Problem z trojanem i reklamami IE


(Miichal) #1

Witam. Mam problem z wirusem co jakis czas pojawiaja mi sie reklamy IE o oprogramowaniu antywirusowym i wyskakuje informacja ze komputer jest zainfekowany trojanem. Zrobilem loga hijackthis i prosze o pomoc:

Logfile of HijackThis v1.99.1

Scan saved at 14:58:19, on 2007-11-19

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ddtggggp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\Fonts\svchost.exe

C:\WINDOWS\mrofinu1188.exe

C:\WINDOWS\Fonts\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

D:\AVerTV\QuickTV.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Documents and Settings\Michał & Monika\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjoukwcg.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com

O4 - HKLM\..\Run: [4c8c23b9] rundll32.exe "C:\WINDOWS\system32\miroyrgm.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [system] c:\windows\system\system.exe

O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe

O4 - Global Startup: QuickTV.lnk = D:\AVerTV\QuickTV.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: DomainService - - C:\WINDOWS\system32\ddtggggp.exe

O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

(Gutek) #2

usuń wpisy HJT

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix

Dodatkowo:

Pobierz program SDFix

-


(Miichal) #3

Te pliki HJT to mam usunac tym SmitFraudFixem?


(Dawidex11) #4

Nie! zaznacz te pliki w hijack ktore masz pokazane przez Gutek2222 a nastepnie potym fixowaniu w hijacku uzyj SmitFraudFix a po tem combofix a potem SDFix :slight_smile:


(Gutek) #5

Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked.

link przekieruje ciebie na opis co i jak i tak do końca wykonaj instrukcje


(Miichal) #6

mam problem z tym programem SmidFraudFix : uruchamiam windows w trybie awaryjny wlanczam tenprogram i 2 i on zaczyna czyscic ale wyskakuje ze nie moze odnalezc okreslonej sciezki i sie wylancza :confused:

Złączono Posta : 19.11.2007 (Pon) 21:58

jeszcze nie podawalem chyba nazwy tego wirusa: Trojan-Spy.win32@mx i NetWorm-i.Virus@fp i tak jak juz pisalem wylancza sie mi ten program smitfraufix i pisze ze nie odnaleziono jakis wpisow i combofix tez nie chce sie odpalic :confused: help plx bo ja juz nie wyrabiam z tym wirusem :frowning:


(Gutek) #7

Daj log z ComboFix - ten działa


(Miichal) #8

Jak wlanczam combofixa to pisze: Current date is 2007-11-19.This copy of comboFix has expired.Please download an updated copy.


(Arekmalek) #9

Cofnij date w kompie o 2miechy


(Miichal) #10

nie moge cofnac kompa o 2 miechy wogole nie moge zmienic miesiaca z listopada tylko sa 2 daty w listopadzie do przywrocenia


(Ptadla) #11

tzn. nie przywracanie systemu tylko kliknij dwa razy na zegar systemowy (ten w prawym dolnym rogu) i w polu data z listy miesiąc wybierz wrzesień. Potem zastosuj i ok.


(Miichal) #12

A da sie cos zrobic bez tego przywracania systemu bo ja za bardzo nie mam punktow do przywracania:/ Jeszcze raz daje loga z HJT:

Logfile of HijackThis v1.99.1

Scan saved at 15:40:59, on 2007-10-20

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\hvddhvcb.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

D:\AVerTV\QuickTV.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Michał & Monika\Pulpit\hijackthis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjoukwcg.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - Global Startup: QuickTV.lnk = D:\AVerTV\QuickTV.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: DomainService - - C:\WINDOWS\system32\hvddhvcb.exe

O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Combofix nie chce sie odpalac bo pisze: Current date is 2007-11-19.This copy of comboFix has expired.Please download an updated copy.

SmitFraudFix tez nie chce dzialac :confused:

Bo pisze ze nie odnaleziono jakiejs sciezki jak wlanczam oczywiscie w trybie awaryjnym


(adam9870) #13

Przywracanie systemu, a zmiana daty to zupełnie dwie różne rzeczy. Ale skoro nie możesz zrobić tego drugiego, spróbujemy innej metody..

