Kompletny brak obrazków z neta...
moniadr222 - 19 Maj 2007 23:59
Dzięki ;P rodzice mnie normalnie zabiją ;P zrobiłam co trzeba i widzę wyraźną różnicę... szybciej chodzi... może jednak da się coś jeszcze zrobić?? Wizyta fachowca wolałabym aby była ostatecznością... najgorsze, że ja naprawdę niczego nie ściągam!! Jakim cudem mam tyle wirusów i problemów?
Po tym skanie SuperAntiSpyware mam podobno 13ileś wirusów- bosko ;P i co ja mam tam klinkąć na koniec?? trust/allow, manage, explain czy co?? a tutaj mam raport z tego drugiego programu... 3 link zaraz zrobię skan ;P
Deckard's System Scanner v20070426.43
Run by Patunia i Monisia on 2007-05-19 at 23:39:46
Computer is in Normal Mode.
HijackThis (run as Patunia i Monisia.exe) -----------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:39:48, on 2007-05-19
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\System32\directxclickers.exe
C:\Program Files\SAGEM\SAGEM F(małpa)st 800-840\dslmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\PATUNI~1\USTAWI~1\Temp\wnset.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Patunia i Monisia\Moje dokumenty\dss.exe
D:\hijack\PATUNI~1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: C:\WINDOWS\System32\ahd838jdgh.dll - {A25849C4-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\System32\ahd838jdgh.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\Wbem\wbemstest.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F(małpa)st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Dokumenty\Settings\winsys2f.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
-- Files created between 2007-04-19 and 2007-05-19 -----------------------------
2007-05-19 23:06:37 145920 -ra------ C:\WINDOWS\System32\TFTP3440
2007-05-19 23:05:28 0 -ra------ C:\WINDOWS\System32\TFTP3384
2007-05-19 23:04:44 0 -ra------ C:\WINDOWS\System32\TFTP2744
2007-05-19 23:04:42 0 -ra------ C:\WINDOWS\System32\TFTP3328
2007-05-19 23:04:14 729088 -----n--- C:\WINDOWS\System32\directxclickers.exe
2007-05-19 22:55:47 0 -ra------ C:\WINDOWS\System32\TFTP3928
2007-05-19 22:55:46 93696 -ra------ C:\WINDOWS\System32\TFTP3932
2007-05-19 22:52:19 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-05-19 22:49:17 0 -ra------ C:\WINDOWS\System32\TFTP2428
2007-05-19 22:49:16 0 -ra------ C:\WINDOWS\System32\TFTP2156
2007-05-19 22:48:36 0 -ra------ C:\WINDOWS\System32\TFTP3580
2007-05-19 22:48:31 145920 -ra------ C:\WINDOWS\System32\TFTP3396
2007-05-19 22:48:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-19 22:48:03 0 -ra------ C:\WINDOWS\System32\TFTP3316
2007-05-19 22:47:13 0 -ra------ C:\WINDOWS\System32\TFTP3064
2007-05-19 22:45:41 145920 -ra------ C:\WINDOWS\System32\TFTP2900
2007-05-19 22:45:33 0 -ra------ C:\WINDOWS\System32\TFTP2596
2007-05-19 22:42:38 145920 --a------ C:\WINDOWS\System32\TFTP2620
2007-05-19 22:41:42 0 -ra------ C:\WINDOWS\System32\TFTP2444
2007-05-19 17:21:48 144896 -ra------ C:\WINDOWS\System32\TFTP3840
2007-05-19 17:21:41 98304 -ra------ C:\WINDOWS\System32\TFTP3792
2007-05-19 17:21:30 0 -ra------ C:\WINDOWS\System32\TFTP3728
2007-05-19 17:21:20 0 -ra------ C:\WINDOWS\System32\TFTP3700
2007-05-19 17:20:25 157184 -ra------ C:\WINDOWS\System32\TFTP3184
2007-05-19 17:20:11 0 -ra------ C:\WINDOWS\System32\TFTP3104
2007-05-19 17:00:16 0 -ra------ C:\WINDOWS\System32\TFTP3152
2007-05-19 16:56:58 24576 -ra------ C:\WINDOWS\System32\TFTP2124
2007-05-19 16:56:48 33280 -ra------ C:\WINDOWS\System32\TFTP2404
