Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Pojawiajace sie komunikaty RUNDLL Error loading i inne...
31 Mar 2008, 08:45
Od paru dni cos dzieje sie z moim komputerem. Po zalogowaniu wyskoczyl komunikat RUNDLL Error loading C:\DOCUME~1\LIPKA\LOKALS~1\Temp\wvuusqp.dll Mesing entry:#1
Nastepnie ladowal mi sie nachalnie sie jakis dziwny program Oczyszczaczkomputerza. I na dodatek zaczelo sie cos dziac z przegladarkami EXplore i Firefox : Bardzo czesto wyskakiwaly okienka ostrzegajace odpowiednio: firefox.exe has generated errors an will be closed by Windows. You will need to restart the program, albo IExplore.exe has generated errors ... idalej jak wyzej.Skorzystalam z porady na jakims forum, sciagnelam program SmithFraudFix i zastosowalam. Ten oczyszczcz komputerza zniknal i juz wiec sie na razie nie pokazal, ale inne opisane wyzej problemy zostaly. I nadodatek po zalogowaniu dolaczyl drugi komunikat RUNDLL Error loading C:\DOCUME~1\LIPKA\LOCALS~1\Temp\jkhfe.dll. The specified module could not by found, czyli byly juz dwa komunikaty i dalej co jakis czas klopoty z przegladarkami internetowymi. Znow skorzystalam z porady w internecie i sciagnelam program ComboFix i zastosowalam. Po zakonczeniu pracy programu, zrestartowalam komputer i wyskoczyly mi na dodatek nastepne dwa komunikaty RUNDLL, a mianowicie 1. Error loading C:\WINNT\system32\wjvwnmeg.dll, 2. Error loading C:\WINNT\system32\pwdiexmg.dll Prosze o pomoc!
Zalaczam logi:
SDFix: Version 1.163
Run by BabciaEla on Sat 03/29/2008 at 7:17a
Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINNT\Downloaded Program Files\UGDCPL_0001_N122M2012NetInstaller.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 07:30:12
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0471&Pid_1144&Mi_00\6&10b65970&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0471&Pid_1144&Mi_00\7&23287b7f&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_0471&Pid_1144&Mi_00\6&10b65970&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_0471&Pid_1144&Mi_00\7&23287b7f&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 27 Feb 2008 0 A..H. --- "C:\WINNT\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Finished!
SDFix: Version 1.163
Run by BabciaEla on Sun 03/30/2008 at 9:06a
Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 09:12:55
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0471&Pid_1144&Mi_00\6&10b65970&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0471&Pid_1144&Mi_00\7&23287b7f&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_0471&Pid_1144&Mi_00\6&10b65970&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_0471&Pid_1144&Mi_00\7&23287b7f&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 27 Feb 2008 0 A..H. --- "C:\WINNT\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Finished!
ComboFix 08-03-30.2 - BabciaEla 03/31/2008 7:20:52.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.48.1033.18.18 [GMT 2:00]
Running from: D:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\BM7b54edff.xml
C:\WINNT\cookies.ini
C:\WINNT\pskt.ini
C:\WINNT\system32\bjmtolwv.ini
C:\WINNT\system32\bwsvcjwt.dll
C:\WINNT\system32\Cfx32.lic
C:\WINNT\system32\cfx32.ocx
C:\WINNT\system32\cgjgaepe.ini
C:\WINNT\system32\desufdvw.dll
C:\WINNT\system32\dmjngdtu.dll
C:\WINNT\system32\epeagjgc.dll
C:\WINNT\system32\epmbhexs.dll
C:\WINNT\system32\jemdfjws.ini
C:\WINNT\system32\kbpmdyxh.dll
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\mnstvdxk.dll
C:\WINNT\system32\pwdiexmg.dll
C:\WINNT\system32\qgokedds.dll
C:\WINNT\system32\swjfdmej.dll
C:\WINNT\system32\sxehbmpe.ini
C:\WINNT\system32\vwlotmjb.dll
C:\WINNT\system32\wjvwnmeg.dll
C:\WINNT\system32\wvdfused.ini
C:\WINNT\system32\xmofymwp.dll
C:\WINNT\system32\yvpaejyt.dll
C:\WINNT\system32\ywximxlu.dll
C:\WINNT\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-31 06:44 . 03/31/08 06:44a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f0.dat
2008-03-30 22:29 . 03/30/08 10:29p 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-03-30 22:29 . 03/30/08 10:29p 1,409 --a------ C:\WINNT\QTFont.for
2008-03-29 08:36 . 03/31/08 07:14a 1,283,944 ---h----- C:\WINNT\ShellIconCache
2008-03-28 16:25 . 03/28/08 04:26p <DIR> d-------- C:\WINNT\ERUNT
2008-03-28 15:57 . 03/30/08 09:15a <DIR> d-------- C:\SDFix
2008-03-28 13:48 . 03/28/08 01:48p 54,336 --a------ C:\WINNT\system32\yvvqlvvy.dll
2008-03-28 13:48 . 03/28/08 01:48p 54,336 --a------ C:\WINNT\system32\iqracbcv.dll
2008-03-28 13:48 . 03/28/08 01:48p 54,336 --a------ C:\WINNT\system32\axnxpvii.dll
2008-03-28 13:47 . 03/28/08 01:47p 54,336 --a------ C:\WINNT\system32\uarpqbsc.dll
2008-03-28 13:47 . 03/28/08 01:47p 54,336 --a------ C:\WINNT\system32\bprynajc.dll
2008-03-28 13:46 . 03/28/08 01:46p 54,336 --a------ C:\WINNT\system32\pciunswd.dll
2008-03-28 13:46 . 03/28/08 01:46p 54,336 --a------ C:\WINNT\system32\iidaamdp.dll
2008-03-28 13:46 . 03/28/08 01:46p 54,336 --a------ C:\WINNT\system32\dkhkcrnc.dll
2008-03-28 13:45 . 03/28/08 01:45p 54,336 --a------ C:\WINNT\system32\qttueefv.dll
2008-03-28 13:45 . 03/28/08 01:45p 54,336 --a------ C:\WINNT\system32\jahbqrei.dll
2008-03-28 13:44 . 03/28/08 01:44p 54,336 --a------ C:\WINNT\system32\qjxgujpx.dll
2008-03-28 13:44 . 03/28/08 01:44p 54,336 --a------ C:\WINNT\system32\madqkvrp.dll
2008-03-28 13:44 . 03/28/08 01:44p 54,336 --a------ C:\WINNT\system32\fgxwxqyc.dll
2008-03-28 13:43 . 03/28/08 01:43p 54,336 --a------ C:\WINNT\system32\aygdxjfp.dll
2008-03-23 13:03 . 03/23/08 01:03p <DIR> dr------- C:\New Briefcase
2008-03-22 20:19 . 03/22/08 08:19p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_358.dat
2008-03-12 10:15 . 03/12/08 10:15a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f8.dat
2008-03-03 20:24 . 03/03/08 08:24p 129 --a------ C:\WINNT\system32\test.aok
2008-02-27 23:03 . 02/27/08 11:03p <DIR> d-------- C:\Documents and Settings\Lipka\Application Data\CANON INC
2008-02-27 23:03 . 03/27/08 12:25p <DIR> d-------- C:\Documents and Settings\Lipka\Application Data\CameraWindowDC
2008-02-27 22:57 . 03/28/08 12:33a <DIR> d-------- C:\Documents and Settings\Lipka\Application Data\ZoomBrowser EX
2008-02-27 22:35 . 02/27/08 10:35p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-02-27 22:30 . 02/27/08 10:30p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-02-27 22:30 . 02/27/08 10:35p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-02-27 22:28 . 06/19/03 01:05p 12,592 --a------ C:\WINNT\system32\drivers\usbscan.sys
2008-02-27 22:28 . 06/19/03 01:05p 12,592 --a--c--- C:\WINNT\system32\dllcache\usbscan.sys
2008-02-26 18:27 . 09/02/05 06:08p 117,760 --a------ C:\WINNT\system32\CNDPTPU.dll
2008-02-26 18:27 . 09/02/05 06:08p 63,488 --a------ C:\WINNT\system32\CNDPTPC.dll
2008-02-26 18:17 . 02/26/08 06:18p <DIR> d-------- C:\WINNT\winsxs
2008-02-26 18:17 . 02/26/08 06:17p <DIR> d-------- C:\WINNT\PCHEALTH
2008-02-26 18:14 . 02/26/08 06:14p <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-26 17:54 . 02/26/08 05:54p <DIR> d-------- C:\Program Files\Common Files\Canon
2008-02-02 12:05 . 02/02/08 12:05p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 05:14 --------- d---a-w C:\Program Files\Neostrada TP
