Zaloguj się

Serafin · 14.09.2007, 22:27

Cytat: R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM..Run: [Alcmtr]ALCMTR.EXE
O4 - HKLM..Run: [SystemOptimizer]rundll32.exe "C:WINDOWSsystem32 gtsjfppi.dll ",forkonce

Usuń pogrubiony plik w trybie awaryjnym i wyłączonym przywracaniem systemu, wpisy skasuj hijacku

Zastosuj

[Aby zobaczyć linki, zarejestruj się tutaj]

Po zabiegach dajesz logi hijacka

[Aby zobaczyć linki, zarejestruj się tutaj]

oraz

[Aby zobaczyć linki, zarejestruj się tutaj]

Logi obejmujemy w tagi quote lub code

Bitels · 18.09.2007, 23:23

witam po krotkiej nieobenosci - zrobilem jak bylo napisane- pliku "C:WINDOWSsystem32gtsjfppi.dll",forkonce nieznalazlem w windowsie oraz wpisu O4 - HKLM..Run: [SystemOptimizer]rundll32.exe tez nie, jednak zniknely.
reszte usunalem w hijacku - ponizej logi po zabiegach :
Przepraszam jak nieuda mi sie z obejmowaniem logow alepierwszy raz to robie
Virtmundo tez nic nieznalazl

mam trojanremuver i pokazuje mi troche dziwnych plikow ze niby cos jest w nich jak trzeba bedzie to podam gdzie siedza

Hijack

Cytat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:17:01, on 2007-09-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesAheadInCDInCDsrv.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAvira Premium Security Suiteavguard.exe
Crogram FilesAvira Premium Security Suitesched.exe
Crogram FilesAvira Premium Security Suiteavesvc.exe
C:WINDOWSsystem32nvsvc32.exe
Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RunDLL32.exe
Crogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
Crogram FilesAheadInCDInCD.exe
Crogram Fileslg_fwupdatefwupdate.exe
Crogram FilesJavajre1.6.0_02binjusched.exe
Crogram FilesDAEMON Toolsdaemon.exe
C:WINDOWSFixCamera.exe
C:WINDOWStsnp2std.exe
C:WINDOWSvsnp2std.exe
Crogram FilesAvira Premium Security Suiteavgnt.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesOperaOpera.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
[Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ĺącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_02binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Crogram FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll
O2 - BHO: (no name) - {EAD66095-8F24-40E9-9787-A23EC09EDBF0} - C:WINDOWSsystem32jkhhi.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O4 - HKLM..Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel]SkyTel.EXE
O4 - HKLM..Run: [NvCplDaemon]RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz]nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter]RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RemoteControl]"Crogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [InCD]Crogram FilesAheadInCDInCD.exe
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [LGODDFU]"Crogram Fileslg_fwupdatefwupdate.exe" blrun
O4 - HKLM..Run: [SunJavaUpdateSched]"Crogram FilesJavajre1.6.0_02binjusched.exe"
O4 - HKLM..Run: [DAEMON Tools]"Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [FixCamera]C:WINDOWSFixCamera.exe
O4 - HKLM..Run: [tsnp2std]C:WINDOWStsnp2std.exe
O4 - HKLM..Run: [snp2std]C:WINDOWSvsnp2std.exe
O4 - HKLM..Run: [REGSHAVE]Crogram FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 - HKLM..Run: [DXDllRegExe]dxdllreg.exe
O4 - HKLM..Run: [QuickTime Task]"Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [avgnt]"Crogram FilesAvira Premium Security Suiteavgnt.exe" /min
O4 - HKLM..Run: [TrojanScanner]Crogram FilesTrojan RemoverTrjscan.exe
O4 - HKCU..Run: [CTFMON.EXE]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS]"Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [NBJ]"Crogram FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [QuickTime Task]"Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USĹUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USĹUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_02binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_02binssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 - Plugin for .spop: Crogram FilesInternet ExplorerPluginsNPDocBox.dll
O15 - Trusted Zone:
[Aby zobaczyć linki, zarejestruj się tutaj]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
[Aby zobaczyć linki, zarejestruj się tutaj]
O20 - Winlogon Notify: wvutqro - wvutqro.dll (file missing)
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - Crogram FilesAvira Premium Security Suiteavfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - Crogram FilesAvira Premium Security Suiteavmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAvira Premium Security Suitesched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - Crogram FilesAvira Premium Security Suiteavguard.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - Crogram FilesAvira Premium Security Suiteavesvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - Crogram FilesAheadInCDInCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - Crogram FilesSpyware Doctorsvcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - Crogram FilesSpyware Doctorswdsvc.exe
O23 - Service: ServiceLayer - Nokia. - Crogram FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

