Problemy z uruchamianiem niektórych programów sieciowych


(Marvin28) #1

Nie uruchamiają mi sie programy: eMule i Bearshare, nie działa radio w gadugadu. Bardzo proszę o sprawdzenie loga i o pomoc.

Logfile of HijackThis v1.99.1

Scan saved at 18:51:33, on 2007-09-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Eset\nod32krn.exe

C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AutoConnect\AutoConnect.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Wojtek\Pulpit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)

R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: IE7pro - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll

O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)

O4 - HKLM..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice

O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll

O9 - Extra 'Tools' menuitem: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll

O9 - Extra button: Szybkie dostosowywanie programu Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip..{01FF38D1-2B46-480B-9FA4-DA0FD235C4C0}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip..{01FF38D1-2B46-480B-9FA4-DA0FD235C4C0}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


(Gutek) #2

Daj log z ComboFix


(Marvin28) #3

ComboFix 07-09-18.4 - "Wojtek" 2007-09-18 20:27:17.1 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.35 [GMT 2:00]

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DOCUME~1\WOJTEK\PULPIT\internet.lnk

C:\Program Files\DITel\lodzkie2007\images\html\wg\kancelaria_adwokacka_2280585_pliki_desktop.ini

.

((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))

.

2007-09-18 20:26 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-08-30 15:06

2007-08-26 20:33

2007-08-26 16:49

2007-08-26 15:41 5,632 --a------ C:\WINDOWS\system32\pxc25pm.dll

2007-08-26 15:41 258,352 --a------ C:\WINDOWS\system32\unicows.dll

2007-08-26 15:41 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-08-26 15:41

2007-08-26 15:40 368,912 --a------ C:\WINDOWS\system32\vbar332.dll

2007-08-26 15:40 131,072 --a------ C:\WINDOWS\system32\Dzip32.dll

2007-08-26 15:40 110,592 --a------ C:\WINDOWS\system32\Dunzip32.dll

2007-08-26 15:40 101,888 --a------ C:\WINDOWS\system32\BUTIL.DLL

2007-08-26 15:40

2007-08-26 15:40

2007-08-26 15:40

2007-08-26 15:39

2007-08-22 20:24 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-08-22 20:24 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

2007-08-22 19:51

2007-08-22 19:51

2007-08-22 19:51

2007-08-22 19:51

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-08-14 21:21 --------- d-------- C:\Program Files\AutoConnect

2007-08-14 21:20 --------- d-------- C:\Program Files\PPMate

2007-08-14 21:20 --------- d-------- C:\Program Files\Common Files\Synacast

2007-08-14 21:20 --------- d-------- C:\DOCUME~1\WOJTEK\DANEAP~1\PPMate

2007-08-14 21:08 --------- d-------- C:\Program Files\SopCast

2007-08-14 21:08 --------- d-------- C:\DOCUME~1\WOJTEK\DANEAP~1\SopCast

2007-08-12 21:26 --------- d-------- C:\Program Files\DITel

2007-08-12 18:33 23 --a------ C:\WINDOWS\system32\drivers\adidsl.cfg

2007-08-12 18:32 --------- d-------- C:\Program Files\SAGEM

2007-07-31 14:57 168937 --a------ C:\WINDOWS\KARI2 Uninstaller.exe

2007-07-31 14:38 --------- d-------- C:\DOCUME~1\WOJTEK\DANEAP~1\Oxin's Style!

2007-07-27 12:49 --------- d-------- C:\DOCUME~1\WOJTEK\DANEAP~1\GRETECH

2007-07-27 12:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\GRETECH

2007-07-27 12:48 --------- d-------- C:\Program Files\GRETECH

2007-07-14 13:57 219648 --a------ C:\WINDOWS\system32\uxtheme.dll

2007-07-14 13:57 219648 --a------ C:\WINDOWS\system32\dllcache\uxtheme.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-17 18:57]

"Outpost Firewall"="C:\Program Files\Agnitum\Outpost Firewall\outpost.exe" [2006-08-30 10:46]

"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall\feedback.exe" [2006-09-26 19:36]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]

"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:21]

"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-07-09 09:39]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-08-12 18:32:46]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Action Manager 32.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Action Manager 32.lnk

backup=C:\WINDOWS\pss\Action Manager 32.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]

C:\Program Files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

"C:\Program Files\Windows Defender\MSASCui.exe" -hide

R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys

R1 SandBox;Outpost Firewall Sandbox Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS

R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS

R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL

R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL

R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL

R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL

R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL

R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL

R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL

R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL

R3 KS-959;MA-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys

R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL

R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL

R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL

R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL

R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL

S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

S3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command- G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{017ff5ce-11cb-11dc-b00b-000000000000}]

Auto\command- K:\activexdebugger32.exe f

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f

explore\Command- K:\activexdebugger32.exe f

open\Command- K:\activexdebugger32.exe f

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8b8ea8a8-03c6-11dc-9be4-806d6172696f}]

AutoRun\command- L:\USBNB.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d7ebb56e-04a4-11dc-afe7-000000000000}]

Auto\command- H:\activexdebugger32.exe f

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f

explore\Command- H:\activexdebugger32.exe f

open\Command- H:\activexdebugger32.exe f

*Newly Created Service* - CATCHME

.

Contents of the 'Scheduled Tasks' folder

"2007-09-18 16:43:26 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

  • C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-18 20:30:01

Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-09-18 20:31:13

C:\ComboFix-quarantined-files.txt ... 2007-09-18 20:31

.

--- E O F ---


(jessica) #4

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Masz infekcję na pendrive.

Poczytaj, co z nią zrobić -->http://xforum.pl/lofiversion/index.php/t5319.html

jessi


(Marvin28) #5

Usunąłem activedebbugera i wpisy z pierwszego cytatu.

Ale dalej Bearshare się nie uruchamia, nie wiem coz tym fantem zrobić.

Dziękuję bardzo za pomoc


(Gutek) #6

Nowy log z COMBO