2008-03-31 05:02 --------- d-----w C:\Documents and Settings\Lipka\Application Data\Skype
2008-03-29 06:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-28 12:22 2,916,352 ----a-w C:\WINNT\Internet Logs\xDB7.tmp
2008-03-28 06:37 13,236,137 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-03-27 23:12 --------- d---a-w C:\Program Files\Spyware Terminator
2008-03-27 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-27 22:35 --------- d---a-w C:\Documents and Settings\Lipka\Application Data\Spyware Terminator
2008-03-26 09:02 --------- d-----w C:\Program Files\SkanerOnline
2008-03-12 14:37 2,868,736 ----a-w C:\WINNT\Internet Logs\xDB6.tmp
2008-03-12 14:37 2,648,064 ----a-w C:\WINNT\Internet Logs\xDB5.tmp
2008-03-09 08:11 2,956,800 ----a-w C:\WINNT\Internet Logs\xDB4.tmp
2008-02-26 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 16:27 --------- d-----w C:\Program Files\Canon
2008-01-26 20:53 2,821,120 ----a-w C:\WINNT\Internet Logs\xDB3.tmp
2008-01-10 08:33 9,024,799 ----a-w C:\WINNT\Internet Logs\vsmon_on_demand_2008_01_10_00_36_09_full.dmp.zip
2008-01-09 23:36 4,086,272 ----a-w C:\WINNT\Internet Logs\xDB1.tmp
2008-01-01 11:41 6,681,600 ----a-w C:\WINNT\Internet Logs\xDB2.tmp
2007-12-10 11:39 575,488 ----a-w C:\WINNT\system32\WININET.DLL
2007-12-05 10:40 631,056 ----a-w C:\WINNT\system32\OLEAUT32.DLL
2006-07-05 12:03 271 ---h--w C:\Program Files\desktop.ini
2006-07-05 12:03 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E475257-25BD-4A42-B3BF-867D4E8AAF3D}]
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
01/09/08 10:23a 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [01/09/08 10:23a 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [01/09/08 10:23a 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [12/07/99 02:00p 20752 C:\WINNT\system32\internat.exe]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/07 02:31p 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/07 09:34a 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p 111376 C:\WINNT\system32\mobsync.exe]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [10/16/03 07:07p 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [10/16/03 07:07p 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [10/16/03 07:07p 53248]
"DemonStarter"="C:\Program Files\PWN\Definicje\Bin\Starter.exe" [12/01/99 02:47p 36864]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/25/03 03:30p 335872]
"ASUS Probe"="D:\Tools\ASUS Probe\AsusProb.exe" [12/06/02 04:07p 617984]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a 241664]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [05/12/04 10:30p 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/12/04 10:29p 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [12/07/99 02:00p 20752 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 12:05p 186640]
C:\Documents and Settings\Imiela\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 23:30:44 114688]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINNT\system32\DRIVERS\CINEMSUP.SYS [01/08/02 10:16a]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINNT\system32\drivers\ctlsb16.sys [10/23/99 03:10p]
R3 TTDec;ATI WDM Teletext Decoder;C:\WINNT\system32\DRIVERS\ATINTTXX.sys [08/04/04 03:07a]
S3 lsermous;Logitech Serial Mouse Driver;C:\WINNT\system32\DRIVERS\lsermous.sys [09/27/99 08:26p]
S3 mga64;mga64;C:\WINNT\system32\DRIVERS\mga64m.sys [11/29/99 07:47p]
S3 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [10/12/04 11:10p]
S3 oad;Visibroker Activation Daemon;D:\Borland\vbroker\bin\oad.exe [03/12/98 05:57p]
S3 osagent;VisiBroker Smart Agent;D:\Borland\vbroker\bin\osagent.exe [03/12/98 05:58p]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINNT\system32\DRIVERS\w200bus.sys [11/07/06 09:42a]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\w200mdfl.sys [11/07/06 09:42a]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\w200mdm.sys [11/07/06 09:42a]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\w200mgmt.sys [11/07/06 09:42a]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\w200obex.sys [11/07/06 09:42a]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 07:25:13
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\tsd32.dll
.
Completion time: 03/31/2008 7:27:23
ComboFix-quarantined-files.txt 2008-03-31 05:27:10
Pre-Run: 3,315,568,640 bytes free
Post-Run: 3,295,281,152 bytes free
.
2008-03-23 12:23:17 --- E O F ---
Nastepnie ladowal mi sie nachalnie sie jakis dziwny program Oczyszczaczkomputerza. I na dodatek zaczelo sie cos dziac z przegladarkami EXplore i Firefox : Bardzo czesto wyskakiwaly okienka ostrzegajace odpowiednio: firefox.exe has generated errors an will be closed by Windows. You will need to restart the program, albo IExplore.exe has generated errors ... idalej jak wyzej.Skorzystalam z porady na jakims forum, sciagnelam program SmithFraudFix i zastosowalam. Ten oczyszczcz komputerza zniknal i juz wiec sie na razie nie pokazal, ale inne opisane wyzej problemy zostaly. I nadodatek po zalogowaniu dolaczyl drugi komunikat RUNDLL Error loading C:\DOCUME~1\LIPKA\LOCALS~1\Temp\jkhfe.dll. The specified module could not by found, czyli byly juz dwa komunikaty i dalej co jakis czas klopoty z przegladarkami internetowymi. Znow skorzystalam z porady w internecie i sciagnelam program ComboFix i zastosowalam. Po zakonczeniu pracy programu, zrestartowalam komputer i wyskoczyly mi na dodatek nastepne dwa komunikaty RUNDLL, a mianowicie 1. Error loading C:\WINNT\system32\wjvwnmeg.dll, 2. Error loading C:\WINNT\system32\pwdiexmg.dll Prosze o pomoc!
Zalaczam logi:
SDFix: Version 1.163
Run by BabciaEla on Sat 03/29/2008 at 7:17a
Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINNT\Downloaded Program Files\UGDCPL_0001_N122M2012NetInstaller.exe - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 07:30:12
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0471&Pid_1144&Mi_00\6&10b65970&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0471&Pid_1144&Mi_00\7&23287b7f&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_0471&Pid_1144&Mi_00\6&10b65970&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_0471&Pid_1144&Mi_00\7&23287b7f&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 27 Feb 2008 0 A..H. --- "C:\WINNT\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Finished!
SDFix: Version 1.163
Run by BabciaEla on Sun 03/30/2008 at 9:06a
Microsoft Windows 2000 [Version 5.00.2195]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 09:12:55
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0471&Pid_1144&Mi_00\6&10b65970&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\Vid_0471&Pid_1144&Mi_00\7&23287b7f&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_0471&Pid_1144&Mi_00\6&10b65970&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\USB\Vid_0471&Pid_1144&Mi_00\7&23287b7f&0&0\Device Parameters]
"HWRevision?U\x2039\x11b\x81\x11b\x11a?"="100"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 27 Feb 2008 0 A..H. --- "C:\WINNT\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT3.tmp"
Finished!
