Miichal1
(Miichal)
19 Listopad 2007 13:59
#1
Witam. Mam problem z wirusem co jakis czas pojawiaja mi sie reklamy IE o oprogramowaniu antywirusowym i wyskakuje informacja ze komputer jest zainfekowany trojanem. Zrobilem loga hijackthis i prosze o pomoc:
Logfile of HijackThis v1.99.1
Scan saved at 14:58:19, on 2007-11-19
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ddtggggp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\AVerTV\QuickTV.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Documents and Settings\Michał & Monika\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjoukwcg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKLM\..\Run: [4c8c23b9] rundll32.exe "C:\WINDOWS\system32\miroyrgm.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [system] c:\windows\system\system.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: QuickTV.lnk = D:\AVerTV\QuickTV.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\ddtggggp.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
Gutek
(Gutek)
19 Listopad 2007 16:51
#2
C:\WINDOWS\system32\ddtggggp.exe O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjoukwcg.dll O4 - HKLM…\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM…\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKLM…\Run: [salestart] “C:\Program Files\Common Files\BestsellerAntivirus\bm.exe” dm=http://bestsellerantivirus.com;’>http://bestsellerantivirus.com ; ad=http://bestsellerantivirus.com O4 - HKLM…\Run: [4c8c23b9] rundll32.exe “C:\WINDOWS\system32\miroyrgm.dll”,b O4 - HKCU…\Run: [system] c:\windows\system\system.exe O4 - HKCU…\Run: [WinAble] C:\Program Files\WinAble\winable.exe O23 - Service: DomainService - - C:\WINDOWS\system32\ddtggggp.exe
usuń wpisy HJT
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix
Dodatkowo:
Pobierz program SDFix
Miichal1
(Miichal)
19 Listopad 2007 17:40
#3
Te pliki HJT to mam usunac tym SmitFraudFixem?
dawidek11
(Dawidex11)
19 Listopad 2007 17:52
#4
Nie! zaznacz te pliki w hijack ktore masz pokazane przez Gutek2222 a nastepnie potym fixowaniu w hijacku uzyj SmitFraudFix a po tem combofix a potem SDFix
Gutek
(Gutek)
19 Listopad 2007 17:52
#5
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjoukwcg.dll O4 - HKLM…\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM…\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKLM…\Run: [salestart] “C:\Program Files\Common Files\BestsellerAntivirus\bm.exe” dm=http://bestsellerantivirus.com;’>http://bestsellerantivirus.com ; ad=http://bestsellerantivirus.com O4 - HKLM…\Run: [4c8c23b9] rundll32.exe “C:\WINDOWS\system32\miroyrgm.dll”,b O4 - HKCU…\Run: [system] c:\windows\system\system.exe O4 - HKCU…\Run: [WinAble] C:\Program Files\WinAble\winable.exe O23 - Service: DomainService - - C:\WINDOWS\system32\ddtggggp.exe
Zaznaczyć wskazane wpisy w Hijacku i kliknąć Fix checked.
link przekieruje ciebie na opis co i jak i tak do końca wykonaj instrukcje
Miichal1
(Miichal)
19 Listopad 2007 18:27
#6
mam problem z tym programem SmidFraudFix : uruchamiam windows w trybie awaryjny wlanczam tenprogram i 2 i on zaczyna czyscic ale wyskakuje ze nie moze odnalezc okreslonej sciezki i sie wylancza
Złączono Posta : 19.11.2007 (Pon) 21:58
jeszcze nie podawalem chyba nazwy tego wirusa: Trojan-Spy.win32@mx i NetWorm-i.Virus@fp i tak jak juz pisalem wylancza sie mi ten program smitfraufix i pisze ze nie odnaleziono jakis wpisow i combofix tez nie chce sie odpalic help plx bo ja juz nie wyrabiam z tym wirusem
Gutek
(Gutek)
19 Listopad 2007 21:58
#7
Daj log z ComboFix - ten działa
Miichal1
(Miichal)
20 Listopad 2007 07:30
#8
Jak wlanczam combofixa to pisze: Current date is 2007-11-19.This copy of comboFix has expired.Please download an updated copy.
arekmalek
(arekmalek)
20 Listopad 2007 08:41
#9
Cofnij date w kompie o 2miechy
Miichal1
(Miichal)
20 Listopad 2007 12:14
#10
nie moge cofnac kompa o 2 miechy wogole nie moge zmienic miesiaca z listopada tylko sa 2 daty w listopadzie do przywrocenia
DragonIce
(Ptadla)
20 Listopad 2007 14:18
#11
tzn. nie przywracanie systemu tylko kliknij dwa razy na zegar systemowy (ten w prawym dolnym rogu) i w polu data z listy miesiąc wybierz wrzesień. Potem zastosuj i ok.
