Forum komputerowe PC Town :: Zobacz temat - Prosze o pomoz wirus samo odnawialny...

Forum PC Town

Strona Główna

FAQ

Szukaj

Użytkownicy

Grupy

Rejestracja

Zaloguj

Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » Prosze o pomoz wirus samo odnawialny...

Poprzedni temat :: Następny temat

Prosze o pomoz wirus samo odnawialny...

Autor

Wiadomość

Trojan na Kompie ;/
Gość

Wysłany: 2009-09-13, 16:02 Prosze o pomoz wirus samo odnawialny...

Otoz sciagnalem trojana....
Przeskanowalem calgeo kompa i wszystko usunalem procz jednego pliku, ktory sie sam odnaiwal!
Wszedlem w lokalizacje poniewaz wkur... mnie juz okienka antyvira i sie okazalo ze mam tam ponad 900 folderow z kopia launchera wow'a!
Usunalem je jednak jak po chwili wszedlem do tego folderu znowu tam byly...
Wiec usunalem prawidlowy launcgher
w nadzieji ze to cos da jednak nic nie dalo...
Wpislaem moj problem w google i znalazlem was...
Wiec oto moj log....

Kod:

Logfile of HijackThis v1.99.1
Scan saved at 16:57:04, on 2009-09-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\ctfmon.exe
D:\gry\steam\steam.exe
C:\Windows\System\hpc.exe
c:\dos32.pif
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WebServ\WebServ.exe
C:\Program Files\WebServ\apache2\bin\WebServ(apache).exe
C:\Program Files\WebServ\mysql\bin\WebServ(mysqld).exe
C:\Program Files\WebServ\apache2\bin\WebServ(apache).exe
C:\Program Files\WebServ\domain\no-ip\No-IP DUC20.exe
C:\WINDOWS\svchost.exe
E:\ze starego kompa\cały dysk D\Film,Piosenki i Rysunki Marcina\Tibia\OTS\Darkness Otserv 0.5.3\Darkness Otserv 0.5.3\Darkness Otserv 0.5.3 - Gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marcin\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [1] c:\dos32.pif
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [Steam] "d:\gry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [HP Service] C:\Windows\System\hpc.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFB2F32A-A6CB-4166-81A2-3074C3A3C16C}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ,C:\DOCUME~1\Marcin\USTAWI~1\Temp\20746500853mxx.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Prosze o pomoc!
pZdR!
Zdzis!

WebCM

Pomógł: 4 razy
Skąd: Polska

Wysłany: 2009-09-13, 16:42

1. Najlepiej uruchom komputer w trybie awaryjnym. 2. Usuń C:\WINDOWS\svchost.exe 3. Podejrzany plik: c:\dos32.pif - usuń, jeśli go nie utworzyłeś 4. C:\Windows\System\hpc.exe - podobno bezpieczny, ale nigdy nic nie wiadomo 6. Usuń wpis: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page 7. Usuń: O2 - BHO: My Global Search Bar BHO i powiązane wpisy (My Global Search Bar) 8. Usuń: O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) 9. Usuń: O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} 10. O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} 11. Usuń: O4 - HKLM\..\Run: [1] c:\dos32.pif 12. Opcjonalnie usuń: O8 - Extra context menu item: &Winamp Search 13. Podejrzany wpis: O20 - AppInit_DLLs: ,C:\DOCUME~1\Marcin\USTAWI~1\Temp\20746500853mxx.dll 14. O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) - brak pliku - można usunąć Następnie odpal skanowanie w programie antywirusowym i antyspyware, np. SpyBot. Szczegóły: http://hijackthis.de
_________________ Przeciwdziałajmy coraz niższemu poziomowi polskiego Internetu i rozpustom.

