beti_666
(Beti 666)
13 Listopad 2007 14:07
#1
Czytałam na forum o tym problemie. Nawet probowalam to usunac podanymi metodami ale coś mi nie wychodzi;/ ściagnęłam mcAfee antyvirusa i ciagle mi wykrywa tego Vundo…juz nie wiem co robic:( Błagam pomożcie bo ja jestem zielona jesli chodzi o komputery…Hijacka ściągnęłam ale mi te logi nic nie mówią.
Logfile of Browser Hijack Recover(BHR) v2.2
http://www.browser-hijack.com/
Log created on 2007-11-13 15:05:26
Microsoft Windows XP Home Edition Dodatek Service Pack 2 (Build 2600)
Internet Explorer v6.0.2900.2180 Update Versions: ;SP2;
[Process Manager] - [Process]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\Gadu-Gadu\gg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Program Files\Browser Hijack Recover\bhr.exe
[IE Options] - [Normal]
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/windows/ie_intl/en/start/
R0 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Window Title =
R1 - HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
[IE Options] - [IE Menu]
[IE Options] - [Internet Options]
[IE Options] - [IE Search Hooks]
[IE Add-Ons] - [Toolbars]
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (No Name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (No File)
[IE Add-Ons] - [Explorer Bars]
O9 - Extra "View" Explorer Bars: Favorites Band - {EFA24E61-B078-11D0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra "View" Explorer Bars: History Band - {EFA24E62-B078-11D0-89E4-00C04FC9E26E} - C:\WINDOWS\system32\shdocvw.dll
[IE Add-Ons] - [Context Menu]
[IE Add-Ons] - [BHOs]
O2 - BHO: (No Name) - {1C1DD717-53B2-485E-A17B-C9977C205E10} - C:\WINDOWS\system32\ljjjhef.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (No Name) - {7A5D4F9F-92FA-4140-A7FD-00C5B8965344} - C:\WINDOWS\system32\mljgg.dll
[IE Add-Ons] - [Tools Menu]
O9 - Extra "Tool" Menu Item: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
[IE Add-Ons] - [Tools Button]
O9 - Extra Button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra "Tool" Menu Item: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
[System Options]
[StartUp]
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices PANDA ANTISPAM SERVER SERVICE = C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Gadu-Gadu = E:\Gadu-Gadu\gg.exe" /tray
04 - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run WinFast Schedule = C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run WinampAgent = C:\Program Files\Winamp\winampa.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run nwiz = nwiz.exe /install
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run AdslTaskBar = rundll32.exe stmctrl.dll,TaskBar
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SCANINICIO = C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run APVXDWIN = C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run SunJavaUpdateSched = C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run WOOWATCH = C:\PROGRA~1\NEOSTR~1\Watch.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run a-squared = C:\Program Files\a-squared Anti-Malware\a2guard.exe
04 - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 74765363 = rundll32.exe "C:\WINDOWS\system32\hrggwfjw.dll",b
Bardzo prosze poradzcie co robic.
// Poprawiłem Twój post - dodałem tagi code.
Kaka’
arekmalek
(arekmalek)
13 Listopad 2007 14:52
#4
Użyj Vundofix i usuwaj pliki które znajdzie aż ich nie będzie znajdywał
Daj log z normalnej wersji hijacka bo to jest niezrozumiałe bynajmniej dla mnie. (tzw. użyj wersji DOWNLOAD hijacka a nie PORTABLE(www) )
Użyj combofix i wklej loga.