2007-05-19 16:56:27 145920 -ra------ C:\WINDOWS\System32\TFTP456
2007-05-19 16:55:33 145920 -ra------ C:\WINDOWS\System32\TFTP2940
2007-05-19 16:54:45 145920 -ra------ C:\WINDOWS\System32\TFTP2880
2007-05-19 16:53:28 0 -ra------ C:\WINDOWS\System32\TFTP908
2007-05-19 16:52:42 93696 -ra------ C:\WINDOWS\System32\TFTP2412
2007-05-19 16:49:58 93696 --a------ C:\WINDOWS\System32\TFTP2524
2007-05-19 16:48:52 0 -ra------ C:\WINDOWS\System32\TFTP2460
2007-05-19 16:48:49 145920 -ra------ C:\WINDOWS\System32\TFTP2476
2007-05-19 16:48:17 93696 -ra------ C:\WINDOWS\System32\TFTP2608
2007-05-19 16:47:04 93696 --a------ C:\WINDOWS\System32\TFTP1816
2007-05-19 16:44:34 0 -ra------ C:\WINDOWS\System32\TFTP3784
2007-05-19 16:44:20 61 --a------ C:\WINDOWS\System32\i
2007-05-19 16:44:11 0 -ra------ C:\WINDOWS\System32\TFTP3004
2007-05-19 16:42:07 0 -ra------ C:\WINDOWS\System32\TFTP3812
2007-05-19 16:41:51 0 -ra------ C:\WINDOWS\System32\TFTP3760
2007-05-19 16:41:45 0 -ra------ C:\WINDOWS\System32\TFTP3664
2007-05-19 16:39:48 0 -ra------ C:\WINDOWS\System32\TFTP3588
2007-05-19 16:37:42 13312 -ra------ C:\WINDOWS\System32\TFTP3456
2007-05-19 16:36:34 0 -ra------ C:\WINDOWS\System32\TFTP3424
2007-05-19 16:36:24 145920 --a------ C:\WINDOWS\System32\TFTP3408
2007-05-19 16:34:43 145920 --a------ C:\WINDOWS\System32\TFTP3264
2007-05-19 16:32:40 0 -ra------ C:\WINDOWS\System32\TFTP3168
2007-05-19 16:26:19 0 -ra------ C:\WINDOWS\System32\TFTP3592
2007-05-19 16:26:19 0 -ra------ C:\WINDOWS\System32\TFTP3576
2007-05-19 16:26:16 57856 -ra------ C:\WINDOWS\System32\TFTP3564
2007-05-19 16:23:58 0 -ra------ C:\WINDOWS\System32\TFTP3292
2007-05-19 16:19:42 0 -ra------ C:\WINDOWS\System32\TFTP1864
2007-05-19 16:19:42 41984 --ah----- C:\WINDOWS\System32\dvvdk.exe
2007-05-19 16:17:58 0 -ra------ C:\WINDOWS\System32\TFTP3836
2007-05-19 12:20:26 145920 -ra------ C:\WINDOWS\System32\TFTP2060
2007-05-19 12:20:25 120320 -ra------ C:\WINDOWS\System32\TFTP1176
2007-05-19 12:19:34 0 -ra------ C:\WINDOWS\System32\TFTP2876
2007-05-19 12:19:32 145920 -ra------ C:\WINDOWS\System32\TFTP2696
2007-05-19 12:19:06 0 -ra------ C:\WINDOWS\System32\TFTP724
2007-05-19 12:19:05 0 -ra------ C:\WINDOWS\System32\TFTP2136
2007-05-19 12:18:25 0 -ra------ C:\WINDOWS\System32\TFTP3952
2007-05-19 12:17:39 93696 -ra------ C:\WINDOWS\System32\TFTP484
2007-05-19 12:17:39 93696 -ra------ C:\WINDOWS\System32\TFTP2720
2007-05-19 12:17:10 0 -ra------ C:\WINDOWS\System32\TFTP1280
2007-05-19 12:16:18 145920 -ra------ C:\WINDOWS\System32\TFTP2640
2007-05-19 12:08:01 13312 -ra------ C:\WINDOWS\System32\TFTP732
2007-05-19 12:07:33 100864 -ra------ C:\WINDOWS\System32\TFTP3360
2007-05-19 12:07:32 100864 -ra------ C:\WINDOWS\System32\TFTP3356
2007-05-19 12:05:34 145920 -ra------ C:\WINDOWS\System32\TFTP2948
2007-05-19 12:05:32 0 -ra------ C:\WINDOWS\System32\TFTP2864
2007-05-19 12:02:41 0 -ra------ C:\WINDOWS\System32\TFTP3684
2007-05-19 12:00:49 0 -ra------ C:\WINDOWS\System32\TFTP3500
2007-05-19 11:56:41 145920 --a------ C:\WINDOWS\System32\TFTP3080
2007-05-19 11:56:24 0 -ra------ C:\WINDOWS\System32\TFTP1436
2007-05-19 11:56:21 0 -ra------ C:\WINDOWS\System32\TFTP2112
2007-05-19 11:55:40 0 -ra------ C:\WINDOWS\System32\TFTP3944
2007-05-19 11:55:21 0 -ra------ C:\WINDOWS\System32\TFTP3148
2007-05-19 11:30:41 0 -ra------ C:\WINDOWS\System32\TFTP4724
2007-05-19 11:29:27 169984 --a------ C:\WINDOWS\System32\mgrexl.dll
2007-05-19 11:25:45 74752 -ra------ C:\WINDOWS\System32\TFTP1312
2007-05-19 11:25:42 139264 -ra------ C:\WINDOWS\System32\TFTP1700