@Blade@

Pomógł: 8 razy

Wysłany: 2009-09-13, 18:55

Odinstaluj Winamp Toolbar oraz DAEMON Tools Toolbar

Uruchom HijackThis

Do a system scan only

w okienku programu pokaże się log

zaznacz kratki przy podanych wpisach

klikasz Fix checked

Kod:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=13928&l=dis
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (file missing)
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [1] c:\dos32.pif
O20 - AppInit_DLLs: ,C:\DOCUME~1\Marcin\USTAWI~1\Temp\20746500853mxx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

Pobierz The Avenger zaznacz poniższy tekst:

Kod:

Files to delete:
c:\dos32.pif
C:\WINDOWS\svchost.exe
C:\DOCUME~1\Marcin\USTAWI~1\Temp\20746500853mxx.dll

Folders to delete:
C:\Program Files\AskBarDis
C:\Program Files\MyGlobalSearch

Drivers to delete:
ASKUpgrade

kopiujesz

klikasz na Paste Script from Clipboard

Execute

Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu wklej raport na forum C:\avenger.txt
Po tym dajesz log z RSIT

Trojan na Kompie ;/
Gość

Wysłany: 2009-09-23, 15:10

Niestety zmuszony jestem znow dac logi...
Zrobilem sposobem 1 uzytkownika...
Dziekuje za obydwa posty

Kod:

Logfile of HijackThis v1.99.1
Scan saved at 16:08:10, on 2009-09-23
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\gry\steam\steam.exe
C:\Windows\System\hpc.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\TibiaBot NG\TibiaBot NG\loader.exe
C:\Program Files\TibiaBot NG\TibiaBot NG\loader.exe
D:\GRY\Tibia\Tibia.exe
C:\xampp\xampp-control.exe
C:\Program Files\Remere's Map Editor\RME.exe
E:\ze starego kompa\cały dysk D\Film,Piosenki i Rysunki Marcina\Tibia\OTS\theforgottenserver-v0.2.5-win32gui\Mystic Spirit\The Forgotten Server.exe
E:\ze starego kompa\cały dysk D\Film,Piosenki i Rysunki Marcina\Tibia\OTS\loader\apps\tibia85\Tibia.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marcin\Pulpit\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [1] c:\dos32.pif
O4 - HKLM\..\Run: [menustart] c:\loader.exe
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "d:\gry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [HP Service] C:\Windows\System\hpc.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFB2F32A-A6CB-4166-81A2-3074C3A3C16C}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Documents and Settings\Marcin\Pulpit\xampp\service.exe

@Blade@

Pomógł: 8 razy

Wysłany: 2009-09-23, 15:48

Niestety, ale to wygląda na Jeffo. W takim razie: Wyłącz przywracanie systemu na wszystkich dyskach Instrukcja Następnie pobierz Dr.Web CureIt, wykonaj pełne skanowanie, lecz co się da, resztę usuń. Skanujesz po kilka razy do czasu, aż skaner nic nie znajdzie. Później pobierz Combofix, przeskanuj system i daj log na forum

Trojan na Kompie ;/
Gość

Wysłany: 2009-09-23, 17:12

JEstes pewny? svchost jest na c:/windows/system 32 nie w c:/windows! Ostatnim razem zeczywiscie mogl nim byc jeefo jednaktym razem to chyba co innego... Zwroc uwaga na plik loader.exe antyvir(avira) caluy czas mi go znajduje na dysku c, choc go usuwam...

@Blade@

Pomógł: 8 razy

Wysłany: 2009-09-23, 17:29

Wszystko na to wskazuje, ale może to tylko dopiero początkowe stadium. Spójrz, w poprzednim logu było:

Cytat:

C:\WINDOWS\svchost.exe

W nowym logu doszło jeszcze to:

Cytat:

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

A teraz spójrz tutaj

http://helpc.eu/usuwanie-jeffo-t31.html
I teraz widać jak się ma jedno do drugiego, więc zrób to o co prosiłem w poprzednim poście. Widać tu także kilka innych syfów, ale to narazie mniej ważne

Trojan na Kompie ;/
Gość

Wysłany: 2009-09-24, 16:54

Otoz mailem kilka powaznych problemow... Juz je naprawilem jednak pojawil sie jeszcze jeden: Combo fix krzyczy, ze nie ma wlaczonego przywracania systemu... Czy mam je teraz wlaczyc gdy Dr Web po pelnym skanowaniu kompa nic nie wykrywa???

@Blade@

Pomógł: 8 razy

Wysłany: 2009-09-24, 18:31

Tak, włącz.
_________________

Trojan na Kompie ;/
Gość

Wysłany: 2009-09-24, 20:51

A wiec w koncu sie udalo...