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT i uruchom go w trybie awaryjnym.

Usuń powyżej przedstawione wpisy korzystając z HijackThis, wg sposobu podanego przez Gutka w jednym ze wcześniejszych postów.

Rozumiem, że SDFix już użyłeś? Jeśli nie to zrób to. Natomiast SmitFraudFix spróbuj pobrać jeszcze raz i go użyć.

Po wykonaniu powyżej przedstawionych czynności wklej log z Deckard's System Scanner.


(Miichal) #14

LOG z DSS

Deckard's System Scanner v20071014.68

Run by Michał & Monika on 2007-11-21 08:57:22

Computer is in Normal Mode.

--------------------------------------------------------------------------------


[color=red]Total Physical Memory: 256 MiB (512 MiB recommended).[/color]



-- HijackThis (run as Michał & Monika.exe) -------------------------------------


Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------



Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2007-11-21 08:57:27

Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

D:\AVerTV\QuickTV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\alg.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\qpqmgsnh.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Michał & Monika\Pulpit\dss.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {29382E00-0D15-4511-8C05-36204C225BB2} - C:\WINDOWS\system32\pmkjg.dll

O2 - BHO: (no name) - {6FA46F40-3F76-4AA4-97A2-00C4DB5D1BB3} - C:\Program Files\Internet Explorer\meqocajoC:\WINDOWS\system32\w1\mper83122.exe.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: {7dcb12bb-a2f7-7c9a-22d4-2bd8fdd3ab27} - {72ba3ddf-8db2-4d22-a9c7-7f2abb21bcd7} - C:\WINDOWS\system32\yhjdrkku.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kjoukwcg.dll

O2 - BHO: (no name) - {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} - C:\WINDOWS\system32\nnnlmmk.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: (no name) - {EB90D6FF-6378-4B9E-BDD8-4669201D31B4} - C:\Program Files\Internet Explorer\meqocajoC:\WINDOWS\system32\x24\jumper83122.exe.dll (file missing)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjoukwcg.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [4c8c23b9] rundll32.exe "C:\WINDOWS\system32\phsujyxr.dll",b

O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: QuickTV.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: kjoukwcg - C:\WINDOWS\system32\kjoukwcg.dll

O20 - Winlogon Notify: nnnlmmk - C:\WINDOWS\system32\nnnlmmk.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NBService - Unknown owner - D:\Nero 7\Nero

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe



--

End of file - 8638 bytes


-- Files created between 2007-10-21 and 2007-11-21 -----------------------------


2007-11-21 08:44:03 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2007-11-21 08:42:45 0 d-------- C:\Program Files\WinClamAVShield

2007-11-21 08:41:29 0 d-------- C:\Documents and Settings\Michał & Monika\Application Data

2007-11-21 08:41:29 0 d-------- C:\Documents and Settings\Michał & Monika\Application Data\Spyware Terminator

2007-11-21 08:41:23 0 d-------- C:\Program Files\Spyware Terminator

2007-11-21 08:32:43 85056 --a------ C:\WINDOWS\system32\phsujyxr.dll

2007-11-21 08:29:45 80960 --a------ C:\WINDOWS\system32\yhjdrkku.dll

2007-11-21 08:24:05 71232 --a------ C:\WINDOWS\system32\qpqmgsnh.exe 

2007-11-20 19:42:04 0 d-------- C:\WINDOWS\ERUNT

2007-11-20 13:52:57 0 d-------- C:\Program Files\Spyware Doctor

2007-11-19 18:48:30 1724 --a------ C:\WINDOWS\system32\tmp.reg

2007-11-19 18:36:14 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2007-11-19 18:36:14 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe 

2007-11-19 18:36:14 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 

2007-11-19 18:36:14 53248 --a------ C:\WINDOWS\system32\Process.exe 

2007-11-19 18:36:14 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-11-19 18:33:02 83008 --a------ C:\WINDOWS\system32\bsshewfe.dll