ComboFix 08-03-30.2 - BabciaEla 03/31/2008 7:20:52.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.48.1033.18.18 [GMT 2:00]
Running from: D:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\BM7b54edff.xml
C:\WINNT\cookies.ini
C:\WINNT\pskt.ini
C:\WINNT\system32\bjmtolwv.ini
C:\WINNT\system32\bwsvcjwt.dll
C:\WINNT\system32\Cfx32.lic
C:\WINNT\system32\cfx32.ocx
C:\WINNT\system32\cgjgaepe.ini
C:\WINNT\system32\desufdvw.dll
C:\WINNT\system32\dmjngdtu.dll
C:\WINNT\system32\epeagjgc.dll
C:\WINNT\system32\epmbhexs.dll
C:\WINNT\system32\jemdfjws.ini
C:\WINNT\system32\kbpmdyxh.dll
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\mnstvdxk.dll
C:\WINNT\system32\pwdiexmg.dll
C:\WINNT\system32\qgokedds.dll
C:\WINNT\system32\swjfdmej.dll
C:\WINNT\system32\sxehbmpe.ini
C:\WINNT\system32\vwlotmjb.dll
C:\WINNT\system32\wjvwnmeg.dll
C:\WINNT\system32\wvdfused.ini
C:\WINNT\system32\xmofymwp.dll
C:\WINNT\system32\yvpaejyt.dll
C:\WINNT\system32\ywximxlu.dll
C:\WINNT\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-31 )))))))))))))))))))))))))))))))
.
2008-03-31 06:44 . 03/31/08 06:44a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f0.dat
2008-03-30 22:29 . 03/30/08 10:29p 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-03-30 22:29 . 03/30/08 10:29p 1,409 --a------ C:\WINNT\QTFont.for
2008-03-29 08:36 . 03/31/08 07:14a 1,283,944 ---h----- C:\WINNT\ShellIconCache
2008-03-28 16:25 . 03/28/08 04:26p <DIR> d-------- C:\WINNT\ERUNT
2008-03-28 15:57 . 03/30/08 09:15a <DIR> d-------- C:\SDFix
2008-03-28 13:48 . 03/28/08 01:48p 54,336 --a------ C:\WINNT\system32\yvvqlvvy.dll
2008-03-28 13:48 . 03/28/08 01:48p 54,336 --a------ C:\WINNT\system32\iqracbcv.dll
2008-03-28 13:48 . 03/28/08 01:48p 54,336 --a------ C:\WINNT\system32\axnxpvii.dll
2008-03-28 13:47 . 03/28/08 01:47p 54,336 --a------ C:\WINNT\system32\uarpqbsc.dll
2008-03-28 13:47 . 03/28/08 01:47p 54,336 --a------ C:\WINNT\system32\bprynajc.dll
2008-03-28 13:46 . 03/28/08 01:46p 54,336 --a------ C:\WINNT\system32\pciunswd.dll
2008-03-28 13:46 . 03/28/08 01:46p 54,336 --a------ C:\WINNT\system32\iidaamdp.dll
2008-03-28 13:46 . 03/28/08 01:46p 54,336 --a------ C:\WINNT\system32\dkhkcrnc.dll
2008-03-28 13:45 . 03/28/08 01:45p 54,336 --a------ C:\WINNT\system32\qttueefv.dll
2008-03-28 13:45 . 03/28/08 01:45p 54,336 --a------ C:\WINNT\system32\jahbqrei.dll
2008-03-28 13:44 . 03/28/08 01:44p 54,336 --a------ C:\WINNT\system32\qjxgujpx.dll
2008-03-28 13:44 . 03/28/08 01:44p 54,336 --a------ C:\WINNT\system32\madqkvrp.dll
2008-03-28 13:44 . 03/28/08 01:44p 54,336 --a------ C:\WINNT\system32\fgxwxqyc.dll
2008-03-28 13:43 . 03/28/08 01:43p 54,336 --a------ C:\WINNT\system32\aygdxjfp.dll
2008-03-23 13:03 . 03/23/08 01:03p <DIR> dr------- C:\New Briefcase
2008-03-22 20:19 . 03/22/08 08:19p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_358.dat
2008-03-12 10:15 . 03/12/08 10:15a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f8.dat
2008-03-03 20:24 . 03/03/08 08:24p 129 --a------ C:\WINNT\system32\test.aok
2008-02-27 23:03 . 02/27/08 11:03p <DIR> d-------- C:\Documents and Settings\Lipka\Application Data\CANON INC
2008-02-27 23:03 . 03/27/08 12:25p <DIR> d-------- C:\Documents and Settings\Lipka\Application Data\CameraWindowDC
2008-02-27 22:57 . 03/28/08 12:33a <DIR> d-------- C:\Documents and Settings\Lipka\Application Data\ZoomBrowser EX
2008-02-27 22:35 . 02/27/08 10:35p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-02-27 22:30 . 02/27/08 10:30p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-02-27 22:30 . 02/27/08 10:35p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-02-27 22:28 . 06/19/03 01:05p 12,592 --a------ C:\WINNT\system32\drivers\usbscan.sys
2008-02-27 22:28 . 06/19/03 01:05p 12,592 --a--c--- C:\WINNT\system32\dllcache\usbscan.sys
2008-02-26 18:27 . 09/02/05 06:08p 117,760 --a------ C:\WINNT\system32\CNDPTPU.dll
2008-02-26 18:27 . 09/02/05 06:08p 63,488 --a------ C:\WINNT\system32\CNDPTPC.dll
2008-02-26 18:17 . 02/26/08 06:18p <DIR> d-------- C:\WINNT\winsxs
2008-02-26 18:17 . 02/26/08 06:17p <DIR> d-------- C:\WINNT\PCHEALTH
2008-02-26 18:14 . 02/26/08 06:14p <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-26 17:54 . 02/26/08 05:54p <DIR> d-------- C:\Program Files\Common Files\Canon
2008-02-02 12:05 . 02/02/08 12:05p <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Leadertech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 05:14 --------- d---a-w C:\Program Files\Neostrada TP
2008-03-31 05:02 --------- d-----w C:\Documents and Settings\Lipka\Application Data\Skype
2008-03-29 06:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-28 12:22 2,916,352 ----a-w C:\WINNT\Internet Logs\xDB7.tmp
2008-03-28 06:37 13,236,137 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-03-27 23:12 --------- d---a-w C:\Program Files\Spyware Terminator
2008-03-27 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-27 22:35 --------- d---a-w C:\Documents and Settings\Lipka\Application Data\Spyware Terminator
2008-03-26 09:02 --------- d-----w C:\Program Files\SkanerOnline
2008-03-12 14:37 2,868,736 ----a-w C:\WINNT\Internet Logs\xDB6.tmp
2008-03-12 14:37 2,648,064 ----a-w C:\WINNT\Internet Logs\xDB5.tmp
2008-03-09 08:11 2,956,800 ----a-w C:\WINNT\Internet Logs\xDB4.tmp
2008-02-26 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 16:27 --------- d-----w C:\Program Files\Canon
2008-01-26 20:53 2,821,120 ----a-w C:\WINNT\Internet Logs\xDB3.tmp
2008-01-10 08:33 9,024,799 ----a-w C:\WINNT\Internet Logs\vsmon_on_demand_2008_01_10_00_36_09_full.dmp.zip
2008-01-09 23:36 4,086,272 ----a-w C:\WINNT\Internet Logs\xDB1.tmp
2008-01-01 11:41 6,681,600 ----a-w C:\WINNT\Internet Logs\xDB2.tmp
2007-12-10 11:39 575,488 ----a-w C:\WINNT\system32\WININET.DLL
2007-12-05 10:40 631,056 ----a-w C:\WINNT\system32\OLEAUT32.DLL
2006-07-05 12:03 271 ---h--w C:\Program Files\desktop.ini
2006-07-05 12:03 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E475257-25BD-4A42-B3BF-867D4E8AAF3D}]
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
01/09/08 10:23a 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [01/09/08 10:23a 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [01/09/08 10:23a 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [12/07/99 02:00p 20752 C:\WINNT\system32\internat.exe]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/07 02:31p 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/07 09:34a 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p 111376 C:\WINNT\system32\mobsync.exe]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [10/16/03 07:07p 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [10/16/03 07:07p 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [10/16/03 07:07p 53248]