Kod:

ComboFix 09-09-23.02 - Marcin 2009-09-24 21:41.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.3327.2580 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Marcin\Pulpit\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marcin\Dane aplikacji\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Marcin\Dane aplikacji\Microsoft\Clip Organizer\Offic10.MGC
c:\documents and settings\Marcin\Moje dokumenty\cc_20090824_111105.reg
c:\documents and settings\Marcin\Moje dokumenty\cc_20090824_111159.reg
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\Cache\00271F23
c:\program files\myglobalsearch\bar\Cache\006C6AF1
c:\program files\myglobalsearch\bar\Cache\00CD0BD2.bin
c:\program files\myglobalsearch\bar\Cache\00D33D83.bin
c:\program files\myglobalsearch\bar\Cache\00D342E2.bin
c:\program files\myglobalsearch\bar\Cache\010AB7E8
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\windows\Installer\238cb5.msp
c:\windows\Installer\238cb6.msp
c:\windows\Installer\238cb7.msp
c:\windows\Installer\238cb8.msp
c:\windows\Installer\238cb9.msp
c:\windows\Installer\238cba.msp
c:\windows\Installer\238cbb.msp
c:\windows\Installer\238cbc.msp
c:\windows\Installer\238cbd.msp
c:\windows\Installer\252208e.msi
c:\windows\Installer\252208f.msp
c:\windows\Installer\2522090.msp
c:\windows\Installer\2522091.msp
c:\windows\Installer\2522092.msp
c:\windows\Installer\2522093.msp
c:\windows\Installer\2522094.msp
c:\windows\Installer\2522095.msp
c:\windows\Installer\2522096.msp
c:\windows\Installer\2522097.msp
c:\windows\Installer\2522098.msp
c:\windows\Installer\25220b9.msi
c:\windows\Installer\25220ba.msp
c:\windows\Installer\25220bb.msp
c:\windows\Installer\25220bc.msp
c:\windows\Installer\25220bd.msp
c:\windows\Installer\25220be.msp
c:\windows\Installer\25220bf.msp
c:\windows\Installer\25220c0.msp
c:\windows\Installer\25220c1.msp
c:\windows\Installer\25220c2.msp
c:\windows\Installer\25220c3.msp
c:\windows\Installer\256bc7.msp
c:\windows\Installer\256bc8.msp
c:\windows\Installer\256bc9.msp
c:\windows\Installer\256bca.msp
c:\windows\Installer\256bcb.msp
c:\windows\Installer\256bcc.msp
c:\windows\Installer\256bcd.msp
c:\windows\Installer\256bce.msp
c:\windows\Installer\256bcf.msp
c:\windows\Installer\256bd0.msp
c:\windows\Installer\2602de.msp
c:\windows\Installer\2602ea.msp
c:\windows\Installer\2602f7.msp
c:\windows\Installer\548a1c2.msi
c:\windows\system32\setup.ini
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_POWERMANAGER
-------\Service_PowerManager

((((((((((((((((((((((((( Pliki utworzone od 2009-08-24 do 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-23 16:32 . 2009-09-23 16:38 -------- d-----w- c:\documents and settings\Marcin\DoctorWeb
2009-09-21 15:39 . 2009-09-21 15:40 -------- d-----w- C:\xampp
2009-09-16 20:08 . 2009-09-16 20:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-16 18:15 . 2009-09-16 18:15 -------- d-----w- c:\program files\Runtime Software
2009-09-16 17:52 . 2009-09-16 20:06 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-09-16 14:05 . 2009-09-16 20:06 -------- d-----w- c:\program files\SQLite Analyzer
2009-09-15 15:35 . 2009-09-15 15:35 -------- d-----w- c:\program files\SQL Maestro Group
2009-09-15 14:32 . 2009-09-16 20:07 -------- d-----w- c:\program files\Sqliteman
2009-09-15 13:56 . 2009-09-15 14:04 -------- d-----w- c:\program files\DBConvert
2009-09-13 20:23 . 2009-09-13 20:24 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-09-13 17:57 . 2009-09-13 17:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-13 13:11 . 2009-09-13 13:11 -------- d-----r- c:\documents and settings\LocalService\Ulubione
2009-09-12 12:43 . 2009-09-13 07:30 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\sqlitestudio
2009-09-12 11:35 . 2009-09-12 11:35 -------- d-----w- c:\program files\No-IP
2009-09-03 15:43 . 2009-09-03 15:43 -------- d-----w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\cache