--
End of file - 7604 bytes

combo

Cytat:
ComboFix 07-09-18.4 - "User" 2007-09-190:05:30.1 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.654 [GMT 2:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:WINDOWScookies.ini
C:WINDOWSsystem32dvmmkwid.exe
C:WINDOWSsystem32idubxrnq.exe
C:WINDOWSsystem32ldfgtxwy.exe
C:WINDOWSsystem32tmp25.tmp
C:WINDOWSsystem32vebjekih.exe
C:WINDOWSsystem32vxnowmlu.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------nm

((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18)))))))))))))))))))))))))))))))
.

2007-09-19 00:04 51,200 --a------ C:WINDOWSNirCmd.exe
2007-09-17 16:38 <DIR> d-------- C:sterowniki scanjet 2400
2007-09-15 18:31 <DIR> d-------- Crogram FilesWorld of Warcraft
2007-09-15 18:31 <DIR> d-------- Crogram FilesCommon FilesBlizzard Entertainment
2007-09-15 12:57 <DIR> d-------- COCUME~1ADMINI~1DANEAP~1Opera
2007-09-13 22:05 83,024 --a------ C:WINDOWSsystem32driversiksyssec.sys
2007-09-13 22:05 626,688 --a------ C:WINDOWSsystem32msvcr80.dll
2007-09-13 22:05 57,424 --a------ C:WINDOWSsystem32driversiksysflt.sys
2007-09-13 22:05 53,840 --a------ C:WINDOWSsystem32driversikfilesec.sys
2007-09-13 22:05 39,376 --a------ C:WINDOWSsystem32driversikfileflt.sys
2007-09-13 22:05 29,264 --a------ C:WINDOWSsystem32driverskcom.sys
2007-09-13 22:05 <DIR> d-------- Crogram FilesSpyware Doctor
2007-09-13 22:05 <DIR> d-------- COCUME~1UserDANEAP~1PC Tools
2007-09-13 21:31 <DIR> d-------- Crogram FilesOpera
2007-09-13 21:31 <DIR> d-------- COCUME~1UserDANEAP~1Opera
2007-09-13 17:51 588,959 ---hs---- C:WINDOWSsystem32ihhkj.bak2
2007-09-12 20:17 82,061 --a------ C:WINDOWSsystem32driversklick.dat
2007-09-12 20:17 81,549 --a------ C:WINDOWSsystem32driversklin.dat
2007-09-12 20:17 <DIR> d-------- Crogram FilesKaspersky Lab
2007-09-12 20:17 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1Kaspersky Lab
2007-09-12 20:16 9,388,320 --ahs---- C:WINDOWSsystem32driversfidbox.dat
2007-09-12 20:16 47,904 --ahs---- C:WINDOWSsystem32driversfidbox2.dat
2007-09-12 20:16 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1Kaspersky Lab Setup Files
2007-09-11 22:30 588,363 ---hs---- C:WINDOWSsystem32ihhkj.ini2
2007-09-11 22:30 577,554 ---hs---- C:WINDOWSsystem32ihhkj.bak1
2007-09-11 20:42 <DIR> d-a------ COCUME~1ALLUSE~1DANEAP~1TEMP
2007-09-11 20:41 77,312 --a------ C:WINDOWSsystem32ztvunace26.dll
2007-09-11 20:41 75,264 --a------ C:WINDOWSsystem32unacev2.dll
2007-09-11 20:41 69,632 --a------ C:WINDOWSsystem32ztvcabinet.dll
2007-09-11 20:41 162,304 --a------ C:WINDOWSsystem32ztvunrar36.dll
2007-09-11 20:41 153,088 --a------ C:WINDOWSsystem32UNRAR3.dll
2007-09-11 20:41 <DIR> d-------- Crogram FilesTrojan Remover
2007-09-11 20:41 <DIR> d-------- COCUME~1UserDANEAP~1Simply Super Software
2007-09-11 20:41 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1Simply Super Software
2007-09-11 20:35 3,968 --a------ C:WINDOWSsystem32driversAvgArCln.sys
2007-09-11 19:52 693,604 --a------ C:WINDOWSsystem32vemmyseq.ini.ren
2007-09-11 19:20 <DIR> d-------- COCUME~1ADMINI~1DANEAP~1Avira Premium Security Suite
2007-09-11 19:12 <DIR> dr-h----- COCUME~1ADMINI~1Dane aplikacji
2007-09-11 19:12 <DIR> dr------- COCUME~1ADMINI~1Menu Start
2007-09-11 19:12 <DIR> d--h----- COCUME~1ADMINI~1Ustawienia lokalne
2007-09-11 19:12 <DIR> d--h----- COCUME~1ADMINI~1Szablony
2007-09-11 19:12 <DIR> d-------- COCUME~1ADMINI~1Ulubione
2007-09-11 19:12 <DIR> d-------- COCUME~1ADMINI~1Pulpit
2007-09-11 19:12 <DIR> d-------- COCUME~1ADMINI~1Moje dokumenty
2007-09-11 06:51 <DIR> d-------- Crogram FilesTrend Micro
2007-09-11 05:34 <DIR> d-------- C:WINDOWSsystem32ActiveScan
2007-09-10 18:46 578,181 --a------ C:WINDOWSsystem32ihhkj.bak2.ren
2007-09-10 07:10 581,402 --a------ C:WINDOWSsystem32ihhkj.ini.ren
2007-09-09 20:46 581,462 --ahs---- C:WINDOWSsystem32ihhkj.ini2.ren
2007-09-09 20:30 <DIR> d-------- Crogram FilesHand-Crafted Software
2007-09-09 20:08 <DIR> d-------- Crogram FilesAnalogX
2007-09-09 19:52 579,134 --a------ C:WINDOWSsystem32ihhkj.tmp.ren
