Zaloguj się

Malik · 26.06.2007, 19:25

skanowałem avast''em i avira. wkryły mi konia trojanskiego.pliki poddałem kwarantannie. Pierwszy raz mam wirusa na kompie. nie wiem co dalej z tym robic

[code:1] Logfile of HijackThis v1.99.1
Scan saved at 19:07:43, on 2007-06-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C Tongue

rogram FilesAlwil SoftwareAvast4aswUpdSv.exe
C Tongue

rogram FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C Tongue

rogram FilesAntiVir PersonalEdition Classicavguard.exe
C Tongue

rogram FilesAntiVir PersonalEdition Classicsched.exe
C Tongue

rogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C Tongue

rogram FilesATI TechnologiesATI.ACEcli.exe
C Tongue

rogram FilesVIAudioiSBADeckADeck.exe
C Tongue

rogram FilesQuickTimeqttask.exe
C:WINDOWSSOUNDMAN.EXE
C Tongue

rogram FilesWinFastWFTVFMWFWIZ.exe
C Tongue

rogram FilesJavajre1.5.0_11binjusched.exe
C Tongue

rogram FilesD-Toolsdaemon.exe
C Tongue

rogram FilesAntiVir PersonalEdition Classicavgnt.exe
C Tongue

ROGRA~1ALWILS~1Avast4ashDisp.exe
C Tongue

rogram FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C Tongue

rogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
C Tongue

rogram FilesEdgeCAMCamedgecls.exe
C Tongue

rogram FilesATI TechnologiesATI.ACEcli.exe
C Tongue

rogram FilesJavajre1.5.0_11binjucheck.exe
C Tongue

rogram FilesAlwil SoftwareAvast4ashMaiSv.exe
C Tongue

rogram FilesAlwil SoftwareAvast4ashWebSv.exe
C Tongue

rogram FilesAlwil SoftwareAvast4ashSimpl.exe
C Tongue

rogram FilesWinFastWFTVFMWFTV.EXE
C Tongue

rogram FilesInternet Exploreriexplore.exe
C Tongue

rogram FilesAntiVir PersonalEdition Classicavcenter.exe
C:totalcmdTOTALCMD.EXE
c:FilmyKasowanie wirusaHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Ĺącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C Tongue

rogram FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:WINDOWSsystem32ipv6mons.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C Tongue

rogram FilesJavajre1.5.0_11binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar3.dll
O4 - HKLM..Run: [ATICCC]"C Tongue

rogram FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay
O4 - HKLM..Run: [NeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [AudioDeck]C Tongue

rogram FilesVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [QuickTime Task]"C Tongue

rogram FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SoundMan]SOUNDMAN.EXE
O4 - HKLM..Run: [WinFast Schedule]C Tongue

rogram FilesWinFastWFTVFMWFWIZ.exe
O4 - HKLM..Run: [SunJavaUpdateSched]"C Tongue

rogram FilesJavajre1.5.0_11binjusched.exe"
O4 - HKLM..Run: [Ulead Quick-Drop]"C Tongue

rogram FilesUlead SystemsUlead DVD MovieFactory 4.0 SuiteUlead Quick-Drop 1.0Quick-Drop.exe" WINDOWCALL
O4 - HKLM..Run: [DAEMON Tools-1033]"C Tongue

rogram FilesD-Toolsdaemon.exe"-lang 1033
O4 - HKLM..Run: [avgnt]"C Tongue

rogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKLM..Run: [avast!]C Tongue

ROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [MSMSGS]"C Tongue

rogram FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [NBJ]"C Tongue

rogram FilesAheadNero BackItUpNBJ.exe"
O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg]C Tongue

rogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe
O4 - Startup: Ubisoft register.lnk = C Tongue

rogram FilesUbisoftRegisterschedule.exe
O4 - Global Startup: EdgeCLS11.50.lnk = C Tongue

rogram FilesEdgeCAMCamedgecls.exe
O4 - Global Startup: Microsoft Office.lnk = C Tongue

rogram FilesMicrosoft OfficeOffice10OSA.EXE
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C Tongue

rogram FilesCommon FilesAutodesk Sharedacstart16.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -

[Aby zobaczyć linki, zarejestruj się tutaj]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C Tongue

rogram FilesJavajre1.5.0_11binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C Tongue

rogram FilesJavajre1.5.0_11binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C Tongue

rogram FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C Tongue

rogram FilesMessengermsmsgs.exe
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - C Tongue

rogram FilesAutodeskInventor Professional 9binHSPCLPRO10.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C Tongue

rogram FilesAntiVir PersonalEdition Classicsched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C Tongue

rogram FilesAntiVir PersonalEdition Classicavguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C Tongue

rogram FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C Tongue

rogram FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C Tongue

rogram FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C Tongue

rogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C Tongue

rogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C Tongue

rogram FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C Tongue

rogram FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe[/code:1]

Serafin · 26.06.2007, 20:42

Cytat: O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:WINDOWSsystem32 ipv6mons.dll(file missing

Usuń plik ręcznie z dysku w trybie awaryjnym i wyłączonym przywracaniem systemu. wpis skasuj w hijacku. Po zabiegu daj nowe logi z hijackthis i

[Aby zobaczyć linki, zarejestruj się tutaj]

Glombek · 27.06.2007, 14:39

Albo jestem głupi albo on ma 2 antyvirusy None

Malik · 27.06.2007, 16:10

Tak mam dwa antywirusy. Miałem tylu doraców,ze trudno sie dowiedziec który lepszy.

Co sie stanie jak usune te pliki. Wydaje mi sie ze one odpowiadaja za połaczenie z internetem. Trzeba je potem doinstalowac?

dymek9229 · 27.06.2007, 21:23

Malik
posłuchaj widzisz to co napisał "Bodek"- skoro on jest tu modem to nie został nim tylko dlatego ze komuś to pasowało. Do czego dążę otuż ze każdy user powinien sie dostosowywać do moderatorów Wink

więc zrób to co napisał i usuń ten wpis w HIJACKTHIS i daj nowego loga z sillentrunner
pozdros
p.s Gwaranruje ze nic ci sie z komputerkiem nie stanie Wink

Malik · 28.06.2007, 17:02

Jescze dwa pytania:
Jak sie uruchamia komputer w trybire awaryjnym, a potem jak znaleźc ten wpis

I czy mam usunac caly wpis czy tylko pogrubienie?

Serafin · 28.06.2007, 17:11

Jak będziesz w trybie awaryjnym to odpalasz hijacka klikasz Do a system scan only odszukujesz ten wpis zaznaczasz go i klikasz Fix cheked.
Co do tego pliku odnajdujesz go w systemie i usuwasz ręcznie

Malik · 28.06.2007, 18:22

Dzięki za informacje..

Ale jak sie wchodzi w tryb awaryjny....?

Bo naprawde zapomniałem.. kombinuje i kombinuje ..i nic

Serafin · 28.06.2007, 19:12

W czasie uruchamiania się komputera wciskasz klawisz F8 lub F5 i z tekstowego menu wybierasz tryb awaryjny

Malik · 11.07.2007, 17:50

wykasowałem powyższy plik według podanych wskazuwek.
ale wirus nadal siedzi, ciagle wyskakuje mi "Błąd 53" podczas uruchamiania systemu

to mój log

Cytat: "Silent Runners.vbs", revision R50,
[Aby zobaczyć linki, zarejestruj się tutaj]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}
"MSMSGS" = ""Crogram FilesMessengermsmsgs.exe" /background" [MS]
"NBJ" = ""Crogram FilesAheadNero BackItUpNBJ.exe"" ["Ahead Software AG"]
"ctfmon.exe" = "C:WINDOWSsystem32ctfmon.exe" [MS]
"swg" = "Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" ["Google Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}
"ATICCC" = ""Crogram FilesATI TechnologiesATI.ACEcli.exe" runtime -Delay" [null data]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"AudioDeck" = "Crogram FilesVIAudioiSBADeckADeck.exe 1" ["VIA Technologies, Inc."]
"QuickTime Task" = ""Crogram FilesQuickTimeqttask.exe" -atboottime" ["Apple Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"WinFast Schedule" = "Crogram FilesWinFastWFTVFMWFWIZ.exe" ["Leadtek Research Inc."]
"SunJavaUpdateSched" = ""Crogram FilesJavajre1.5.0_11binjusched.exe"" ["Sun Microsystems, Inc."]
"Ulead Quick-Drop" = ""Crogram FilesUlead SystemsUlead DVD MovieFactory 4.0 SuiteUlead Quick-Drop 1.0Quick-Drop.exe" WINDOWCALL" [file not found]
"DAEMON Tools-1033" = ""Crogram FilesD-Toolsdaemon.exe"-lang 1033" ["DAEMON''S HOME"]
"avgnt" = ""Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" /min" ["Avira GmbH"]
"avast!" = "CROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]

