Problem z netem, muli komputer


(Guicksilver) #1

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222


(Heniu133) #2

W trybie awaryjnym użyj VundoFix, FixVundo, VirtmundoBeGone

Daj log z ComboFix.


(Guicksilver) #3

--- E O F ---

Złączono Posta : 09.06.2007 (Sob) 0:11

tu log z combo fix,musze uruchamiać w trybie awaryjnym pozostałe :evil: ?

nie możesz na podstawie tego,a tak na marginesie

to tekst chyba pewnego moderatora chyba,wolałbym fachową

pomoc ale i tak z góry dziękuje :wink:


(Gutek) #4

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Po tym nowy log


(Guicksilver) #5

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\nenmiukb

*******************

Script file located at: \??\C:\WINDOWS\tlcrytoq.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\lch.dll deleted successfully.

Folder C:\Program Files\MyGlobalSearch deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

wygląda na to że wszytko się udało THX

a co do rejestru używam odkurzacza,ale spróbuje ich,jeszcze raz Wielkie dzięki za pomoc :slight_smile:

Złączono Posta : 10.06.2007 (Nie) 11:39

A ten log mam dac z hijack this?


(Heniu133) #6

Z combofixa.


(Guicksilver) #7

"a a a a a a a aa" - 2007-06-10 17:03:46 Dodatek Service Pack 2 NTFS

ComboFix 07-06-3B - Running from: "D:\"

((((((((((((((((((((((((( Files Created from 2007-05-10 to 2007-06-10 )))))))))))))))))))))))))))))))

2007-06-10 11:30 23 --ahs---- C:\WINDOWS\system32\efceceb6_r.dll

2007-06-10 11:14

2007-06-10 11:04

2007-06-09 17:27

2007-06-09 00:03 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-08 22:40

2007-06-08 21:54

2007-06-08 15:42 63,090 --a------ C:\WINDOWS\War3Unin.dat

2007-06-08 15:42 2,829 --a------ C:\WINDOWS\War3Unin.pif

2007-06-08 15:42 139,264 --a------ C:\WINDOWS\War3Unin.exe

2007-06-07 20:55

2007-06-07 20:53

2007-06-07 18:44

2007-06-07 18:32

2007-06-06 23:42

2007-06-05 00:43 82,774 --a------ C:\WINDOWS\Uninstall Jade Empire.exe

2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys

2007-06-02 22:46 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll

2007-06-02 22:45

2007-06-02 22:44

2007-06-02 20:14

2007-06-02 19:16

2007-06-02 19:15

2007-06-02 15:30

2007-06-01 16:34

2007-05-31 00:08

2007-05-30 20:40

2007-05-30 20:34 86,016 --a------ C:\WINDOWS\unvise32.exe

2007-05-30 19:25

2007-05-28 21:08 1,682,701 --a------ C:\MTpatch_103.exe

2007-05-28 17:52 4,096 --a------ C:\WINDOWS\d3dx.dat

2007-05-28 17:43 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2007-05-27 21:02 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2007-05-27 19:45 78,160 --a------ C:\AutoFix.exe

2007-05-27 19:43 883,584 --a------ C:\WGAPluginInstall.exe

2007-05-27 03:55 649,432 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys

2007-05-27 03:54 281,816 --a------ C:\WINDOWS\system32\cfosspeed.dll

2007-05-27 03:54

2007-05-27 03:13

2007-05-25 17:04

2007-05-25 17:04

2007-05-23 19:28

2007-05-23 19:07

2007-05-23 13:50

2007-05-23 13:17

2007-05-21 19:57

2007-05-21 19:50

2007-05-21 19:37 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-05-21 19:37 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-05-21 18:32 438,272 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2007-05-21 02:22

2007-05-21 02:11

2007-05-20 22:42

2007-05-20 17:48 283,648 --a------ C:\WINDOWS\uninst.exe

2007-05-20 16:22

2007-05-19 16:33

2007-05-19 16:33

2007-05-19 16:08 638,125 --ahs---- C:\WINDOWS\system32\qpqss.bak1

2007-05-19 15:54

2007-05-19 14:52

2007-05-18 23:54

2007-05-18 23:39

2007-05-18 23:26

2007-05-18 23:25

2007-05-18 22:35

2007-05-18 18:06

2007-05-18 18:05

2007-05-17 19:26

2007-05-16 19:02 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat

2007-05-16 19:02 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat

2007-05-16 19:02 21,532,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2007-05-16 19:02 1,325,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2007-05-16 19:02

2007-05-16 18:39 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-05-16 18:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2007-05-16 18:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys

2007-05-16 18:24

2007-05-15 14:11

2007-05-15 14:03

2007-05-15 03:44 10,064 --a------ C:\WINDOWS\system32\msvcr20.dll

2007-05-15 03:44

2007-05-13 18:14

2007-05-13 18:09

2007-05-12 16:21

2007-05-10 18:32

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-10 15:04:48 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Azureus

2007-06-10 14:51:55 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Xfire

2007-06-10 13:01:02 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2007-06-09 20:11:00 -------- d-----w C:\Program Files\lg_fwupdate

2007-06-09 15:32:03 -------- d-----w C:\Program Files\DOSBox-0.63

2007-06-07 17:39:17 -------- d-----w C:\Program Files\FlashGet

2007-06-07 16:54:43 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-06-07 16:44:32 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-06-02 17:35:56 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Skype

2007-06-02 13:31:03 -------- d-----w C:\Program Files\Skype

2007-05-31 23:02:32 -------- d-----w C:\Program Files\SkanerOnline

2007-05-30 21:38:01 1,277 ----a-w C:\WINDOWS\mozver.dat

2007-05-28 12:47:15 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-05-23 11:51:08 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-05-23 10:52:20 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2007-05-21 18:11:53 -------- d-----w C:\Program Files\DivX

2007-05-21 17:53:06 49,608 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-05-21 17:53:06 355,820 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-05-21 17:45:08 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-05-20 20:36:00 -------- d-----w C:\Program Files\UBWPlayer

2007-05-20 20:35:52 -------- d-----w C:\Program Files\SubEdit-Player

2007-05-18 21:56:40 -------- d-----w C:\Program Files\WinZix

2007-05-18 21:19:53 -------- d-----w C:\Program Files\Messenger

2007-05-14 17:24:26 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Hamachi

2007-05-13 16:31:21 -------- d-----w C:\Program Files\Windows Media Connect 2

2007-05-07 19:52:13 4 ----a-w C:\WINDOWS\info147.sys

2007-05-07 15:49:41 -------- d-----w C:\Program Files\Gadu-Gadu

2007-05-07 03:46:37 -------- d-----w C:\Program Files\TGTSoft

2007-05-07 00:19:26 -------- d-----w C:\Program Files\PowerStrip

2007-05-06 00:19:29 -------- d-----w C:\Program Files\Winamp

2007-05-05 18:44:51 -------- d-----w C:\Program Files\AMD

2007-05-05 13:26:00 -------- d--h--r C:\DOCUME~1\AAAAAA~1\DANEAP~1\SecuROM

2007-05-04 18:51:01 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll

2007-05-04 18:50:57 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll

2007-05-04 18:50:40 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll

2007-05-04 18:50:36 45,056 ----a-w C:\WINDOWS\system32\ogg.dll

2007-05-04 18:50:36 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll

2007-05-04 18:50:07 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll

2007-05-04 18:50:03 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll

2007-05-02 18:57:59 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat

2007-05-02 18:57:57 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat

2007-04-28 20:05:35 -------- d-----w C:\Program Files\KotOR2-PL

2007-04-28 18:03:42 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2007-04-28 14:43:14 -------- d-----w C:\Program Files\Hamachi

2007-04-28 14:43:03 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2007-04-28 06:16:49 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Bleh Nurb Hole

2007-04-28 03:30:54 -------- d-----w C:\Program Files\Raxco

2007-04-28 03:30:54 -------- d-----w C:\Program Files\Common Files\Raxco

2007-04-27 15:28:56 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Help

2007-04-27 06:45:52 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Gadu-Gadu

2007-04-27 01:41:12 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\DivX

2007-04-27 01:06:06 -------- d-----w C:\Program Files\C-Media 6501 Sound

2007-04-27 00:45:44 -------- d-----w C:\Program Files\MarBit

2007-04-27 00:40:21 -------- d-----w C:\Program Files\CyberLink

2007-04-26 14:08:46 -------- d-----w C:\Program Files\Ahead

2007-04-26 14:08:28 -------- d-----w C:\Program Files\Common Files\Ahead

2007-04-26 14:07:33 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-26 00:03:02 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\FlashGet

2007-04-25 23:27:51 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Lavasoft

