Komputer muli po ataku trojanów

DarkMinder · 19 Kwiecień 2006 09:00

Witam,

jestem po ataku trojanów: msdconfig.exe oraz vxddirectx32.exe - oba wyciałem NODem (przynajmniej tak mi sie wydaje).

W tej chwili komputer muli - aplikacje otwieraja sie po 30-40 sekundach.

Zamieszczam log Hijacka (silentrunner nie uruchamia się- wywala komunikat: generator klasy classFactory nie może dosyatczyc żadanej klasy)

Czy ktos mógłby mi pomóc?

Logfile of HijackThis v1.99.1 Scan saved at 08:54:30, on 2006-04-19 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\mgabg.exe C:\Program Files\Eset\nod32krn.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\PDesk\PDesk.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\WINNT\LOGI_MWX.EXE C:\WINNT\system32\wfxsnt40.exe C:\Program Files\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Eset\nod32kui.exe C:\WINNT\system32\internat.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe C:\Program Files\Symantec\WinFax\WFXCTL32.EXE C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\BearPaw 1200TA\Driver\WATCH.exe C:\Programy\totalcmd\TOTALCMD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\system32\mmc.exe C:\Program Files\Symantec\WinFax\WFXMOD32.EXE C:\Programy\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM…\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM…\Run: [Logitech Utility] LOGI_MWX.EXE O4 - HKLM…\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] C:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=050406 serial=DR12CRT-6254468-WJV lang=EN O4 - HKLM…\Run: [AWMON] “C:\Program Files\Ad-Aware SE Professional\Ad-Watch.exe” O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [internat.exe] internat.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Watch.lnk = C:\Program Files\BearPaw 1200TA\Driver\WATCH.exe O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/ … Signed.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip…{C3BA8EAE-58AE-4D24-AABC-F9CC92FE5620}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

i log z silentRunnera

“Silent Runners.vbs”, revision 44, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “AutoConnect” = “C:\Program Files\AutoConnect\AutoConnect.exe” [“http://autoconnect.prv.pl”] “PeerGuardian” = “C:\Program Files\PeerGuardian2\pg2.exe” [“Methlabs”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Synchronization Manager” = “mobsync.exe /logon” [MS] “Matrox Powerdesk” = “C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch” [“Matrox Graphics Inc.”] “NeroFilterCheck” = “C:\WINNT\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “HPDJ Taskbar Utility” = “C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe” [“HP”] “WOOWATCH” = “C:\PROGRA~1\Wanadoo\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” [“France Télécom R&D”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe” [“Sun Microsystems, Inc.”] “Logitech Utility” = “LOGI_MWX.EXE” [“Logitech Inc.”] “WinFaxAppPortStarter” = “wfxsnt40.exe” [MS] “ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup” [“InstallShield Software Corporation”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“InstallShield Software Corporation”] “CorelDRAW Graphics Suite 11b” = “C:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=050406 serial=******** usunołem serial Gutek2222 lang=EN” [“Corel Corporation”] “AWMON” = ““C:\Program Files\Ad-Aware SE Professional\Ad-Watch.exe”” [“Lavasoft Sweden”] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} “Regsister WScript” = “wscript -regserver” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\800 {++} “000” = “C:\WINNT\system32\jscript.dll|DllRegisterServer” [file not found] “001” = “C:\WINNT\system32\vbscript.dll|DllRegisterServer” [file not found] “002” = “C:\WINNT\system32\scrrun.dll|DllRegisterServer” [file not found] “003” = “C:\WINNT\system32\scrobj.dll|DllRegisterServer” [file not found] “004” = “C:\WINNT\system32\wshext.dll|DllRegisterServer” [file not found] “005” = “C:\WINNT\system32\wshcon.dll|DllRegisterServer” [file not found] “006” = “C:\WINNT\system32\wshom.ocx|DllRegisterServer” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {AE7CD045-E861-484f-8273-0445EE161910}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEToolbarHelper Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” = “Adobe.Acrobat.ContextMenu” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\K-Lite Codec Pack\Real\rpshell.dll” [“RealNetworks, Inc.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu(Default) = “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINNT\system32\sspipes.scr” [MS] Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Acrobat Assistant” -> shortcut to: “C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe” [“Adobe Systems Inc.”] “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “Watch” -> shortcut to: “C:\Program Files\BearPaw 1200TA\Driver\WATCH.exe” [“Common Group”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\rnr20.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: imon.dll ["Eset "], 01 - 05, 19 %SystemRoot%\system32\msafd.dll [MS], 06 - 08, 11 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{47833539-D0C5-4125-9FA8-0819E2EAAC93}” -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{47833539-D0C5-4125-9FA8-0819E2EAAC93}” = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_05” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to “Reset Web Settings”) Missing lines (compared with English-language version): [DeleteAutosearch.reg]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ MGABGEXE, MGABGEXE, “C:\WINNT\System32\mgabg.exe” [“Matrox Graphics Inc.”] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] System zdarzeń COM+, EventSystem, “C:\WINNT\System32\svchost.exe -k netsvcs” {“C:\WINNT\System32\es.dll” [null data]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt04\Driver = “hpzlnt04.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 234 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 27 seconds. ---------- (total run time: 328 seconds)