Opis combofix -> http://cybertrash.pl/images/tata/ComboFix.html
Pozdrawiam
raquo
Kaka2
(Kaka_117827603)
13 Listopad 2007 15:01
#5
Vader666 , no cóż, kolejne ostrzeżenie (czyli ban) za OTowanie. Dostałeś już ostrzeżenie za tego typu posty, widać, olewasz to. Przykro mi…
arekmalek
(arekmalek)
13 Listopad 2007 15:02
#6
Wklej do notatnika:
>>Plik>>Zapisz jako… >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
– podobnie jak na tym obrazku -->
Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Złączono Posta : 13.11.2007 (Wto) 16:02
beti_666
(Beti 666)
13 Listopad 2007 15:08
#7
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:06:37, on 2007-11-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\PROGRA~1\mcafee.com \agent\mcagent.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe E:\Gadu-Gadu\gg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\neostrada tp\neostradatp.exe C:\Program Files\neostrada tp\ComComp.exe C:\PROGRA~1\NEOSTR~1\Toaster.exe C:\PROGRA~1\NEOSTR~1\Inactivity.exe C:\PROGRA~1\NEOSTR~1\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\neostrada tp\Watch.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temporary Internet Files\Content.IE5\01GHQR81\VundoFix[3].exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM…\Run: [sCANINICIO] “C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe” O4 - HKLM…\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE” /s O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [a-squared] “C:\Program Files\a-squared Anti-Malware\a2guard.exe” O4 - HKLM…\Run: [74765363] rundll32.exe “C:\WINDOWS\system32\hrggwfjw.dll”,b O4 - HKLM…\RunServices: [PANDA ANTISPAM SERVER SERVICE] “C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe” O4 - HKCU…\Run: [Gadu-Gadu] “E:\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip…{2FD0E13A-919E-4322-969C-AAB101B5F7A6}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe (file missing) O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe (file missing) O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe (file missing) O23 - Service: Panda Pavkre (Pavkre) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe (file missing) O23 - Service: Panda PavProt (PavProt) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe (file missing) O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe (file missing) O23 - Service: Panda IManager Service (PSIMSVC) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe – End of file - 7553 bytes
A tu jeszcze raz z comboFix
ComboFix 07-11-08.1 - Właściciel 2007-11-13 15:51:49.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1592 [GMT 1:00] Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 15:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 14:59 88,128 --a------ C:\WINDOWS\system32\hrggwfjw.dll 2007-11-13 14:49 2007-11-13 13:54 2007-11-13 12:10 88,128 --a------ C:\WINDOWS\system32\yjlgvwct.dll 2007-11-12 20:22 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-11-12 20:22 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-11-12 20:22 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-11-12 20:22 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-11-12 20:22 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-11-12 20:21 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-11-12 20:18 2007-11-12 20:18 2007-11-12 20:17 2007-11-12 20:13 2007-11-12 20:00 2007-11-12 19:49 2007-11-12 19:41 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-11-12 19:03 89,664 --a------ C:\WINDOWS\system32\iduqyvkj.dll 2007-11-12 19:00 144,480 --a------ C:\WINDOWS\system32\bjmmsrlk.dll 2007-11-12 12:26 89,664 --a------ C:\WINDOWS\system32\xhjfixqi.dll 2007-11-10 11:51 85,056 --a------ C:\WINDOWS\system32\fwnnktbj.dll 2007-11-08 19:37 86,080 --------- C:\WINDOWS\system32\jqfdyvcw.dll 2007-11-08 18:31 86,080 --------- C:\WINDOWS\system32\ipufdusg.dll 2007-11-07 12:05 86,080 --a------ C:\WINDOWS\system32\rjowjrlm.dll 2007-11-06 14:19 2007-11-06 14:19 2007-11-06 14:19 35,328 --a------ C:\WINDOWS\system32\ljjjhef.dll 2007-11-05 21:21 2007-11-03 19:10 2007-10-23 20:58 2007-10-16 16:48 2007-10-16 16:48 249,856 --------- C:\WINDOWS\Setup1.exe 2007-10-16 16:48 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-10-16 15:58 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-13 14:54 85,749,024 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-13 14:54 2,126,624 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-13 14:47 --------- d-----w C:\Program Files\neostrada tp 2007-11-13 14:32 676,340 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-13 14:32 1,152,248 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-13 13:52 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\uTorrent 2007-11-13 11:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-13 