Miichal1
(Miichal)
20 Listopad 2007 14:46
#12
A da sie cos zrobic bez tego przywracania systemu bo ja za bardzo nie mam punktow do przywracania:/ Jeszcze raz daje loga z HJT:
Logfile of HijackThis v1.99.1
Scan saved at 15:40:59, on 2007-10-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hvddhvcb.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\AVerTV\QuickTV.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Michał & Monika\Pulpit\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjoukwcg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: QuickTV.lnk = D:\AVerTV\QuickTV.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\hvddhvcb.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Combofix nie chce sie odpalac bo pisze: Current date is 2007-11-19.This copy of comboFix has expired.Please download an updated copy.
SmitFraudFix tez nie chce dzialac
Bo pisze ze nie odnaleziono jakiejs sciezki jak wlanczam oczywiscie w trybie awaryjnym
adam9870
(adam9870)
20 Listopad 2007 18:00
#13
Przywracanie systemu, a zmiana daty to zupełnie dwie różne rzeczy. Ale skoro nie możesz zrobić tego drugiego, spróbujemy innej metody…
Otwórz Notatnik i wklej w nim to:
Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT i uruchom go w trybie awaryjnym.
Usuń powyżej przedstawione wpisy korzystając z HijackThis, wg sposobu podanego przez Gutka w jednym ze wcześniejszych postów.
Rozumiem, że SDFix już użyłeś? Jeśli nie to zrób to. Natomiast SmitFraudFix spróbuj pobrać jeszcze raz i go użyć.
Po wykonaniu powyżej przedstawionych czynności wklej log z Deckard’s System Scanner .
Miichal1
(Miichal)
21 Listopad 2007 08:14
#14
LOG z DSS
Deckard's System Scanner v20071014.68
Run by Michał & Monika on 2007-11-21 08:57:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]Total Physical Memory: 256 MiB (512 MiB recommended).[/color]
-- HijackThis (run as Michał & Monika.exe) -------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-21 08:57:27
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\AVerTV\QuickTV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\qpqmgsnh.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michał & Monika\Pulpit\dss.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {29382E00-0D15-4511-8C05-36204C225BB2} - C:\WINDOWS\system32\pmkjg.dll
O2 - BHO: (no name) - {6FA46F40-3F76-4AA4-97A2-00C4DB5D1BB3} - C:\Program Files\Internet Explorer\meqocajoC:\WINDOWS\system32\w1\mper83122.exe.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: {7dcb12bb-a2f7-7c9a-22d4-2bd8fdd3ab27} - {72ba3ddf-8db2-4d22-a9c7-7f2abb21bcd7} - C:\WINDOWS\system32\yhjdrkku.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\kjoukwcg.dll
O2 - BHO: (no name) - {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} - C:\WINDOWS\system32\nnnlmmk.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EB90D6FF-6378-4B9E-BDD8-4669201D31B4} - C:\Program Files\Internet Explorer\meqocajoC:\WINDOWS\system32\x24\jumper83122.exe.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\kjoukwcg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [4c8c23b9] rundll32.exe "C:\WINDOWS\system32\phsujyxr.dll",b
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: QuickTV.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.33/g_bin/pl/billard8_2_0_0_35.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: kjoukwcg - C:\WINDOWS\system32\kjoukwcg.dll
O20 - Winlogon Notify: nnnlmmk - C:\WINDOWS\system32\nnnlmmk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NBService - Unknown owner - D:\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 8638 bytes
-- Files created between 2007-10-21 and 2007-11-21 -----------------------------
2007-11-21 08:44:03 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-21 08:42:45 0 d-------- C:\Program Files\WinClamAVShield
2007-11-21 08:41:29 0 d-------- C:\Documents and Settings\Michał & Monika\Application Data
