Masaj
(Masaj)
22 Maj 2007 16:54
#1
Witam
Komp mi zwariowal; wyskoczyla informacja o trojanie download. /usuniety/ i info o koniiecznossci zaistalowania jakiegos programu do przeskanowania kompa /zablokowane/ i adresy jakis dziwnych stron.
Niedawno 2 uzytk. kompa szukal jakiegos kg-na i gdzies w necie i od tej pory mam problemy. Korzystam z FF-a a wyskuje mi w trakcie pracy okno IE z tekstem:" You must watch this site crack, xx," ,albo “instal this program”
Jak sie pozbyc tego syfu z kompa xp pro.
Logfile of HijackThis v1.99.1 Scan saved at 18:43:19, on 2007-05-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Instalki\ewido anti-spyware 4.0\guard.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Program Files\QuickTime\qttask.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe D:\Instalki\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\USTAWI~1\Temp\Rar$EX00.750\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [C] C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll O4 - HKLM…\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NVMixerTray] “C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM…\Run: [!ewido] “D:\Instalki\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM…\Run: [setup] rundll32.exe “C:\WINDOWS\system32\jcuvuyfk.dll”,realset O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O17 - HKLM\System\CCS\Services\Tcpip…{74C58124-684D-4CD2-B309-4A68E3867F73}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - D:\Instalki\ewido anti-spyware 4.0\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Gutek
(Gutek)
22 Maj 2007 16:58
#2
Masaj
(Masaj)
22 Maj 2007 17:09
#3
Ewido w Brouser Plugin pokazuje to 55DB983C-BDBF-426f-86F0-187B02DDA39B w C://Windows/System32/mdgnrdfy.dll
9A853E36-4A35-4DBF-9C03-AD9423798E35 fccbvxt.dll
7C632A50-5949-4285-9637-581C129825CF mljge.dll
Gutek
(Gutek)
22 Maj 2007 17:35
#4
Zrób to o co proszę na koniec log z Combofix
Masaj
(Masaj)
22 Maj 2007 17:48
#5
2007-05-22 19:43:11 Dodatek Service Pack 2 ComboFix 07-05.21.6.V - Running from: “C:\Documents and Settings\Pulpit” (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\jcuvuyfk.dll C:\WINDOWS\system32\winzzc32.dll C:\WINDOWS\system32\kfyuvucj.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_GB -------\gb ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-22 )))))))))))))))))))))))))))))))))) 2007-05-22 19:16 2007-05-22 16:38 29,206 --a------ C:\WINDOWS\system32\fccbxvt.dll.vir 2007-05-20 19:52 2007-05-19 17:35 2007-05-19 00:32 2007-05-15 00:36 2007-05-11 20:51 2007-05-10 18:42 2007-05-09 12:44 2007-05-08 22:30 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-05-03 22:14 2007-04-30 15:57 178,408 --a------ C:\WINDOWS\system32\muweb.dll 2007-04-30 15:57 128,232 --a------ C:\WINDOWS\system32\mucltui.dll 2007-04-30 15:38 50,748 --a------ C:\WINDOWS\system32\prfc0415.dat 2007-04-30 15:38 358,702 --a------ C:\WINDOWS\system32\prfh0415.dat (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-22 17:23:14 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-05-22 16:50:29 -------- d-----w C:\DOCUME~1\DANEAP~1\Skype 2007-05-22 08:09:25 -------- d-----w C:\Program Files\Norton Internet Security 2007-05-19 15:42:13 -------- d-----w C:\Program Files\Skype 2007-05-13 14:37:42 -------- d-----w C:\DOCUME~1\DANEAP~1\Lavasoft 2007-05-11 18:53:15 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-11 18:49:19 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-05-10 16:20:39 1,346 ----a-w C:\WINDOWS\mozver.dat 2007-05-02 13:43:25 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-02 13:43:25 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-02 09:28:46 -------- d-----w C:\Program Files\Microsoft Works 2007-04-13 20:05:18 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-13 19:51:20 -------- d-----w C:\Program Files\Symantec 2007-04-13 01:09:37 -------- d-----w C:\Program Files\Messenger 2007-04-07 20:56:16 -------- d-----w C:\Program Files\totalcmd 2007-04-07 15:50:44 -------- d-----w C:\DOCUME~1\DANEAP~1\Apple Computer 2007-04-07 15:04:09 102,800 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys 2007-04-04 10:33:48 -------- d-----w C:\Program Files\Google 2007-04-03 13:32:33 -------- d-----w C:\DOCUME~1\DANEAP~1\Google 2007-04-03 11:09:23 -------- d-----w C:\Program Files\Hewlett-Packard 2007-04-03 11:09:22 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS 2007-04-03 11:05:10 -------- d-----w C:\Program Files\HP 2007-04-03 11:01:22 -------- d-----w C:\Program Files\ATI Technologies 2007-04-01 21:51:12 -------- d-----w C:\Program Files\Common Files\ODBC 2007-04-01 21:51:09 -------- d-----w C:\Program Files\Common Files\SpeechEngines 2007-04-01 21:00:20 -------- d-----w C:\Program Files\LANChat 2007-04-01 20:47:29 -------- d-----w C:\Program Files\SymNetDrv 2007-04-01 20:39:18 -------- d-----w C:\DOCUME~1\DANEAP~1\Symantec 2007-04-01 20:35:03 4,608 ----a-w C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-04-01 20:32:57 -------- d-----w C:\Program Files\SubEdit-Player 2007-04-01 20:26:07 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-04-01 