HKLMSoftwareMicrosoftWindowsCurrentVersionRunOnceEx {++}
"Flag" = hex:0x00000002

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
InProcServer32(Default) = "Crogram FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "Crogram FilesJavajre1.5.0_11binssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar3.dll" ["Google Inc."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
InProcServer32(Default) = "Crogram FilesATI TechnologiesATI.ACEatiacmxx.dll" [empty string]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "Crogram FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
InProcServer32(Default) = "Crogram FilesMicrosoft OfficeOffice10msohev.dll" [MS]
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"
-> {HKLM...CLSID} = "ACTHUMBNAIL"
InProcServer32(Default) = "Crogram FilesCommon FilesAutodesk SharedThumbnailAcThumbnail16.dll" ["Autodesk"]
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Uchwyt nakładania ikony podpisu cyfrowego"
-> {HKLM...CLSID} = "AcSignIcon"
InProcServer32(Default) = "C:WINDOWSsystem32AcSignIcon.dll" ["Autodesk"]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {HKLM...CLSID} = "ACDWFTHMBPRXY"
InProcServer32(Default) = "Crogram FilesCommon FilesAutodesk SharedThumbnailAcDwfThmbPrxy16.dll" ["Autodesk"]
"{4EB37360-49E8-11D3-95B5-004033382980}" = "ALZip 4.0 Context Menu Shell Extension"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
InProcServer32(Default) = "CROGRA~1ESTsoftALZipAZCTM.DLL" ["estsoft"]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
InProcServer32(Default) = "CROGRA~1ALCOHO~1ALCOHO~1AXShlEx.dll" ["Alcohol Soft Development Team"]
"{DBD8E168-244D-448C-9922-25508950D1DC}" = "Ulead UDF Driver"
-> {HKLM...CLSID} = "USIShellExt Class"
InProcServer32(Default) = "Crogram FilesCommon FilesUlead SystemsDVDUSIShex.dll" [file not found]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers
ALZip(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
InProcServer32(Default) = "CROGRA~1ESTsoftALZipAZCTM.DLL" ["estsoft"]
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers
ALZip(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
InProcServer32(Default) = "CROGRA~1ESTsoftALZipAZCTM.DLL" ["estsoft"]

HKLMSoftwareClassesFoldershellexContextMenuHandlers
ALZip(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
InProcServer32(Default) = "CROGRA~1ESTsoftALZipAZCTM.DLL" ["estsoft"]
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "Crogram FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
InventorMenu(Default) = "{6FDE7A70-351B-11d6-988B-0010B57A8BB7}"
-> {HKLM...CLSID} = "Autodesk Inventor ™ Part Document"
InProcServer32(Default) = "Crogram FilesAutodeskInventor 9BinDT.dll" ["Autodesk, Inc."]
Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
InProcServer32(Default) = "Crogram FilesAntiVir PersonalEdition Classicshlext.dll" ["Avira GmbH"]

Default executables:
--------------------

HKCUSoftwareClasses.scr(Default) = "AutoCADScriptFile"
<<!>> HKCUSoftwareClassesAutoCADScriptFileshellopencommand(Default) = ""C:WINDOWSnotepad.exe" "%1"" [MS]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "Cocuments and SettingsAdministratorUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32ssstars.scr" [MS]

Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

Cocuments and SettingsAdministratorMenu StartProgramyAutostart
"Ubisoft register" -> shortcut to: "Crogram FilesUbisoftRegisterschedule.exe /2007-06-17 09:28:19 /game= /language=English /country= /url=http://register-it.ubi.com/register.asp" ["Ubisoft"]

Cocuments and SettingsAll UsersMenu StartProgramyAutostart
"EdgeCLS11.50" -> shortcut to: "Crogram FilesEdgeCAMCamedgecls.exe" ["Pathtrace"]
"Microsoft Office" -> shortcut to: "Crogram FilesMicrosoft OfficeOffice10OSA.EXE -b -l" [MS]
"Przyspieszenie uruchomienia programu AutoCAD" -> shortcut to: "Crogram FilesCommon FilesAutodesk Sharedacstart16.exe" [null data]

Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "Crogram FilesApple Software UpdateSoftwareUpdate.exe -Task" ["Apple Computer, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name] , (at) ## range:
%SystemRoot%system32mswsock.dll [MS] , 01 - 03, 06 - 13
%SystemRoot%system32rsvpsp.dll [MS] , 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarShellBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar3.dll" ["Google Inc."]