2007-04-25 20:47:31 -------- d-----w C:\DOCUME~1\AAAAAA~1\DANEAP~1\Talkback

2007-04-25 20:47:20 0 ----a-w C:\WINDOWS\nsreg.dat

2007-04-25 18:10:33 -------- d-----w C:\Program Files\Common Files\ODBC

2007-04-25 18:10:30 -------- d-----w C:\Program Files\Common Files\SpeechEngines

2007-04-25 16:13:50 -------- d-----w C:\Program Files\microsoft frontpage

2007-04-25 16:13:36 0 --sha-r C:\MSDOS.SYS

2007-04-25 16:13:36 0 --sha-r C:\IO.SYS

2007-04-25 16:13:36 0 ----a-w C:\CONFIG.SYS

2007-04-25 16:13:36 0 ----a-w C:\AUTOEXEC.BAT

2007-04-25 16:12:39 -------- d--h--w C:\Program Files\WindowsUpdate

2007-04-25 16:12:36 -------- d-----w C:\Program Files\Usługi online

2007-04-25 16:11:39 -------- d-----w C:\Program Files\Common Files\MSSoap

2007-04-25 16:11:28 -------- d-----w C:\Program Files\Movie Maker

2007-04-25 16:10:13 -------- d-----w C:\Program Files\MSN Gaming Zone

2007-04-25 16:10:02 -------- d-----w C:\Program Files\Windows NT

2007-04-19 11:26:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-04-19 11:26:00 7,700,480 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll

2007-04-19 11:26:00 5,644,288 ----a-w C:\WINDOWS\system32\nvoglnt.dll

2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-04-19 11:26:00 4,543,616 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll

2007-04-19 11:26:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll

2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll

2007-04-19 11:26:00 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll

2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll

2007-04-19 11:26:00 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll

2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll

2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll

2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrshe.dll

2007-04-19 11:26:00 323,584 ----a-w C:\WINDOWS\system32\nvrsar.dll

2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll

2007-04-19 11:26:00 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll

2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll

2007-04-19 11:26:00 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll

2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll

2007-04-19 11:26:00 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{31FF080D-12A3-439A-A2EF-4BA95A3148E8}=D:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57]

{53707962-6F74-2D53-2644-206D7942484F}=D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=0 (0x0)

"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbyxx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintuh32]

wintuh32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb]

C:\WINDOWS\system32\wudb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare]

"C:\Program Files\IObit\Advanced WindowsCare V2\Awc.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

"C:\Program Files\BearShare\BearShare.exe" /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]

"C:\InternetCalls\InternetCalls.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\okay city]

C:\DOCUME~1\AAAAAA~1\DANEAP~1\BLEHNU~1\Forkname.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

"D:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services]

C:\RECYCLER\Services\services.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"PnkBstrB"=3 (0x3)

"PnkBstrA"=2 (0x2)

"PDEngine"=3 (0x3)

"PDAgent"=2 (0x2)

"cFosSpeedS"=2 (0x2)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

AutoRun\command- H:\setup\rsrc\Autorun.exe

dinstall\command- H:\Directx\dxsetup.exe

Contents of the 'Scheduled Tasks' folder

2007-06-09 18:00:30 C:\WINDOWS\tasks\AwcUpdate.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-10 17:05:06

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-10 17:05:28

C:\ComboFix-quarantined-files.txt ... 2007-06-10 17:05

C:\ComboFix2.txt ... 2007-06-09 00:03

--- E O F ---

tu log z combo fix

Złączono Posta : 10.06.2007 (Nie) 17:08

Logfile of HijackThis v1.99.1

Scan saved at 17:08:27, on 2007-06-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\devldr32.exe

D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Azureus\Azureus.exe

C:\WINDOWS\system32\msiexec.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Gadu-Gadu\gg.exe

D:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5A3700EE-5330-4DE3-A9B6-D9B56E9791F6} - (no file)

O2 - BHO: (no name) - {D1159422-16E3-462F-A93D-FB718E100407} - (no file)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Download with GetRight Pro - D:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Pro Browser - D:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll

O20 - Winlogon Notify: ddcbyxx - C:\WINDOWS\

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: WBSrv - D:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)

O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

a tu z hijack this


(Gutek) #8

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

przeskanuj plik http://www.virustotal.com/en/indexf.html


(Guicksilver) #9

Nie mogę znaleźć ale znalazłem podobny efeddcfeadbc9_r.ocx tylko typ nie ten :?


(Gutek) #10

Dokończyć skanerami online - Skanery do wyboru

jesteś o coś proszony


(Guicksilver) #11

Ok,ok ale skanowałem wcześniej przed tym tematem i nic nie wykryło :cry:

Złączono Posta : 11.06.2007 (Pon) 3:30

znów mi nic nie wykryło :-x


(Gutek) #12

No i jest w takim układzie już Ok


(Guicksilver) #13

Nom jeszcze raz dziękuje za pomoc :smiley: