Robak algs.exe

kgb.musztarda · 25 Czerwiec 2007 20:18

Komp zaczął coraz wolniej chodzić , na początku dobrze ale zwalniał coraz bardziej więc zeskanowałem HJT.

Logfile of HijackThis v1.99.1 Scan saved at 22:12:02, on 2007-06-25 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\cFosSpeed\spd.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\algs.exe C:\WINDOWS\System32\uryjl.exe C:\Documents and Settings\Daniel\Moje dokumenty\My Completed Downloads\hijackthis_sfx\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.entretieneteds.vze.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O17 - HKLM\System\CCS\Services\Tcpip…{397AC643-4EB2-4F5C-997E-9EE3066B4223}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{397AC643-4EB2-4F5C-997E-9EE3066B4223}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{397AC643-4EB2-4F5C-997E-9EE3066B4223}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: jkkjhff - C:\WINDOWS\SYSTEM32\jkkjhff.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

No i tu jest problem, nie mogę usunąć tego algs.exe bo się przywraca:/ Nie wiem jeszcze czy tylko ten wpis jest zły. Pomocy.

Gutek · 25 Czerwiec 2007 20:28

Użyj VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone.

Daj log z Combofix

kgb.musztarda · 26 Czerwiec 2007 20:02

Daję loga z Combofixa:

ComboFix 07-05.24.7.V - Running from: “C:\Documents and Settings\Daniel\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\windows\system32\iexplore.exe” “C:\WINDOWS\b122.exe” “C:\Program Files\inetget2” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-26 )))))))))))))))))))))))))))))))))) 2007-06-26 21:39 6,369 —hs---- C:\WINDOWS\system32\qpqru.bak1 2007-06-26 21:37 266,336 --a------ C:\WINDOWS\system32\urqpq.dll 2007-06-26 21:32 31,254 --a------ C:\WINDOWS\system32\rqrpppp.dll 2007-06-26 21:23 24,442 --a------ C:\WINDOWS\system32\auns.exe 2007-06-26 21:10 37,901 --------- C:\WINDOWS\system32\tnhfqnd.exe 2007-06-26 21:10 31,254 --a------ C:\WINDOWS\system32\gebcbay.dll 2007-06-26 21:09 24,442 --a------ C:\WINDOWS\system32\wkyjg.exe 2007-06-26 19:34 24,442 --a------ C:\WINDOWS\system32\rpsy.exe 2007-06-26 19:22 31,254 --a------ C:\WINDOWS\system32\tuvvwwx.dll 2007-06-26 19:21 24,442 --a------ C:\WINDOWS\system32\oywdvltl.exe 2007-06-25 23:44 31,254 --a------ C:\WINDOWS\system32\nnnlmnk.dll.vir 2007-06-25 23:35 24,442 --a------ C:\WINDOWS\system32\ntvgwqjr.exe 2007-06-25 23:12 24,442 --a------ C:\WINDOWS\system32\azcebkql.exe 2007-06-25 23:07 30,336 --ah----- C:\WINDOWS\system32\sffipllt.exe 2007-06-25 23:05 31,254 --a------ C:\WINDOWS\system32\urqpooo.dll 2007-06-25 22:50 2007-06-25 22:49 31,254 --a------ C:\WINDOWS\system32\ljjgecc.dll 2007-06-25 22:11 6,656 --a------ C:\WINDOWS\system32\ujbvhyx.exe 2007-06-25 22:11 31,254 --a------ C:\WINDOWS\system32\jkkjhff.dll.vir 2007-06-25 22:11 11,148 --a------ C:\WINDOWS\system32\sjalikz.exe 2007-06-25 22:05 24,442 --a------ C:\WINDOWS\system32\kkcclo.exe 2007-06-25 21:54 24,442 --a------ C:\WINDOWS\system32\hvklaxfq.exe 2007-06-25 18:56 24,442 --a------ C:\WINDOWS\system32\kjphrars.exe 2007-06-25 18:29 24,442 --a------ C:\WINDOWS\system32\xlgxwzm.exe 2007-06-24 23:55 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-06-24 21:50 24,442 --a------ C:\WINDOWS\system32\dgrekey.exe 2007-06-24 21:16 2007-06-24 20:23 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-06-24 20:23 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-06-24 13:55 2007-06-24 11:19 2007-06-24 10:31 2007-06-22 19:15 2007-06-22 19:09 2007-06-22 19:07 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-06-22 19:06 2007-06-22 18:52 2007-06-17 21:41 2007-06-14 21:36 2007-06-14 21:35 299,520 --a------ C:\WINDOWS\uninst.exe 2007-06-14 21:35 2007-06-12 20:42 58,288 -ra------ C:\WINDOWS\system32\drivers\k510bus.sys 2007-06-12 20:42 5,808 -ra------ C:\WINDOWS\system32\drivers\k510whnt.sys 2007-06-12 20:42 5,808 -ra------ C:\WINDOWS\system32\drivers\k510wh.sys 2007-06-11 18:25 2007-06-11 18:22 2007-06-05 18:48 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2007-06-05 18:48 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll 2007-06-05 18:48 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll 2007-06-05 18:48 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-06-05 18:48 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll 2007-06-05 18:48 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2007-06-05 18:47 143,360 --a------ C:\WINDOWS\system32\wmidx.dll 2007-06-05 18:42 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2007-06-05 18:42 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2007-06-05 18:42 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-06-05 18:42 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-06-05 18:42 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2007-06-05 18:42 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-05 18:42 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-06-05 18:42 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2007-06-05 18:42 2007-06-05 18:41 2007-06-04 18:36 2007-06-03 17:37 2007-06-03 17:37 2007-06-02 17:26 2007-06-02 17:11 418,304 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2007-06-02 16:53 200,704 --a------ C:\WINDOWS\system32\cfosspeed.dll 2007-06-02 16:53 2007-06-01 18:28 2007-05-27 21:07 2007-05-26 21:59 2007-05-26 21:58 2007-05-26 21:44 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:56:05 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\foobar2000 2007-06-24 20:14:24 -------- d-----w C:\Program Files\Valve 2007-06-24 19:31:12 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-24 19:31:12 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-24 18:51:01 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 18:48:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-24 18:48:18 -------- d-----w C:\Program Files\Messenger 2007-06-24 11:56:42 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Skype 2007-06-22 16:52:50 -------- d-----w C:\Program Files\GetRight 2007-06-03 17:26:08 -------- d-----w C:\Program Files\Cheating-Death 2007-05-25 20:35:26 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-25 20:34:00 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\TuneUp Software 2007-05-24 18:33:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-23 20:28:01 34,651 ----a-w C:\WINDOWS\system32\iiffc.exe 2007-05-23 20:24:46 8,436 ----a-w C:\WINDOWS\system32\hggffdc.dll 2007-05-23 20:22:57 8,436 ----a-w C:\WINDOWS\system32\urspqnl.dll 2007-05-21 16:31:47 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Shareaza 2007-05-20 16:48:09 -------- d-----w C:\Program Files\No-IP 2007-05-20 14:40:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-20 12:19:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 12:16:32 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-20 12:07:38 -------- d-----w C:\Program Files\VIAudioi 2007-05-20 12:06:32 -------- d-----w C:\Program Files\VIA 2007-05-20 11:35:19 -------- d-----w C:\Program Files\Skype 2007-05-20 11:35:18 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 11:22:25 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-05-20 11:18:21 -------- d-----w C:\Program Files\WapSter 2007-05-20 11:01:51 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Gadu-Gadu 2007-05-20 11:01:17 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-20 10:55:34 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-20 10:35:39 -------- d-----w C:\Program Files\Alwil Software 2007-05-20 10:33:17 716 ----a-w C:\WINDOWS\unins000.dat 2007-05-20 10:19:11 -------- d-----w C:\Program Files\SAGEM 2007-05-20 10:01:10 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 10:00:47 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 09:44:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 09:43:28 0 --sha-r C:\MSDOS.SYS 2007-05-20 09:43:28 0 --sha-r C:\IO.SYS 2007-05-20 09:43:28 0 ----a-w C:\CONFIG.SYS 2007-05-20 09:43:28 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 09:36:19 -------- d-----w C:\Program Files\Movie Maker 2007-05-20 09:35:07 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 09:30:58 -------- d-----w C:\Program Files\Usługi online 2007-05-20 09:30:05 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 09:30:04 -------- d-----w C:\Program Files\Windows NT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {189F4FFB-6747-49A6-B272-FBE78DF536C8}=C:\WINDOWS\System32\urqpq.dll [2007-06-26 21:37] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] {674DDFA6-BB3D-427B-961F-E9EEEF293004}=C:\WINDOWS\System32\gebcbay.dll [2007-06-26 21:10] {6771D12B-FA53-4261-8E26-5523B23EDAEF}=C:\WINDOWS\System32\yabax.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Microsoft Internet Explorer”=“C:\WINDOWS\System32\iexplore.exe” [] “Windows Logon Application”=“C:\WINDOWS\System32\logon.exe” [2001-10-26 19:29] “Spooler SubSystem App”=“C:\WINDOWS\System32\spoolsvc.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “wextract_cleanup0”=rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Daniel\USTAWI~1\Temp\IXP000.TMP” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “NoViewContextMenu”=0 (0x0) “NoChangeStartMenu”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{674DDFA6-BB3D-427B-961F-E9EEEF293004}”=“C:\WINDOWS\System32\gebcbay.dll” [2007-06-26 21:10] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcbay] gebcbay.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpq] C:\WINDOWS\System32\urqpq.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “AudioDeck”=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 “NvCplDaemon”=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize “nwiz”=nwiz.exe /install “Cmaudio”=RunDll32 cmicnfg.cpl,CMICtrlWnd *Newly Created Service* -MSISERVER ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070625-222416-181 O4 - HKLM…\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe backup-20070625-222416-264 R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) backup-20070625-220924-965 O4 - HKLM…\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe Contents of the ‘Scheduled Tasks’ folder 2007-06-24 19:16:59 C:\WINDOWS\tasks\1-Click Maintenance.job (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\windows\system32\iexplore.exe” “C:\WINDOWS\b122.exe” “C:\Program Files\inetget2” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-26 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\windows\system32\iexplore.exe” “C:\WINDOWS\b122.exe” “C:\Program Files\inetget2” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-26 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:56:05 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\foobar2000 2007-06-24 20:14:24 -------- d-----w C:\Program Files\Valve 2007-06-24 19:31:12 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-24 19:31:12 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-24 18:51:01 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 18:48:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-24 18:48:18 -------- d-----w C:\Program Files\Messenger 2007-06-24 11:56:42 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Skype 2007-06-22 16:52:50 -------- d-----w C:\Program Files\GetRight 2007-06-03 17:26:08 -------- d-----w C:\Program Files\Cheating-Death 2007-05-25 20:35:26 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-25 20:34:00 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\TuneUp Software 2007-05-24 18:33:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-23 20:28:01 34,651 ----a-w C:\WINDOWS\system32\iiffc.exe 2007-05-23 20:24:46 8,436 ----a-w C:\WINDOWS\system32\hggffdc.dll 2007-05-23 20:22:57 8,436 ----a-w C:\WINDOWS\system32\urspqnl.dll 2007-05-21 16:31:47 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Shareaza 2007-05-20 16:48:09 -------- d-----w C:\Program Files\No-IP 2007-05-20 14:40:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-20 12:19:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 12:16:32 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-20 12:07:38 -------- d-----w C:\Program Files\VIAudioi 2007-05-20 12:06:32 -------- d-----w C:\Program Files\VIA 2007-05-20 11:35:19 -------- d-----w C:\Program Files\Skype 2007-05-20 11:35:18 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 11:22:25 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-05-20 11:18:21 -------- d-----w C:\Program Files\WapSter 2007-05-20 11:01:51 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Gadu-Gadu 2007-05-20 11:01:17 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-20 10:55:34 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-20 10:35:39 -------- d-----w C:\Program Files\Alwil Software 2007-05-20 10:33:17 716 ----a-w C:\WINDOWS\unins000.dat 2007-05-20 10:19:11 -------- d-----w C:\Program Files\SAGEM 2007-05-20 10:01:10 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 10:00:47 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 09:44:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 09:43:28 0 --sha-r C:\MSDOS.SYS 2007-05-20 09:43:28 0 --sha-r C:\IO.SYS 2007-05-20 09:43:28 0 ----a-w C:\CONFIG.SYS 2007-05-20 09:43:28 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 09:36:19 -------- d-----w C:\Program Files\Movie Maker 2007-05-20 09:35:07 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 09:30:58 -------- d-----w C:\Program Files\Usługi online 2007-05-20 09:30:05 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 09:30:04 -------- d-----w C:\Program Files\Windows NT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] {5BC421C6-997C-4224-A2FA-BD13679FB5FA}=C:\WINDOWS\System32\urqpq.dll [2007-06-26 21:37] {674DDFA6-BB3D-427B-961F-E9EEEF293004}=C:\WINDOWS\System32\gebcbay.dll [2007-06-26 21:10] {6771D12B-FA53-4261-8E26-5523B23EDAEF}=C:\WINDOWS\System32\yabax.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Microsoft Internet Explorer”=“C:\WINDOWS\System32\iexplore.exe” [] “Windows Logon Application”=“C:\WINDOWS\System32\logon.exe” [2001-10-26 19:29] “Spooler SubSystem App”=“C:\WINDOWS\System32\spoolsvc.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “wextract_cleanup0”=rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Daniel\USTAWI~1\Temp\IXP000.TMP” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “NoViewContextMenu”=0 (0x0) “NoChangeStartMenu”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{674DDFA6-BB3D-427B-961F-E9EEEF293004}”=“C:\WINDOWS\System32\gebcbay.dll” [2007-06-26 21:10] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcbay] gebcbay.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpq] C:\WINDOWS\System32\urqpq.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “AudioDeck”=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 “NvCplDaemon”=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize “nwiz”=nwiz.exe /install “Cmaudio”=RunDll32 cmicnfg.cpl,CMICtrlWnd *Newly Created Service* -MSISERVER ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070625-222416-181 O4 - HKLM…\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe backup-20070625-222416-264 R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) backup-20070625-220924-965 O4 - HKLM…\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe Contents of the ‘Scheduled Tasks’ folder 2007-06-24 19:16:59 C:\WINDOWS\tasks\1-Click Maintenance.job

Wydaje mi się że log jest dwa razy bo dwa razy klikałem ten plik exe.

Btw. Tamto usunąłem(algs.exe i jakieś pliki jkkasdas.exe[nazwy dokładnej nie pamiętam bo vundo je usuwał i miały szyfrowaną losowo nazwę]) jednak teraz mam jeszcze inny problem. Właśnie z procesem iexplore.exe. Jak go wyłączam w menadżerze zadań to po ok 20s komputer mi sam się restartuje, a właściwie to resetuje bez wznowienia pracy, zatrzymuje się na czarnym ekranie i muszę walnąć mu reset. Poza tym przed restartem nie wyświetla nic tylko odrazu tak jakby się wyłączał (wiem że w innych porzypadkach jest odliczanie 59s do wyłączenia a tu nie ma więc shutdown -a nie można użyć żeby to zatrzymać. Nie wiem czemu tak się robi. Pomocy jeszcze raz.

Złączono Posta : 26.06.2007 (Wto) 22:30

Logfile of HijackThis v1.99.1

Scan saved at 22:10, on 2007-06-26

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\cFosSpeed\spd.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\logon.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\ComboFix\21847.cfexe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\rundll32.exe

C:\ComboFix\23003.cfexe

C:\ComboFix\23071.cfexe

C:\WINDOWS\explorer.exe

D:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM…\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe

O4 - HKLM…\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe

O4 - HKLM…\Run: [spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe

O4 - HKLM…\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\System32\advpack.dll,DelNodeRunDLL32 “C:\DOCUME~1\Daniel\USTAWI~1\Temp\IXP000.TMP”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O17 - HKLM\System\CCS\Services\Tcpip…{397AC643-4EB2-4F5C-997E-9EE3066B4223}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip…{397AC643-4EB2-4F5C-997E-9EE3066B4223}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS2\Services\Tcpip…{397AC643-4EB2-4F5C-997E-9EE3066B4223}: NameServer = 194.204.159.1 217.98.63.164

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

qrczak13 · 26 Czerwiec 2007 21:56

Ściągnij The Avenger,

wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Files to delete: C:\WINDOWS\system32\qpqru.bak1 C:\WINDOWS\system32\urqpq.dll C:\WINDOWS\system32\rqrpppp.dll C:\WINDOWS\system32\auns.exe C:\WINDOWS\system32\tnhfqnd.exe C:\WINDOWS\system32\gebcbay.dll C:\WINDOWS\system32\wkyjg.exe C:\WINDOWS\system32\rpsy.exe C:\WINDOWS\system32\tuvvwwx.dll C:\WINDOWS\system32\oywdvltl.exe C:\WINDOWS\system32\nnnlmnk.dll.vir C:\WINDOWS\system32\ntvgwqjr.exe C:\WINDOWS\system32\azcebkql.exe C:\WINDOWS\system32\sffipllt.exe C:\WINDOWS\system32\urqpooo.dll C:\WINDOWS\system32\ljjgecc.dll C:\WINDOWS\system32\ujbvhyx.exe C:\WINDOWS\system32\jkkjhff.dll.vir C:\WINDOWS\system32\sjalikz.exe C:\WINDOWS\system32\kkcclo.exe C:\WINDOWS\system32\hvklaxfq.exe C:\WINDOWS\system32\kjphrars.exe C:\WINDOWS\system32\xlgxwzm.exe C:\WINDOWS\system32\dgrekey.exe C:\WINDOWS\system32\iiffc.exe C:\WINDOWS\system32\hggffdc.dll C:\WINDOWS\system32\urspqnl.dll C:\WINDOWS\System32\logon.exe C:\WINDOWS\System32\iexplore.exe C:\WINDOWS\System32\spoolsvc.exe Registry keys to delete: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{189F4FFB-6747-49A6-B272-FBE78DF536C8} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{674DDFA6-BB3D-427B-961F-E9EEEF293004} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6771D12B-FA53-4261-8E26-5523B23EDAEF} HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcbay HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpq Registry values to delete: “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” | “Microsoft Internet Explorer” “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” | “Windows Logon Application” “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” | “Spooler SubSystem App” “HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce” | “wextract_cleanup0” “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks” | “{674DDFA6-BB3D-427B-961F-E9EEEF293004}”

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart. Po restarcie wchodzisz gdzie masz The Avenger wklejasz raport C:\avenger.txt oraz nowy log z combofix.

kgb.musztarda · 27 Czerwiec 2007 07:58

Log z combo:

ComboFix 07-05.24.7.V - Running from: “C:\Documents and Settings\Daniel\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\windows\system32\explorer.exe” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-27 )))))))))))))))))))))))))))))))))) 2007-06-27 09:36 24,442 --a------ C:\WINDOWS\system32\bvdiefbi.exe 2007-06-27 09:30 2007-06-27 09:25 60,416 --a------ C:\WINDOWS\system32\drivers\uunry^xj.sys 2007-06-27 09:17 24,442 --a------ C:\WINDOWS\system32\nhyzg.exe 2007-06-27 09:15 24,442 --a------ C:\WINDOWS\system32\rccjraf.exe 2007-06-26 22:56 24,442 --a------ C:\WINDOWS\system32\qanqkwy.exe 2007-06-26 21:59 24,442 --a------ C:\WINDOWS\system32\avat.exe 2007-06-25 22:50 2007-06-24 23:55 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-06-24 21:16 2007-06-24 20:23 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-06-24 20:23 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-06-24 13:55 2007-06-24 11:19 2007-06-24 10:31 2007-06-22 19:15 2007-06-22 19:09 2007-06-22 19:07 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-06-22 19:06 2007-06-22 18:52 2007-06-17 21:41 2007-06-14 21:36 2007-06-14 21:35 299,520 --a------ C:\WINDOWS\uninst.exe 2007-06-14 21:35 2007-06-12 20:42 58,288 -ra------ C:\WINDOWS\system32\drivers\k510bus.sys 2007-06-12 20:42 5,808 -ra------ C:\WINDOWS\system32\drivers\k510whnt.sys 2007-06-12 20:42 5,808 -ra------ C:\WINDOWS\system32\drivers\k510wh.sys 2007-06-11 18:25 2007-06-11 18:22 2007-06-05 18:48 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2007-06-05 18:48 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll 2007-06-05 18:48 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll 2007-06-05 18:48 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-06-05 18:48 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll 2007-06-05 18:48 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2007-06-05 18:47 143,360 --a------ C:\WINDOWS\system32\wmidx.dll 2007-06-05 18:42 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2007-06-05 18:42 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2007-06-05 18:42 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-06-05 18:42 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-06-05 18:42 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2007-06-05 18:42 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-05 18:42 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-06-05 18:42 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2007-06-05 18:42 2007-06-05 18:41 2007-06-04 18:36 2007-06-03 17:37 2007-06-03 17:37 2007-06-02 17:26 2007-06-02 17:11 418,304 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2007-06-02 16:53 200,704 --a------ C:\WINDOWS\system32\cfosspeed.dll 2007-06-02 16:53 2007-06-01 18:28 2007-05-27 21:07 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:56:05 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\foobar2000 2007-06-24 20:14:24 -------- d-----w C:\Program Files\Valve 2007-06-24 19:31:12 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-24 19:31:12 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-24 18:51:01 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 18:48:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-24 18:48:18 -------- d-----w C:\Program Files\Messenger 2007-06-24 11:56:42 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Skype 2007-06-22 16:52:50 -------- d-----w C:\Program Files\GetRight 2007-06-03 17:26:08 -------- d-----w C:\Program Files\Cheating-Death 2007-06-01 16:30:52 -------- d-----w C:\Program Files\Any Image 2007-05-26 19:59:35 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Help 2007-05-26 19:52:44 -------- d-----w C:\Program Files\Image Assistant 2007-05-25 20:35:26 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-25 20:34:00 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\TuneUp Software 2007-05-24 18:33:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-21 16:31:47 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Shareaza 2007-05-20 16:48:09 -------- d-----w C:\Program Files\No-IP 2007-05-20 14:40:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-20 12:19:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 12:16:32 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-20 12:07:38 -------- d-----w C:\Program Files\VIAudioi 2007-05-20 12:06:32 -------- d-----w C:\Program Files\VIA 2007-05-20 11:35:19 -------- d-----w C:\Program Files\Skype 2007-05-20 11:35:18 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 11:22:25 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-05-20 11:18:21 -------- d-----w C:\Program Files\WapSter 2007-05-20 11:01:51 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Gadu-Gadu 2007-05-20 11:01:17 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-20 10:55:34 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-20 10:35:39 -------- d-----w C:\Program Files\Alwil Software 2007-05-20 10:33:17 716 ----a-w C:\WINDOWS\unins000.dat 2007-05-20 10:19:11 -------- d-----w C:\Program Files\SAGEM 2007-05-20 10:01:10 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 10:00:47 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 09:44:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 09:43:28 0 --sha-r C:\MSDOS.SYS 2007-05-20 09:43:28 0 --sha-r C:\IO.SYS 2007-05-20 09:43:28 0 ----a-w C:\CONFIG.SYS 2007-05-20 09:43:28 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 09:36:19 -------- d-----w C:\Program Files\Movie Maker 2007-05-20 09:35:07 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 09:30:58 -------- d-----w C:\Program Files\Usługi online 2007-05-20 09:30:05 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 09:30:04 -------- d-----w C:\Program Files\Windows NT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] {F2F92BCE-573C-4128-9EE1-7D124AA08BBE}=C:\WINDOWS\System32\urqpq.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Windows Explorer”=“C:\WINDOWS\System32\explorer.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “NoViewContextMenu”=0 (0x0) “NoChangeStartMenu”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “AudioDeck”=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 “NvCplDaemon”=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize “nwiz”=nwiz.exe /install “Cmaudio”=RunDll32 cmicnfg.cpl,CMICtrlWnd ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070524-221339-201 O20 - Winlogon Notify: mqbart - mqbart.dll (file missing) ?Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mqbart] “Asynchronous”=dword:00000000 “Dllname”=“mqbart.dll” “Impersonate”=dword:00000000 “Startup”=“NotifyStartup” “Shutdown”=“NotifyShutdown” backup-20070524-221316-398 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4???†???†???:?? backup-20070524-221305-414 O4 - HKCU…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070524-221249-943 O4 - HKLM…\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 backup-20070524-221207-217 O2 - BHO: (no name) - {0a089281-adf0-4af1-8d3c-d7b70fd0eb4d} - C:\WINDOWS\system32\mqbart.dll (file missing) Contents of the ‘Scheduled Tasks’ folder 2007-06-24 19:16:59 C:\WINDOWS\tasks\1-Click Maintenance.job (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\windows\system32\explorer.exe” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-27 )))))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:56:05 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\foobar2000 2007-06-24 20:14:24 -------- d-----w C:\Program Files\Valve 2007-06-24 19:31:12 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-24 19:31:12 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-24 18:51:01 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 18:48:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-24 18:48:18 -------- d-----w C:\Program Files\Messenger 2007-06-24 11:56:42 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Skype 2007-06-22 16:52:50 -------- d-----w C:\Program Files\GetRight 2007-06-03 17:26:08 -------- d-----w C:\Program Files\Cheating-Death 2007-06-01 16:30:52 -------- d-----w C:\Program Files\Any Image 2007-05-26 19:59:35 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Help 2007-05-26 19:52:44 -------- d-----w C:\Program Files\Image Assistant 2007-05-25 20:35:26 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-25 20:34:00 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\TuneUp Software 2007-05-24 18:33:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-21 16:31:47 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Shareaza 2007-05-20 16:48:09 -------- d-----w C:\Program Files\No-IP 2007-05-20 14:40:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-20 12:19:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 12:16:32 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-20 12:07:38 -------- d-----w C:\Program Files\VIAudioi 2007-05-20 12:06:32 -------- d-----w C:\Program Files\VIA 2007-05-20 11:35:19 -------- d-----w C:\Program Files\Skype 2007-05-20 11:35:18 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 11:22:25 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-05-20 11:18:21 -------- d-----w C:\Program Files\WapSter 2007-05-20 11:01:51 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Gadu-Gadu 2007-05-20 11:01:17 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-20 10:55:34 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-20 10:35:39 -------- d-----w C:\Program Files\Alwil Software 2007-05-20 10:33:17 716 ----a-w C:\WINDOWS\unins000.dat 2007-05-20 10:19:11 -------- d-----w C:\Program Files\SAGEM 2007-05-20 10:01:10 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 10:00:47 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 09:44:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 09:43:28 0 --sha-r C:\MSDOS.SYS 2007-05-20 09:43:28 0 --sha-r C:\IO.SYS 2007-05-20 09:43:28 0 ----a-w C:\CONFIG.SYS 2007-05-20 09:43:28 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 09:36:19 -------- d-----w C:\Program Files\Movie Maker 2007-05-20 09:35:07 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 09:30:58 -------- d-----w C:\Program Files\Usługi online 2007-05-20 09:30:05 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 09:30:04 -------- d-----w C:\Program Files\Windows NT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] {F2F92BCE-573C-4128-9EE1-7D124AA08BBE}=C:\WINDOWS\System32\urqpq.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Windows Explorer”=“C:\WINDOWS\System32\explorer.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “NoViewContextMenu”=0 (0x0) “NoChangeStartMenu”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “AudioDeck”=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 “NvCplDaemon”=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize “nwiz”=nwiz.exe /install “Cmaudio”=RunDll32 cmicnfg.cpl,CMICtrlWnd ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070524-221339-201 O20 - Winlogon Notify: mqbart - mqbart.dll (file missing) ?Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mqbart] “Asynchronous”=dword:00000000 “Dllname”=“mqbart.dll” “Impersonate”=dword:00000000 “Startup”=“NotifyStartup” “Shutdown”=“NotifyShutdown” backup-20070524-221316-398 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4???†???†???:?? backup-20070524-221305-414 O4 - HKCU…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070524-221249-943 O4 - HKLM…\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 backup-20070524-221207-217 O2 - BHO: (no name) - {0a089281-adf0-4af1-8d3c-d7b70fd0eb4d} - C:\WINDOWS\system32\mqbart.dll (file missing) Contents of the ‘Scheduled Tasks’ folder 2007-06-24 19:16:59 C:\WINDOWS\tasks\1-Click Maintenance.job

i z avengera:

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\svindids ******************* Script file located at: ??\C:\Program Files\gplnspdy.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\qpqru.bak1 deleted successfully. File C:\WINDOWS\system32\urqpq.dll deleted successfully. File C:\WINDOWS\system32\rqrpppp.dll deleted successfully. File C:\WINDOWS\system32\auns.exe deleted successfully. File C:\WINDOWS\system32\tnhfqnd.exe deleted successfully. File C:\WINDOWS\system32\gebcbay.dll deleted successfully. File C:\WINDOWS\system32\wkyjg.exe deleted successfully. File C:\WINDOWS\system32\rpsy.exe deleted successfully. File C:\WINDOWS\system32\tuvvwwx.dll deleted successfully. File C:\WINDOWS\system32\oywdvltl.exe deleted successfully. File C:\WINDOWS\system32\nnnlmnk.dll.vir deleted successfully. File C:\WINDOWS\system32\ntvgwqjr.exe deleted successfully. File C:\WINDOWS\system32\azcebkql.exe deleted successfully. File C:\WINDOWS\system32\sffipllt.exe deleted successfully. File C:\WINDOWS\system32\urqpooo.dll deleted successfully. File C:\WINDOWS\system32\ljjgecc.dll deleted successfully. File C:\WINDOWS\system32\ujbvhyx.exe deleted successfully. File C:\WINDOWS\system32\jkkjhff.dll.vir deleted successfully. File C:\WINDOWS\system32\sjalikz.exe deleted successfully. File C:\WINDOWS\system32\kkcclo.exe deleted successfully. File C:\WINDOWS\system32\hvklaxfq.exe deleted successfully. File C:\WINDOWS\system32\kjphrars.exe deleted successfully. File C:\WINDOWS\system32\xlgxwzm.exe deleted successfully. File C:\WINDOWS\system32\dgrekey.exe deleted successfully. File C:\WINDOWS\system32\iiffc.exe deleted successfully. File C:\WINDOWS\system32\hggffdc.dll deleted successfully. File C:\WINDOWS\system32\urspqnl.dll deleted successfully. File C:\WINDOWS\System32\logon.exe not found! Deletion of file C:\WINDOWS\System32\logon.exe failed! Could not process line: C:\WINDOWS\System32\logon.exe Status: 0xc0000034 File C:\WINDOWS\System32\iexplore.exe not found! Deletion of file C:\WINDOWS\System32\iexplore.exe failed! Could not process line: C:\WINDOWS\System32\iexplore.exe Status: 0xc0000034 File C:\WINDOWS\System32\spoolsvc.exe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{189F4FFB-6747-49A6-B272-FBE78DF536C8} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{189F4FFB-6747-49A6-B272-FBE78DF536C8} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{674DDFA6-BB3D-427B-961F-E9EEEF293004} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6771D12B-FA53-4261-8E26-5523B23EDAEF} deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebcbay deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqpq deleted successfully. Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Internet Explorer Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Internet Explorer failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Logon Application Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Logon Application failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Spooler SubSystem App Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Spooler SubSystem App failed! Status: 0xc0000034 Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce|wextract_cleanup0 Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce|wextract_cleanup0 failed! Status: 0xc0000034 Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks|{674DDFA6-BB3D-427B-961F-E9EEEF293004} deleted successfully. Completed script processing. ******************* Finished! Terminate.

Już jest trochę lepiej lecz jak kasowałem avengerem to mi wyskoczyło odl;iczanie do zamknięcia (nie to z programu)

qrczak13 · 27 Czerwiec 2007 16:53

The Avenger > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart. Po restarcie wchodzisz gdzie masz The Avenger wklejasz raport C:\avenger.txt.

Do notatnika wklej:

Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na

pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.

Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350

Nowy log z combo po wykonaniu.

kgb.musztarda · 27 Czerwiec 2007 17:11

Proszę Cię bardzo, oto log:

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\windows\system32\explorer.exe” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-27 )))))))))))))))))))))))))))))))))) 2007-06-27 18:47 24˙442 --a------ C:\WINDOWS\system32\uenyx.exe 2007-06-27 18:40 24˙442 --a------ C:\WINDOWS\system32\ychanuxx.exe 2007-06-27 11:16 24˙442 --a------ C:\WINDOWS\system32\oqfxuu.exe 2007-06-27 10:00 24˙442 --a------ C:\WINDOWS\system32\kflt.exe 2007-06-27 09:59 94˙283 --ah----- C:\WINDOWS\system32\zhxxw.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:56:05 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\foobar2000 2007-06-24 20:14:24 -------- d-----w C:\Program Files\Valve 2007-06-24 19:31:12 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-24 19:31:12 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-24 18:51:01 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 18:48:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-24 18:48:18 -------- d-----w C:\Program Files\Messenger 2007-06-24 11:56:42 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Skype 2007-06-22 16:52:50 -------- d-----w C:\Program Files\GetRight 2007-06-03 17:26:08 -------- d-----w C:\Program Files\Cheating-Death 2007-06-01 16:30:52 -------- d-----w C:\Program Files\Any Image 2007-05-26 19:59:35 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Help 2007-05-26 19:52:44 -------- d-----w C:\Program Files\Image Assistant 2007-05-25 20:35:26 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-25 20:34:00 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\TuneUp Software 2007-05-24 18:33:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-21 16:31:47 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Shareaza 2007-05-20 16:48:09 -------- d-----w C:\Program Files\No-IP 2007-05-20 14:40:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-20 12:19:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 12:16:32 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-20 12:07:38 -------- d-----w C:\Program Files\VIAudioi 2007-05-20 12:06:32 -------- d-----w C:\Program Files\VIA 2007-05-20 11:35:19 -------- d-----w C:\Program Files\Skype 2007-05-20 11:35:18 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 11:22:25 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-05-20 11:18:21 -------- d-----w C:\Program Files\WapSter 2007-05-20 11:01:51 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Gadu-Gadu 2007-05-20 11:01:17 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-20 10:55:34 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-20 10:35:39 -------- d-----w C:\Program Files\Alwil Software 2007-05-20 10:33:17 716 ----a-w C:\WINDOWS\unins000.dat 2007-05-20 10:19:11 -------- d-----w C:\Program Files\SAGEM 2007-05-20 10:01:10 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 10:00:47 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 09:44:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 09:43:28 0 --sha-r C:\MSDOS.SYS 2007-05-20 09:43:28 0 --sha-r C:\IO.SYS 2007-05-20 09:43:28 0 ----a-w C:\CONFIG.SYS 2007-05-20 09:43:28 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 09:36:19 -------- d-----w C:\Program Files\Movie Maker 2007-05-20 09:35:07 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 09:30:58 -------- d-----w C:\Program Files\Usługi online 2007-05-20 09:30:05 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 09:30:04 -------- d-----w C:\Program Files\Windows NT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “NoViewContextMenu”=0 (0x0) “NoChangeStartMenu”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “AudioDeck”=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 “NvCplDaemon”=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize “nwiz”=nwiz.exe /install “Cmaudio”=RunDll32 cmicnfg.cpl,CMICtrlWnd ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070627-185110-553 O2 - BHO: (no name) - {898D2881-9621-44A1-8C7D-E16B22A7AA2E} - (no file) backup-20070627-185110-470 O2 - BHO: (no name) - {F2F92BCE-573C-4128-9EE1-7D124AA08BBE} - C:\WINDOWS\System32\urqpq.dll (file missing) backup-20070627-184947-346 O4 - HKLM…\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe backup-20070524-221339-201 O20 - Winlogon Notify: mqbart - mqbart.dll (file missing) ?Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mqbart] “Asynchronous”=dword:00000000 “Dllname”=“mqbart.dll” “Impersonate”=dword:00000000 “Startup”=“NotifyStartup” “Shutdown”=“NotifyShutdown” backup-20070524-221316-398 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4???†???†???:?? backup-20070524-221305-414 O4 - HKCU…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070524-221249-943 O4 - HKLM…\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 backup-20070524-221207-217 O2 - BHO: (no name) - {0a089281-adf0-4af1-8d3c-d7b70fd0eb4d} - C:\WINDOWS\system32\mqbart.dll (file missing) Contents of the ‘Scheduled Tasks’ folder 2007-06-24 19:16:59 C:\WINDOWS\tasks\1-Click Maintenance.job

PS.

Zauważyłem że mam teraz częste restarty kompa bez przyczyny na czarny ekran i dalej nic pozostaje mi reset.

Jeszcze log z avengera:

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\scqqdgqv


*******************


Script file located at: \??\C:\WINDOWS\vxkqovjq.txt

Script file opened successfully.


Script file read successfully


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:


File C:\WINDOWS\system32\bvdiefbi.exe deleted successfully.

File C:\WINDOWS\system32\drivers\uunry^xj.sys deleted successfully.

File C:\WINDOWS\system32\nhyzg.exe deleted successfully.

File C:\WINDOWS\system32\rccjraf.exe deleted successfully.

File C:\WINDOWS\system32\qanqkwy.exe deleted successfully.

File C:\WINDOWS\system32\avat.exe deleted successfully.


Completed script processing.


*******************


Finished! Terminate.

Złączono Posta _: 27.06.2007 (Sro) 19:12_Proszę Cię bardzo, oto log:

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) “C:\windows\system32\explorer.exe” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-27 )))))))))))))))))))))))))))))))))) 2007-06-27 18:47 24˙442 --a------ C:\WINDOWS\system32\uenyx.exe 2007-06-27 18:40 24˙442 --a------ C:\WINDOWS\system32\ychanuxx.exe 2007-06-27 11:16 24˙442 --a------ C:\WINDOWS\system32\oqfxuu.exe 2007-06-27 10:00 24˙442 --a------ C:\WINDOWS\system32\kflt.exe 2007-06-27 09:59 94˙283 --ah----- C:\WINDOWS\system32\zhxxw.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:56:05 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\foobar2000 2007-06-24 20:14:24 -------- d-----w C:\Program Files\Valve 2007-06-24 19:31:12 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-24 19:31:12 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-24 18:51:01 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 18:48:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-24 18:48:18 -------- d-----w C:\Program Files\Messenger 2007-06-24 11:56:42 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Skype 2007-06-22 16:52:50 -------- d-----w C:\Program Files\GetRight 2007-06-03 17:26:08 -------- d-----w C:\Program Files\Cheating-Death 2007-06-01 16:30:52 -------- d-----w C:\Program Files\Any Image 2007-05-26 19:59:35 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Help 2007-05-26 19:52:44 -------- d-----w C:\Program Files\Image Assistant 2007-05-25 20:35:26 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-25 20:34:00 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\TuneUp Software 2007-05-24 18:33:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-21 16:31:47 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Shareaza 2007-05-20 16:48:09 -------- d-----w C:\Program Files\No-IP 2007-05-20 14:40:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-20 12:19:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 12:16:32 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-20 12:07:38 -------- d-----w C:\Program Files\VIAudioi 2007-05-20 12:06:32 -------- d-----w C:\Program Files\VIA 2007-05-20 11:35:19 -------- d-----w C:\Program Files\Skype 2007-05-20 11:35:18 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 11:22:25 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-05-20 11:18:21 -------- d-----w C:\Program Files\WapSter 2007-05-20 11:01:51 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Gadu-Gadu 2007-05-20 11:01:17 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-20 10:55:34 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-20 10:35:39 -------- d-----w C:\Program Files\Alwil Software 2007-05-20 10:33:17 716 ----a-w C:\WINDOWS\unins000.dat 2007-05-20 10:19:11 -------- d-----w C:\Program Files\SAGEM 2007-05-20 10:01:10 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 10:00:47 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 09:44:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 09:43:28 0 --sha-r C:\MSDOS.SYS 2007-05-20 09:43:28 0 --sha-r C:\IO.SYS 2007-05-20 09:43:28 0 ----a-w C:\CONFIG.SYS 2007-05-20 09:43:28 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 09:36:19 -------- d-----w C:\Program Files\Movie Maker 2007-05-20 09:35:07 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 09:30:58 -------- d-----w C:\Program Files\Usługi online 2007-05-20 09:30:05 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 09:30:04 -------- d-----w C:\Program Files\Windows NT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “NoViewContextMenu”=0 (0x0) “NoChangeStartMenu”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “AudioDeck”=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 “NvCplDaemon”=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize “nwiz”=nwiz.exe /install “Cmaudio”=RunDll32 cmicnfg.cpl,CMICtrlWnd ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070627-185110-553 O2 - BHO: (no name) - {898D2881-9621-44A1-8C7D-E16B22A7AA2E} - (no file) backup-20070627-185110-470 O2 - BHO: (no name) - {F2F92BCE-573C-4128-9EE1-7D124AA08BBE} - C:\WINDOWS\System32\urqpq.dll (file missing) backup-20070627-184947-346 O4 - HKLM…\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe backup-20070524-221339-201 O20 - Winlogon Notify: mqbart - mqbart.dll (file missing) ?Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mqbart] “Asynchronous”=dword:00000000 “Dllname”=“mqbart.dll” “Impersonate”=dword:00000000 “Startup”=“NotifyStartup” “Shutdown”=“NotifyShutdown” backup-20070524-221316-398 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4???†???†???:?? backup-20070524-221305-414 O4 - HKCU…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070524-221249-943 O4 - HKLM…\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 backup-20070524-221207-217 O2 - BHO: (no name) - {0a089281-adf0-4af1-8d3c-d7b70fd0eb4d} - C:\WINDOWS\system32\mqbart.dll (file missing) Contents of the ‘Scheduled Tasks’ folder 2007-06-24 19:16:59 C:\WINDOWS\tasks\1-Click Maintenance.job

PS. Zauważyłem że mam teraz częste restarty kompa bez przyczyny na czarny ekran i dalej nic pozostaje mi reset. Jeszcze log z avengera:

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\scqqdgqv


*******************


Script file located at: \??\C:\WINDOWS\vxkqovjq.txt

Script file opened successfully.


Script file read successfully


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:


File C:\WINDOWS\system32\bvdiefbi.exe deleted successfully.

File C:\WINDOWS\system32\drivers\uunry^xj.sys deleted successfully.

File C:\WINDOWS\system32\nhyzg.exe deleted successfully.

File C:\WINDOWS\system32\rccjraf.exe deleted successfully.

File C:\WINDOWS\system32\qanqkwy.exe deleted successfully.

File C:\WINDOWS\system32\avat.exe deleted successfully.


Completed script processing.


*******************


Finished! Terminate.

qrczak13 · 27 Czerwiec 2007 17:25

Usuń folder Hijackthis Backups.

The Avenger > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:

Po wklejeniu > Done > klik na zielone światło > ok i będzie restart. Po restarcie wchodzisz gdzie masz The Avenger wklejasz raport C:\avenger.txt

W trybie awaryjnym użyj VundoFix + FixVundo + VirtmundoBeGone

Po tym nowy log combo.

kgb.musztarda · 27 Czerwiec 2007 18:54

No to będzie tak. Log z VBG:

[06/25/2007, 23:27:09] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\Daniel\Moje dokumenty\My Completed Downloads\VirtumundoBeGone.exe” ) [06/25/2007, 23:27:19] - Detected System Information: [06/25/2007, 23:27:19] - Windows Version: 5.1.2600, [06/25/2007, 23:27:19] - Current Username: Daniel (Admin) [06/25/2007, 23:27:19] - Windows is in NORMAL mode. [06/25/2007, 23:27:19] - Searching for Browser Helper Objects: [06/25/2007, 23:27:19] - BHO 1: AutorunsDisabled () [06/25/2007, 23:27:19] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/25/2007, 23:27:19] - No filename found. Continuing. [06/25/2007, 23:27:19] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (GetRight IE Download Helper) [06/25/2007, 23:27:19] - BHO 3: {674DDFA6-BB3D-427B-961F-E9EEEF293004} () [06/25/2007, 23:27:19] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/25/2007, 23:27:19] - Checking for HKLM…\Winlogon\Notify\jkkjhff [06/25/2007, 23:27:19] - Found: HKLM…\Winlogon\Notify\jkkjhff - This is probably Virtumundo. [06/25/2007, 23:27:19] - Assigning {674DDFA6-BB3D-427B-961F-E9EEEF293004} MSEvents Object [06/25/2007, 23:27:19] - BHO list has been changed! Starting over… [06/25/2007, 23:27:19] - BHO 1: AutorunsDisabled () [06/25/2007, 23:27:19] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/25/2007, 23:27:19] - No filename found. Continuing. [06/25/2007, 23:27:19] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (GetRight IE Download Helper) [06/25/2007, 23:27:19] - BHO 3: {674DDFA6-BB3D-427B-961F-E9EEEF293004} (MSEvents Object) [06/25/2007, 23:27:19] - ALERT: Found MSEvents Object! [06/25/2007, 23:27:19] - BHO 4: {6771D12B-FA53-4261-8E26-5523B23EDAEF} () [06/25/2007, 23:27:19] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/25/2007, 23:27:19] - Checking for HKLM…\Winlogon\Notify\yabax [06/25/2007, 23:27:19] - Key not found: HKLM…\Winlogon\Notify\yabax, continuing. [06/25/2007, 23:27:19] - Finished Searching Browser Helper Objects [06/25/2007, 23:27:19] - *** Detected MSEvents Object [06/25/2007, 23:27:19] - Trying to remove MSEvents Object… [06/25/2007, 23:27:21] - Terminating Process: IEXPLORE.EXE [06/25/2007, 23:27:21] - Terminating Process: RUNDLL32.EXE [06/25/2007, 23:27:21] - Disabling Automatic Shell Restart [06/25/2007, 23:27:21] - Terminating Process: EXPLORER.EXE [06/25/2007, 23:27:21] - Suspending the NT Session Manager System Service [06/25/2007, 23:27:21] - Terminating Windows NT Logon/Logoff Manager [06/25/2007, 23:27:24] - Re-enabling Automatic Shell Restart [06/25/2007, 23:27:24] - File to disable: C:\WINDOWS\System32\jkkjhff.dll [06/25/2007, 23:27:24] - Renaming C:\WINDOWS\System32\jkkjhff.dll -> C:\WINDOWS\System32\jkkjhff.dll.vir [06/25/2007, 23:27:24] - File successfully renamed! [06/25/2007, 23:27:24] - Removing HKLM…\Browser Helper Objects{674DDFA6-BB3D-427B-961F-E9EEEF293004} [06/25/2007, 23:27:24] - Removing HKCR\CLSID{674DDFA6-BB3D-427B-961F-E9EEEF293004} [06/25/2007, 23:27:24] - Adding Kill Bit for ActiveX for GUID: {674DDFA6-BB3D-427B-961F-E9EEEF293004} [06/25/2007, 23:27:24] - Deleting ATLEvents/MSEvents Registry entries [06/25/2007, 23:27:24] - Removing HKLM…\Winlogon\Notify\jkkjhff [06/25/2007, 23:27:24] - Searching for Browser Helper Objects: [06/25/2007, 23:27:24] - BHO 1: AutorunsDisabled () [06/25/2007, 23:27:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/25/2007, 23:27:24] - No filename found. Continuing. [06/25/2007, 23:27:24] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (GetRight IE Download Helper) [06/25/2007, 23:27:24] - BHO 3: {6771D12B-FA53-4261-8E26-5523B23EDAEF} () [06/25/2007, 23:27:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/25/2007, 23:27:24] - Checking for HKLM…\Winlogon\Notify\yabax [06/25/2007, 23:27:24] - Key not found: HKLM…\Winlogon\Notify\yabax, continuing. [06/25/2007, 23:27:24] - Finished Searching Browser Helper Objects [06/25/2007, 23:27:24] - Finishing up… [06/25/2007, 23:27:24] - A restart is needed. [06/25/2007, 23:27:34] - Attempting to Restart via STOP error (Blue Screen!) [06/26/2007, 19:26:00] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\Daniel\Moje dokumenty\My Completed Downloads\VirtumundoBeGone.exe” ) [06/26/2007, 19:26:02] - Detected System Information: [06/26/2007, 19:26:02] - Windows Version: 5.1.2600, [06/26/2007, 19:26:02] - Current Username: Daniel (Admin) [06/26/2007, 19:26:02] - Windows is in NORMAL mode. [06/26/2007, 19:26:02] - Searching for Browser Helper Objects: [06/26/2007, 19:26:02] - BHO 1: AutorunsDisabled () [06/26/2007, 19:26:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/26/2007, 19:26:02] - No filename found. Continuing. [06/26/2007, 19:26:02] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (GetRight IE Download Helper) [06/26/2007, 19:26:02] - BHO 3: {674DDFA6-BB3D-427B-961F-E9EEEF293004} () [06/26/2007, 19:26:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/26/2007, 19:26:02] - Checking for HKLM…\Winlogon\Notify\nnnlmnk [06/26/2007, 19:26:02] - Found: HKLM…\Winlogon\Notify\nnnlmnk - This is probably Virtumundo. [06/26/2007, 19:26:02] - Assigning {674DDFA6-BB3D-427B-961F-E9EEEF293004} MSEvents Object [06/26/2007, 19:26:02] - BHO list has been changed! Starting over… [06/26/2007, 19:26:02] - BHO 1: AutorunsDisabled () [06/26/2007, 19:26:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/26/2007, 19:26:02] - No filename found. Continuing. [06/26/2007, 19:26:02] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (GetRight IE Download Helper) [06/26/2007, 19:26:02] - BHO 3: {674DDFA6-BB3D-427B-961F-E9EEEF293004} (MSEvents Object) [06/26/2007, 19:26:02] - ALERT: Found MSEvents Object! [06/26/2007, 19:26:02] - BHO 4: {6771D12B-FA53-4261-8E26-5523B23EDAEF} () [06/26/2007, 19:26:02] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/26/2007, 19:26:02] - Checking for HKLM…\Winlogon\Notify\yabax [06/26/2007, 19:26:02] - Key not found: HKLM…\Winlogon\Notify\yabax, continuing. [06/26/2007, 19:26:02] - Finished Searching Browser Helper Objects [06/26/2007, 19:26:02] - *** Detected MSEvents Object [06/26/2007, 19:26:02] - Trying to remove MSEvents Object… [06/26/2007, 19:26:03] - Terminating Process: IEXPLORE.EXE [06/26/2007, 19:26:04] - Terminating Process: RUNDLL32.EXE [06/26/2007, 19:26:04] - Disabling Automatic Shell Restart [06/26/2007, 19:26:04] - Terminating Process: EXPLORER.EXE [06/26/2007, 19:26:04] - Suspending the NT Session Manager System Service [06/26/2007, 19:26:04] - Terminating Windows NT Logon/Logoff Manager [06/26/2007, 19:26:04] - Re-enabling Automatic Shell Restart [06/26/2007, 19:26:04] - File to disable: C:\WINDOWS\System32\nnnlmnk.dll [06/26/2007, 19:26:04] - Renaming C:\WINDOWS\System32\nnnlmnk.dll -> C:\WINDOWS\System32\nnnlmnk.dll.vir [06/26/2007, 19:26:04] - File successfully renamed! [06/26/2007, 19:26:04] - Removing HKLM…\Browser Helper Objects{674DDFA6-BB3D-427B-961F-E9EEEF293004} [06/26/2007, 19:26:04] - Removing HKCR\CLSID{674DDFA6-BB3D-427B-961F-E9EEEF293004} [06/26/2007, 19:26:04] - Adding Kill Bit for ActiveX for GUID: {674DDFA6-BB3D-427B-961F-E9EEEF293004} [06/26/2007, 19:26:04] - Deleting ATLEvents/MSEvents Registry entries [06/26/2007, 19:26:04] - Removing HKLM…\Winlogon\Notify\nnnlmnk [06/26/2007, 19:26:04] - Searching for Browser Helper Objects: [06/26/2007, 19:26:04] - BHO 1: AutorunsDisabled () [06/26/2007, 19:26:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/26/2007, 19:26:04] - No filename found. Continuing. [06/26/2007, 19:26:04] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (GetRight IE Download Helper) [06/26/2007, 19:26:04] - BHO 3: {6771D12B-FA53-4261-8E26-5523B23EDAEF} () [06/26/2007, 19:26:04] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/26/2007, 19:26:04] - Checking for HKLM…\Winlogon\Notify\yabax [06/26/2007, 19:26:04] - Key not found: HKLM…\Winlogon\Notify\yabax, continuing. [06/26/2007, 19:26:04] - Finished Searching Browser Helper Objects [06/26/2007, 19:26:04] - Finishing up… [06/26/2007, 19:26:04] - A restart is needed. [06/26/2007, 19:26:08] - Attempting to Restart via STOP error (Blue Screen!) [06/27/2007, 20:44:36] - VirtumundoBeGone v1.5 ( “C:\Documents and Settings\Daniel\Moje dokumenty\My Completed Downloads\VirtumundoBeGone.exe” ) [06/27/2007, 20:44:53] - Detected System Information: [06/27/2007, 20:44:53] - Windows Version: 5.1.2600, [06/27/2007, 20:44:53] - Current Username: Daniel (Admin) [06/27/2007, 20:44:53] - Windows is in NORMAL mode. [06/27/2007, 20:44:54] - Searching for Browser Helper Objects: [06/27/2007, 20:44:54] - BHO 1: AutorunsDisabled () [06/27/2007, 20:44:54] - WARNING: BHO has no default name. Checking for Winlogon reference. [06/27/2007, 20:44:54] - No filename found. Continuing. [06/27/2007, 20:44:54] - BHO 2: {31FF080D-12A3-439A-A2EF-4BA95A3148E8} (GetRight IE Download Helper) [06/27/2007, 20:44:54] - Finished Searching Browser Helper Objects [06/27/2007, 20:44:54] - Finishing up… [06/27/2007, 20:44:54] - Nothing found! Exiting…

