NEVIL
(NEVIL)
29 Maj 2007 17:35
#1
Próbując otworzyć stronkę http://www.bociany.kalinski.pl wyskakuje mi taki komunikat…
…i stronka nie daje się otworzyć.
Przesyłam loga z prośbą o przeanalizowanie. Dziękuję !
Logfile of HijackThis v1.99.1 Scan saved at 19:33:17, on 2007-05-29 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\VIAudioi\SBADeck\ADeck.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Cyfro\Cyfro2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Creative\WebCam Go Control\CAMTRAY.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Tlen.pl\tlen.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Pogoda\pogoda.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Draco Software\Draco Organizer 3\Organizer.exe c:\program files\opera\opera.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysearchpage.biz/local.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysearchpage.biz/local.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: localhost 127.0.0.1 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe O4 - HKLM…\Run: [odk_mon] C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe O4 - HKLM…\Run: [vmcleaner] gxlib.exe O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM…\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\priva.exe internat.dll,LoadMouseCarpetProfile O4 - HKLM…\Run: [WebCam Go Plus Sti Service Application] Wcgopsvc O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Cyfro 2] C:\Program Files\Cyfro\Cyfro2.exe O4 - HKLM…\Run: [CXMon] “C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe” O4 - HKLM…\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [Microsoft Windows System] syshost.exe O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [Creative WebCam Tray] C:\Program Files\Creative\WebCam Go Control\CAMTRAY.EXE O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot O4 - HKLM…\RunServices: [WIND0WS] WIND0WS.exe O4 - HKLM…\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background O4 - HKCU…\Run: [Dzieńdobry!] C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe /auto O4 - HKCU…\Run: [Komunikator] “C:\Program Files\Tlen.pl\tlen.exe” --confdir=home O4 - HKCU…\Run: [VoipBuster] “C:\Program Files\VoipBuster.com \VoipBuster\VoipBuster.exe” -nosplash -minimized O4 - HKCU…\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O4 - HKCU…\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1 O4 - HKCU…\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [Wengo] “C:/Program Files/Wengo/wengophone.exe” -background O4 - HKCU…\Run: [Vazu] C:\Program Files\Vazu\vazucentral.exe -hid O4 - HKCU…\Run: [Draco Organizer] “C:\Program Files\Draco Software\Draco Organizer 3\Organizer.exe” /tray O4 - HKCU…\Run: [Odkurzacz-MCD] C:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [tray] C:\Program Files\Pogoda\pogoda.exe /tray O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Microsoft AntiSpyware helper - {B542F63C-9A6D-4C5B-A284-D3975096F4BB} - (no file) (HKCU) O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {B542F63C-9A6D-4C5B-A284-D3975096F4BB} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {EE4A25BB-D1A4-49A7-BA88-A1A5560345F0} - (no file) (HKCU) O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {EE4A25BB-D1A4-49A7-BA88-A1A5560345F0} - (no file) (HKCU) O13 - WWW. Prefix: http:// O15 - Trusted Zone: *.iframedollars.biz O15 - Trusted Zone: http://toolbar.imageshack.us O16 - DPF: {0585238B-9CA6-4CCB-A9B2-FE4BA495E880} (AXWebMon Control) - http://www.smilecam.com/home/ezwebcam/e … nProj1.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 1591035296 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/Im … oolbar.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://84.40.149.238:8080//activex/AMC.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.tv.poloniaonline.us/nsvplayx_vp3_mp3.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697517} (NsvPlayX Control) - http://www.tv.poloniaonline.us/nsvplayx_vp3_aac.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15021/CTPID.