11:16 --------- d-----w C:\Program Files\ArcaBit 2007-11-11 16:47 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\OpenOffice.org2 2007-11-10 11:05 --------- d-----w C:\Program Files\eMule 2007-11-05 19:03 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-10-24 14:31 --------- d-----w C:\Program Files\Java 2007-10-16 11:54 --------- d-----w C:\Program Files\EA GAMES 2007-10-12 16:37 --------- d-----w C:\Program Files\Real Alternative 2007-10-12 16:37 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\Media Player Classic 2007-10-03 12:46 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit 2007-10-02 13:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit 2007-10-02 11:58 80 ----a-w C:\WINDOWS\system32\drivers\netfltConfig.dat 2007-09-30 14:33 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2007-09-30 04:30 --------- d-----w C:\Program Files\Google 2007-09-29 15:39 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-09-29 15:39 --------- d–h--r C:\Documents and Settings\Właściciel\Dane aplikacji\SecuROM 2007-09-29 10:08 --------- d-----w C:\Program Files\Common Files\Adobe(2) 2007-09-29 10:08 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-29 10:08 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\AdobeUM 2007-09-29 10:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe(2) 2007-09-29 10:06 --------- d-----w C:\Documents and Settings\Właściciel\Dane aplikacji\SecondLife 2007-09-29 10:05 --------- d-----w C:\Program Files\Winamp 2007-09-29 10:05 --------- d-----w C:\Program Files\MSN Messenger 2007-09-29 10:05 --------- d-----w C:\Program Files\IrfanView 2007-09-29 09:47 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit 2007-09-28 19:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{1C1DD717-53B2-485E-A17B-C9977C205E10}] 2007-11-06 14:19 35328 --a------ C:\WINDOWS\system32\ljjjhef.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WinFast Schedule”=“C:\Program Files\WinFast\WFTVFM\WFWIZ.exe” [2006-07-07 16:15] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-09-26 15:49] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-28 23:43] “nwiz”=“nwiz.exe” [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-06-28 23:43] “AdslTaskBar”=“stmctrl.dll” [2006-06-02 12:01 C:\WINDOWS\system32\stmctrl.dll] “SCANINICIO”=“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe” [] “APVXDWIN”=“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 12:49] “a-squared”=“C:\Program Files\a-squared Anti-Malware\a2guard.exe” [2007-08-31 20:24] “74765363”=“C:\WINDOWS\system32\hrggwfjw.dll” [2007-11-13 14:59] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“E:\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-05 20:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “PANDA ANTISPAM SERVER SERVICE”=“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoBandCustomize”=0 (0x0) “NoToolbarCustomize”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoBandCustomize”=0 (0x0) “NoToolbarCustomize”=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{1C1DD717-53B2-485E-A17B-C9977C205E10}”= C:\WINDOWS\system32\ljjjhef.dll [2007-11-06 14:19 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhef] ljjjhef.dll 2007-11-06 14:19 35328 C:\WINDOWS\system32\ljjjhef.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" R0 netflt;Panda Preventium Driver.;C:\WINDOWS\system32\Drivers\netflt.sys R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys R3 WFIOCTL;WFIOCTL;??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS S2 PASSRV;Panda Antispam Server Service;“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe” S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe S2 Pavkre;Panda Pavkre;“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe” S2 PavProt;Panda PavProt;“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe” S2 PREVSRV;Panda Preventium+ Service;“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe” S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys S3 gdrv;gdrv;??\C:\WINDOWS\gdrv.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{78e3aca9-2fff-11dc-b84e-806d6172696f}] \Shell\AutoRun\command - D:\CDSETUP.EXE . Contents of the ‘Scheduled Tasks’ folder “2007-11-12 19:20:15 C:\WINDOWS\Tasks\McDefragTask.job” - c:\PROGRA~1\mcafee\mqc\QcConsol.exe “2007-11-12 19:20:13 C:\WINDOWS\Tasks\McQcTask.job” - c:\PROGRA~1\mcafee\mqc\QcConsol.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 15:54:24 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-13 15:55:28 C:\ComboFix2.txt … 2007-11-13 15:47 . — E O F —
Gutek
(Gutek)
13 Listopad 2007 19:41
#8
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
beti_666
(Beti 666)
14 Listopad 2007 11:43
#9
Zrobiłam tak jak mowiliście i dalej wyskakuja mi alerty;/ to jest log po tym jak zapisalam w notatniku itd.