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 19:46 . 2008-09-11 18:50 -------- d-----w- c:\program files\AutoConnect
2009-09-24 17:19 . 2009-01-05 16:47 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Skype
2009-09-24 16:59 . 2009-03-26 15:46 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\HLSW
2009-09-24 15:54 . 2009-08-24 09:30 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-09-24 15:30 . 2007-10-29 12:00 563540 ----a-w- c:\windows\system32\perfh015.dat
2009-09-24 15:30 . 2007-10-29 12:00 109936 ----a-w- c:\windows\system32\perfc015.dat
2009-09-24 15:28 . 2009-01-05 16:51 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\skypePM
2009-09-24 04:46 . 2009-01-12 20:37 -------- d-----w- c:\program files\BearShare
2009-09-23 17:22 . 2008-08-18 17:59 -------- d-----w- c:\program files\neostrada tp
2009-09-23 17:22 . 2009-08-17 07:30 -------- d-----w- c:\program files\NeoKwinto
2009-09-19 12:39 . 2009-01-28 10:01 -------- d-----w- c:\program files\Remere's Map Editor
2009-09-16 17:52 . 2008-08-14 13:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-13 21:04 . 2008-09-14 11:19 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Winamp
2009-09-13 20:22 . 2008-09-14 11:19 -------- d-----w- c:\program files\Winamp
2009-09-13 17:17 . 2009-04-11 16:45 -------- d-----w- c:\program files\XS++ centrumse edition
2009-09-13 17:16 . 2009-08-16 10:38 -------- d-----w- c:\program files\WinHex
2009-09-13 17:14 . 2008-09-14 11:22 -------- d-----w- c:\program files\Winamp Toolbar
2009-09-13 17:11 . 2009-02-12 17:54 -------- d-----w- c:\program files\WebServ
2009-09-13 17:10 . 2008-12-09 17:59 -------- d-----w- c:\program files\VirtualDJ
2009-09-13 17:09 . 2008-10-12 15:12 -------- d-----w- c:\program files\VentriloMIX
2009-09-13 17:06 . 2009-07-18 09:29 -------- d-----w- c:\program files\uTorrent
2009-09-13 17:05 . 2009-06-19 09:57 -------- d-----w- c:\program files\Tibia Auto
2009-09-13 17:04 . 2008-10-12 14:23 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-09-13 16:47 . 2009-05-01 12:13 -------- d-----w- c:\program files\SCAR 3.15
2009-09-13 16:46 . 2008-08-14 13:14 -------- d-----w- c:\program files\RegCleaner
2009-09-13 16:24 . 2009-06-12 06:36 -------- d-----w- c:\program files\NAPI-PROJEKT
2009-09-13 16:08 . 2008-08-17 15:13 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-13 16:08 . 2009-08-15 19:48 -------- d-----w- c:\program files\JestemHardcorem
2009-09-13 16:02 . 2008-10-15 14:04 -------- d-----w- c:\program files\ipla
2009-09-13 15:47 . 2009-06-12 07:11 -------- d-----w- c:\program files\Hamachi
2009-09-13 15:38 . 2008-11-16 16:00 -------- d-----w- c:\program files\GIMP-2.0
2009-09-13 15:36 . 2009-03-21 11:23 -------- d-----w- c:\program files\ezHTML
2009-09-13 15:35 . 2009-08-24 18:23 -------- d-----w- c:\program files\ElfBot NG
2009-09-13 15:34 . 2009-05-09 14:59 -------- d-----w- c:\program files\DNA
2009-09-13 15:33 . 2008-08-16 13:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-13 15:33 . 2009-06-14 15:48 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-13 15:30 . 2008-08-18 15:56 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-09-13 15:17 . 2009-08-24 09:10 -------- d-----w- c:\program files\CCleaner
2009-09-13 15:11 . 2009-07-18 09:29 -------- d-----w- c:\program files\AskBarDis
2009-09-13 15:08 . 2009-07-18 11:56 -------- d-----w- c:\program files\AMX Mod X
2009-09-05 07:06 . 2009-03-21 15:27 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\gtk-2.0
2009-09-04 15:52 . 2008-10-12 14:24 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\teamspeak2
2009-08-27 11:20 . 2008-08-14 13:21 20808 ----a-w- c:\documents and settings\Marcin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-08-26 10:43 . 2009-08-24 09:30 -------- d-----w- c:\program files\TibiaBot NG
2009-08-25 06:53 . 2009-08-25 06:53 129536 ----a-w- c:\windows\inout2.dll
2009-08-24 18:23 . 2008-08-29 13:31 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\Tibia
2009-08-23 20:01 . 2009-08-23 20:01 -------- d-----w- c:\program files\TalyaSoft
2009-08-23 19:50 . 2009-08-23 19:50 -------- d-----w- c:\program files\AceLogix
2009-08-23 12:25 . 2009-08-23 12:25 -------- d-----w- c:\program files\MSBuild