"DemonStarter"="C:\Program Files\PWN\Definicje\Bin\Starter.exe" [12/01/99 02:47p 36864]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/25/03 03:30p 335872]
"ASUS Probe"="D:\Tools\ASUS Probe\AsusProb.exe" [12/06/02 04:07p 617984]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a 241664]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [05/12/04 10:30p 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/12/04 10:29p 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [12/07/99 02:00p 20752 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 12:05p 186640]
C:\Documents and Settings\Imiela\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 23:30:44 114688]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINNT\system32\DRIVERS\CINEMSUP.SYS [01/08/02 10:16a]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINNT\system32\drivers\ctlsb16.sys [10/23/99 03:10p]
R3 TTDec;ATI WDM Teletext Decoder;C:\WINNT\system32\DRIVERS\ATINTTXX.sys [08/04/04 03:07a]
S3 lsermous;Logitech Serial Mouse Driver;C:\WINNT\system32\DRIVERS\lsermous.sys [09/27/99 08:26p]
S3 mga64;mga64;C:\WINNT\system32\DRIVERS\mga64m.sys [11/29/99 07:47p]
S3 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [10/12/04 11:10p]
S3 oad;Visibroker Activation Daemon;D:\Borland\vbroker\bin\oad.exe [03/12/98 05:57p]
S3 osagent;VisiBroker Smart Agent;D:\Borland\vbroker\bin\osagent.exe [03/12/98 05:58p]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINNT\system32\DRIVERS\w200bus.sys [11/07/06 09:42a]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\w200mdfl.sys [11/07/06 09:42a]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\w200mdm.sys [11/07/06 09:42a]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\w200mgmt.sys [11/07/06 09:42a]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\w200obex.sys [11/07/06 09:42a]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 07:25:13
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\tsd32.dll
.
Completion time: 03/31/2008 7:27:23
ComboFix-quarantined-files.txt 2008-03-31 05:27:10
Pre-Run: 3,315,568,640 bytes free
Post-Run: 3,295,281,152 bytes free
.
2008-03-23 12:23:17 --- E O F ---
01 Kwi 2008, 08:45
cytat: "I na dodatek zaczelo sie cos dziac z przegladarkami EXplore i Firefox : Bardzo czesto wyskakiwaly okienka ostrzegajace odpowiednio: firefox.exe has generated errors an will be closed by Windows. You will need to restart the program, albo IExplore.exe has generated errors ... idalej jak wyzej"
Wczoraj te komunikaty nie wyskoczyly, ale zauwazylam, ze co jakis czas wyskakuje samoczynnie puste okno przegladarki Explorer i caly czas przy logowaniu wyskakuja te te cztery komunikaty (o ktorych pisalam), przy logowaniu. Wylacza sie tez nieraz samoczynnie komputer. Przy przegladaniu zdjec na jednej ze stron internetowych, zauwazylam, ze nagle zamiast miniatur niektorych zdjec jest komunikat o tresci, ze na tym komputerze jest Spyware, czy cos takiego (nie znam angielskiego)Bardzo prosze sprawdzic moje logi i bardzo prosze o pomoc w rozwiazaniu tego problemu.
Wczoraj te komunikaty nie wyskoczyly, ale zauwazylam, ze co jakis czas wyskakuje samoczynnie puste okno przegladarki Explorer i caly czas przy logowaniu wyskakuja te te cztery komunikaty (o ktorych pisalam), przy logowaniu. Wylacza sie tez nieraz samoczynnie komputer. Przy przegladaniu zdjec na jednej ze stron internetowych, zauwazylam, ze nagle zamiast miniatur niektorych zdjec jest komunikat o tresci, ze na tym komputerze jest Spyware, czy cos takiego (nie znam angielskiego)Bardzo prosze sprawdzic moje logi i bardzo prosze o pomoc w rozwiazaniu tego problemu.
01 Kwi 2008, 14:54
Wklej do Notatnika:
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combofix.
File::
C:\WINNT\system32\yvvqlvvy.dll
C:\WINNT\system32\iidaamdp.dll
C:\WINNT\system32\pciunswd.dll
C:\WINNT\system32\bprynajc.dll
C:\WINNT\system32\aygdxjfp.dll
C:\WINNT\system32\iqracbcv.dll
C:\WINNT\system32\axnxpvii.dll
C:\WINNT\system32\uarpqbsc.dll
C:\WINNT\system32\dkhkcrnc.dll
C:\WINNT\system32\qttueefv.dll
C:\WINNT\system32\jahbqrei.dll
C:\WINNT\system32\qjxgujpx.dll
C:\WINNT\system32\madqkvrp.dll
C:\WINNT\system32\fgxwxqyc.dll
C:\WINNT\Internet Logs\xDB7.tmp
C:\WINNT\Internet Logs\xDB6.tmp
C:\WINNT\Internet Logs\xDB5.tmp
C:\WINNT\Internet Logs\xDB4.tmp
C:\WINNT\Internet Logs\xDB3.tmp
C:\WINNT\Internet Logs\xDB2.tmp
C:\WINNT\Internet Logs\xDB1.tmp
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
Registry::
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E475257-25BD-4A42-B3BF-867D4E8AAF3D}]
Folder::
C:\DOCUME~1\LIPKA\LOKALS~1\Temp
>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.
Po tym nowy log z Combofix.
01 Kwi 2008, 15:18
a czy ja moge zaznaczyc w tym cytacie i wkleic, czy musze szukac na dysku?
01 Kwi 2008, 15:40
Kopiujesz to co w cytacie, wklejasz do notatnika i dalej według instrukcji. Nic nie musisz szukać
01 Kwi 2008, 23:33
Pierwszy log:
ComboFix 08-03-30.2 - BabciaEla 2008-04-01 22:23:30.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.48.1033.18.30 [GMT 2:00]
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
C:\WINNT\Internet Logs\xDB1.tmp
C:\WINNT\Internet Logs\xDB2.tmp
C:\WINNT\Internet Logs\xDB3.tmp
C:\WINNT\Internet Logs\xDB4.tmp
C:\WINNT\Internet Logs\xDB5.tmp
C:\WINNT\Internet Logs\xDB6.tmp
C:\WINNT\Internet Logs\xDB7.tmp
C:\WINNT\system32\axnxpvii.dll
C:\WINNT\system32\aygdxjfp.dll
C:\WINNT\system32\bprynajc.dll
C:\WINNT\system32\dkhkcrnc.dll
C:\WINNT\system32\fgxwxqyc.dll
C:\WINNT\system32\iidaamdp.dll
C:\WINNT\system32\iqracbcv.dll
C:\WINNT\system32\jahbqrei.dll
C:\WINNT\system32\madqkvrp.dll
C:\WINNT\system32\pciunswd.dll
C:\WINNT\system32\qjxgujpx.dll
C:\WINNT\system32\qttueefv.dll
C:\WINNT\system32\uarpqbsc.dll
C:\WINNT\system32\yvvqlvvy.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\Internet Logs\xDB1.tmp
C:\WINNT\Internet Logs\xDB2.tmp
C:\WINNT\Internet Logs\xDB3.tmp
C:\WINNT\Internet Logs\xDB4.tmp
C:\WINNT\Internet Logs\xDB5.tmp
C:\WINNT\Internet Logs\xDB6.tmp
C:\WINNT\Internet Logs\xDB7.tmp
C:\WINNT\system32\axnxpvii.dll
C:\WINNT\system32\aygdxjfp.dll
C:\WINNT\system32\bprynajc.dll
C:\WINNT\system32\dkhkcrnc.dll
C:\WINNT\system32\fgxwxqyc.dll
C:\WINNT\system32\iidaamdp.dll
C:\WINNT\system32\iqracbcv.dll
C:\WINNT\system32\jahbqrei.dll
C:\WINNT\system32\madqkvrp.dll
C:\WINNT\system32\pciunswd.dll
C:\WINNT\system32\qjxgujpx.dll
C:\WINNT\system32\qttueefv.dll
C:\WINNT\system32\uarpqbsc.dll
C:\WINNT\system32\yvvqlvvy.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.
2008-04-01 21:26 . 08-04-01 21:26 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2008-04-01 21:22 . 08-04-01 21:22 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2c8.dat
2008-03-30 22:29 . 08-03-30 22:29 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-03-30 22:29 . 08-03-30 22:29 1,409 --a------ C:\WINNT\QTFont.for
2008-03-29 08:36 . 08-04-01 22:19 1,284,404 ---h----- C:\WINNT\ShellIconCache
2008-03-28 16:25 . 08-03-28 16:26 <DIR> d-------- C:\WINNT\ERUNT
2008-03-28 15:57 . 08-03-30 09:15 <DIR> d-------- C:\SDFix
2008-03-23 13:03 . 08-03-23 13:03 <DIR> dr------- C:\New Briefcase
2008-03-22 20:19 . 08-03-22 20:19 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_358.dat
2008-03-12 10:15 . 08-03-12 10:15 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f8.dat
2008-03-03 20:24 . 08-03-03 20:24 129 --a------ C:\WINNT\system32\test.aok
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 20:08 --------- d-----w C:\Documents and Settings\Lipka\Application Data\Skype
2008-04-01 20:07 --------- d---a-w C:\Program Files\Neostrada TP
2008-04-01 20:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-28 06:37 13,236,137 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-03-27 23:12 --------- d---a-w C:\Program Files\Spyware Terminator
2008-03-27 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-27 22:35 --------- d---a-w C:\Documents and Settings\Lipka\Application Data\Spyware Terminator
2008-03-27 22:33 --------- d-----w C:\Documents and Settings\Lipka\Application Data\ZoomBrowser EX
2008-03-27 10:25 --------- d-----w C:\Documents and Settings\Lipka\Application Data\CameraWindowDC
2008-03-26 09:02 --------- d-----w C:\Program Files\SkanerOnline
2008-02-27 21:03 --------- d-----w C:\Documents and Settings\Lipka\Application Data\CANON INC
2008-02-27 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-02-27 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-02-26 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 16:27 --------- d-----w C:\Program Files\Canon
2008-02-26 16:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-26 15:54 --------- d-----w C:\Program Files\Common Files\Canon
2008-02-02 10:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-01-10 08:33 9,024,799 ----a-w C:\WINNT\Internet Logs\vsmon_on_demand_2008_01_10_00_36_09_full.dmp.zip
2006-07-05 12:03 271 ---h--w C:\Program Files\desktop.ini
2006-07-05 12:03 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E475257-25BD-4A42-B3BF-867D4E8AAF3D}]
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
08-01-09 10:23 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [08-01-09 10:23 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [08-01-09 10:23 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 14:00 20752 C:\WINNT\system32\internat.exe]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07-09-13 14:31 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07-07-27 09:34 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [03-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [03-10-16 19:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [03-10-16 19:07 53248]
"DemonStarter"="C:\Program Files\PWN\Definicje\Bin\Starter.exe" [99-12-01 14:47 36864]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-06-25 15:30 335872]
"ASUS Probe"="D:\Tools\ASUS Probe\AsusProb.exe" [02-12-06 16:07 617984]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [03-12-22 08:38 241664]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [04-05-12 22:30 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [04-05-12 22:29 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-11-14 17:05 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 14:00 20752 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]
C:\Documents and Settings\Imiela\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 23:30:44 114688]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINNT\system32\DRIVERS\CINEMSUP.SYS [02-01-08 10:16 ]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINNT\system32\drivers\ctlsb16.sys [99-10-23 15:10 ]
R3 TTDec;ATI WDM Teletext Decoder;C:\WINNT\system32\DRIVERS\ATINTTXX.sys [04-08-04 03:07 ]
S3 lsermous;Logitech Serial Mouse Driver;C:\WINNT\system32\DRIVERS\lsermous.sys [99-09-27 20:26 ]
S3 mga64;mga64;C:\WINNT\system32\DRIVERS\mga64m.sys [99-11-29 19:47 ]
S3 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [04-10-12 23:10 ]
S3 oad;Visibroker Activation Daemon;D:\Borland\vbroker\bin\oad.exe [98-03-12 17:57 ]
S3 osagent;VisiBroker Smart Agent;D:\Borland\vbroker\bin\osagent.exe [98-03-12 17:58 ]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINNT\system32\DRIVERS\w200bus.sys [06-11-07 09:42 ]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\w200mdfl.sys [06-11-07 09:42 ]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\w200mdm.sys [06-11-07 09:42 ]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\w200mgmt.sys [06-11-07 09:42 ]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\w200obex.sys [06-11-07 09:42 ]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 22:27:50
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\tsd32.dll
.
Completion time: 2008-04-01 22:29:33
ComboFix-quarantined-files.txt 2008-04-01 20:29:21
ComboFix2.txt 2008-03-31 05:27:24
Pre-Run: 3,553,923,072 bytes free
Post-Run: 3,546,374,144 bytes free
.
2008-03-23 12:23:17 --- E O F ---
a to log wykonany po restarcie:
ComboFix 08-03-30.2 - BabciaEla 04/01/2008 22:51:53.3 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.48.1033.18.18 [GMT 2:00]
Running from: D:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.