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar3.dll" ["Google Inc."]

HKLMSoftwareMicrosoftInternet ExplorerToolbar
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
InProcServer32(Default) = "c:program filesgooglegoogletoolbar3.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_11"
InProcServer32(Default) = "Crogram FilesJavajre1.5.0_11binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_11"
InProcServer32(Default) = "Crogram FilesJavajre1.5.0_11binnpjpi150_11.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "Crogram FilesMessengermsmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir PersonalEdition Classic Guard, AntiVirService, ""Crogram FilesAntiVir PersonalEdition Classicavguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""Crogram FilesAntiVir PersonalEdition Classicsched.exe"" ["Avira GmbH"]
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""Crogram FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""Crogram FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""Crogram FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""Crogram FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]
Machine Debug Manager, MDM, ""Crogram FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe"" [MS]

Print Monitors:
---------------

HKLMSystemCurrentControlSetControlPrintMonitors
Bluebeam PDF MonitorDriver = "BBPDFPortMon.dll" ["Bluebeam Software, Inc."]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 35 seconds.
---------- (total run time: 79 seconds)

Serafin · 11.07.2007, 21:44

Daj jeszcze log z

[Aby zobaczyć linki, zarejestruj się tutaj]

Malik · 12.07.2007, 16:22

Cytat: "Administrator" - 2007-07-12 17:06:22 - ComboFix 07-07-12.3 - Dodatek Service Pack 2

/wow section - STAGE #8

((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12)))))))))))))))))))))))))))))))

2007-07-12 16:33 51,200 --a------ C:WINDOWSnircmd.exe
2007-07-11 19:42 <DIR> d-------- Crogram FilesEdgard
2007-06-25 20:13 95,872 --a------ C:WINDOWSsystem32AvastSS.scr
2007-06-25 20:13 94,552 --a------ C:WINDOWSsystem32driversaswmon2.sys
2007-06-25 20:13 85,952 --a------ C:WINDOWSsystem32driversaswmon.sys
2007-06-25 20:13 43,176 --a------ C:WINDOWSsystem32driversaswTdi.sys
2007-06-25 20:13 26,888 --a------ C:WINDOWSsystem32driversaavmker4.sys
2007-06-25 20:13 23,416 --a------ C:WINDOWSsystem32driversaswRdr.sys
2007-06-25 20:12 745,600 --a------ C:WINDOWSsystem32aswBoot.exe
2007-06-25 20:12 <DIR> d-------- Crogram FilesAlwil Software
2007-06-25 17:27 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1AntiVir PersonalEdition Classic
2007-06-19 18:13 <DIR> d-------- Crogram FilesEdgeCAM10.00
2007-06-19 17:23 <DIR> d-------- COCUME~1ADMINI~1DANEAP~1Apple Computer
2007-06-19 17:22 <DIR> d-------- Crogram FilesApple Software Update
2007-06-19 17:22 <DIR> d-------- COCUME~1ALLUSE~1DANEAP~1Apple Computer
2007-06-18 17:58 <DIR> d-------- C:CNC
2007-06-13 17:28 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll
2007-06-13 17:28 <DIR> dr-h----- COCUME~1ADMINI~1DANEAP~1SecuROM
2007-06-12 18:50 5,248 --a------ C:WINDOWSsystem32driversd347prt.sys
2007-06-12 18:50 155,136 --a------ C:WINDOWSsystem32driversd347bus.sys
2007-06-12 18:50 <DIR> d-------- Crogram FilesD-Tools
2007-06-12 18:10 <DIR> d-------- Crogram FilesElectronic Arts