2007-11-19 18:32:21 85056 --a------ C:\WINDOWS\system32\hjpvxbne.dll

2007-11-19 18:32:19 71232 --a------ C:\WINDOWS\system32\lilwaytv.exe 

2007-11-19 08:37:20 36352 --a------ C:\WINDOWS\system32\awtrqqo.dll

2007-11-18 20:29:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-11-18 18:40:11 85056 --a------ C:\WINDOWS\system32\miroyrgm.dll

2007-11-18 18:38:09 79424 --a------ C:\WINDOWS\system32\vrygbncs.dll

2007-11-18 18:33:05 71232 --a------ C:\WINDOWS\system32\nbjvvnsb.exe 

2007-11-17 18:37:03 82496 --a------ C:\WINDOWS\system32\rbgtrlss.dll

2007-11-17 18:34:03 85056 --a------ C:\WINDOWS\system32\pgaxadhm.dll

2007-11-17 18:31:04 71232 --a------ C:\WINDOWS\system32\emrnyxyn.exe 

2007-11-17 17:33:36 85056 --a------ C:\WINDOWS\system32\uusvsetv.dll

2007-11-17 17:30:36 81984 --a------ C:\WINDOWS\system32\lsbblboe.dll

2007-11-17 17:28:55 71232 --a------ C:\WINDOWS\system32\mtonplyj.exe 

2007-11-17 10:53:52 0 d-------- C:\Program Files\SkanerOnline

2007-11-17 10:40:28 120 --a------ C:\n.bat

2007-11-17 10:40:08 0 --a------ C:\x.dat

2007-11-17 10:40:04 21823 --a------ C:\Documents and Settings\Michał & Monika\x.dat

2007-11-17 10:39:53 0 --a------ C:\z.dat

2007-11-17 10:39:49 25759 --a------ C:\Documents and Settings\Michał & Monika\z.dat

2007-11-17 10:39:41 36352 --a------ C:\WINDOWS\system32\qommnnm.dll

2007-11-16 12:10:52 0 dr------- C:\Documents and Settings\All Users\Application Data

2007-11-16 12:10:52 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor

2007-11-16 11:56:01 0 d-------- C:\Program Files\Common Files\BestsellerAntivirus

2007-11-16 11:55:04 81984 --a------ C:\WINDOWS\system32\lpvuhnba.dll

2007-11-16 11:52:25 145984 --a------ C:\WINDOWS\system32\kjoukwcg.dll

2007-11-16 11:52:04 145984 --a------ C:\WINDOWS\system32\ermiryvr.dll

2007-11-16 11:51:48 36352 --a------ C:\WINDOWS\system32\mljkkhf.dll

2007-11-16 11:51:05 71232 --a------ C:\WINDOWS\system32\ddtggggp.exe 

2007-11-15 17:18:28 0 d-------- C:\Program Files\Skype

2007-11-15 17:18:00 0 d-------- C:\Program Files\Common Files\Skype

2007-11-15 17:11:57 0 d-------- C:\WINDOWS\system32\w1

2007-11-15 17:11:56 0 d-------- C:\WINDOWS\system32\l2

2007-11-15 17:11:28 0 d-------- C:\WINDOWS\system32\v4

2007-11-15 12:51:31 0 d-------- C:\WINDOWS\system32\s21

2007-11-15 12:50:23 36352 --a------ C:\WINDOWS\system32\nnnmmki.dll

2007-11-15 12:50:21 0 d-------- C:\WINDOWS\system32\x24

2007-11-15 12:50:21 0 d-------- C:\WINDOWS\system32\h12

2007-11-15 12:50:08 0 d-------- C:\WINDOWS\system32\rMa18yy

2007-11-14 15:57:18 122254 --ahs---- C:\WINDOWS\system32\abadd.ini2

2007-11-14 15:55:52 147456 --a------ C:\WINDOWS\system32\vbzip10.dll 

2007-11-14 15:52:01 37376 --a------ C:\WINDOWS\system32\nnnlmmk.dll

2007-11-13 19:34:20 4 --a------ C:\WINDOWS\system32\proc1795523372.bin



-- Find3M Report ---------------------------------------------------------------


2007-11-21 08:56:00 101766 --ahs---- C:\WINDOWS\system32\gjkmp.ini2

2007-11-20 20:04:08 358834 --a------ C:\WINDOWS\system32\perfh015.dat

2007-11-20 20:04:08 50748 --a------ C:\WINDOWS\system32\perfc015.dat

2007-11-20 13:52:57 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\PC Tools