2008-04-01 22:47 . 04/01/08 10:47p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2008-04-01 21:22 . 04/01/08 09:22p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2c8.dat
2008-03-30 22:29 . 03/30/08 10:29p 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-03-30 22:29 . 03/30/08 10:29p 1,409 --a------ C:\WINNT\QTFont.for
2008-03-29 08:36 . 04/01/08 10:41p 1,284,404 ---h----- C:\WINNT\ShellIconCache
2008-03-28 16:25 . 03/28/08 04:26p <DIR> d-------- C:\WINNT\ERUNT
2008-03-28 15:57 . 03/30/08 09:15a <DIR> d-------- C:\SDFix
2008-03-23 13:03 . 03/23/08 01:03p <DIR> dr------- C:\New Briefcase
2008-03-22 20:19 . 03/22/08 08:19p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_358.dat
2008-03-12 10:15 . 03/12/08 10:15a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f8.dat
2008-03-03 20:24 . 03/03/08 08:24p 129 --a------ C:\WINNT\system32\test.aok
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 20:45 14,290,569 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-04-01 20:41 --------- d---a-w C:\Program Files\Neostrada TP
2008-04-01 20:39 --------- d-----w C:\Documents and Settings\Lipka\Application Data\Skype
2008-04-01 20:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-27 23:12 --------- d---a-w C:\Program Files\Spyware Terminator
2008-03-27 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-27 22:35 --------- d---a-w C:\Documents and Settings\Lipka\Application Data\Spyware Terminator
2008-03-27 22:33 --------- d-----w C:\Documents and Settings\Lipka\Application Data\ZoomBrowser EX
2008-03-27 10:25 --------- d-----w C:\Documents and Settings\Lipka\Application Data\CameraWindowDC
2008-03-26 09:02 --------- d-----w C:\Program Files\SkanerOnline
2008-02-27 21:03 --------- d-----w C:\Documents and Settings\Lipka\Application Data\CANON INC
2008-02-27 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-02-27 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-02-26 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 16:27 --------- d-----w C:\Program Files\Canon
2008-02-26 16:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-26 15:54 --------- d-----w C:\Program Files\Common Files\Canon
2008-02-02 10:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-01-10 08:33 9,024,799 ----a-w C:\WINNT\Internet Logs\vsmon_on_demand_2008_01_10_00_36_09_full.dmp.zip
2006-07-05 12:03 271 ---h--w C:\Program Files\desktop.ini
2006-07-05 12:03 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E475257-25BD-4A42-B3BF-867D4E8AAF3D}]
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
01/09/08 10:23a 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [01/09/08 10:23a 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [01/09/08 10:23a 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [12/07/99 02:00p 20752 C:\WINNT\system32\internat.exe]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/07 02:31p 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/07 09:34a 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p 111376 C:\WINNT\system32\mobsync.exe]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [10/16/03 07:07p 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [10/16/03 07:07p 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [10/16/03 07:07p 53248]
"DemonStarter"="C:\Program Files\PWN\Definicje\Bin\Starter.exe" [12/01/99 02:47p 36864]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/25/03 03:30p 335872]
"ASUS Probe"="D:\Tools\ASUS Probe\AsusProb.exe" [12/06/02 04:07p 617984]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a 241664]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [05/12/04 10:30p 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/12/04 10:29p 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [12/07/99 02:00p 20752 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 12:05p 186640]
C:\Documents and Settings\Imiela\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 23:30:44 114688]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINNT\system32\DRIVERS\CINEMSUP.SYS [01/08/02 10:16a]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINNT\system32\drivers\ctlsb16.sys [10/23/99 03:10p]
R3 TTDec;ATI WDM Teletext Decoder;C:\WINNT\system32\DRIVERS\ATINTTXX.sys [08/04/04 03:07a]
S3 lsermous;Logitech Serial Mouse Driver;C:\WINNT\system32\DRIVERS\lsermous.sys [09/27/99 08:26p]
S3 mga64;mga64;C:\WINNT\system32\DRIVERS\mga64m.sys [11/29/99 07:47p]
S3 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [10/12/04 11:10p]
S3 oad;Visibroker Activation Daemon;D:\Borland\vbroker\bin\oad.exe [03/12/98 05:57p]
S3 osagent;VisiBroker Smart Agent;D:\Borland\vbroker\bin\osagent.exe [03/12/98 05:58p]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINNT\system32\DRIVERS\w200bus.sys [11/07/06 09:42a]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\w200mdfl.sys [11/07/06 09:42a]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\w200mdm.sys [11/07/06 09:42a]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\w200mgmt.sys [11/07/06 09:42a]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\w200obex.sys [11/07/06 09:42a]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 22:55:07
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\tsd32.dll
.
Completion time: 04/01/2008 22:56:49
ComboFix-quarantined-files.txt 2008-04-01 20:56:37
ComboFix2.txt 2008-04-01 20:29:35
Pre-Run: 3,702,317,056 bytes free
Post-Run: 3,687,833,600 bytes free
.
2008-03-23 12:23:17 --- E O F ---
ComboFix 08-03-30.2 - BabciaEla 2008-04-01 22:23:30.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.48.1033.18.30 [GMT 2:00]
Running from: D:\ComboFix.exe
Command switches used :: D:\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
C:\WINNT\Internet Logs\xDB1.tmp
C:\WINNT\Internet Logs\xDB2.tmp
C:\WINNT\Internet Logs\xDB3.tmp
C:\WINNT\Internet Logs\xDB4.tmp
C:\WINNT\Internet Logs\xDB5.tmp
C:\WINNT\Internet Logs\xDB6.tmp
C:\WINNT\Internet Logs\xDB7.tmp
C:\WINNT\system32\axnxpvii.dll
C:\WINNT\system32\aygdxjfp.dll
C:\WINNT\system32\bprynajc.dll
C:\WINNT\system32\dkhkcrnc.dll
C:\WINNT\system32\fgxwxqyc.dll
C:\WINNT\system32\iidaamdp.dll
C:\WINNT\system32\iqracbcv.dll
C:\WINNT\system32\jahbqrei.dll
C:\WINNT\system32\madqkvrp.dll
C:\WINNT\system32\pciunswd.dll
C:\WINNT\system32\qjxgujpx.dll
C:\WINNT\system32\qttueefv.dll
C:\WINNT\system32\uarpqbsc.dll
C:\WINNT\system32\yvvqlvvy.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINNT\Internet Logs\xDB1.tmp
C:\WINNT\Internet Logs\xDB2.tmp
C:\WINNT\Internet Logs\xDB3.tmp
C:\WINNT\Internet Logs\xDB4.tmp
C:\WINNT\Internet Logs\xDB5.tmp
C:\WINNT\Internet Logs\xDB6.tmp
C:\WINNT\Internet Logs\xDB7.tmp
C:\WINNT\system32\axnxpvii.dll
C:\WINNT\system32\aygdxjfp.dll
C:\WINNT\system32\bprynajc.dll
C:\WINNT\system32\dkhkcrnc.dll
C:\WINNT\system32\fgxwxqyc.dll
C:\WINNT\system32\iidaamdp.dll
C:\WINNT\system32\iqracbcv.dll
C:\WINNT\system32\jahbqrei.dll
C:\WINNT\system32\madqkvrp.dll
C:\WINNT\system32\pciunswd.dll
C:\WINNT\system32\qjxgujpx.dll
C:\WINNT\system32\qttueefv.dll
C:\WINNT\system32\uarpqbsc.dll
C:\WINNT\system32\yvvqlvvy.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.