2007-05-19 11:25:38 94720 -ra------ C:\WINDOWS\System32\TFTP3796
2007-05-19 11:25:28 145920 -ra------ C:\WINDOWS\System32\TFTP364
2007-05-19 11:24:50 0 -ra------ C:\WINDOWS\System32\TFTP476
2007-05-19 11:24:18 145920 --a------ C:\WINDOWS\System32\TFTP2576
2007-05-19 11:23:27 0 -ra------ C:\WINDOWS\System32\TFTP2456
2007-05-19 11:23:26 102400 --a------ C:\WINDOWS\System32\svcrt00.dll
2007-05-19 11:23:16 40960 --a------ C:\WINDOWS\retadpu27.exe <Not Verified; ; retadpu Application>
2007-05-19 11:23:08 27619 --a------ C:\WINDOWS\System32\vexga4m1et4.exe
2007-05-19 11:23:05 12579 --a------ C:\WINDOWS\System32\vexg3am1et3.exe
2007-05-19 11:23:02 11852 -----n--- C:\WINDOWS\System32\vexga5me3.exe <Not Verified; ; installer2 Application>
2007-05-19 11:23:02 8322 --a------ C:\WINDOWS\System32\vexg4am1et2.exe
2007-05-19 11:23:00 9293 --a------ C:\WINDOWS\System32\vexga3me2.exe
2007-05-19 11:23:00 8010 --a------ C:\WINDOWS\System32\vexga1me4t1.exe
2007-05-19 11:22:59 19456 --a------ C:\WINDOWS\System32\vexga4me1.exe
2007-05-19 11:22:55 23032 --a------ C:\WINDOWS\xpupdate.exe
2007-05-19 11:22:35 2518 --a------ C:\WINDOWS\System32\dlh9jkd1q1.exe
2007-05-19 11:22:34 0 --a------ C:\WINDOWS\System32\dlh9jkd1q8.exe
2007-05-19 11:11:35 11394 --a------ C:\xx1232255.exe
2007-05-13 10:31:20 208 --a------ C:\WINDOWS\update.exe
2007-05-12 15:49:51 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-05-12 15:49:29 0 d-------- C:\Program Files\Sony Ericsson
2007-05-12 15:49:29 0 d-------- C:\Program Files\Common Files\Teleca Shared
2007-05-11 22:31:01 0 d-------- C:\Temp
2007-05-11 22:30:51 0 d-------- C:\Documents and Settings\Patunia i Monisia\Application Data
2007-05-11 22:30:51 0 d-------- C:\Documents and Settings\Patunia i Monisia\Application Data\Syntrillium
2007-05-11 22:29:39 0 d-------- C:\Program Files\Cool2000
2007-05-09 11:38:38 0 d-------- C:\Program Files\Common Files\Skype
2007-05-09 11:38:23 0 d-------- C:\Program Files\Skype
2007-05-06 18:31:17 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-05-06 18:31:16 0 d-------- C:\Program Files\ArcSoft
2007-05-06 18:30:42 0 d-------- C:\Program Files\Common Files\Nikon
2007-04-27 21:01:44 45152 --a------ C:\WINDOWS\System32\ipv6mons.dll
2007-04-25 18:54:34 0 d-------- C:\Program Files\Ares
-- Find3M Report ---------------------------------------------------------------
2007-05-19 23:20:27 0 d-------- C:\Program Files\Neostrada TP
2007-05-19 23:09:03 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\Skype
2007-05-19 22:52:19 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\SUPERAntiSpyware.com
2007-05-12 22:48:08 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\Teleca
2007-05-12 15:51:40 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\Sony Ericsson
2007-05-12 15:48:46 0 d-------- C:\Program Files\Common Files\InstallShield
2007-05-10 19:54:01 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\Gadu-Gadu
2007-05-10 19:53:46 0 d-------- C:\Program Files\Gadu-Gadu
2007-05-10 13:46:03 31232 --a------ C:\WINDOWS\System32\rpcc.dll
2007-05-06 18:44:16 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\ArcSoft
2007-05-06 18:31:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-04 12:58:32 0 d-------- C:\Program Files\Java
2007-05-02 20:23:47 0 d-------- C:\Program Files\Opera
2007-04-13 18:18:25 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\Opera
2007-04-07 17:23:52 73728 --a------ C:\WINDOWS\System32\svehost.exe