2009-08-23 12:25 . 2009-08-23 12:25 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 19:02 . 2009-05-03 20:38 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2007-10-29 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-28 10:10 . 2008-08-16 14:31 -------- d-----w- c:\documents and settings\Marcin\Dane aplikacji\uTorrent
2009-07-17 19:04 . 2007-10-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 16:01 . 2008-08-16 13:17 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-15 16:01 . 2008-08-16 13:16 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-12 10:21 . 2007-10-29 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2007-10-29 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2006-12-02 310784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"Steam"="d:\gry\steam\steam.exe" [2009-06-12 1217784]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="c:\progra~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-26 16859136]
"AdslTaskBar"="stmctrl.dll" - c:\windows\system32\stmctrl.dll [2006-06-02 151552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\GRY\\crysis\\Bin32\\Crysis.exe"=
"d:\\GRY\\crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\GRY\\cl4\\Civilization4.exe"=
"d:\\GRY\\Metin2\\metin2.bin"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\RecWar\\RecWar.exe"=
"d:\\GRY\\cl4\\Warlords\\Civ4Warlords.exe"=
"d:\\GRY\\cl4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"d:\\GRY\\Setlersi\\bin\\settlershok.exe"=
"d:\\GRY\\steam\\steamapps\\zdzisieq\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\GRY\\steam\\steamapps\\zdzisieq\\half-life\\hl.exe"=
"d:\\GRY\\steam\\steamapps\\zdzisieq\\day of defeat\\hl.exe"=
"d:\\GRY\\steam\\steamapps\\zdzisieq\\opposing force\\hl.exe"=
"d:\\GRY\\steam\\steamapps\\zdzisieq\\team fortress classic\\hl.exe"=
"d:\\GRY\\steam\\steamapps\\zdzisieq\\ricochet\\hl.exe"=
"d:\\GRY\\steam\\steamapps\\zdzisieq\\deathmatch classic\\hl.exe"=
"d:\\GRY\\steam\\Steam.exe"=
"d:\\GRY\\wow\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"d:\\HLSW\\hlsw.exe"=
"d:\\GRY\\nonsteam\\hl.exe"=
"d:\\GRY\\CS S\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\WebServ\\ftp\\WebServ(ftp).exe"=
"c:\\Program Files\\WebServ\\WebServ.exe"=
"d:\\GRY\\steam\\steamapps\\zdzisieq\\half-life blue shift\\hl.exe"=
"c:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"=
"c:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe"=
"e:\\ze starego kompa\\cały dysk D\\Film,Piosenki i Rysunki Marcina\\Tibia\\OTS\\TFS\\theforgottenserver-v0.2-win32gui\\The Forgotten Server.exe"=
"c:\\Program Files\\NAPI-PROJEKT\\napisy.exe"=
"d:\\GRY\\wow\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe"=
"d:\\GRY\\Metin Chinski\\metin_longjuyt2_server2.exe"=
"d:\\Total comm\\TC PowerPack\\TOTALCMD.EXE"=
"c:\\Documents and Settings\\Marcin\\Pulpit\\NTSD2.4\\NTSD2.4\\NTSD.exe"=
"e:\\ze starego kompa\\cały dysk D\\Film,Piosenki i Rysunki Marcina\\Tibia\\OTS\\Darkness Otserv 0.5.3\\Darkness Otserv 0.5.3\\Darkness Otserv 0.5.3 - Gui.exe"=
"d:\\GRY\\wow\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"e:\\ze starego kompa\\cały dysk D\\Film,Piosenki i Rysunki Marcina\\Tibia\\OTS\\backup\\cryingdamson5-console\\Crying Damson.exe"=
"e:\\ze starego kompa\\cały dysk D\\Film,Piosenki i Rysunki Marcina\\Tibia\\OTS\\cryingdamson5console\\cryingdamson5-console\\Crying Damson.exe"=
"e:\\ze starego kompa\\cały dysk D\\Film,Piosenki i Rysunki Marcina\\Tibia\\OTS\\cryingdamson5-gui\\Crying Damson.exe"=
"e:\\ze starego kompa\\cały dysk D\\Film,Piosenki i Rysunki Marcina\\Tibia\\OTS\\theforgottenserver-v0.2.5-win32gui\\Mystic Spirit\\The Forgotten Server.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-08-14 150568]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-03 108289]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-01-18 24635]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-08-15 84992]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-08-14 36864]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [2008-08-18 60255]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [2008-08-18 684265]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-07-18 234888]
