-28 10:26 10,872 --a------ C:WINDOWSsystem32driversAvgAsCln.sys

2007-06-28 10:21 499,712 --a------ C:WINDOWSsystem32msvcp71.dll

2007-06-28 10:21 348,160 --a------ C:WINDOWSsystem32msvcr71.dll

2007-06-28 10:11 55,904 --a------ C:WINDOWSsystem32driverspctfw.sys

2007-06-28 10:11 100,448 --a------ C:WINDOWSsystem32driverspctfw1.sys

2007-06-28 10:09 3,968 --a------ C:WINDOWSsystem32driversAvgArCln.sys

2007-06-27 16:14 921,600 --a------ C:WINDOWSsystem32vorbisenc.dll

2007-06-27 16:14 237,568 --a------ C:WINDOWSsystem32OggDS.dll

2007-06-27 16:14 188,416 --a------ C:WINDOWSsystem32vorbis.dll

2007-06-27 16:13 45,056 --a------ C:WINDOWSsystem32ogg.dll

2007-06-27 16:12 9,216 --a------ C:WINDOWSsystem32cpuinf32.dll

2007-06-27 16:12 245,760 --a------ C:WINDOWSsystem32mplvpx.dll

2007-06-27 16:11 765,952 --a------ C:WINDOWSsystem32xvidcore.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-10 09:04:08 49,712 ----a-w C:WINDOWSsystem32perfc015.dat

2007-07-10 09:04:08 355,830 ----a-w C:WINDOWSsystem32perfh015.dat

2007-07-02 08:20:44 28,624 ----a-w C:WINDOWSsystem32driverssecdrv.sys

2007-06-26 11:09:04 -------- d-----w C:Program FilesUsługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{52D06F97-5511-43FA-8FDA-C481864FD26E}]

C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AVG7_CC"="D:PROGRA~1GrisoftAVG7avgcc.exe" [2007-06-28 10:21]

"00PCTFW"="D:Program FilesPC Tools Firewall PlusFirewallGUI.exe" [2007-04-28 08:13]

"!AVG Anti-Spyware"="D:Program FilesGrisoftAVG Anti-Spyware 7.5avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Gadu-Gadu"="D:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHoo

s]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="D:Program FilesGrisoftAVG Anti-Spyware 7.5shellexecutehook.dll" [2007-05-30 14:29]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalAVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsafebootminimalAVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKernelFaultCheck]

%systemroot%system32dumprep 0 -k

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregName of App]

C:Program FilesSAMSUNGFW LiveUpdateFWManager.exe r

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]

C:WINDOWSsystem32NeroCheck.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNvCplDaemon]

RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}

rundll32 iesetup.dll,IEAccessUserInst

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-10 16:20:51

Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-10 16:22:00

C:ComboFix2.txt ... 2007-07-10 10:03

--- E O F ---

CatchMe

CatchMe

komentarz
komentarz

Usuń folder: C:ComboFix

W HijackThis kasujesz resztki po toolbarze:

O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll (file missing)

O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:Program FilesAlcohol Toolbarv3.2.0.0Alcohol_Toolbar.dll (file missing)

- Poza tym czysty. Czy masz jakiś problem jeszcze?

Gość

Gość

komentarz
komentarz

Wszystko działa teraz super :D !! Wielki plus dla ciebie!! Temat do zamknięcia!!

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

Zadaj pytanie bez logowania
Przejdź do listy tematów
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.

  Akceptuję