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol … _en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CCS\Services\Tcpip…{F15C32D2-BBB8-49AC-A828-C19824731447}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS2\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS5\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS6\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS7\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS8\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS9\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS10\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS11\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS11\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS12\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS12\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS13\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS14\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS15\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS15\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS16\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS16\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS17\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS17\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS18\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS18\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
Gutek
(Gutek)
29 Maj 2007 17:54
#2
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://clearsurfing.net/srch.php?qq=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysearchpage.biz/local.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysearchpage.biz/local.html O4 - HKLM…\Run: [vmcleaner] gxlib.exe O4 - HKLM…\Run: [ControlPanel] C:\WINDOWS\System32\priva.exe internat.dll,LoadMouseCarpetProfile O4 - HKLM…\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKLM…\Run: [Microsoft Windows System] syshost.exe O4 - HKLM…\RunServices: [WIND0WS] WIND0WS.exe O4 - HKLM…\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [shell] “C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe” O4 - HKCU…\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe O4 - HKCU…\Run: [Vazu] C:\Program Files\Vazu\vazucentral.exe -hid O9 - Extra button: Microsoft AntiSpyware helper - {B542F63C-9A6D-4C5B-A284-D3975096F4BB} - (no file) (HKCU) O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {B542F63C-9A6D-4C5B-A284-D3975096F4BB} - (no file) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {EE4A25BB-D1A4-49A7-BA88-A1A5560345F0} - (no file) (HKCU) O9 - Extra ‘Tools’ menuitem: Microsoft AntiSpyware helper - {EE4A25BB-D1A4-49A7-BA88-A1A5560345F0} - (no file) (HKCU) O13 - WWW. Prefix: http:// O15 - Trusted Zone: *.iframedollars.biz O17 - HKLM\System\CCS\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CCS\Services\Tcpip…{F15C32D2-BBB8-49AC-A828-C19824731447}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS2\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS5\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS6\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS7\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS8\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS8\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS9\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS9\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS10\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS10\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS11\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS11\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS12\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS12\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS13\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS13\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS14\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS14\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS15\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS15\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS16\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS16\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS17\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS17\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CS18\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O17 - HKLM\System\CS18\Services\Tcpip…{1040ACA0-918D-4482-A0F6-EB9B2DB68712}: NameServer = 85.255.114.71,85.255.112.197 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.71 85.255.112.197 O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll (file missing)
usuń wpisy HJT
Użyj Pocket Killbox . Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki
C:\WINDOWS\System32\priva.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\System32\gxlib.exe
C:\WINDOWS\System32\syshost.exe
C:\WINDOWS\System32\0mcamcap.exe
C:\WINDOWS\System32\WIND0WS.exe
C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll
i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
Daj log z Combofix
Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ
Pozdrawiam Gutek2222
NEVIL
(NEVIL)
29 Maj 2007 20:53
#3
Użyłem Killboxa i postąpiłem wg Twoich wskazówek. Nie wiem tylko skąd mam usunąć te ,wpisy HJT". W załączeniu przesyłam log z Combofixa. Dodam jeszcze, że na stronkę http://www.bociany.kalinski.pl nadal nie mogę się dostać, chociaż jestem tam zarejestrowany. Mogę tam jedynie wejść z programu anonymizer. Czyżbym był zbanowany? Nie dawałem ku temu żadnego powodu.
ComboFix 07-05.27.V - Running from: “C:” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\DOCUME~1\KLEJNOT\DANEAP~1\Install.dat” “C:\WINDOWS\26759.exe” “C:\WINDOWS\41862.exe” “C:\WINDOWS\45860.exe” “C:\WINDOWS\47843.exe” “C:\WINDOWS\8554.exe” “C:\DOCUME~1\KLEJNOT\DANEAP~1\Microsoft\classes.dat” “C:\Program Files\install.log” “C:\WINDOWS\system32\downews.ini” “C:\WINDOWS\system32\imas3r” “C:\WINDOWS\ef26ev.dll” “C:\WINDOWS\system32\kdipt.exe” ((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-29 )))))))))))))))))))))))))))))))))) 2007-05-29 20:17 2007-05-28 22:21 3,676,952 --a–c— C:\Program Files\DivXWebPlayerInstaller.exe 2007-05-26 10:48 25,802,312 --a–c— C:\Program Files\wmp11-windowsxp-x86-PL-PL.exe 2007-05-24 19:21 2007-05-24 08:23 2007-05-24 06:59 2007-05-23 21:57 2007-05-23 12:52 2007-05-19 23:11 2007-05-19 23:11 2007-05-18 22:52 2007-05-18 18:27 7,053,312 --a------ C:\Documents and Settings\KLEJNOT\ntuser.dat 2007-05-18 18:27 7,053,312 --a------ C:\DOCUME~1\KLEJNOT\ntuser.dat 2007-05-18 17:22 2007-05-17 19:44 2007-05-17 19:34 2007-05-17 19:33 2007-05-17 19:29 37,873,216 --a–c— C:\Program Files\iTunesSetup.exe 2007-05-12 08:09 2007-05-09 21:14 2007-05-09 21:12 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-29 19:17:42 -------- dc----w C:\DOCUME~1\KLEJNOT\DANEAP~1\Draco Organizer 2007-05-29 18:55:03 -------- dc----w C:\DOCUME~1\KLEJNOT\DANEAP~1\Skype 2007-05-29 16:42:42 -------- dc----w C:\Program Files\Opera 2007-05-29 10:49:01 -------- dc----w C:\Program Files\English Translator 3 2007-05-28 17:06:50 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-05-28 10:16:45 -------- dc----w C:\DOCUME~1\KLEJNOT\DANEAP~1\Tlen.pl 2007-05-25 21:05:28 -------- dc----w C:\Program Files\Odkurzacz 2007-05-24 17:22:07 -------- dc----w C:\Program Files\Skype 2007-05-24 17:19:21 23,798,312 -c–a-w C:\Program Files\SkypeSetup.exe 2007-05-24 04:59:23 -------- dc----w C:\Program Files\SopCast 2007-05-24 04:39:08 -------- dc----w C:\Program Files\Google 2007-05-18 15:22:46 -------- dc----w C:\Program Files\Common Files\Real 2007-05-18 05:50:38 -------- dc----w C:\Program Files\QuickTime 2007-05-16 10:22:40 1,163,592 ----a-w C:\Program Files\install_flash_player.exe 2007-05-15 12:22:52 -------- dc----w C:\Program Files\Draco Software 2007-05-10 19:14:39 -------- dc----w C:\Program Files\Gadu-Gadu 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 -c–a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 -c–a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-04-20 13:56:48 -------- dc----w C:\Program Files\Winamp 2007-04-14 19:24:20 126 -c–a-w C:\WINDOWS\sysdat.dll 2007-04-13 20:34:00 -------- dc----w C:\Program Files\Creative 2007-04-13 20:32:44 -------- dc----w C:\Program Files\directx 2007-04-13 18:17:26 -------- dc----w C:\Program Files\MiraScan 2007-04-13 18:17:23 -------- dc-h–w C:\Program Files\InstallShield Installation Information 2007-04-04 19:37:09 14,255 -c–a-w C:\WINDOWS\mozver.dat 2007-04-04 19:14:16 6,653,984 -c–a-w C:\Program Files\Firefox Setup 2.0.0.3.exe 2007-04-04 17:25:01 -------- dc----w C:\Program Files\Yahoo! 