S2 XAMPP;XAMPP Service;c:\documents and settings\Marcin\Pulpit\xampp\service.exe [2009-09-20 60928]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-20 10976]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);c:\windows\system32\drivers\se46bus.sys [2008-08-27 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;c:\windows\system32\drivers\se46mdfl.sys [2008-08-27 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;c:\windows\system32\drivers\se46mdm.sys [2008-08-27 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se46mgmt.sys [2008-08-27 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\drivers\se46nd5.sys [2008-08-27 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;c:\windows\system32\drivers\se46obex.sys [2008-08-27 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\drivers\se46unic.sys [2008-08-27 90800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {EFB2F32A-A6CB-4166-81A2-3074C3A3C16C} = 194.204.159.1 217.98.63.164
FF - ProfilePath - c:\documents and settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.pl
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
FF - component: c:\documents and settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
HKLM-Run-menustart - c:\loader.exe
AddRemove-All ATI Software - c:\program files\ATI Technologies\UninstallAll\AtiCimUn.exe
AddRemove-ALLPlayer V3.3_is1 - c:\program files\MarBit\ALLPlayer\unins000.exe
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-BearShare - c:\progra~1\BEARSH~1\UNWISE.EXE
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-ElfBot NG_is1 - c:\program files\ElfBot NG\unins000.exe
AddRemove-Fox Magic Audio Recorder_is1 - c:\program files\Fox Magic\AudioRecorder\unins000.exe
AddRemove-Hamachi - c:\program files\Hamachi\uninstall.exe
AddRemove-InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-ipla - c:\program files\ipla\uninst.exe
AddRemove-KLiteCodecPack_is1 - c:\program files\K-Lite Codec Pack\unins000.exe
AddRemove-Mozilla Firefox (3.5.3) - c:\program files\Mozilla Firefox\uninstall\helper.exe
AddRemove-NAPIPROJEKT_is1 - c:\program files\NAPI-PROJEKT\unins000.exe
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe
AddRemove-NeroMultiInstaller!UninstallKey - c:\program files\Common Files\Nero\Uninstall\Setupx.exe
AddRemove-NeroVision!UninstallKey - c:\windows\UNNeroVision.exe
AddRemove-NMPUninstallKey - c:\windows\UNNMP.exe
AddRemove-SCAR Divi 3.15b_is1 - c:\program files\SCAR 3.15\unins000.exe
AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE
AddRemove-WebServ_is1 - c:\program files\WebServ\unins000.exe
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Marcin\Dane aplikacji\Mozilla\Firefox\Profiles\8v8pxpyb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe
AddRemove-Windows Media Format Runtime - c:\program files\Windows Media Player\wmsetsdk.exe
AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\unins000.exe
AddRemove-WinGTK-2_is1 - c:\program files\Common Files\GTK\2.0\setup\unins000.exe
AddRemove-WinHex - c:\documents and settings\Marcin\Pulpit\winhex\WinHex.exe
AddRemove-World of Warcraft - c:\program files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
AddRemove-{762D26FE-71E8-4A52-B42B-CF85E4ACC049}_is1 - c:\program files\JestemHardcorem\unins000.exe
AddRemove-{8A4D41F3-3EDA-4DAC-9403-839708EA0667} - c:\program files\InstallShield Installation Information\{8A4D41F3-3EDA-4DAC-9403-839708EA0667}\setup.exe
AddRemove-{8AF5EA22-17DC-46E0-ABA3-F30A7D288DD0} - c:\program files\InstallShield Installation Information\{8AF5EA22-17DC-46E0-ABA3-F30A7D288DD0}\setup.exe
AddRemove-{B62C4D82-8130-44CE-9D7F-4A76DC8FDFDA}_is1 - c:\program files\XS++ centrumse edition\unins000.exe
AddRemove-{BEE64C14-BEF1-4610-8A68-A16EAA47B882} - c:\program files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe
AddRemove-{F138762F-5A1F-4CF0-A5E1-1588EF6088A4} - c:\program files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 21:46
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3632)
c:\windows\system32\WININET.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\FTRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\No-IP\DUC20.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Czas ukończenia: 2009-09-24 21:48 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-09-24 19:48