2008-04-01 21:26 . 08-04-01 21:26 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2008-04-01 21:22 . 08-04-01 21:22 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2c8.dat
2008-03-30 22:29 . 08-03-30 22:29 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-03-30 22:29 . 08-03-30 22:29 1,409 --a------ C:\WINNT\QTFont.for
2008-03-29 08:36 . 08-04-01 22:19 1,284,404 ---h----- C:\WINNT\ShellIconCache
2008-03-28 16:25 . 08-03-28 16:26 <DIR> d-------- C:\WINNT\ERUNT
2008-03-28 15:57 . 08-03-30 09:15 <DIR> d-------- C:\SDFix
2008-03-23 13:03 . 08-03-23 13:03 <DIR> dr------- C:\New Briefcase
2008-03-22 20:19 . 08-03-22 20:19 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_358.dat
2008-03-12 10:15 . 08-03-12 10:15 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f8.dat
2008-03-03 20:24 . 08-03-03 20:24 129 --a------ C:\WINNT\system32\test.aok
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 20:08 --------- d-----w C:\Documents and Settings\Lipka\Application Data\Skype
2008-04-01 20:07 --------- d---a-w C:\Program Files\Neostrada TP
2008-04-01 20:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-28 06:37 13,236,137 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-03-27 23:12 --------- d---a-w C:\Program Files\Spyware Terminator
2008-03-27 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-27 22:35 --------- d---a-w C:\Documents and Settings\Lipka\Application Data\Spyware Terminator
2008-03-27 22:33 --------- d-----w C:\Documents and Settings\Lipka\Application Data\ZoomBrowser EX
2008-03-27 10:25 --------- d-----w C:\Documents and Settings\Lipka\Application Data\CameraWindowDC
2008-03-26 09:02 --------- d-----w C:\Program Files\SkanerOnline
2008-02-27 21:03 --------- d-----w C:\Documents and Settings\Lipka\Application Data\CANON INC
2008-02-27 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-02-27 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-02-26 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 16:27 --------- d-----w C:\Program Files\Canon
2008-02-26 16:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-26 15:54 --------- d-----w C:\Program Files\Common Files\Canon
2008-02-02 10:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-01-10 08:33 9,024,799 ----a-w C:\WINNT\Internet Logs\vsmon_on_demand_2008_01_10_00_36_09_full.dmp.zip
2006-07-05 12:03 271 ---h--w C:\Program Files\desktop.ini
2006-07-05 12:03 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E475257-25BD-4A42-B3BF-867D4E8AAF3D}]
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
08-01-09 10:23 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [08-01-09 10:23 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [08-01-09 10:23 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 14:00 20752 C:\WINNT\system32\internat.exe]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07-09-13 14:31 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07-07-27 09:34 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 12:05 111376 C:\WINNT\system32\mobsync.exe]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [03-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [03-10-16 19:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [03-10-16 19:07 53248]
"DemonStarter"="C:\Program Files\PWN\Definicje\Bin\Starter.exe" [99-12-01 14:47 36864]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03-06-25 15:30 335872]
"ASUS Probe"="D:\Tools\ASUS Probe\AsusProb.exe" [02-12-06 16:07 617984]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [03-12-22 08:38 241664]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [04-05-12 22:30 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [04-05-12 22:29 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-11-14 17:05 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [99-12-07 14:00 20752 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 12:05 186640]
C:\Documents and Settings\Imiela\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 23:30:44 114688]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINNT\system32\DRIVERS\CINEMSUP.SYS [02-01-08 10:16 ]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINNT\system32\drivers\ctlsb16.sys [99-10-23 15:10 ]
R3 TTDec;ATI WDM Teletext Decoder;C:\WINNT\system32\DRIVERS\ATINTTXX.sys [04-08-04 03:07 ]
S3 lsermous;Logitech Serial Mouse Driver;C:\WINNT\system32\DRIVERS\lsermous.sys [99-09-27 20:26 ]
S3 mga64;mga64;C:\WINNT\system32\DRIVERS\mga64m.sys [99-11-29 19:47 ]
S3 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [04-10-12 23:10 ]
S3 oad;Visibroker Activation Daemon;D:\Borland\vbroker\bin\oad.exe [98-03-12 17:57 ]
S3 osagent;VisiBroker Smart Agent;D:\Borland\vbroker\bin\osagent.exe [98-03-12 17:58 ]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINNT\system32\DRIVERS\w200bus.sys [06-11-07 09:42 ]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\w200mdfl.sys [06-11-07 09:42 ]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\w200mdm.sys [06-11-07 09:42 ]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\w200mgmt.sys [06-11-07 09:42 ]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\w200obex.sys [06-11-07 09:42 ]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 22:27:50
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\tsd32.dll
.
Completion time: 2008-04-01 22:29:33
ComboFix-quarantined-files.txt 2008-04-01 20:29:21
ComboFix2.txt 2008-03-31 05:27:24
Pre-Run: 3,553,923,072 bytes free
Post-Run: 3,546,374,144 bytes free
.
2008-03-23 12:23:17 --- E O F ---
a to log wykonany po restarcie:
ComboFix 08-03-30.2 - BabciaEla 04/01/2008 22:51:53.3 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1250.48.1033.18.18 [GMT 2:00]
Running from: D:\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.
2008-04-01 22:47 . 04/01/08 10:47p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2cc.dat
2008-04-01 21:22 . 04/01/08 09:22p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2c8.dat
2008-03-30 22:29 . 03/30/08 10:29p 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-03-30 22:29 . 03/30/08 10:29p 1,409 --a------ C:\WINNT\QTFont.for
2008-03-29 08:36 . 04/01/08 10:41p 1,284,404 ---h----- C:\WINNT\ShellIconCache
2008-03-28 16:25 . 03/28/08 04:26p <DIR> d-------- C:\WINNT\ERUNT
2008-03-28 15:57 . 03/30/08 09:15a <DIR> d-------- C:\SDFix
2008-03-23 13:03 . 03/23/08 01:03p <DIR> dr------- C:\New Briefcase
2008-03-22 20:19 . 03/22/08 08:19p 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_358.dat
2008-03-12 10:15 . 03/12/08 10:15a 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f8.dat
2008-03-03 20:24 . 03/03/08 08:24p 129 --a------ C:\WINNT\system32\test.aok
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 20:45 14,290,569 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-04-01 20:41 --------- d---a-w C:\Program Files\Neostrada TP
2008-04-01 20:39 --------- d-----w C:\Documents and Settings\Lipka\Application Data\Skype
2008-04-01 20:31 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-03-27 23:12 --------- d---a-w C:\Program Files\Spyware Terminator
2008-03-27 23:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-27 22:35 --------- d---a-w C:\Documents and Settings\Lipka\Application Data\Spyware Terminator
2008-03-27 22:33 --------- d-----w C:\Documents and Settings\Lipka\Application Data\ZoomBrowser EX
2008-03-27 10:25 --------- d-----w C:\Documents and Settings\Lipka\Application Data\CameraWindowDC
2008-03-26 09:02 --------- d-----w C:\Program Files\SkanerOnline
2008-02-27 21:03 --------- d-----w C:\Documents and Settings\Lipka\Application Data\CANON INC
2008-02-27 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
2008-02-27 20:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-02-27 20:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-02-26 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-26 16:27 --------- d-----w C:\Program Files\Canon
2008-02-26 16:14 --------- d---a-w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-26 15:54 --------- d-----w C:\Program Files\Common Files\Canon
2008-02-02 10:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Leadertech
2008-01-10 08:33 9,024,799 ----a-w C:\WINNT\Internet Logs\vsmon_on_demand_2008_01_10_00_36_09_full.dmp.zip
2006-07-05 12:03 271 ---h--w C:\Program Files\desktop.ini
2006-07-05 12:03 21,952 ---h--w C:\Program Files\folder.htt
1999-12-07 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E475257-25BD-4A42-B3BF-867D4E8AAF3D}]
C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
01/09/08 10:23a 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [01/09/08 10:23a 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [01/09/08 10:23a 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [12/07/99 02:00p 20752 C:\WINNT\system32\internat.exe]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/07 02:31p 22880040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/27/07 09:34a 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p 111376 C:\WINNT\system32\mobsync.exe]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [10/16/03 07:07p 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [10/16/03 07:07p 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [10/16/03 07:07p 53248]
"DemonStarter"="C:\Program Files\PWN\Definicje\Bin\Starter.exe" [12/01/99 02:47p 36864]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/25/03 03:30p 335872]
"ASUS Probe"="D:\Tools\ASUS Probe\AsusProb.exe" [12/06/02 04:07p 617984]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [12/22/03 08:38a 241664]
"HPDJ Taskbar Utility"="C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe" [05/12/04 10:30p 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/12/04 10:29p 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [ ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/07 05:05p 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [12/07/99 02:00p 20752 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 12:05p 186640]
C:\Documents and Settings\Imiela\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 23:30:44 114688]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINNT\system32\DRIVERS\CINEMSUP.SYS [01/08/02 10:16a]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINNT\system32\drivers\ctlsb16.sys [10/23/99 03:10p]
R3 TTDec;ATI WDM Teletext Decoder;C:\WINNT\system32\DRIVERS\ATINTTXX.sys [08/04/04 03:07a]
S3 lsermous;Logitech Serial Mouse Driver;C:\WINNT\system32\DRIVERS\lsermous.sys [09/27/99 08:26p]
S3 mga64;mga64;C:\WINNT\system32\DRIVERS\mga64m.sys [11/29/99 07:47p]
S3 MSSEARCH;Microsoft Search;"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe" [10/12/04 11:10p]
S3 oad;Visibroker Activation Daemon;D:\Borland\vbroker\bin\oad.exe [03/12/98 05:57p]
S3 osagent;VisiBroker Smart Agent;D:\Borland\vbroker\bin\osagent.exe [03/12/98 05:58p]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINNT\system32\DRIVERS\w200bus.sys [11/07/06 09:42a]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINNT\system32\DRIVERS\w200mdfl.sys [11/07/06 09:42a]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINNT\system32\DRIVERS\w200mdm.sys [11/07/06 09:42a]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINNT\system32\DRIVERS\w200mgmt.sys [11/07/06 09:42a]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINNT\system32\DRIVERS\w200obex.sys [11/07/06 09:42a]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 22:55:07
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\tsd32.dll
.
