Tutaj jest troche pies pogrzebany. To czego się obawiałem, okazało się prawdą. Nie chce mi się uruchomić system awaryjny. Zrobiłem zatem przynajmniej na sucho więc wkleję logi.
hijack
Logfile of HijackThis v1.99.1
Scan saved at 16:07:10, on 2007-06-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lddkgoqt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\xxxxxx\Pulpit\RefreshLock.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\xxxxxx\Pulpit\Programy\hijackthis\hijackthis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {E06B8CFF-FC3A-4A5F-9677-4C2E919F7E84} - C:\WINDOWS\System32\mlljg.dll (file missing)
O4 - HKLM\..\Run: [RefreshLock] C:\Documents and Settings\xxxxxx\Pulpit\RefreshLock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7535FBD8-C1EC-4A9B-ABEA-00E6D094490F}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{7535FBD8-C1EC-4A9B-ABEA-00E6D094490F}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{7535FBD8-C1EC-4A9B-ABEA-00E6D094490F}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Programy\Ares\chatServer.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\lddkgoqt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
ComboFix
Logfile of HijackThis v1.99.1
Scan saved at 16:07:10, on 2007-06-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lddkgoqt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\xxxxxx\Pulpit\RefreshLock.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\xxxxxx\Pulpit\Programy\hijackthis\hijackthis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {E06B8CFF-FC3A-4A5F-9677-4C2E919F7E84} - C:\WINDOWS\System32\mlljg.dll (file missing)
O4 - HKLM\..\Run: [RefreshLock] C:\Documents and Settings\xxxxxx\Pulpit\RefreshLock.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7535FBD8-C1EC-4A9B-ABEA-00E6D094490F}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS1\Services\Tcpip\..\{7535FBD8-C1EC-4A9B-ABEA-00E6D094490F}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip\..\{7535FBD8-C1EC-4A9B-ABEA-00E6D094490F}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Programy\Ares\chatServer.exe
O23 - Service: DomainService - - C:\WINDOWS\System32\lddkgoqt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
VBG
[06/22/2007, 15:54:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\xxxxxx\Pulpit\VirtumundoBeGone.exe" )
[06/22/2007, 15:54:51] - Detected System Information:
[06/22/2007, 15:54:51] - Windows Version: 5.1.2600,
[06/22/2007, 15:54:51] - Current Username: xxxxxx (Admin)
[06/22/2007, 15:54:51] - Windows is in NORMAL mode.
[06/22/2007, 15:54:51] - Searching for Browser Helper Objects:
[06/22/2007, 15:54:51] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[06/22/2007, 15:54:51] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/22/2007, 15:54:51] - BHO 3: {E06B8CFF-FC3A-4A5F-9677-4C2E919F7E84} ()
[06/22/2007, 15:54:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/22/2007, 15:54:51] - Checking for HKLM\...\Winlogon\Notify\mlljg
[06/22/2007, 15:54:51] - Key not found: HKLM\...\Winlogon\Notify\mlljg, continuing.
[06/22/2007, 15:54:51] - Finished Searching Browser Helper Objects
[06/22/2007, 15:54:51] - Finishing up...
[06/22/2007, 15:54:51] - Nothing found! Exiting...
FixVundo
Symantec Trojan.Vundo Removal Tool 1.5.0
C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.
VundoFix
Symantec Trojan.Vundo Removal Tool 1.5.0
C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.