mam konia trojanskiego, to moj log . co dalej? - Malik - 26.06.2007
skanowałem avast''em i avira. wkryły mi konia trojanskiego.pliki poddałem kwarantannie. Pierwszy raz mam wirusa na kompie. nie wiem co dalej z tym robic
[code:1] Logfile of HijackThis v1.99.1
Scan saved at 19:07:43, on 2007-06-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
Crogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAntiVir PersonalEdition Classicavguard.exe
Crogram FilesAntiVir PersonalEdition Classicsched.exe
Crogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
Crogram FilesATI TechnologiesATI.ACEcli.exe
Crogram FilesVIAudioiSBADeckADeck.exe
Crogram FilesQuickTimeqttask.exe
C:WINDOWSSOUNDMAN.EXE
Crogram FilesWinFastWFTVFMWFWIZ.exe
Crogram FilesJavajre1.5.0_11binjusched.exe
Crogram FilesD-Toolsdaemon.exe
Crogram FilesAntiVir PersonalEdition Classicavgnt.exe
CROGRA~1ALWILS~1Avast4ashDisp.exe
Crogram FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
Crogram FilesEdgeCAMCamedgecls.exe
Crogram FilesATI TechnologiesATI.ACEcli.exe
Crogram FilesATI TechnologiesATI.ACEcli.exe
Crogram FilesJavajre1.5.0_11binjucheck.exe
Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe
Crogram FilesAlwil SoftwareAvast4ashWebSv.exe
Crogram FilesAlwil SoftwareAvast4ashSimpl.exe
Crogram FilesWinFastWFTVFMWFTV.EXE
Crogram FilesInternet Exploreriexplore.exe
Crogram FilesAntiVir PersonalEdition Classicavcenter.exe
C:totalcmdTOTALCMD.EXE
c:FilmyKasowanie wirusaHijackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ĺącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:WINDOWSsystem32ipv6mons.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.5.0_11binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [ATICCC]"Crogram FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [AudioDeck]Crogram FilesVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [QuickTime Task]"Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SoundMan]SOUNDMAN.EXE
O4 - HKLM..Run: [WinFast Schedule]Crogram FilesWinFastWFTVFMWFWIZ.exe
O4 - HKLM..Run: [SunJavaUpdateSched]"Crogram FilesJavajre1.5.0_11binjusched.exe"
O4 - HKLM..Run: [Ulead Quick-Drop]"Crogram FilesUlead SystemsUlead DVD MovieFactory 4.0 SuiteUlead Quick-Drop 1.0Quick-Drop.exe" WINDOWCALL
O4 - HKLM..Run: [DAEMON Tools-1033]"Crogram FilesD-Toolsdaemon.exe"-lang 1033
O4 - HKLM..Run: [avgnt]"Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [avast!]CROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [MSMSGS]"Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [NBJ]"Crogram FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg]Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - Startup: Ubisoft register.lnk = Crogram FilesUbisoftRegisterschedule.exe
O4 - Global Startup: EdgeCLS11.50.lnk = Crogram FilesEdgeCAMCamedgecls.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = Crogram FilesCommon FilesAutodesk Sharedacstart16.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - [Aby zobaczyć linki, zarejestruj się tutaj]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_11binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.5.0_11binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - Crogram FilesAutodeskInventor Professional 9binHSPCLPRO10.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - Crogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - Crogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - Crogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe[/code:1]
Re: mam konia trojanskiego, to moj log . co dalej? - Serafin - 26.06.2007
Cytat: O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:WINDOWSsystem32 ipv6mons.dll(file missing
Usuń plik ręcznie z dysku w trybie awaryjnym i wyłączonym przywracaniem systemu. wpis skasuj w hijacku. Po zabiegu daj nowe logi z hijackthis i [Aby zobaczyć linki, zarejestruj się tutaj]
Re: mam konia trojanskiego, to moj log . co dalej? - Glombek - 27.06.2007
Albo jestem głupi albo on ma 2 antyvirusy
Re: mam konia trojanskiego, to moj log . co dalej? - Malik - 27.06.2007
Tak mam dwa antywirusy. Miałem tylu doraców,ze trudno sie dowiedziec który lepszy.