Gutek · 19 Kwiecień 2006 12:13

usuń hijackiem

Brak SP4 oraz IE co za wersja, mimo że używasz Mozilla Firefox

Ściagnij http://www.microsoft.com/downloads/deta … layLang=en

Post wyżej edytowałem

ga2 · 19 Kwiecień 2006 12:29

wykonaj defragmetacje 2. sprawdz jakims skanerem ON-LINE np. Panada http://www.pandasoftware.com/activescan … ncipal.htm 3. przywroc system taki jak byl przed awaria

Gutek · 19 Kwiecień 2006 12:55

widzisz jaki ma system? Nie zrobi przywracania systemu w win 2000

DarkMinder · 19 Kwiecień 2006 13:09

to co mi kazaliście zabiłem hijackiem

ratowałem sie dyskiem instalacyjnym w2k stąd brak SP4 i innych aktualizacji

teraz mam takie problemy:

wyskakuje mi lssas i zamyka komputer
zainstalowałem modem conexant i winda cały czas upierdliwie sopomina sie o conexant setup api - przy każdym uruchomieniu

help

kuz5 · 19 Kwiecień 2006 13:14

Jest odliczanie ??

Wklej cały komunikat

Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (wszystkie znaczki maja być na zielono, jezeli któryś z nich bedzie na żółto to go zostaw)

Zobacz

http://www.error.xp.pl/

Wklej oba logi

DarkMinder · 19 Kwiecień 2006 13:35

Robi się Mistrzu

log z hijacka

Logfile of HijackThis v1.99.1 Scan saved at 15:30:40, on 2006-04-19 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\mgabg.exe C:\Program Files\Eset\nod32krn.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\PDesk\PDesk.exe C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\WINNT\LOGI_MWX.EXE C:\WINNT\system32\wfxsnt40.exe C:\Program Files\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Eset\nod32kui.exe C:\WINNT\system32\internat.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\BearPaw 1200TA\Driver\WATCH.exe C:\WINNT\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Programy\totalcmd\TOTALCMD.EXE C:\Programy\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM…\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM…\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch O4 - HKLM…\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM…\Run: [Logitech Utility] LOGI_MWX.EXE O4 - HKLM…\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start O4 - HKLM…\Run: [CorelDRAW Graphics Suite 11b] C:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=050406 serial=DR12CRT-6254468-WJV lang=EN O4 - HKLM…\Run: [AWMON] “C:\Program Files\Ad-Aware SE Professional\Ad-Watch.exe” O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [internat.exe] internat.exe O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Watch.lnk = C:\Program Files\BearPaw 1200TA\Driver\WATCH.exe O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/ … Signed.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip…{C3BA8EAE-58AE-4D24-AABC-F9CC92FE5620}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\System32\mgabg.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