Przed: 9 465 622 528 bajtów wolnych
Po: 9 724 903 424 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

370 --- E O F --- 2009-09-09 18:21

Mam nadzieje, ze tym razem wszytko dobrze...
btw. ni mam przypadkiem jakis keyloggerow?
Wszytsko hula?

@Blade@

Pomógł: 8 razy

Wysłany: 2009-09-24, 21:14

Odinstaluj Winamp Toolbar
Pobierz The Avenger w pole Input script here wklej poniższy tekst:

Kod:

Folders to delete:
c:\documents and settings\Marcin\DoctorWeb
c:\program files\AskBarDis

Files to delete:
c:\windows\inout2.dll

Drivers to delete:
ASKUpgrade

klikasz Execute

Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu wklej raport na forum C:\avenger.txt

Wklej do notatnika:

Kod:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=-

Plik

Zapisz jako

Ustaw rozszerzenie z TXT na Wszystkie pliki

zapisz pod nazwą FIX.REG

uruchom utworzony plik i potwierdź

_________________

Trojan na Kompie ;/
Gość

Wysłany: 2009-09-24, 21:35

Log z avangera oczywiscie przed utworezeniem pliku fix.reg choc z tego co zauwaylem to nie ma znaczenia...

Kod:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\documents and settings\Marcin\DoctorWeb" deleted successfully.
Folder "c:\program files\AskBarDis" deleted successfully.
File "c:\windows\inout2.dll" deleted successfully.
Driver "ASKUpgrade" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Trojan na Kompie ;/
Gość

Wysłany: 2009-09-24, 21:37

Utowrylem juz tenn plik... Zostal dodany do rejestru... Juz wszystko czyste? Dac jeszcze logi z hijacka? Sprawcie czy nie mam keya jeszcze prosze....

@Blade@

Pomógł: 8 razy

Wysłany: 2009-09-25, 12:55

Nic już więcej nie ma w logu. Jeszcze tylko czynności końcowe: Pobierz OTC uruchom i kliknij CleanUp Przeczyść dysk oraz rejestr CCleaner Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja
_________________

Trojan na Kompie ;/
Gość

Wysłany: 2009-09-26, 10:05

Wielkie dzieki to chyba wszstko...
Jeszcze jednak dam wam loga z hijacka na wszelki wypadek...
Zwroccice uwaga na keyloggery prosze...

Kod:

Logfile of HijackThis v1.99.1
Scan saved at 11:02:46, on 2009-09-26
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\ctfmon.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\GRY\steam\Steam.exe
C:\Documents and Settings\Marcin\Pulpit\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Marcin\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "d:\gry\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFB2F32A-A6CB-4166-81A2-3074C3A3C16C}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Documents and Settings\Marcin\Pulpit\xampp\service.exe

Forum komputerowe PC Town Strona Główna » Kompiradło » Bezpieczeństwo w sieci » Analiza logów » Prosze o pomoz wirus samo odnawialny...

Możesz pisać nowe tematy
Możesz odpowiadać w tematach
Nie możesz zmieniać swoich postów
Nie możesz usuwać swoich postów
Nie możesz głosować w ankietach
Nie możesz załączać plików na tym forum
Możesz ściągać załączniki na tym forum

Dodaj temat do Ulubionych
Wersja do druku

system walidacji dla gości opracował Petermechanic Forum komputerowe

Strona wygenerowana w 0,26 sekundy. Zapytań do SQL: 9