Co sie stanie jak usune te pliki. Wydaje mi sie ze one odpowiadaja za połaczenie z internetem. Trzeba je potem doinstalowac?
log - dymek9229 - 27.06.2007
Malik
posłuchaj widzisz to co napisał "Bodek"- skoro on jest tu modem to nie został nim tylko dlatego ze komuś to pasowało. Do czego dążę otuż ze każdy user powinien sie dostosowywać do moderatorów
więc zrób to co napisał i usuń ten wpis w HIJACKTHIS i daj nowego loga z sillentrunner
pozdros
p.s Gwaranruje ze nic ci sie z komputerkiem nie stanie
Re: mam konia trojanskiego, to moj log . co dalej? - Malik - 28.06.2007
Jescze dwa pytania:
Jak sie uruchamia komputer w trybire awaryjnym, a potem jak znaleźc ten wpis
I czy mam usunac caly wpis czy tylko pogrubienie?
Re: mam konia trojanskiego, to moj log . co dalej? - Serafin - 28.06.2007
Jak będziesz w trybie awaryjnym to odpalasz hijacka klikasz Do a system scan only odszukujesz ten wpis zaznaczasz go i klikasz Fix cheked.
Co do tego pliku odnajdujesz go w systemie i usuwasz ręcznie
Re: mam konia trojanskiego, to moj log . co dalej? - Malik - 28.06.2007
Dzięki za informacje..
Ale jak sie wchodzi w tryb awaryjny....?
Bo naprawde zapomniałem.. kombinuje i kombinuje ..i nic
Re: mam konia trojanskiego, to moj log . co dalej? - Serafin - 28.06.2007
W czasie uruchamiania się komputera wciskasz klawisz F8 lub F5 i z tekstowego menu wybierasz tryb awaryjny
Re: mam konia trojanskiego, to moj log . co dalej? - Malik - 11.07.2007
wykasowałem powyższy plik według podanych wskazuwek.
ale wirus nadal siedzi, ciagle wyskakuje mi "Błąd 53" podczas uruchamiania systemu
to mój log
Cytat: "Silent Runners.vbs", revision R50, [Aby zobaczyć linki, zarejestruj się tutaj]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"MSMSGS" = ""Crogram FilesMessengermsmsgs.exe" /background" [MS]
"NBJ" = ""Crogram FilesAheadNero BackItUpNBJ.exe"" ["Ahead Software AG"]
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"swg" = "Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" ["Google Inc."]
HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ATICCC" = ""Crogram FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay" [null data]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"AudioDeck" = "Crogram FilesVIAudioiSBADeckADeck.exe 1" ["VIA Technologies, Inc."]
"QuickTime Task" = ""Crogram FilesQuickTimeqttask.exe" -atboottime" ["Apple Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"WinFast Schedule" = "Crogram FilesWinFastWFTVFMWFWIZ.exe" ["Leadtek Research Inc."]
"SunJavaUpdateSched" = ""Crogram FilesJavajre1.5.0_11binjusched.exe"" ["Sun Microsystems, Inc."]
"Ulead Quick-Drop" = ""Crogram FilesUlead SystemsUlead DVD MovieFactory 4.0 SuiteUlead Quick-Drop 1.0Quick-Drop.exe" WINDOWCALL" [file not found]
"DAEMON Tools-1033" = ""Crogram FilesD-Toolsdaemon.exe"-lang 1033" ["DAEMON''S HOME"]
"avgnt" = ""Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]
"avast!" = "CROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]
HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnceEx {++}
"Flag" = hex:0x00000002
HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "Crogram FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "Crogram FilesJavajre1.5.0_11binssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar3.dll" ["Google Inc."]
HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
InProcServer32(Default) = "Crogram FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "Crogram FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesMicrosoft OfficeOffice10msohev.dll" [MS]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
InProcServer32(Default) = "Crogram FilesCommon FilesAutodesk SharedThumbnailAcThumbnail16.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"
-> {HKLM...CLSID} = "AcSignIcon"
InProcServer32(Default) = "C:WINDOWSsystem32AcSignIcon.dll" ["Autodesk"]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {HKLM...CLSID} = "ACDWFTHMBPRXY"
InProcServer32(Default) = "Crogram FilesCommon FilesAutodesk SharedThumbnailAcDwfThmbPrxy16.dll" ["Autodesk"]
"{4EB37360-49E8-11D3-95B5-004033382980}" = "ALZip 4.0 Context Menu Shell Extension"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
InProcServer32(Default) = "CROGRA~1ESTsoftALZipAZCTM.DLL" ["estsoft"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
InProcServer32(Default) = "CROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]
"{DBD8E168-244D-448C-9922-25508950D1DC}" = "Ulead UDF Driver"
-> {HKLM...CLSID} = "USIShellExt Class"
InProcServer32(Default) = "Crogram FilesCommon FilesUlead SystemsDVDUSIShex.dll" [file not found]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLMSoftwareClasses*shellexContextMenuHandlers
ALZip(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
InProcServer32(Default) = "CROGRA~1ESTsoftALZipAZCTM.DLL" ["estsoft"]
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
ALZip(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
InProcServer32(Default) = "CROGRA~1ESTsoftALZipAZCTM.DLL" ["estsoft"]
HKLMSoftwareClassesFoldershellexContextMenuHandlers
ALZip(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
InProcServer32(Default) = "CROGRA~1ESTsoftALZipAZCTM.DLL" ["estsoft"]
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
InventorMenu(Default) = "{6FDE7A70-351B-11d6-988B-0010B57A8BB7}"
-> {HKLM...CLSID} = "Autodesk Inventor Part Document"
InProcServer32(Default) = "Crogram FilesAutodeskInventor 9BinDT.dll" ["Autodesk, Inc."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
Default executables:
--------------------
HKCUSoftwareClasses.scr(Default) = "AutoCADScriptFile"
<<!>> HKCUSoftwareClassesAutoCADScriptFileshellopencommand(Default) = ""C:WINDOWSnotepad.exe" "%1"" [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "Cocuments and SettingsAdministratorUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32ssstars.scr" [MS]
Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------
Cocuments and SettingsAdministratorMenu StartProgramyAutostart
"Ubisoft register" -> shortcut to: "Crogram FilesUbisoftRegisterschedule.exe /2007-06-17 09:28:19 /game= /language=English /country= /url=http://register-it.ubi.com/register.asp" ["Ubisoft"]
Cocuments and SettingsAll UsersMenu StartProgramyAutostart
"EdgeCLS11.50" -> shortcut to: "Crogram FilesEdgeCAMCamedgecls.exe" ["Pathtrace"]
"Microsoft Office" -> shortcut to: "Crogram FilesMicrosoft OfficeOffice10OSA.EXE -b -l" [MS]
"Przyspieszenie uruchomienia programu AutoCAD" -> shortcut to: "Crogram FilesCommon FilesAutodesk Sharedacstart16.exe" [null data]
Enabled Scheduled Tasks:
------------------------
"AppleSoftwareUpdate" -> launches: "Crogram FilesApple Software UpdateSoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
Transport Service Providers
HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 13
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar3.dll" ["Google Inc."]
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar3.dll" ["Google Inc."]
HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar3.dll" ["Google Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
InProcServer32(Default) = "Crogram FilesJavajre1.5.0_11binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
InProcServer32(Default) = "Crogram FilesJavajre1.5.0_11binnpjpi150_11.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "Crogram FilesMessengermsmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir PersonalEdition Classic Guard, AntiVirService, ""Crogram FilesAntiVir PersonalEdition Classicavguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""Crogram FilesAntiVir PersonalEdition Classicsched.exe"" ["Avira GmbH"]
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""Crogram FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]
Machine Debug Manager, MDM, ""Crogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe"" [MS]
Print Monitors:
---------------
HKLMSystemCurrentControlSetControlPrintMonitors
Bluebeam PDF MonitorDriver = "BBPDFPortMon.dll" ["Bluebeam Software, Inc."]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 35 seconds.
---------- (total run time: 79 seconds)
Re: mam konia trojanskiego, to moj log . co dalej? - Serafin - 11.07.2007
Daj jeszcze log z [Aby zobaczyć linki, zarejestruj się tutaj]
Re: mam konia trojanskiego, to moj log . co dalej? - Malik - 12.07.2007
Cytat: "Administrator" - 2007-07-12 17:06:22 - ComboFix 07-07-12.3 - Dodatek Service Pack 2
/wow section - STAGE #8
((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12)))))))))))))))))))))))))))))))
2007-07-12 16:33 51,200 --a------ C:WINDOWSnircmd.exe
2007-07-11 19:42 <DIR> d-------- Crogram FilesEdgard
2007-06-25 20:13 95,872 --a------ C:WINDOWSsystem32AvastSS.scr
2007-06-25 20:13 94,552 --a------ C:WINDOWSsystem32driversaswmon2.sys
2007-06-25 20:13 85,952 --a------ C:WINDOWSsystem32driversaswmon.sys
2007-06-25 20:13 43,176 --a------ C:WINDOWSsystem32driversaswTdi.sys
2007-06-25 20:13 26,888 --a------ C:WINDOWSsystem32driversaavmker4.sys
2007-06-25 20:13 23,416 --a------ C:WINDOWSsystem32driversaswRdr.sys
2007-06-25 20:12 745,600 --a------ C:WINDOWSsystem32aswBoot.exe
2007-06-25 20:12 <DIR> d-------- Crogram FilesAlwil Software
2007-06-25 17:27 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1AntiVir PersonalEdition Classic
2007-06-19 18:13 <DIR> d-------- Crogram FilesEdgeCAM10.00
2007-06-19 17:23 <DIR> d-------- COCUME~1ADMINI~1DANEAP~1Apple Computer
2007-06-19 17:22 <DIR> d-------- Crogram FilesApple Software Update
2007-06-19 17:22 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1Apple Computer
2007-06-18 17:58 <DIR> d-------- C:CNC
2007-06-13 17:28 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll
2007-06-13 17:28 <DIR> dr-h----- COCUME~1ADMINI~1DANEAP~1SecuROM
2007-06-12 18:50 5,248 --a------ C:WINDOWSsystem32driversd347prt.sys
2007-06-12 18:50 155,136 --a------ C:WINDOWSsystem32driversd347bus.sys
2007-06-12 18:50 <DIR> d-------- Crogram FilesD-Tools
2007-06-12 18:10 <DIR> d-------- Crogram FilesElectronic Arts
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-11 18:29:01 -------- d--h--w Crogram FilesInstallShield Installation Information
2007-07-01 07:19:34 -------- d-----w COCUME~1ADMINI~1DANEAP~1SolidWorks
2007-06-30 20:02:57 -------- d-----w Crogram FilesMichał Mędrek