Completion time: 04/01/2008 22:56:49
ComboFix-quarantined-files.txt 2008-04-01 20:56:37
ComboFix2.txt 2008-04-01 20:29:35
Pre-Run: 3,702,317,056 bytes free
Post-Run: 3,687,833,600 bytes free
.
2008-03-23 12:23:17 --- E O F ---
01 Kwi 2008, 23:47
podczas pierwszego skanowania wyskoczyly dwa okienka Registry Editor o tresci:
1) Cannot import D:\script.txt: The specified files is not a registry script.
You can import only registry files
2) Cannot import creg.dat: Error accessing registry
ale skanowanie pomimo tych komunikatow zakonczylo sie logiem
bardzo prosze o dalsze wskazowki
1) Cannot import D:\script.txt: The specified files is not a registry script.
You can import only registry files
2) Cannot import creg.dat: Error accessing registry
ale skanowanie pomimo tych komunikatow zakonczylo sie logiem
bardzo prosze o dalsze wskazowki
02 Kwi 2008, 11:07
te cztery komunikaty wyskakuja nadal podczas logowania komputera
02 Kwi 2008, 14:44
Poproszę o log z HiJackThis(zdecydowanie łatwiej uporamy się z tym, bo za pomocą tego programu).
02 Kwi 2008, 17:49
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:31, on 2008-04-02
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\PWN\Definicje\Bin\Starter.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Tools\ASUS Probe\AsusProb.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Philips\VOIP080\VOIP080.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
D:\MICROS~1\Office\OUTLOOK.EXE
D:\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Tools\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6E475257-25BD-4A42-B3BF-867D4E8AAF3D} - C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] D:\Tools\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\wvuusqp.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\WINNT\system32\wjvwnmeg.dll",run
O4 - HKCU\..\Run: [BM7b54edff] Rundll32.exe "C:\WINNT\system32\pwdiexmg.dll",s
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Outlook.lnk = ?
O4 - Startup: Shortcut to VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Video\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66FB6CD8-8C45-4A34-8336-2458512EFC36}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe (file missing)
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - D:\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - D:\Borland\vbroker\bin\osagent.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7081 bytes
Scan saved at 17:49:31, on 2008-04-02
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\PWN\Definicje\Bin\Starter.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Tools\ASUS Probe\AsusProb.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Philips\VOIP080\VOIP080.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
D:\MICROS~1\Office\OUTLOOK.EXE
D:\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Tools\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6E475257-25BD-4A42-B3BF-867D4E8AAF3D} - C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] D:\Tools\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\wvuusqp.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\WINNT\system32\wjvwnmeg.dll",run
O4 - HKCU\..\Run: [BM7b54edff] Rundll32.exe "C:\WINNT\system32\pwdiexmg.dll",s
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Outlook.lnk = ?
O4 - Startup: Shortcut to VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Video\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66FB6CD8-8C45-4A34-8336-2458512EFC36}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe (file missing)
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - D:\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - D:\Borland\vbroker\bin\osagent.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7081 bytes
02 Kwi 2008, 20:21
O2 - BHO: (no name) - {6E475257-25BD-4A42-B3BF-867D4E8AAF3D} - C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll (file missing)
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\WINNT\system32\wjvwnmeg.dll",run
O4 - HKCU\..\Run: [BM7b54edff] Rundll32.exe "C:\WINNT\system32\pwdiexmg.dll",s
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
Zaznaczasz w HJT i kilkasz Fix Checked. Powinno ostatecznie wyeliminować problem.
02 Kwi 2008, 22:11
Zrobilam to, co poradziles, ale po restarcie wyskoczyly znow dwa komunikaty RUNDLL z czterech. Dwa juz sie nie pojawily. Wyskoczyly te:
1. Error loading C:\Docume~1\LIPKA\LOCALS~1\Temp\jkhfe.dll
The specified module could not be found
2. Error loading C:\Docume~1\LIPKA\LOCALS~1\Temp\wvuusqp.dll
The specified module could not be found
Zrobilam nowy log HijakThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:50, on 2008-04-02
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\PWN\Definicje\Bin\Starter.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Tools\ASUS Probe\AsusProb.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\MICROS~1\Office\OUTLOOK.EXE
C:\Program Files\Philips\VOIP080\VOIP080.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Tools\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] D:\Tools\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\wvuusqp.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll,c
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Outlook.lnk = ?
O4 - Startup: Shortcut to VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Video\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66FB6CD8-8C45-4A34-8336-2458512EFC36}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe (file missing)
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - D:\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - D:\Borland\vbroker\bin\osagent.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 6450 bytes
1. Error loading C:\Docume~1\LIPKA\LOCALS~1\Temp\jkhfe.dll
The specified module could not be found
2. Error loading C:\Docume~1\LIPKA\LOCALS~1\Temp\wvuusqp.dll
The specified module could not be found
Zrobilam nowy log HijakThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:50, on 2008-04-02
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\PWN\Definicje\Bin\Starter.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Tools\ASUS Probe\AsusProb.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\MICROS~1\Office\OUTLOOK.EXE
C:\Program Files\Philips\VOIP080\VOIP080.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\Microsoft Office\Office\WINWORD.EXE
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Tools\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] D:\Tools\ASUS Probe\AsusProb.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\wvuusqp.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll,c
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Outlook.lnk = ?
O4 - Startup: Shortcut to VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Video\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66FB6CD8-8C45-4A34-8336-2458512EFC36}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSSQLSERVER - Unknown owner - C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe (file missing)
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - D:\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - D:\Borland\vbroker\bin\osagent.exe
O23 - Service: SQLSERVERAGENT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 6450 bytes
02 Kwi 2008, 22:13
czy mam je znow usunac?
03 Kwi 2008, 15:04
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\wvuusqp.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll,c
Usunąć.
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\DOCUME~1\Lipka\LOCALS~1\Temp\jkhfe.dll,c
Usunąć.
03 Kwi 2008, 15:28
Usunelam, zrestartowalam i juz sie nie pokazaly 
ufff..
Bardzo dziekuje za pomoc, cierpliwosc i wytrwalosc.
Czy mam zrobic jeszcze nowy log?
A tak na marginesie to wiele sie nauczylam przy "okazji" usuwania tego problemu i za to tez bardzo dziekuje
A to samoczynne wylaczanie sie nieraz komutera?... to moze wystarczy tylko odkurzyc komputer?
ufff..
Bardzo dziekuje za pomoc, cierpliwosc i wytrwalosc.
Czy mam zrobic jeszcze nowy log?
A tak na marginesie to wiele sie nauczylam przy "okazji" usuwania tego problemu i za to tez bardzo dziekuje
A to samoczynne wylaczanie sie nieraz komutera?... to moze wystarczy tylko odkurzyc komputer?