2007-04-04 17:20:12 -------- dc----w C:\DOCUME~1\KLEJNOT\DANEAP~1\XnView 2007-04-04 09:06:50 -------- dc----w C:\Program Files\XnView-win-full 2007-04-01 12:42:34 -------- dc----w C:\DOCUME~1\KLEJNOT\DANEAP~1\Opera 2007-03-31 21:01:59 -------- dc----w C:\DOCUME~1\KLEJNOT\DANEAP~1\vlc 2007-03-31 21:00:42 -------- dc----w C:\Program Files\VideoLAN 2007-03-30 17:55:12 -------- dc----w C:\Program Files\MWSnap(2) 2007-03-25 06:24:57 87,746 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-25 06:24:57 523,070 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-16 21:00:15 6,457,048 -c–a-w C:\Program Files\odk10.2.0806.1080setup.exe 2006-09-18 05:37:41 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys 2006-09-18 05:37:40 88 -csh–r C:\WINDOWS\system32\8203306BE7.sys 2006-03-14 22:18:19 21 -csh–w C:\WINDOWS\prwttrxp.dll 2006-03-14 22:18:17 2 -csh–w C:\WINDOWS\system32\verwttxp.dll 2006-03-14 22:12:37 21 -csh–w C:\WINDOWS\system32\dpwttaxp.dll 2006-03-14 22:12:37 14 -csh–w C:\WINDOWS\system32\mswtpaxp.dll 2006-03-14 22:12:37 14 -csh–w C:\WINDOWS\mswtpdxp.dll 2001-10-26 17:29:44 46,592 --sh–w C:\WINDOWS\twain_32.dll 2001-10-26 17:29:40 106,496 --sh–w C:\WINDOWS\system32\olepro32.dll 2001-10-26 17:29:36 50,688 --sh–w C:\WINDOWS\system32\msvcirt.dll 2001-10-26 17:29:36 401,462 --sh–w C:\WINDOWS\system32\msvcp60.dll 2001-10-26 17:29:34 995,383 --sh–w C:\WINDOWS\system32\mfc42.dll 2001-10-26 17:26:44 322,560 --sh–w C:\WINDOWS\system32\msvcrt.dll 2001-10-26 15:45:30 94,832 -csh–w C:\WINDOWS\twain.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MKS_MENU”=“C:\Program Files\MKS\Bin\mks_menu.exe” [] “odk_mon”=“C:\Program Files\Odkurzacz 9.3 Pro\odk_mon.exe” [] “vmcleaner”=“gxlib.exe” [] “Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2006-12-12 02:36] “AudioDeck”=“C:\Program Files\VIAudioi\SBADeck\ADeck.exe” [2005-09-06 12:10] “InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2006-03-23 17:06] “WebCam Go Plus Sti Service Application”=“Wcgopsvc” [] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-04-27 09:41] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “Cyfro 2”=“C:\Program Files\Cyfro\Cyfro2.exe” [2005-05-31 13:11] “CXMon”=“C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe” [2002-03-08 13:00] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-06-21 19:14] “Microsoft Windows System”=“syshost.exe” [] “Cmaudio”=“cmicnfg.cpl” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “Creative WebCam Tray”=“C:\Program Files\Creative\WebCam Go Control\CAMTRAY.EXE” [1999-10-11 02:01] “TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-05-18 17:21] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] “eMuleAutoStart”=“C:\Program Files\eMule\emule.exe” [] “msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [] “Dzieńdobry!”=“C:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe” [] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2006-04-13 14:51] “VoipBuster”=“C:\Program Files\VoipBuster.com \VoipBuster\VoipBuster.exe” [] “Anonymizer”=“C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe” [] “updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2004-11-22 08:18] “Wengo”=“C:/Program Files/Wengo/wengophone.exe” [] “Vazu”=“C:\Program Files\Vazu\vazucentral.exe” [] “Draco Organizer”=“C:\Program Files\Draco Software\Draco Organizer 3\Organizer.exe” [2007-05-15 23:17] “Odkurzacz-MCD”=“C:\Program Files\Odkurzacz\odk_mcd.exe” [2006-08-02 23:46] “odk_mcd”="" [] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-07 17:08] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-05-18 13:14] “tray”=“C:\Program Files\Pogoda\pogoda.exe” [2006-07-22 14:30] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “WIND0WS”=WIND0WS.exe Contents of the ‘Scheduled Tasks’ folder 2007-05-22 04:07:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-29 21:52:44 Windows 5.1.2600 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Dziendobry!”=“C:\Program Files\VSD Software\Dziendobry!\dziendobry.exe /auto” Completion time: 2007-05-29 22:01:38 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-05-29 22:01 — E O F —
Gutek
(Gutek)
29 Maj 2007 21:05
#4
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509
Użyj Pocket Killbox . Zaznaczasz opcję Delete on Reboot oraz All Files i w polu Full Path of File to Delete wklejasz ścieżki
C:\WINDOWS\sysdat.dll
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\system32\8203306BE7.sys
C:\WINDOWS\prwttrxp.dll
C:\WINDOWS\mswtpdxp.dll i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
kuz5
(Kuz5)
30 Maj 2007 10:05
#5
Wytłumacz koledze dlaczego ma to usunąć
NEVIL
(NEVIL)
30 Maj 2007 10:06
#6
Dzięki za pomoc. Już wszystko gra
Złączono Posta : 30.05.2007 (Sro) 12:10
Ale gdyby Gutek2222 wytłumaczył, jak sugeruje kuz5, to byłbym wdzięczny…