2007-04-07 15:53:45 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\DriveCleaner Free
2007-04-07 15:43:40 0 d-------- C:\Program Files\Common Files\DriveCleaner Free
2007-04-07 13:10:00 0 d-------- C:\Program Files\ToniArts
2007-04-07 13:01:06 0 d-------- C:\Program Files\hp deskjet 840c series
2007-04-07 12:53:45 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\Sun
2007-04-07 12:53:22 0 d-------- C:\Program Files\Google
2007-04-07 12:53:22 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\Google
2007-04-07 12:52:30 0 d-------- C:\Program Files\Common Files\Java
2007-04-04 19:56:29 10000 --a------ C:\WINDOWS\System32\ahd838jdgh.dll
2007-04-04 19:56:24 30208 --a------ C:\WINDOWS\System32\poof
2007-04-04 19:56:24 6144 --a------ C:\WINDOWS\System32\kprof
2007-04-04 19:56:24 25088 --a------ C:\WINDOWS\System32\koos.exe
2007-04-02 20:42:14 0 d-------- C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\vlc
2007-04-02 20:03:03 2874926 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
2007-03-30 11:04:25 0 d-------- C:\Program Files\Hewlett-Packard
2007-03-25 10:19:04 355830 --a------ C:\WINDOWS\System32\perfh015.dat
2007-03-25 10:19:04 49712 --a------ C:\WINDOWS\System32\perfc015.dat
--
Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{A25849C4-93F3-429D-FF34-260A2068897C} C:\WINDOWS\System32\ahd838jdgh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"VGAUtil"="C:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
"WooCnxMon"="C:\\PROGRA~1\\NEOSTR~1\\CnxMon.exe"
"autoclk"="autoclk.exe"
"WOOWATCH"="C:\\PROGRA~1\\NEOSTR~1\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\NEOSTR~1\\TaskbarIcon.exe"
"adiras"="adiras.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"Microsoft Directx clicks"="directxclickers.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"Microsoft Directx clicks"="directxclickers.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Microsoft Directx clicks"="directxclickers.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Server Runtime Process"="C:\\WINDOWS\\System32\\Wbem\\wbemstest.exe"
"Microsoft Directx clicks"="directxclickers.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Server Runtime Process"="C:\\WINDOWS\\System32\\Wbem\\wbemstest.exe"
"Microsoft Directx clicks"="directxclickers.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Live Messanger"="livemsgr.exe"
"Server Runtime Process"="C:\\WINDOWS\\System32\\Wbem\\wbemstest.exe"
"Microsoft Directx clicks"="directxclickers.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{A25849C4-93F3-429D-FF34-260A2068897C}"="App reset"
"{AAAACDB3-ACD5-4144-982E-895D4C68A50C}"="SysBoot32"
"{2C1CD3D7-86AC-4068-93BC-A02304B20509}"="DCOM Server 20509"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
gb
-- End of Deckard's System Scanner: finished at 2007-05-19 at 23:40:24 ---------
ooo a to log z tego wpisanego jako 2 przez KOLOBOS linku
[05/19/2007, 23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Patunia i Monisia\Moje dokumenty\VirtumundoBeGone.exe" )
[05/19/2007, 23] - Detected System Information:
[05/19/2007, 23] - Windows Version: 5.1.2600, Dodatek Service Pack. 1
[05/19/2007, 23] - Current Username: Patunia i Monisia (Admin)
[05/19/2007, 23] - Windows is in NORMAL mode.
[05/19/2007, 23] - Searching for Browser Helper Objects:
[05/19/2007, 23] - BHO 1: {A25849C4-93F3-429D-FF34-260A2068897C} (C:\WINDOWS\System32\ahd838jdgh.dll)
[05/19/2007, 23] - Finished Searching Browser Helper Objects
[05/19/2007, 23] - Finishing up...