20:23:00 -------- d-----w C:\Program Files\Microsoft.NET 2007-04-01 20:19:35 -------- d-----w C:\Program Files\Ahead 2007-04-01 20:19:34 -------- d-----w C:\Program Files\Common Files\Ahead 2007-04-01 20:14:32 -------- d-----w C:\Program Files\NVIDIA Corporation 2007-04-01 20:14:32 -------- d-----w C:\Program Files\Common Files\NVIDIA Shared 2007-04-01 19:59:32 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-01 19:59:15 0 --sha-r C:\MSDOS.SYS 2007-04-01 19:59:15 0 --sha-r C:\IO.SYS 2007-04-01 19:59:15 0 ----a-w C:\CONFIG.SYS 2007-04-01 19:59:15 0 ----a-w C:\AUTOEXEC.BAT 2007-04-01 19:58:06 -------- d-----w C:\Program Files\Usługi online 2007-04-01 19:57:06 -------- d-----w C:\Program Files\Common Files\MSSoap 2007-04-01 19:56:51 -------- d-----w C:\Program Files\Movie Maker 2007-04-01 19:56:07 21,856 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-01 19:55:51 -------- d-----w C:\Program Files\MSN Gaming Zone 2007-04-01 19:55:41 -------- d-----w C:\Program Files\Windows NT 2007-03-28 16:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 16:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-28 16:41:26 266,552 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-03-28 16:41:24 18,904 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-03-28 16:41:20 37,016 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-03-28 16:41:18 47,192 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-03-28 16:41:14 171,928 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-03-28 16:41:12 11,480 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {7C632A50-5949-4285-9637-581C129825CF}=C:\WINDOWS\system32\mljge.dll [] {9ECB9560-04F9-4bbc-943D-298DDF1699E1}=C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2004-09-17 22:06] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-11-17 12:26] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-02-22 10:58] “Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe” [2007-04-13 21:50] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-04-21 21:10] “C:\WINDOWS\system32\V0230Cvw.dll”=“C:\WINDOWS\system32\RegSvr32.exe” [2004-08-04 00:44] “V0230Mon.exe”=“C:\WINDOWS\system32\V0230Mon.exe” [2006-07-19 19:00] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43] “QuickTime Task”=“D:\Program Files\QuickTime\qttask.exe” [2007-04-27 09:41] “NVMixerTray”=“C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe” [2004-06-03 20:51] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe” [2003-07-28 15:43] “HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” [2003-06-25 11:24] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2003-10-23 19:51] “DeviceDiscovery”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” [2003-05-21 18:37] “!ewido”=“D:\Instalki\ewido anti-spyware 4.0\ewido.exe” [2007-05-21 00:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-05-10 16:09] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2007-04-03 15:30] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “IETI”=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=“D:\Instalki\SASSEH.DLL” [] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“D:\Instalki\ewido anti-spyware 4.0\shellexecutehook.dll” [2006-06-16 16:38] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon] D:\Instalki\SASWINLO.dll Contents of the ‘Scheduled Tasks’ folder 2007-05-18 19:23:50 C:\WINDOWS\tasks\Norton AntiVirus - Skanuj komputer - Mitek.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-22 19:45:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ******************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] “C:\WINDOWS\system32\V0230Cvw.dll”=“C:\WINDOWS\system32\RegSvr32.exe /s C:\WINDOWS\system32\V0230Cvw.dll” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\H a r m o n o g r a m a u t o m a t y c z n e j u s Bu g i L i v e U p d a t e] “ImagePath”="“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe”" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\helpsvc] “ServiceDll”="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidServ] “ServiceDll”="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb] “ImagePath”=“system32\DRIVERS\hidusb.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HSFHWBS2] “ImagePath”=“system32\DRIVERS\HSFBS2S2.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HSF_DP] “ImagePath”=“system32\DRIVERS\HSFDPSP2.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] “ImagePath”=“System32\Drivers\HTTP.sys” [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTPFilter] “ServiceDll”="%SystemRoot%\System32\w3ssl.dll" Completion time: 2007-05-22 19:46:20 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-05-22 19:46 — E O F —
VundoFix V6.3.21
Checking Java version…
Java version is 1.5.0.11
Scan started at 19:16:05 2007-05-22
Listing files found while scanning…
C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\mljge.dll
Beginning removal…
Attempting to delete C:\WINDOWS\system32\egjlm.bak2
C:\WINDOWS\system32\egjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mljge.dll Has been deleted!
Performing Repairs to the registry.
Done!