2007-11-19 14:09:45 0 d-------- C:\Program Files\Movie Maker

2007-11-16 11:56:01 0 d-------- C:\Program Files\Common Files

2007-11-15 17:20:51 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\Skype

2007-11-13 19:34:20 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\GanymedeNet

2007-11-13 16:23:29 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-10-26 15:40:44 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\Gadu-Gadu

2007-10-26 15:35:02 0 d-------- C:\Program Files\Gadu-Gadu

2007-10-20 14:40:52 85056 -----n--- C:\WINDOWS\system32\nlruypst.dll

2007-10-20 14:40:49 83008 --a------ C:\WINDOWS\system32\isbmlexa.dll

2007-10-20 14:34:57 71232 --a------ C:\WINDOWS\system32\hvddhvcb.exe 

2007-10-15 15:59:37 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\Macromedia

2007-10-15 08:36:54 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\AdobeUM

2007-10-02 14:58:41 0 d-------- C:\Program Files\EA SPORTS

2007-09-29 18:36:33 0 d-------- C:\Program Files\Gronzo

2007-09-26 14:14:18 0 d-------- C:\Program Files\Common Files\TV

2007-09-25 07:56:01 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\Tibia

2007-09-20 14:31:56 319072 --a------ C:\WINDOWS\system32\pmkjg.dll

2007-08-27 11:24:53 3910 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2007-08-27 11:24:52 62362 --a------ C:\WINDOWS\BricoPackUninst.cmd

2007-08-27 10:52:28 219648 --a------ C:\WINDOWS\system32\uxtheme.dll 



-- Registry Dump ---------------------------------------------------------------


*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29382E00-0D15-4511-8C05-36204C225BB2}]

2007-09-20 14:31	319072	--a------	C:\WINDOWS\system32\pmkjg.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FA46F40-3F76-4AA4-97A2-00C4DB5D1BB3}]

			C:\Program Files\Internet Explorer\meqocajoC:\WINDOWS\system32\w1\mper83122.exe.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72ba3ddf-8db2-4d22-a9c7-7f2abb21bcd7}]

2007-11-21 08:29	80960	--a------	C:\WINDOWS\system32\yhjdrkku.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-11-16 11:52	145984	--a------	C:\WINDOWS\system32\kjoukwcg.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]

2007-11-14 15:52	37376	--a------	C:\WINDOWS\system32\nnnlmmk.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB90D6FF-6378-4B9E-BDD8-4669201D31B4}]

			C:\Program Files\Internet Explorer\meqocajoC:\WINDOWS\system32\x24\jumper83122.exe.dll


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\kjoukwcg.dll [2007-11-16 11:52 145984]


[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2003-08-05 06:59 C:\WINDOWS\SOUNDMAN.EXE]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]

"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]

"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

"4c8c23b9"="C:\WINDOWS\system32\phsujyxr.dll" [2007-11-21 08:32]

"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-21 08:41]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-03-12 12:49]


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

QuickTV.lnk - D:\AVerTV\QuickTV.exe [2005-10-30 19:09:40]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnlmmk.dll [2007-11-14 15:52 37376]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kjoukwcg] 

kjoukwcg.dll 2007-11-16 11:52 145984 C:\WINDOWS\system32\kjoukwcg.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlmmk] 

nnnlmmk.dll 2007-11-14 15:52 37376 C:\WINDOWS\system32\nnnlmmk.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjg.dll


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"


*Newly Created Service* - SP_RSDRV2

*Newly Created Service* - SP_RSSRV




-- End of Deckard's System Scanner: finished at 2007-11-21 08:58:45 ------------

(Gutek) #15

Użyj VundoFix + Trojan.Vundo Removal Tool + VirtumundoBeGone.

Po tym nowy log