Dodatkowo przeskanowałem avastem i mi znalazł coś w system32 i odrazu przemianowałem nazwę żeby się nie odpalało. Do tego zeskanowałem jeszcze a-sqared Free i też coś znalazł i usunął. Dodam że jeszcze mam restarty kompa bez powodu:/ Miałem jeszcze zrobić loga z combofixa ale właśnie nie mogę explorera włączyć bo się sam wyłączył:/

adam9870 · 27 Czerwiec 2007 19:08

Tak, wykonaj i wklej tu nowy log z ComboFix. Jeśli masz problem z uruchomieniem procesu explorer.exe, sprobuj uruchomić ponownie system, a jeśli i to nie pomoże, to wywołaj Menedżera zadań (w tym celu wciśnij kombinację klawiszy CTRL + SHIFT + EST), przejdź na zakładkę Aplikacje, skorzystaj z opcji Nowe zadanie, w okienku które się otworzy wpisz nazwę uruchamianego procesu (w tym przypadku explorer.exe) i kliknij OK.

kgb.musztarda · 27 Czerwiec 2007 19:26

Dwie sprawy:

Dzięki za info ale nie wiem jakim innym sposobem mogłem uruchomić explorer.exe jak nie jednym z tych podanych sposobów
Brakujący log z combofixa:

ComboFix 07-05.24.7.V - Running from: “C:\Documents and Settings\Daniel\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-27 )))))))))))))))))))))))))))))))))) 2007-06-27 21:04 12,672 --ah----- C:\WINDOWS\system32\ofdzqk.exe 2007-06-27 20:02 2007-06-27 19:49 2007-06-25 22:50 2007-06-24 23:55 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-06-24 21:16 2007-06-24 20:23 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-06-24 20:23 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-06-24 13:55 2007-06-24 11:19 2007-06-24 10:31 2007-06-22 19:15 2007-06-22 19:09 2007-06-22 19:07 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-06-22 19:06 2007-06-22 18:52 2007-06-17 21:41 2007-06-14 21:36 2007-06-14 21:35 299,520 --a------ C:\WINDOWS\uninst.exe 2007-06-14 21:35 2007-06-12 20:42 58,288 -ra------ C:\WINDOWS\system32\drivers\k510bus.sys 2007-06-12 20:42 5,808 -ra------ C:\WINDOWS\system32\drivers\k510whnt.sys 2007-06-12 20:42 5,808 -ra------ C:\WINDOWS\system32\drivers\k510wh.sys 2007-06-11 18:25 2007-06-11 18:22 2007-06-05 18:48 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2007-06-05 18:48 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll 2007-06-05 18:48 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll 2007-06-05 18:48 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-06-05 18:48 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll 2007-06-05 18:48 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2007-06-05 18:47 143,360 --a------ C:\WINDOWS\system32\wmidx.dll 2007-06-05 18:42 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2007-06-05 18:42 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2007-06-05 18:42 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-06-05 18:42 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-06-05 18:42 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2007-06-05 18:42 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-05 18:42 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-06-05 18:42 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2007-06-05 18:42 2007-06-05 18:41 2007-06-04 18:36 2007-06-03 17:37 2007-06-03 17:37 2007-06-02 17:26 2007-06-02 17:11 418,304 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2007-06-02 16:53 200,704 --a------ C:\WINDOWS\system32\cfosspeed.dll 2007-06-02 16:53 2007-06-01 18:28 2007-05-27 21:07 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:56:05 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\foobar2000 2007-06-24 20:14:24 -------- d-----w C:\Program Files\Valve 2007-06-24 19:31:12 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-24 19:31:12 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-24 18:51:01 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 18:48:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-24 18:48:18 -------- d-----w C:\Program Files\Messenger 2007-06-24 11:56:42 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Skype 2007-06-22 16:52:50 -------- d-----w C:\Program Files\GetRight 2007-06-03 17:26:08 -------- d-----w C:\Program Files\Cheating-Death 2007-06-01 16:30:52 -------- d-----w C:\Program Files\Any Image 2007-05-26 19:59:35 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Help 2007-05-26 19:52:44 -------- d-----w C:\Program Files\Image Assistant 2007-05-25 20:35:26 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-25 20:34:00 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\TuneUp Software 2007-05-24 18:33:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-21 16:31:47 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Shareaza 2007-05-20 16:48:09 -------- d-----w C:\Program Files\No-IP 2007-05-20 14:40:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-20 12:19:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 12:16:32 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-20 12:07:38 -------- d-----w C:\Program Files\VIAudioi 2007-05-20 12:06:32 -------- d-----w C:\Program Files\VIA 2007-05-20 11:35:19 -------- d-----w C:\Program Files\Skype 2007-05-20 11:35:18 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 11:22:25 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-05-20 11:18:21 -------- d-----w C:\Program Files\WapSter 2007-05-20 11:01:51 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Gadu-Gadu 2007-05-20 11:01:17 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-20 10:55:34 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-20 10:35:39 -------- d-----w C:\Program Files\Alwil Software 2007-05-20 10:33:17 716 ----a-w C:\WINDOWS\unins000.dat 2007-05-20 10:19:11 -------- d-----w C:\Program Files\SAGEM 2007-05-20 10:01:10 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 10:00:47 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 09:44:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 09:43:28 0 --sha-r C:\MSDOS.SYS 2007-05-20 09:43:28 0 --sha-r C:\IO.SYS 2007-05-20 09:43:28 0 ----a-w C:\CONFIG.SYS 2007-05-20 09:43:28 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 09:36:19 -------- d-----w C:\Program Files\Movie Maker 2007-05-20 09:35:07 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 09:30:58 -------- d-----w C:\Program Files\Usługi online 2007-05-20 09:30:05 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 09:30:04 -------- d-----w C:\Program Files\Windows NT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “NoViewContextMenu”=0 (0x0) “NoChangeStartMenu”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “AudioDeck”=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 “NvCplDaemon”=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize “nwiz”=nwiz.exe /install “Cmaudio”=RunDll32 cmicnfg.cpl,CMICtrlWnd ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070627-185110-553 O2 - BHO: (no name) - {898D2881-9621-44A1-8C7D-E16B22A7AA2E} - (no file) backup-20070627-185110-470 O2 - BHO: (no name) - {F2F92BCE-573C-4128-9EE1-7D124AA08BBE} - C:\WINDOWS\System32\urqpq.dll (file missing) backup-20070627-184947-346 O4 - HKLM…\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe backup-20070524-221339-201 O20 - Winlogon Notify: mqbart - mqbart.dll (file missing) ?Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mqbart] “Asynchronous”=dword:00000000 “Dllname”=“mqbart.dll” “Impersonate”=dword:00000000 “Startup”=“NotifyStartup” “Shutdown”=“NotifyShutdown” backup-20070524-221316-398 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4???†???†???:?? backup-20070524-221305-414 O4 - HKCU…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070524-221249-943 O4 - HKLM…\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 backup-20070524-221207-217 O2 - BHO: (no name) - {0a089281-adf0-4af1-8d3c-d7b70fd0eb4d} - C:\WINDOWS\system32\mqbart.dll (file missing) Contents of the ‘Scheduled Tasks’ folder 2007-06-24 19:16:59 C:\WINDOWS\tasks\1-Click Maintenance.job

Dodaję że nadal komputer mi sam się restartuje:/

qrczak13 · 27 Czerwiec 2007 19:49

Ściągasz Pocket Killbox,

zaznaczasz Delete on reboot , w polu Full Path of File to Delete wklej ścieżkę:

C:\WINDOWS\system32\ofdzqk.exe

i naciskasz X czerwony. Program poprosi o restart kompa, co robisz.