2007-09-09 19:52 577,554 --a------ C:WINDOWSsystem32ihhkj.bak1.ren
2007-09-07 21:54 <DIR> d-------- Crogram FilesRegistry Shower 2007
2007-09-07 21:13 <DIR> d-------- COCUME~1UserDANEAP~1Avira Premium Security Suite
2007-09-06 22:44 57,344 --a------ C:WINDOWSsystem32driversavfwot.sys
2007-09-06 22:44 53,504 --a------ C:WINDOWSsystem32driversavfwim.sys
2007-09-06 22:44 156,154 --a------ COCUME~1ALLUSE~1DANEAP~1firstlsp.reg.dat
2007-09-06 22:44 <DIR> d-------- Crogram FilesAvira Premium Security Suite
2007-09-06 22:44 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1Avira Premium Security Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-19 00:11 --------- d-------- Crogram Fileslg_fwupdate
2007-09-19 00:08 6536 --ahs---- C:WINDOWSsystem32driversfidbox2.idx
2007-09-19 00:08 128852 --ahs---- C:WINDOWSsystem32driversfidbox.idx
2007-09-13 07:12 --------- d-------- COCUME~1UserDANEAP~1uTorrent
2007-09-11 22:02 --------- d-------- Crogram FilesWinRoute Pro
2007-09-08 18:32 --------- d-------- COCUME~1UserDANEAP~1Skype
2007-09-07 03:05 --------- d-------- Crogram FilesDAEMON Tools
2007-09-06 22:43 --------- d-------- Crogram FilesCommon FilesSymantec Shared
2007-09-02 15:17 --------- d-------- Crogram FilesBlue Coat Systems
2007-08-05 16:36 --------- d-------- COCUME~1UserDANEAP~1Nokia Multimedia Player
2007-08-05 16:24 --------- d-------- COCUME~1UserDANEAP~1Teleca
2007-08-05 16:18 --------- d-------- COCUME~1UserDANEAP~1Sony Ericsson
2007-08-05 16:16 --------- d-------- Crogram FilesSony Ericsson
2007-08-05 16:16 --------- d-------- Crogram FilesCommon FilesTeleca Shared
2007-08-05 16:16 --------- d-------- Crogram FilesCommon FilesSony Ericsson Shared
2007-08-05 16:16 --------- d-------- COCUME~1ALLUSE~1DANEAP~1Teleca
2007-08-05 16:16 --------- d-------- COCUME~1ALLUSE~1DANEAP~1Sony Ericsson
2007-08-05 06:44 --------- d-------- Crogram FilesGoogle
2007-08-04 23:15 --------- d-------- COCUME~1LOCALS~1DANEAP~1Google
2007-07-25 20:59 --------- d-------- Crogram FilesCommon FilesMAGIX Shared
2007-07-25 20:59 --------- d-------- COCUME~1ALLUSE~1DANEAP~1MAGIX
2007-06-28 12:51 206088 --a------ C:WINDOWSsystem32klogon.dll
2004-10-01 15:00 40960 --a------ Crogram FilesUninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{EAD66095-8F24-40E9-9787-A23EC09EDBF0}]
C:WINDOWSsystem32jkhhi.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 04:47 C:WINDOWSRTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 C:WINDOWSSkyTel.exe]
"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2006-06-01 11:22]
"nwiz"="nwiz.exe" [2006-06-01 11:22 C:WINDOWSsystem32nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 C:WINDOWSsystem32nvmctray.dll]
"RemoteControl"="Crogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe" [2004-11-02 20:24]
"InCD"="Crogram FilesAheadInCDInCD.exe" [2006-03-14 04:06]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 10:50]
"LGODDFU"="Crogram Fileslg_fwupdatefwupdate.exe" [2007-04-22 15:47]
"SunJavaUpdateSched"="Crogram FilesJavajre1.6.0_02binjusched.exe" [2007-07-12 04:00]
"DAEMON Tools"="Crogram FilesDAEMON Toolsdaemon.exe" [2006-11-12 12:48]
"FixCamera"="C:WINDOWSFixCamera.exe" [2006-06-01 12:26]
"tsnp2std"="C:WINDOWStsnp2std.exe" [2006-06-19 14:37]
"snp2std"="C:WINDOWSvsnp2std.exe" [2006-07-10 10:33]
"REGSHAVE"="Crogram FilesREGSHAVEREGSHAVE.exe" [2002-02-04 23:32]
"DXDllRegExe"="dxdllreg.exe" []
"QuickTime Task"="Crogram FilesQuickTimeqttask.exe" [2006-09-01 16:57]
"avgnt"="Crogram FilesAvira Premium Security Suiteavgnt.exe" [2007-04-02 10:35]
"TrojanScanner"="Crogram FilesTrojan RemoverTrjscan.exe" [2007-09-04 13:26]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]
"MSMSGS"="Crogram FilesMessengermsmsgs.exe" [2004-10-13 18:24]
"NBJ"="Crogram FilesAheadNero BackItUpNBJ.exe" [2005-10-11 18:25]
"QuickTime Task"="Crogram FilesQuickTimeqttask.exe" [2006-09-01 16:57]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]
"Nokia.PCSync"=Crogram FilesNokiaNokia PC Suite 6PcSync2.exe /NoDialog
"swg"=Crogram FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe

COCUME~1ALLUSE~1MENUST~1ProgramyAUTOST~1
Microsoft Office.lnk - Crogram FilesMicrosoft OfficeOfficeOSA9.EXE [1999-02-17 21:05:56]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifywvutqro]
wvutqro.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice"

R1 avfwot;avfwot;??C:WINDOWSsystem32driversavfwot.sys
R2 AVEService;Avira Premium Security Suite MailGuard helper service;"Crogram FilesAvira Premium Security Suiteavesvc.exe"
R3 avfwim;AvFw Packet Filter Miniport;C:WINDOWSsystem32DRIVERSavfwim.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:WINDOWSsystem32DRIVERSdne2000.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:WINDOWSsystem32DRIVERSklim5.sys
R3 netrcacm;RCA USB Digital Cable Modem Driver;C:WINDOWSsystem32DRIVERSnetrcacm.sys
S2 AntiVirFirewallService;Avira Premium Security Suite Firewall;Crogram FilesAvira Premium Security Suiteavfwsvc.exe
S2 AntiVirMailService;Avira Premium Security Suite MailGuard;"Crogram FilesAvira Premium Security Suiteavmailc.exe"
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:WINDOWSsystem32DRIVERSSE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSSE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:WINDOWSsystem32DRIVERSSE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:WINDOWSsystem32DRIVERSSE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:WINDOWSsystem32DRIVERSse27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:WINDOWSsystem32DRIVERSSE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:WINDOWSsystem32DRIVERSse27unic.sys
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:WINDOWSsystem32DRIVERSsnp2sxp.sys
S3 USBCCID;USB Smart Card reader;C:WINDOWSsystem32DRIVERSusbccid.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
[Aby zobaczyć linki, zarejestruj się tutaj]
Rootkit scan 2007-09-19 00:10:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-190:12:42 - machine was rebooted
C:ComboFix-quarantined-files.txt ... 2007-09-19 00:12
.
--- E O F ---