2007-06-21 18:49:06 -------- d-----w Crogram FilesCommon FilesSolidWorks Shared
2007-06-19 15:23:05 -------- d-----w Crogram FilesQuickTime
2007-06-13 15:25:33 -------- d-----w Crogram FilesUbisoft
2007-06-12 16:40:57 -------- d-----w Crogram FilesEA GAMES
2007-06-12 16:22:28 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys
2007-06-11 20:34:58 -------- d-----w Crogram Files18 Wheels of Steel Haulin
2007-05-17 14:26:33 205 ----a-w C:WINDOWSsystem32jvfhp01.dll
2007-05-17 14:26:33 101 ----a-w C:WINDOWSsystem32prsgrc.dll
2007-04-29 07:26:25 79,386 ----a-w C:WINDOWSsystem32perfc015.dat
2007-04-29 07:26:25 457,230 ----a-w C:WINDOWSsystem32perfh015.dat
2007-04-25 18:17:50 2,560 ----a-w C:WINDOWS_MSRSTRT.EXE
2006-07-02 20:40:29 51,696 ----a-w COCUME~1ADMINI~1DANEAP~1GDIPFONTCACHEV1.DAT
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 18:39 37808 --a------ Crogram FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
[HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-12-15 04:23 440056 --a------ Crogram FilesJavajre1.5.0_11binssv.dll
[HKEY_LOCAL_MACHINE~Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:program filesgooglegoogletoolbar3.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ATICCC"="Crogram FilesATI TechnologiesATI.ACEcli.exe" [2006-01-02 18:41]
"AudioDeck"="Crogram FilesVIAudioiSBADeckADeck.exe" [2006-05-19 10:30]
"QuickTime Task"="Crogram FilesQuickTimeqttask.exe" [2007-04-27 09:41]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 C:WINDOWSsoundman.exe]
"WinFast Schedule"="Crogram FilesWinFastWFTVFMWFWIZ.exe" [2006-07-07 17:15]
"SunJavaUpdateSched"="Crogram FilesJavajre1.5.0_11binjusched.exe" [2006-12-15 04:23]
"Ulead Quick-Drop"="Crogram FilesUlead SystemsUlead DVD MovieFactory 4.0 SuiteUlead Quick-Drop 1.0Quick-Drop.exe" []
"DAEMON Tools-1033"="Crogram FilesD-Toolsdaemon.exe" [2004-08-22 17:05]
"avgnt"="Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" [2007-04-02 10:35]
"avast!"="CROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MSMSGS"="Crogram FilesMessengermsmsgs.exe" [2004-08-04 00:55]
"NBJ"="Crogram FilesAheadNero BackItUpNBJ.exe" [2005-10-11 18:25]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 02:44]
"swg"="Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [2007-01-26 16:43]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d3cb9c7c-3b6b-11db-b81b-001485f7ef81}]
AutoRuncommand- E:Autorun.exe
Contents of the ''Scheduled Tasks'' folder
2007-06-30 20:52:00C:WINDOWStasksAppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [Aby zobaczyć linki, zarejestruj się tutaj]
Rootkit scan 2007-07-12 17:10:50
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
AudioDeck = Crogram FilesVIAudioiSBADeckADeck.exe 1??? ?|????D:A1u660bv???????|???|?????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-12 17:11:15
--- E O F ---
Re: mam konia trojanskiego, to moj log . co dalej? - Serafin - 12.07.2007
Cytat: C:WINDOWSsystem32 jvfhp01.dll
C:WINDOWS _MSRSTRT.EXE
Przeskanuj te dwa pliki na stronie [Aby zobaczyć linki, zarejestruj się tutaj]
Re: mam konia trojanskiego, to moj log . co dalej? - Malik - 12.07.2007
Cytat: File jvfhp01.dll received on 07.12.2007 19:22:03 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they''re generated.