log z silentrunnera

“Silent Runners.vbs”, revision 44, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “internat.exe” = “internat.exe” [MS] “AutoConnect” = “C:\Program Files\AutoConnect\AutoConnect.exe” [“http://autoconnect.prv.pl”] “PeerGuardian” = “C:\Program Files\PeerGuardian2\pg2.exe” [“Methlabs”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Synchronization Manager” = “mobsync.exe /logon” [MS] “Matrox Powerdesk” = “C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch” [“Matrox Graphics Inc.”] “NeroFilterCheck” = “C:\WINNT\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “HPDJ Taskbar Utility” = “C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe” [“HP”] “WOOWATCH” = “C:\PROGRA~1\Wanadoo\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” [“France Télécom R&D”] “SunJavaUpdateSched” = “C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe” [“Sun Microsystems, Inc.”] “Logitech Utility” = “LOGI_MWX.EXE” [“Logitech Inc.”] “WinFaxAppPortStarter” = “wfxsnt40.exe” [MS] “ISUSPM Startup” = “C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup” [“InstallShield Software Corporation”] “ISUSScheduler” = ““C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start” [“InstallShield Software Corporation”] “CorelDRAW Graphics Suite 11b” = “C:\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title=“CorelDRAW Graphics Suite 12” /date=050406 serial=DR12CRT-6254468-WJV lang=EN” [“Corel Corporation”] “AWMON” = ““C:\Program Files\Ad-Aware SE Professional\Ad-Watch.exe”” [“Lavasoft Sweden”] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {AE7CD045-E861-484f-8273-0445EE161910}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEToolbarHelper Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINNT\System32\hticons.dll” [“Hilgraeve, Inc.”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” = “Adobe.Acrobat.ContextMenu” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\K-Lite Codec Pack\Real\rpshell.dll” [“RealNetworks, Inc.”] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu Outlook” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu(Default) = “{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}” -> {HKLM…CLSID} = “Acrobat Elements Context Menu” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat Elements\ContextMenu.dll” [“Adobe Systems Inc.”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINNT\system32\sspipes.scr” [MS] Startup items in “Administrator” & “All Users” startup folders: --------------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Acrobat Assistant” -> shortcut to: “C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe” [“Adobe Systems Inc.”] “Adobe Gamma Loader” -> shortcut to: “C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe” [“Adobe Systems, Inc.”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “Watch” -> shortcut to: “C:\Program Files\BearPaw 1200TA\Driver\WATCH.exe” [“Common Group”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\rnr20.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: imon.dll ["Eset "], 01 - 05, 19 %SystemRoot%\system32\msafd.dll [MS], 06 - 08, 11 - 18 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{47833539-D0C5-4125-9FA8-0819E2EAAC93}” -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{47833539-D0C5-4125-9FA8-0819E2EAAC93}” = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll” [null data] Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in 1.5.0_05” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to “Reset Web Settings”) Missing lines (compared with English-language version): [DeleteAutosearch.reg]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ MGABGEXE, MGABGEXE, “C:\WINNT\System32\mgabg.exe” [“Matrox Graphics Inc.”] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] System zdarzeń COM+, EventSystem, “C:\WINNT\System32\svchost.exe -k netsvcs” {“C:\WINNT\System32\es.dll” [null data]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt04\Driver = “hpzlnt04.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 237 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 32 seconds. ---------- (total run time: 347 seconds)

skąd ściągnać SP4 bo witryna firmowa Bila Gatesa mnie wywala?

I co z tym Conexant setup Api? (zapytam niesmiało jeszcze raz)

InfinityToJa · 19 Kwiecień 2006 13:43

W hijakcthis możesz skasować

Przeskanuj kompa skanerami online

kuz5 · 19 Kwiecień 2006 13:50

W logach jest ok, po za tym co wymienił InfinityToJa

Może źle go zainstalowałeś, spróbuj jeszcze raz :roll:

No niby juz masz sp4

DarkMinder · 19 Kwiecień 2006 13:50

NOD pokazuje, że kompik jest czysty, czy to juz wszystko?

kuz5 · 19 Kwiecień 2006 14:20

Jeżeli chodzi o obecność wirów, to już wszystko

Logi sa ok, nod także nic nie znajduje

Możesz jeszcze:

DarkMinder · 19 Kwiecień 2006 14:30

A zatem dziekuję pieknie

Jesteście wielcy - pewnie pijecie mleko?