Silent

Cytat:
"Silent Runners.vbs", revision 52,
[Aby zobaczyć linki, zarejestruj się tutaj]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"CTFMON.EXE" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"MSMSGS" = ""Crogram FilesMessengermsmsgs.exe" /background" [MS]
"NBJ" = ""Crogram FilesAheadNero BackItUpNBJ.exe"" ["Ahead Software AG"]
"QuickTime Task" = ""Crogram FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
"RemoteControl" = ""Crogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"InCD" = "Crogram FilesAheadInCDInCD.exe" ["Nero AG"]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"LGODDFU" = ""Crogram Fileslg_fwupdatefwupdate.exe" blrun" ["BL"]
"SunJavaUpdateSched" = ""Crogram FilesJavajre1.6.0_02binjusched.exe"" ["Sun Microsystems, Inc."]
"DAEMON Tools" = ""Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033" ["DT Soft Ltd."]
"FixCamera" = "C:WINDOWSFixCamera.exe" [empty string]
"tsnp2std" = "C:WINDOWStsnp2std.exe" [empty string]
"snp2std" = "C:WINDOWSvsnp2std.exe" ["Sonix"]
"REGSHAVE" = "Crogram FilesREGSHAVEREGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
"DXDllRegExe" = "dxdllreg.exe" [file not found]
"QuickTime Task" = ""Crogram FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]
"avgnt" = ""Crogram FilesAvira Premium Security Suiteavgnt.exe" /min" ["Avira GmbH"]
"TrojanScanner" = "Crogram FilesTrojan RemoverTrjscan.exe" ["Simply Super Software"]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "Crogram FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_02binssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
InProcServer32(Default) = "Crogram FilesGoogleGoogleToolbarNotifier2.0.301.7164swg.dll" ["Google Inc."]
{EAD66095-8F24-40E9-9787-A23EC09EDBF0}(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32jkhhi.dll" [file not found]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
InProcServer32(Default) = "C:WINDOWSsystem32nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
InProcServer32(Default) = "C:WINDOWSsystem32nvshell.dll" ["NVIDIA Corporation"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
InProcServer32(Default) = "Crogram FilesAheadInCDincdshx.dll" ["Nero AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Crogram FilesWinRARrarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "CROGRA~1MICROS~2OfficeOLKFSTUB.DLL" [MS]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
InProcServer32(Default) = "C:WINDOWSsystem32upnpui.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
InProcServer32(Default) = "Crogram FilesNokiaNokia PC Suite 6PhoneBrowser.dll" ["Nokia"]
"{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
InProcServer32(Default) = "Crogram FilesSony EricssonMobile2File ManagerFM.dll" ["Popwire AB"]
"{738D66C6-0149-4D40-84E4-A7BB2D0CE949}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
InProcServer32(Default) = "Crogram FilesSony EricssonMobile2File ManagerFM.dll" ["Popwire AB"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAvira Premium Security Suiteshlext.dll" ["Avira GmbH"]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
InProcServer32(Default) = "CROGRA~1TROJAN~1Trshlex.dll" ["Simply Super Software"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki dla ochrony WWW"
-> {HKLM...CLSID} = "Statystyki dla ochrony WWW"
InProcServer32(Default) = "Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0SCIEPlgn.dll" ["Kaspersky Lab"]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> klogonDLLName = "C:WINDOWSsystem32klogon.dll" ["Kaspersky Lab"]
<<!>> wvutqroDLLName = "wvutqro.dll" [file not found]

HKLMSoftwareClasses*shellexContextMenuHandlers
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0ShellEx.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAvira Premium Security Suiteshlext.dll" ["Avira GmbH"]
Trojan Remover(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
InProcServer32(Default) = "CROGRA~1TROJAN~1Trshlex.dll" ["Simply Super Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Crogram FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Crogram FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
Kaspersky Anti-Virus(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0ShellEx.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAvira Premium Security Suiteshlext.dll" ["Avira GmbH"]
Trojan Remover(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
InProcServer32(Default) = "CROGRA~1TROJAN~1Trshlex.dll" ["Simply Super Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "Crogram FilesWinRARrarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:WINDOWSwebwallpaperIdylla.bmp"