Print results
Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2007.7.13.0 2007.07.12 no virus found
AntiVir 7.4.0.39 2007.07.12 no virus found
Authentium 4.93.8 2007.07.12 no virus found
Avast 4.7.997.0 2007.07.12 no virus found
AVG 7.5.0.476 2007.07.12 no virus found
BitDefender 7.2 2007.07.12 no virus found
CAT-QuickHeal 9.00 2007.07.12 no virus found
ClamAV devel-20070416 2007.07.12 no virus found
DrWeb 4.33 2007.07.12 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3781 2007.07.12 no virus found
Ewido 4.0 2007.07.12 no virus found
FileAdvisor 1 2007.07.12 no virus found
Fortinet 2.91.0.0 2007.07.12 no virus found
F-Prot 4.3.2.48 2007.07.11 no virus found
Ikarus T3.1.1.8 2007.07.12 no virus found
Kaspersky 4.0.2.24 2007.07.12 no virus found
McAfee 5073 2007.07.12 no virus found
Microsoft 1.2704 2007.07.12 no virus found
NOD32v2 2395 2007.07.12 no virus found
Norman 5.80.02 2007.07.12 no virus found
Panda 9.0.0.4 2007.07.12 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.12 no virus found
Symantec 10 2007.07.12 no virus found
TheHacker 6.1.6.145 2007.07.12 no virus found
VBA32 3.12.0.2 2007.07.12 no virus found
VirusBuster 4.3.23:9 2007.07.12 no virus found
Webwasher-Gateway 6.0.1 2007.07.12 no virus found
Aditional information
File size: 205 bytes
MD5: bffd8e4f61ac129961844602e61be879
SHA1: 7bed499669fda88f647eced95124d38b0479a2be
Cytat: File _MSRSTRT.EXE received on 07.12.2007 19:38:27 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Loading server information...
Your file is queued in position: 4.
Estimated start time is between 58 and 83 seconds.
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they''re generated.
Print results
Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2007.7.13.0 2007.07.12 no virus found
AntiVir 7.4.0.39 2007.07.12 no virus found
Authentium 4.93.8 2007.07.12 no virus found
Avast 4.7.997.0 2007.07.12 no virus found
AVG 7.5.0.476 2007.07.12 no virus found
BitDefender 7.2 2007.07.12 no virus found
CAT-QuickHeal 9.00 2007.07.12 Tool.Win32.Reboot (Not a Virus)
ClamAV devel-20070416 2007.07.12 no virus found
DrWeb 4.33 2007.07.12 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3781 2007.07.12 no virus found
Ewido 4.0 2007.07.12 no virus found
FileAdvisor 1 2007.07.12 no virus found
Fortinet 2.91.0.0 2007.07.12 no virus found
F-Prot 4.3.2.48 2007.07.11 no virus found
Ikarus T3.1.1.8 2007.07.12 no virus found
Kaspersky 4.0.2.24 2007.07.12 no virus found
McAfee 5073 2007.07.12 no virus found
Microsoft 1.2704 2007.07.12 no virus found
NOD32v2 2395 2007.07.12 no virus found
Norman 5.80.02 2007.07.12 no virus found
Panda 9.0.0.4 2007.07.12 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.12 no virus found
Symantec 10 2007.07.12 no virus found
TheHacker 6.1.6.145 2007.07.12 no virus found
VBA32 3.12.0.2 2007.07.12 no virus found
VirusBuster 4.3.23:9 2007.07.12 no virus found
Webwasher-Gateway 6.0.1 2007.07.12 no virus found
Aditional information
File size: 2560 bytes
MD5: 815372073da85b2098a37ded84083c8a
SHA1: 0a70574450bee11c9c09f25f082e0253aa32ceaa
Re: mam konia trojanskiego, to moj log . co dalej? - Maciej13 - 12.07.2007
Pliki są czyste.
Re: mam konia trojanskiego, to moj log . co dalej? - Serafin - 12.07.2007
Przeskanuj [Aby zobaczyć linki, zarejestruj się tutaj]
po update
Re: mam konia trojanskiego, to moj log . co dalej? - Malik - 13.11.2011
Ciągle mam ten błąd "53" przy uruchamianiu systemu.
Ale narazie komputer dziala poprawnie. Teraz nia mam czasu tym saie zajmowa. Jade na dwutygodniowy urlop
Wielkie dzieki wszystkimza pomoc.
Pozdrawiam
|