Podmień plik przy pomocy Konsoli odzyskiwania:

expand X:\i386\explorer.ex_ C:\Windows\explorer.exe

X - litera Twojego napędu.

C - litera partycji, na której znajduje się system operacyjny.

kgb.musztarda · 28 Czerwiec 2007 17:21

Log z combofixa:

ComboFix 07-05.24.7.V - Running from: “C:\Documents and Settings\Daniel\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-05-06 to 2007-06-28 )))))))))))))))))))))))))))))))))) 2007-06-27 20:02 2007-06-27 19:49 2007-06-25 22:50 2007-06-24 23:55 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-06-24 21:16 2007-06-24 20:23 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-06-24 20:23 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-06-24 13:55 2007-06-24 11:19 2007-06-24 10:31 2007-06-22 19:15 2007-06-22 19:09 2007-06-22 19:07 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll 2007-06-22 19:06 2007-06-22 18:52 2007-06-17 21:41 2007-06-14 21:36 2007-06-14 21:35 299,520 --a------ C:\WINDOWS\uninst.exe 2007-06-14 21:35 2007-06-12 20:42 58,288 -ra------ C:\WINDOWS\system32\drivers\k510bus.sys 2007-06-12 20:42 5,808 -ra------ C:\WINDOWS\system32\drivers\k510whnt.sys 2007-06-12 20:42 5,808 -ra------ C:\WINDOWS\system32\drivers\k510wh.sys 2007-06-11 18:25 2007-06-11 18:22 2007-06-05 18:48 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll 2007-06-05 18:48 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll 2007-06-05 18:48 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll 2007-06-05 18:48 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll 2007-06-05 18:48 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll 2007-06-05 18:48 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll 2007-06-05 18:47 143,360 --a------ C:\WINDOWS\system32\wmidx.dll 2007-06-05 18:42 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2007-06-05 18:42 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2007-06-05 18:42 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-06-05 18:42 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-06-05 18:42 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2007-06-05 18:42 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-05 18:42 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-06-05 18:42 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2007-06-05 18:42 2007-06-05 18:41 2007-06-04 18:36 2007-06-03 17:37 2007-06-03 17:37 2007-06-02 17:26 2007-06-02 17:11 418,304 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys 2007-06-02 16:53 200,704 --a------ C:\WINDOWS\system32\cfosspeed.dll 2007-06-02 16:53 2007-06-01 18:28 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-26 17:56:05 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\foobar2000 2007-06-24 20:14:24 -------- d-----w C:\Program Files\Valve 2007-06-24 19:31:12 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-24 19:31:12 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-24 18:51:01 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-06-24 18:48:24 -------- d–h--w C:\Program Files\WindowsUpdate 2007-06-24 18:48:18 -------- d-----w C:\Program Files\Messenger 2007-06-24 11:56:42 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Skype 2007-06-22 16:52:50 -------- d-----w C:\Program Files\GetRight 2007-06-03 17:26:08 -------- d-----w C:\Program Files\Cheating-Death 2007-06-01 16:30:52 -------- d-----w C:\Program Files\Any Image 2007-05-26 19:59:35 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Help 2007-05-26 19:52:44 -------- d-----w C:\Program Files\Image Assistant 2007-05-25 20:35:26 -------- d-----w C:\Program Files\TuneUp Utilities 2006 2007-05-25 20:34:00 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\TuneUp Software 2007-05-24 18:33:35 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-05-21 16:31:47 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Shareaza 2007-05-20 16:48:09 -------- d-----w C:\Program Files\No-IP 2007-05-20 14:40:44 -------- d-----w C:\Program Files\Neostrada TP 2007-05-20 12:19:47 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-20 12:16:32 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-20 12:07:38 -------- d-----w C:\Program Files\VIAudioi 2007-05-20 12:06:32 -------- d-----w C:\Program Files\VIA 2007-05-20 11:35:19 -------- d-----w C:\Program Files\Skype 2007-05-20 11:35:18 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-20 11:22:25 1,156 ----a-w C:\WINDOWS\mozver.dat 2007-05-20 11:18:21 -------- d-----w C:\Program Files\WapSter 2007-05-20 11:01:51 -------- d-----w C:\DOCUME~1\Daniel\DANEAP~1\Gadu-Gadu 2007-05-20 11:01:17 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-20 10:55:34 0 ----a-w C:\WINDOWS\nsreg.dat 2007-05-20 10:35:39 -------- d-----w C:\Program Files\Alwil Software 2007-05-20 10:33:17 716 ----a-w C:\WINDOWS\unins000.dat 2007-05-20 10:19:11 -------- d-----w C:\Program Files\SAGEM 2007-05-20 10:01:10 -------- d-----w C:\Program Files\Common Files\ODBC 2007-05-20 10:00:47 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-05-20 09:44:39 -------- d-----w C:\Program Files\microsoft frontpage 2007-05-20 09:43:28 0 --sha-r C:\MSDOS.SYS 2007-05-20 09:43:28 0 --sha-r C:\IO.SYS 2007-05-20 09:43:28 0 ----a-w C:\CONFIG.SYS 2007-05-20 09:43:28 0 ----a-w C:\AUTOEXEC.BAT 2007-05-20 09:36:19 -------- d-----w C:\Program Files\Movie Maker 2007-05-20 09:35:07 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-05-20 09:30:58 -------- d-----w C:\Program Files\Usługi online 2007-05-20 09:30:05 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-05-20 09:30:04 -------- d-----w C:\Program Files\Windows NT 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AvastSS.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 19:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “NoViewContextMenu”=0 (0x0) “NoChangeStartMenu”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “MaxRecentDocs”=11 (0xb) “NoStartMenuMFUprogramsList”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “ERSvc”=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] “CTFMON.EXE”=C:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] “AudioDeck”=C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 “NvCplDaemon”=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize “nwiz”=nwiz.exe /install “Cmaudio”=RunDll32 cmicnfg.cpl,CMICtrlWnd ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070627-185110-553 O2 - BHO: (no name) - {898D2881-9621-44A1-8C7D-E16B22A7AA2E} - (no file) backup-20070627-185110-470 O2 - BHO: (no name) - {F2F92BCE-573C-4128-9EE1-7D124AA08BBE} - C:\WINDOWS\System32\urqpq.dll (file missing) backup-20070627-184947-346 O4 - HKLM…\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe backup-20070524-221339-201 O20 - Winlogon Notify: mqbart - mqbart.dll (file missing) ?Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mqbart] “Asynchronous”=dword:00000000 “Dllname”=“mqbart.dll” “Impersonate”=dword:00000000 “Startup”=“NotifyStartup” “Shutdown”=“NotifyShutdown” backup-20070524-221316-398 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm ???4???†???†???:?? backup-20070524-221305-414 O4 - HKCU…\Run: [ipWins] C:\Program Files\Ipwindows\ipwins.exe backup-20070524-221249-943 O4 - HKLM…\Run: [runner1] C:\WINDOWS\retadpu2000373.exe 61A847B5BBF72810329B385575FA01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 backup-20070524-221207-217 O2 - BHO: (no name) - {0a089281-adf0-4af1-8d3c-d7b70fd0eb4d} - C:\WINDOWS\system32\mqbart.dll (file missing) Contents of the ‘Scheduled Tasks’ folder 2007-06-24 19:16:59 C:\WINDOWS\tasks\1-Click Maintenance.job

Ps. nadal mam restarty kompa, nie wiem co z nim:/

qrczak13 · 28 Czerwiec 2007 21:27

Usuń.

Log ok.

Co do restartów to poczytaj o plikach minidmp:

Debugging Tools for Windows i pliki minidump