Startup items in "User" & "All Users" startup folders:
------------------------------------------------------

Cocuments and SettingsAll UsersMenu StartProgramyAutostart
"Microsoft Office" -> shortcut to: "Crogram FilesMicrosoft OfficeOfficeOSA9.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000004LibraryPath = "%SystemRoot%System32nwprovau.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
avsda.dll ["Avira GmbH"] , 01 - 02, 29
%SystemRoot%system32mswsock.dll [MS] , 03 - 05, 08 - 28
%SystemRoot%system32rsvpsp.dll [MS] , 06 - 07

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar2.dll" ["Google Inc."]

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{85E0B171-04FA-11D1-B7DA-00A0C90348D6}(Default) = "Statystyki dla ochrony WWW"
Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]
InProcServer32(Default) = "Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0SCIEPlgn.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_02binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
InProcServer32(Default) = "Crogram FilesJavajre1.6.0_02binnpjpi160_02.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}
"ButtonText" = "Statystyki dla ochrony WWW"

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "Crogram FilesMessengermsmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Avira Premium Security Suite Guard, AntiVirService, ""Crogram FilesAvira Premium Security Suiteavguard.exe"" ["Avira GmbH"]
Avira Premium Security Suite MailGuard helper service, AVEService, ""Crogram FilesAvira Premium Security Suiteavesvc.exe"" ["Avira GmbH"]
Avira Premium Security Suite Scheduler, AntiVirScheduler, ""Crogram FilesAvira Premium Security Suitesched.exe"" ["Avira GmbH"]
InCD Helper, InCDsrv, "Crogram FilesAheadInCDInCDsrv.exe" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "C:WINDOWSsystem32nvsvc32.exe" ["NVIDIA Corporation"]
StarWind iSCSI Service, StarWindService, "Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe" ["Rocket Division Software"]
Windows User Mode Driver Framework, UMWdf, "C:WINDOWSsystem32wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
hpzsnt09Driver = "hpzsnt09.dll" ["HP"]

---------- (launch time: 2007-09-19 00:14:28)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 62 seconds.
---------- (total run time: 114 seconds)

pozdrawiam
Bitels

Serafin · 19.09.2007, 11:54

Skasuj w hijacku

Cytat: O2 - BHO: (no name) - {EAD66095-8F24-40E9-9787-A23EC09EDBF0} - C:WINDOWSsystem32jkhhi.dll (file missing)
O2 - BHO: XBTP02634 - {F97DA966-F09D-4cab-BF29-75A0026986EA} - (no file)
O20 - Winlogon Notify: wvutqro - wvutqro.dll (file missing)

Otwórz notatnik i wklej w nim to

Cytat: File::
C:WINDOWSsystem32ihhkj.bak2
C:WINDOWSsystem32ihhkj.ini2
C:WINDOWSsystem32ihhkj.bak1
C:WINDOWSsystem32ihhkj.bak2.ren
C:WINDOWSsystem32ihhkj.ini.ren
C:WINDOWSsystem32ihhkj.ini2.ren
C:WINDOWSsystem32ihhkj.tmp.ren
C:WINDOWSsystem32ihhkj.bak1.ren
C:WINDOWSsystem32vemmyseq.ini.ren

Registry::
[HKEY_LOCAL_MACHINE~Browser Helper Objects{EAD66095-8F24-40E9-9787-A23EC09EDBF0}]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifywvutqro]

Zapisz plik jako CFScript.txt . Przeciągasz plik CFScript.txt na ikonkę Combofixa i rozpocznie się usuwanie podczas którego wystąpi reset komputera

Po zabiegach dajesz logi z hijacka Silent runners i combofix

Bitels · 13.11.2011, 11:28

nalapalem jakis trojanow a wy jestescie ostatnia deska ratunku niewiem co mam juz robic - pozostanie ostatecznoc czyli format c: ale moze dacie rady mi pozmoc ;-)wklejam log z hijacka - prosze o poprowadznie mnie jak dzidziusia bo jestem zielony z tego tematu - z gory dzieki