2007-11-21 08:41:29 0 d-------- C:\Documents and Settings\Michał & Monika\Application Data\Spyware Terminator
2007-11-21 08:41:23 0 d-------- C:\Program Files\Spyware Terminator
2007-11-21 08:32:43 85056 --a------ C:\WINDOWS\system32\phsujyxr.dll
2007-11-21 08:29:45 80960 --a------ C:\WINDOWS\system32\yhjdrkku.dll
2007-11-21 08:24:05 71232 --a------ C:\WINDOWS\system32\qpqmgsnh.exe
2007-11-20 19:42:04 0 d-------- C:\WINDOWS\ERUNT
2007-11-20 13:52:57 0 d-------- C:\Program Files\Spyware Doctor
2007-11-19 18:48:30 1724 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-19 18:36:14 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-19 18:36:14 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-19 18:36:14 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-19 18:36:14 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-19 18:36:14 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-19 18:33:02 83008 --a------ C:\WINDOWS\system32\bsshewfe.dll
2007-11-19 18:32:21 85056 --a------ C:\WINDOWS\system32\hjpvxbne.dll
2007-11-19 18:32:19 71232 --a------ C:\WINDOWS\system32\lilwaytv.exe
2007-11-19 08:37:20 36352 --a------ C:\WINDOWS\system32\awtrqqo.dll
2007-11-18 20:29:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-18 18:40:11 85056 --a------ C:\WINDOWS\system32\miroyrgm.dll
2007-11-18 18:38:09 79424 --a------ C:\WINDOWS\system32\vrygbncs.dll
2007-11-18 18:33:05 71232 --a------ C:\WINDOWS\system32\nbjvvnsb.exe
2007-11-17 18:37:03 82496 --a------ C:\WINDOWS\system32\rbgtrlss.dll
2007-11-17 18:34:03 85056 --a------ C:\WINDOWS\system32\pgaxadhm.dll
2007-11-17 18:31:04 71232 --a------ C:\WINDOWS\system32\emrnyxyn.exe
2007-11-17 17:33:36 85056 --a------ C:\WINDOWS\system32\uusvsetv.dll
2007-11-17 17:30:36 81984 --a------ C:\WINDOWS\system32\lsbblboe.dll
2007-11-17 17:28:55 71232 --a------ C:\WINDOWS\system32\mtonplyj.exe
2007-11-17 10:53:52 0 d-------- C:\Program Files\SkanerOnline
2007-11-17 10:40:28 120 --a------ C:\n.bat
2007-11-17 10:40:08 0 --a------ C:\x.dat
2007-11-17 10:40:04 21823 --a------ C:\Documents and Settings\Michał & Monika\x.dat
2007-11-17 10:39:53 0 --a------ C:\z.dat
2007-11-17 10:39:49 25759 --a------ C:\Documents and Settings\Michał & Monika\z.dat
2007-11-17 10:39:41 36352 --a------ C:\WINDOWS\system32\qommnnm.dll
2007-11-16 12:10:52 0 dr------- C:\Documents and Settings\All Users\Application Data
2007-11-16 12:10:52 0 dr------- C:\Documents and Settings\All Users\Application Data\SalesMonitor
2007-11-16 11:56:01 0 d-------- C:\Program Files\Common Files\BestsellerAntivirus
2007-11-16 11:55:04 81984 --a------ C:\WINDOWS\system32\lpvuhnba.dll
2007-11-16 11:52:25 145984 --a------ C:\WINDOWS\system32\kjoukwcg.dll
2007-11-16 11:52:04 145984 --a------ C:\WINDOWS\system32\ermiryvr.dll
2007-11-16 11:51:48 36352 --a------ C:\WINDOWS\system32\mljkkhf.dll
2007-11-16 11:51:05 71232 --a------ C:\WINDOWS\system32\ddtggggp.exe
2007-11-15 17:18:28 0 d-------- C:\Program Files\Skype
2007-11-15 17:18:00 0 d-------- C:\Program Files\Common Files\Skype
2007-11-15 17:11:57 0 d-------- C:\WINDOWS\system32\w1
2007-11-15 17:11:56 0 d-------- C:\WINDOWS\system32\l2
2007-11-15 17:11:28 0 d-------- C:\WINDOWS\system32\v4
2007-11-15 12:51:31 0 d-------- C:\WINDOWS\system32\s21
2007-11-15 12:50:23 36352 --a------ C:\WINDOWS\system32\nnnmmki.dll
2007-11-15 12:50:21 0 d-------- C:\WINDOWS\system32\x24
2007-11-15 12:50:21 0 d-------- C:\WINDOWS\system32\h12
2007-11-15 12:50:08 0 d-------- C:\WINDOWS\system32\rMa18yy
2007-11-14 15:57:18 122254 --ahs---- C:\WINDOWS\system32\abadd.ini2
2007-11-14 15:55:52 147456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-14 15:52:01 37376 --a------ C:\WINDOWS\system32\nnnlmmk.dll
2007-11-13 19:34:20 4 --a------ C:\WINDOWS\system32\proc1795523372.bin
-- Find3M Report ---------------------------------------------------------------