ComboFix 07-11-08.1 - Właściciel 2007-11-14 12:29:15.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1680 [GMT 1:00] Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Właściciel\Pulpit\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\bjmmsrlk.dll C:\WINDOWS\system32\fwnnktbj.dll C:\WINDOWS\system32\hrggwfjw.dll C:\WINDOWS\system32\iduqyvkj.dll C:\WINDOWS\system32\ipufdusg.dll C:\WINDOWS\system32\jqfdyvcw.dll C:\WINDOWS\system32\ljjjhef.dll C:\WINDOWS\system32\rjowjrlm.dll C:\WINDOWS\system32\xhjfixqi.dll C:\WINDOWS\system32\yjlgvwct.dll . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Start\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Start\Online Security Guide.lnk C:\Documents and Settings\Właściciel\Pulpit\Live Safety Center.lnk C:\Documents and Settings\Właściciel\Pulpit\Online Security Guide.lnk C:\Documents and Settings\Właściciel\Ulubione\Online Security Guide.lnk C:\Temp\mZOr C:\WINDOWS\system32\bjmmsrlk.dll C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\fwnnktbj.dll C:\WINDOWS\system32\hrggwfjw.dll C:\WINDOWS\system32\iduqyvkj.dll C:\WINDOWS\system32\ipufdusg.dll C:\WINDOWS\system32\jqfdyvcw.dll C:\WINDOWS\system32\ljjjhef.dll C:\WINDOWS\system32\malccnjd.dllbox C:\WINDOWS\system32\Mz02r C:\WINDOWS\system32\rjowjrlm.dll C:\WINDOWS\system32\wyadd.ini C:\WINDOWS\system32\wyadd.ini2 C:\WINDOWS\system32\xhjfixqi.dll C:\WINDOWS\system32\yjlgvwct.dll . ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))) . 2007-11-14 12:15 85,056 --a------ C:\WINDOWS\system32\tyuijllr.dll 2007-11-14 12:10 145,984 --a------ C:\WINDOWS\system32\malccnjd.dll 2007-11-14 12:09 145,984 --a------ C:\WINDOWS\system32\lyjrbqfh.dll 2007-11-13 16:06 2007-11-13 15:47 2007-11-13 15:47 2007-11-13 15:19 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 14:49 2007-11-13 13:54 2007-11-12 20:13 2007-11-12 19:49 2007-11-12 19:41 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-11-05 21:21 2007-11-03 19:10 2007-10-23 20:58 2007-10-16 16:48 2007-10-16 16:48 249,856 --------- C:\WINDOWS\Setup1.exe 2007-10-16 16:48 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-10-16 15:58 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 11:37 86,066,208 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-14 11:37 2,145,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-14 11:36 678,284 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-14 11:36 1,156,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-14 11:25 --------- d-----w C:\Program Files\neostrada tp 2007-11-13 11:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-13 11:16 --------- d-----w C:\Program Files\ArcaBit 2007-11-10 11:05 --------- d-----w C:\Program Files\eMule 2007-11-05 19:03 --------- d-----w C:\Program Files\OpenOffice.org 2.3 2007-10-24 14:31 --------- d-----w C:\Program Files\Java 2007-10-16 11:54 --------- d-----w C:\Program Files\EA GAMES 2007-10-12 16:37 --------- d-----w C:\Program Files\Real Alternative 2007-10-03 12:46 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Dane aplikacji\ArcaBit 2007-10-02 13:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ArcaBit 2007-10-02 11:58 80 ----a-w C:\WINDOWS\system32\drivers\netfltConfig.dat 2007-09-30 04:30 --------- d-----w C:\Program Files\Google 2007-09-29 10:08 --------- d-----w C:\Program Files\Common Files\Adobe(2) 2007-09-29 10:08 --------- d-----w C:\Program Files\Common Files\Adobe 2007-09-29 10:08 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Adobe(2) 2007-09-29 10:05 --------- d-----w C:\Program Files\Winamp 2007-09-29 10:05 --------- d-----w C:\Program Files\MSN Messenger 2007-09-29 10:05 --------- d-----w C:\Program Files\IrfanView 2007-09-29 09:47 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\ArcaBit 2007-09-28 19:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Zylom . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-14 12:10 145984 --a------ C:\WINDOWS\system32\malccnjd.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{11A69AE4-FBED-4832-A2BF-45AF82825583}”= C:\WINDOWS\system32\malccnjd.dll [2007-11-14 12:10 145984] [HKEY_CLASSES_ROOT\CLSID{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “WinFast Schedule”=“C:\Program Files\WinFast\WFTVFM\WFWIZ.exe” [2006-07-07 16:15] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-09-26 15:49] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-28 23:43] “nwiz”=“nwiz.exe” [2007-06-28 23:43 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-06-28 23:43] “AdslTaskBar”=“stmctrl.dll” [2006-06-02 12:01 C:\WINDOWS\system32\stmctrl.dll] “SCANINICIO”=“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe” [] “APVXDWIN”=“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.exe” [] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 12:49] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“E:\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-10-05 20:06] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “PANDA ANTISPAM SERVER SERVICE”=“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoBandCustomize”=0 (0x0) “NoToolbarCustomize”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoBandCustomize”=0 (0x0) “NoToolbarCustomize”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\malccnjd] malccnjd.dll 2007-11-14 12:10 145984 C:\WINDOWS\system32\malccnjd.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] “Authentication Packages”= msv1_0 C:\WINDOWS\system32\ddayw.dll R0 netflt;Panda Preventium Driver.;C:\WINDOWS\system32\Drivers\netflt.sys R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys R2 CX23880;WinFast CX2388x WDM Video Capture.;C:\WINDOWS\system32\drivers\cx88vid.sys R2 CXTUNE;WinFast CX2388x WDM TVTuner.;C:\WINDOWS\system32\drivers\CX88TUNE.sys R3 CXAVXBAR;WinFast CX2388x WDM Crossbar.;C:\WINDOWS\system32\drivers\cxavxbar.sys R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys R3 WFIOCTL;WFIOCTL;??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS S2 PASSRV;Panda Antispam Server Service;“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe” S2 PAVFIRES;Panda Firewall Service;C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe S2 Pavkre;Panda Pavkre;“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe” S2 PavProt;Panda PavProt;“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe” S2 PREVSRV;Panda Preventium+ Service;“C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe” S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys S3 gdrv;gdrv;??\C:\WINDOWS\gdrv.sys . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-14 12:37:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-14 12:38:38 - machine was rebooted C:\ComboFix2.txt … 2007-11-13 16:22 C:\ComboFix3.txt … 2007-11-13 15:55 . — E O F —
Złączono Posta : 14.11.2007 (Sro) 14:18
Ehh prosze pomozcie:/ nie chce formatowac komputera. A chyba to mi zostalo. A pewnie i tak nie pomoze.
Gutek
(Gutek)
14 Listopad 2007 17:12
#10
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo, ale jeszcze przed logiem:
Wklej do Notatnika:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=-
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00
Z menu Notatnika Plik Zapisz jako Ustaw rozszerzenie na “Wszystkie pliki” Zapisz jako FIX.REG uruchom ten plik (dwuklik) .