Cytat: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:06, on 2007-09-14
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSSYSTEM32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
Crogram FilesAheadInCDInCDsrv.exe
C:WINDOWSsystem32spoolsv.exe
Crogram FilesAvira Premium Security Suiteavguard.exe
Crogram FilesAvira Premium Security Suitesched.exe
Crogram FilesAvira Premium Security Suiteavesvc.exe
C:WINDOWSsystem32nvsvc32.exe
Crogram FilesSpyware Doctorsvcntaux.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RunDLL32.exe
Crogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
Crogram FilesAheadInCDInCD.exe
Crogram Fileslg_fwupdatefwupdate.exe
Crogram FilesJavajre1.6.0_02binjusched.exe
Crogram FilesDAEMON Toolsdaemon.exe
C:WINDOWSFixCamera.exe
C:WINDOWStsnp2std.exe
C:WINDOWSvsnp2std.exe
Crogram FilesAvira Premium Security Suiteavgnt.exe
Crogram FilesSpyware DoctorSDTrayApp.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesMessengermsmsgs.exe
Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe
Crogram FilesOperaOpera.exe
C:WINDOWSsystem32wscntfy.exe
Crogram FilesSpyware Doctorswdsvc.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant =
[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
[Aby zobaczyć linki, zarejestruj się tutaj]
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
[Aby zobaczyć linki, zarejestruj się tutaj]
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ĺącza
R3 - URLSearchHook: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM..Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM..Run: [SkyTel]SkyTel.EXE
O4 - HKLM..Run: [Alcmtr]ALCMTR.EXE
O4 - HKLM..Run: [NvCplDaemon]RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz]nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter]RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM..Run: [RemoteControl]"Crogram FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [InCD]Crogram FilesAheadInCDInCD.exe
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [LGODDFU]"Crogram Fileslg_fwupdatefwupdate.exe" blrun
O4 - HKLM..Run: [SunJavaUpdateSched]"Crogram FilesJavajre1.6.0_02binjusched.exe"
O4 - HKLM..Run: [DAEMON Tools]"Crogram FilesDAEMON Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [FixCamera]C:WINDOWSFixCamera.exe
O4 - HKLM..Run: [tsnp2std]C:WINDOWStsnp2std.exe
O4 - HKLM..Run: [snp2std]C:WINDOWSvsnp2std.exe
O4 - HKLM..Run: [REGSHAVE]Crogram FilesREGSHAVEREGSHAVE.EXE /AUTORUN
O4 - HKLM..Run: [DXDllRegExe]dxdllreg.exe
O4 - HKLM..Run: [QuickTime Task]"Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [avgnt]"Crogram FilesAvira Premium Security Suiteavgnt.exe" /min
O4 - HKLM..Run: [TrojanScanner]Crogram FilesTrojan RemoverTrjscan.exe
O4 - HKLM..Run: [SDTray]"Crogram FilesSpyware DoctorSDTrayApp.exe"
O4 - HKLM..Run: [SystemOptimizer]rundll32.exe "C:WINDOWSsystem32gtsjfppi.dll",forkonce
O4 - HKCU..Run: [CTFMON.EXE]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS]"Crogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [NBJ]"Crogram FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [QuickTime Task]"Crogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USĹUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USĹUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_02binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_02binssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O12 - Plugin for .spop: Crogram FilesInternet ExplorerPluginsNPDocBox.dll
O15 - Trusted Zone:
[Aby zobaczyć linki, zarejestruj się tutaj]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
[Aby zobaczyć linki, zarejestruj się tutaj]
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - Crogram FilesAvira Premium Security Suiteavfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - Crogram FilesAvira Premium Security Suiteavmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - Crogram FilesAvira Premium Security Suitesched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - Crogram FilesAvira Premium Security Suiteavguard.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - Crogram FilesAvira Premium Security Suiteavesvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - Crogram FilesKaspersky LabKaspersky Anti-Virus 7.0avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - Crogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - Crogram FilesAheadInCDInCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - Crogram FilesSpyware Doctorsvcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - Crogram FilesSpyware Doctorswdsvc.exe
O23 - Service: ServiceLayer - Nokia. - Crogram FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - Crogram FilesAlcohol SoftAlcohol 120StarWindStarWindService.exe

--
End of file - 7519 bytes

pozdrawiam Bitels

Zaloguj się
Login:
Hasło:	Nie pamiętam hasła
	Zapamiętaj mnie