2007-11-21 08:56:00 101766 --ahs---- C:\WINDOWS\system32\gjkmp.ini2
2007-11-20 20:04:08 358834 --a------ C:\WINDOWS\system32\perfh015.dat
2007-11-20 20:04:08 50748 --a------ C:\WINDOWS\system32\perfc015.dat
2007-11-20 13:52:57 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\PC Tools
2007-11-19 14:09:45 0 d-------- C:\Program Files\Movie Maker
2007-11-16 11:56:01 0 d-------- C:\Program Files\Common Files
2007-11-15 17:20:51 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\Skype
2007-11-13 19:34:20 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\GanymedeNet
2007-11-13 16:23:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-26 15:40:44 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\Gadu-Gadu
2007-10-26 15:35:02 0 d-------- C:\Program Files\Gadu-Gadu
2007-10-20 14:40:52 85056 -----n--- C:\WINDOWS\system32\nlruypst.dll
2007-10-20 14:40:49 83008 --a------ C:\WINDOWS\system32\isbmlexa.dll
2007-10-20 14:34:57 71232 --a------ C:\WINDOWS\system32\hvddhvcb.exe
2007-10-15 15:59:37 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\Macromedia
2007-10-15 08:36:54 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\AdobeUM
2007-10-02 14:58:41 0 d-------- C:\Program Files\EA SPORTS
2007-09-29 18:36:33 0 d-------- C:\Program Files\Gronzo
2007-09-26 14:14:18 0 d-------- C:\Program Files\Common Files\TV
2007-09-25 07:56:01 0 d-------- C:\Documents and Settings\Michał & Monika\Dane aplikacji\Tibia
2007-09-20 14:31:56 319072 --a------ C:\WINDOWS\system32\pmkjg.dll
2007-08-27 11:24:53 3910 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-08-27 11:24:52 62362 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-08-27 10:52:28 219648 --a------ C:\WINDOWS\system32\uxtheme.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29382E00-0D15-4511-8C05-36204C225BB2}]
2007-09-20 14:31 319072 --a------ C:\WINDOWS\system32\pmkjg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FA46F40-3F76-4AA4-97A2-00C4DB5D1BB3}]
C:\Program Files\Internet Explorer\meqocajoC:\WINDOWS\system32\w1\mper83122.exe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72ba3ddf-8db2-4d22-a9c7-7f2abb21bcd7}]
2007-11-21 08:29 80960 --a------ C:\WINDOWS\system32\yhjdrkku.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-16 11:52 145984 --a------ C:\WINDOWS\system32\kjoukwcg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
2007-11-14 15:52 37376 --a------ C:\WINDOWS\system32\nnnlmmk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB90D6FF-6378-4B9E-BDD8-4669201D31B4}]
C:\Program Files\Internet Explorer\meqocajoC:\WINDOWS\system32\x24\jumper83122.exe.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\kjoukwcg.dll [2007-11-16 11:52 145984]
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 06:59 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 06:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"4c8c23b9"="C:\WINDOWS\system32\phsujyxr.dll" [2007-11-21 08:32]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-21 08:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:44]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-03-12 12:49]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
QuickTV.lnk - D:\AVerTV\QuickTV.exe [2005-10-30 19:09:40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnlmmk.dll [2007-11-14 15:52 37376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kjoukwcg]
kjoukwcg.dll 2007-11-16 11:52 145984 C:\WINDOWS\system32\kjoukwcg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlmmk]
nnnlmmk.dll 2007-11-14 15:52 37376 C:\WINDOWS\system32\nnnlmmk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjg.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
*Newly Created Service* - SP_RSDRV2
*Newly Created Service* - SP_RSSRV
-- End of Deckard's System Scanner: finished at 2007-11-21 08:58:45 ------------
Gutek
(Gutek)
21 Listopad 2007 22:13
#15