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 18:29:01 -------- d--h--w Crogram FilesInstallShield Installation Information
2007-07-01 07:19:34 -------- d-----w COCUME~1ADMINI~1DANEAP~1SolidWorks
2007-06-30 20:02:57 -------- d-----w Crogram FilesMichał Mędrek
2007-06-21 18:49:06 -------- d-----w Crogram FilesCommon FilesSolidWorks Shared
2007-06-19 15:23:05 -------- d-----w Crogram FilesQuickTime
2007-06-13 15:25:33 -------- d-----w Crogram FilesUbisoft
2007-06-12 16:40:57 -------- d-----w Crogram FilesEA GAMES
2007-06-12 16:22:28 163,644 ----a-w C:WINDOWSsystem32driverssecdrv.sys
2007-06-11 20:34:58 -------- d-----w Crogram Files18 Wheels of Steel Haulin
2007-05-17 14:26:33 205 ----a-w C:WINDOWSsystem32jvfhp01.dll
2007-05-17 14:26:33 101 ----a-w C:WINDOWSsystem32prsgrc.dll
2007-04-29 07:26:25 79,386 ----a-w C:WINDOWSsystem32perfc015.dat
2007-04-29 07:26:25 457,230 ----a-w C:WINDOWSsystem32perfh015.dat
2007-04-25 18:17:50 2,560 ----a-w C:WINDOWS_MSRSTRT.EXE
2006-07-02 20:40:29 51,696 ----a-w COCUME~1ADMINI~1DANEAP~1GDIPFONTCACHEV1.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-04-16 18:39 37808 --a------ Crogram FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx

[HKEY_LOCAL_MACHINE~Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-12-15 04:23 440056 --a------ Crogram FilesJavajre1.5.0_11binssv.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ c:program filesgooglegoogletoolbar3.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"ATICCC"="Crogram FilesATI TechnologiesATI.ACEcli.exe" [2006-01-02 18:41]
"AudioDeck"="Crogram FilesVIAudioiSBADeckADeck.exe" [2006-05-19 10:30]
"QuickTime Task"="Crogram FilesQuickTimeqttask.exe" [2007-04-27 09:41]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 C:WINDOWSsoundman.exe]
"WinFast Schedule"="Crogram FilesWinFastWFTVFMWFWIZ.exe" [2006-07-07 17:15]
"SunJavaUpdateSched"="Crogram FilesJavajre1.5.0_11binjusched.exe" [2006-12-15 04:23]
"Ulead Quick-Drop"="Crogram FilesUlead SystemsUlead DVD MovieFactory 4.0 SuiteUlead Quick-Drop 1.0Quick-Drop.exe" []
"DAEMON Tools-1033"="Crogram FilesD-Toolsdaemon.exe" [2004-08-22 17:05]
"avgnt"="Crogram FilesAntiVir PersonalEdition Classicavgnt.exe" [2007-04-02 10:35]
"avast!"="CROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 17:42]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MSMSGS"="Crogram FilesMessengermsmsgs.exe" [2004-08-04 00:55]
"NBJ"="Crogram FilesAheadNero BackItUpNBJ.exe" [2005-10-11 18:25]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 02:44]
"swg"="Crogram FilesGoogleGoogleToolbarNotifier1.2.1128.5462GoogleToolbarNotifier.exe" [2007-01-26 16:43]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{d3cb9c7c-3b6b-11db-b81b-001485f7ef81}]
AutoRuncommand- E:Autorun.exe

Contents of the ''Scheduled Tasks'' folder
2007-06-30 20:52:00C:WINDOWStasksAppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer,
[Aby zobaczyć linki, zarejestruj się tutaj]
Rootkit scan 2007-07-12 17:10:50
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLMSoftwareMicrosoftWindowsCurrentVersionRun
AudioDeck = Crogram FilesVIAudioiSBADeckADeck.exe 1??? ?|????D:A1u660bv???????|???|?????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-12 17:11:15

--- E O F ---

Serafin · 12.07.2007, 17:59

Cytat: C:WINDOWSsystem32 jvfhp01.dll
C:WINDOWS _MSRSTRT.EXE

Przeskanuj te dwa pliki na stronie

[Aby zobaczyć linki, zarejestruj się tutaj]

Malik · 12.07.2007, 18:49

Cytat: File jvfhp01.dll received on 07.12.2007 19:22:03 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they''re generated.
Print results

Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.7.13.0 2007.07.12 no virus found
AntiVir 7.4.0.39 2007.07.12 no virus found
Authentium 4.93.8 2007.07.12 no virus found
Avast 4.7.997.0 2007.07.12 no virus found
AVG 7.5.0.476 2007.07.12 no virus found
BitDefender 7.2 2007.07.12 no virus found
CAT-QuickHeal 9.00 2007.07.12 no virus found
ClamAV devel-20070416 2007.07.12 no virus found
DrWeb 4.33 2007.07.12 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3781 2007.07.12 no virus found
Ewido 4.0 2007.07.12 no virus found
FileAdvisor 1 2007.07.12 no virus found
Fortinet 2.91.0.0 2007.07.12 no virus found
F-Prot 4.3.2.48 2007.07.11 no virus found
Ikarus T3.1.1.8 2007.07.12 no virus found
Kaspersky 4.0.2.24 2007.07.12 no virus found
McAfee 5073 2007.07.12 no virus found
Microsoft 1.2704 2007.07.12 no virus found
NOD32v2 2395 2007.07.12 no virus found
Norman 5.80.02 2007.07.12 no virus found
Panda 9.0.0.4 2007.07.12 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.12 no virus found
Symantec 10 2007.07.12 no virus found
TheHacker 6.1.6.145 2007.07.12 no virus found
VBA32 3.12.0.2 2007.07.12 no virus found
VirusBuster 4.3.23:9 2007.07.12 no virus found
Webwasher-Gateway 6.0.1 2007.07.12 no virus found
Aditional information
File size: 205 bytes
MD5: bffd8e4f61ac129961844602e61be879
SHA1: 7bed499669fda88f647eced95124d38b0479a2be

Cytat: File _MSRSTRT.EXE received on 07.12.2007 19:38:27 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Loading server information...
Your file is queued in position: 4.
Estimated start time is between 58 and 83 seconds.
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they''re generated.
Print results

Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.7.13.0 2007.07.12 no virus found
AntiVir 7.4.0.39 2007.07.12 no virus found
Authentium 4.93.8 2007.07.12 no virus found
Avast 4.7.997.0 2007.07.12 no virus found
AVG 7.5.0.476 2007.07.12 no virus found
BitDefender 7.2 2007.07.12 no virus found
CAT-QuickHeal 9.00 2007.07.12 Tool.Win32.Reboot (Not a Virus)
ClamAV devel-20070416 2007.07.12 no virus found
DrWeb 4.33 2007.07.12 no virus found
eSafe 7.0.15.0 2007.07.10 no virus found
eTrust-Vet 30.8.3781 2007.07.12 no virus found
Ewido 4.0 2007.07.12 no virus found
FileAdvisor 1 2007.07.12 no virus found
Fortinet 2.91.0.0 2007.07.12 no virus found
F-Prot 4.3.2.48 2007.07.11 no virus found
Ikarus T3.1.1.8 2007.07.12 no virus found
Kaspersky 4.0.2.24 2007.07.12 no virus found
McAfee 5073 2007.07.12 no virus found
Microsoft 1.2704 2007.07.12 no virus found
NOD32v2 2395 2007.07.12 no virus found
Norman 5.80.02 2007.07.12 no virus found
Panda 9.0.0.4 2007.07.12 no virus found
Sophos 4.19.0 2007.07.06 no virus found
Sunbelt 2.2.907.0 2007.07.12 no virus found
Symantec 10 2007.07.12 no virus found
TheHacker 6.1.6.145 2007.07.12 no virus found
VBA32 3.12.0.2 2007.07.12 no virus found
VirusBuster 4.3.23:9 2007.07.12 no virus found
Webwasher-Gateway 6.0.1 2007.07.12 no virus found
Aditional information
File size: 2560 bytes
MD5: 815372073da85b2098a37ded84083c8a
SHA1: 0a70574450bee11c9c09f25f082e0253aa32ceaa

Maciej13 · 12.07.2007, 21:07

Pliki są czyste.

Serafin · 12.07.2007, 21:13

Przeskanuj

[Aby zobaczyć linki, zarejestruj się tutaj]

po update

Malik · 13.11.2011, 10:42

Ciągle mam ten błąd "53" przy uruchamianiu systemu.
Ale narazie komputer dziala poprawnie. Teraz nia mam czasu tym saie zajmowa. Jade na dwutygodniowy urlop

Wielkie dzieki wszystkimza pomoc.
Pozdrawiam

Zaloguj się
Login:
Hasło:	Nie pamiętam hasła
	Zapamiętaj mnie