[05/19/2007, 23] - Nothing found! Exiting...
[05/19/2007, 23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Patunia i Monisia\Moje dokumenty\VirtumundoBeGone.exe" )
[05/19/2007, 23] - Detected System Information:
[05/19/2007, 23] - Windows Version: 5.1.2600, Dodatek Service Pack. 1
[05/19/2007, 23] - Current Username: Patunia i Monisia (Admin)
[05/19/2007, 23] - Windows is in NORMAL mode.
[05/19/2007, 23] - Searching for Browser Helper Objects:
[05/19/2007, 23] - BHO 1: {A25849C4-93F3-429D-FF34-260A2068897C} (C:\WINDOWS\System32\ahd838jdgh.dll)
[05/19/2007, 23] - Finished Searching Browser Helper Objects
[05/19/2007, 23] - Finishing up...
[05/19/2007, 23] - Nothing found! Exiting...
Kolobos - 20 Maj 2007 00:41
To co znalazl SuperAntiSpyware masz usunac.
Wylacz przywracanie systemu, a na czas usuwania odlacz internet.
W menadzerze zadan zakoncz:
C:\WINDOWS\System32\directxclickers.exe <- plik usun z dysku.
C:\DOCUME~1\PATUNI~1\USTAWI~1\Temp\wnset.exe
Uzyj: http://www.atribune.org/ccount/click.php?id=1 i usun wszystko z temp itd.
W hjt kasujesz:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
O2 - BHO: C:\WINDOWS\System32\ahd838jdgh.dll - {A25849C4-93F3-429D-FF34-260A2068897C} - C:\WINDOWS\System32\ahd838jdgh.dll
O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\Wbem\wbemstest.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O20 - Winlogon Notify: rpcc - C:\WINDOWS\System32\rpcc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Dokumenty\Settings\winsys2f.dll
Wymienione pliki usuwasz przy pomocy killbox'a o czym juz wczesniej pisalem ale widac nie dotarlo...
Nastepnie uzyj:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
W opcjach folderow wlacz pokazywanie plikow ukrytych i odznacz ukrywanie plikow chronionych, nastepnie usun te pliki:
C:\WINDOWS\System32\TFTP* <- wszystkie TFTP....
C:\WINDOWS\System32\directxclickers.exe
C:\WINDOWS\System32\i
C:\WINDOWS\System32\dvvdk.exe
C:\WINDOWS\System32\mgrexl.dll
C:\WINDOWS\System32\svcrt00.dll
C:\WINDOWS\retadpu27.exe
C:\WINDOWS\System32\vexga4m1et4.exe
C:\WINDOWS\System32\vexg3am1et3.exe
C:\WINDOWS\System32\vexga5me3.exe
C:\WINDOWS\System32\vexg4am1et2.exe
C:\WINDOWS\System32\vexga3me2.exe
C:\WINDOWS\System32\vexga1me4t1.exe
C:\WINDOWS\System32\vexga4me1.exe
C:\WINDOWS\xpupdate.exe
C:\WINDOWS\System32\dlh9jkd1q1.exe
C:\WINDOWS\System32\dlh9jkd1q8.exe
C:\xx1232255.exe
C:\WINDOWS\update.exe
C:\Temp <- caly katalog.
C:\WINDOWS\System32\ipv6mons.dll
C:\Program Files\Ares <- odinstaluj i katalog Ares do kasacji.
C:\WINDOWS\System32\rpcc.dll
C:\WINDOWS\System32\svehost.exe
C:\Documents and Settings\Patunia i Monisia\Dane aplikacji\DriveCleaner Free <- katalog DriveC... do kasacji.
C:\Program Files\Common Files\DriveCleaner Free <- katalog Drive.. do kasacji.
C:\Program Files\ToniArts <- odinstaluj.
C:\WINDOWS\System32\ahd838jdgh.dll
C:\WINDOWS\System32\poof
C:\WINDOWS\System32\kprof
C:\WINDOWS\System32\koos.exe
Tylko tym razem usun wszystko!
Po wszystkim nacisnij przy swoim poprzednim poscie przycisk zmien i usun ten caly log i to co wkleilas pare razy, a nastepnie wklej nowy log z dss oraz comboscanfix + log z gmera z zakladki rootkit ale tym razem w zalaczniku.
Strona 2 z 2 • Znaleźliśmy 38 wypowiedzi • 1, 2