Dzień Dobry.Miałem duze problemy z trojanami i zlikwidowałem je(tak mi się wydaje),chciałbym żeby ktoś przejrzał moje logi .Z góry dziękuje

Logfile of HijackThis v1.99.1

Scan saved at 14:36:42, on 2007-08-07

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

D:\Program Files\Alwil Software\Avast4\ashServ.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

C:\programy\a-square\a-squared Free\a2service.exe

C:\programy\zerospyware\FileDeleter.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\Program Files\Spyware Terminator\sp_rsser.exe

D:\WINDOWS\RTHDCPL.EXE

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\Program Files\VIA\RAID\raid_tool.exe

C:\programy\daemon\daemon.exe

C:\programy\winamp\winampa.exe

C:\programy\Quiktim\qttask.exe

D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

D:\WINDOWS\system32\ctfmon.exe

C:\programy\crystal XP\dodatki\Crystal Clear\UberIcon\UberIcon Manager.exe

C:\programy\crystal XP\dodatki\Crystal Clear\RocketDock\RocketDock.exe

C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe

D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

D:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\programy\cursor powre pack\CursorXP.exe

C:\programy\winzip\WZQKPICK.EXE

C:\programy\POP3 tray\PopTray.exe

C:\programy\ObjectDock\ObjectDock.exe

C:\programy\crystal XP\dodatki\Crystal Clear\YzShadow\YzShadow.exe

C:\programy\crystal XP\dodatki\Crystal Clear\YzToolbar\YzToolBar.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\System32\WScript.exe

C:\programy\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60308

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo … TbId=60308

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\programy\adobereader\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [RaidTool] D:\Program Files\VIA\RAID\raid_tool.exe

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\programy\daemon\daemon.exe” -lang 1033

O4 - HKLM…\Run: [WinampAgent] C:\programy\winamp\winampa.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\programy\Quiktim\qttask.exe” -atboottime

O4 - HKLM…\Run: [LogonStudio] “C:\programy\LogonStudio\LogonStudio\logonstudio.exe” /RANDOM

O4 - HKLM…\Run: [bootSkin Startup Jobs] “C:\programy\BootSkin\BootSkin.exe” /StartupJobs

O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”

O4 - HKLM…\Run: [spywareTerminator] “D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM…\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [uberIcon] “C:\programy\crystal XP\dodatki\Crystal Clear\UberIcon\UberIcon Manager.exe”

O4 - HKCU…\Run: [RocketDock] “C:\programy\crystal XP\dodatki\Crystal Clear\RocketDock\RocketDock.exe”

O4 - HKCU…\Run: [skinClock] C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe

O4 - HKCU…\Run: [CursorXP] C:\programy\cursor powre pack\CursorXP.exe

O4 - Startup: PopTray.lnk = C:\programy\POP3 tray\PopTray.exe

O4 - Startup: RocketDock.lnk = C:\programy\crystal XP\dodatki\Crystal Clear\RocketDock\RocketDock.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\programy\crystal XP\dodatki\Crystal Clear\UberIcon\UberIcon Manager.exe

O4 - Startup: Y’z Shadow.lnk = C:\programy\crystal XP\dodatki\Crystal Clear\YzShadow\YzShadow.exe

O4 - Startup: Y’z Toolbar.lnk = C:\programy\crystal XP\dodatki\Crystal Clear\YzToolbar\YzToolBar.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\programy\winzip\WZQKPICK.EXE

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 5388838578

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - D:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\programy\a-square\a-squared Free\a2service.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ZeroSpyware FileDeleter (FileDeleter) - FBM Software - C:\programy\zerospyware\FileDeleter.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe

ComboFix 07-07-30.2 - “Van Helsing” 2007-08-07 14:18:26.2 [GMT 2:00] - NTFS

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.Prawda

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 14:17 51,200 --a------ D:\WINDOWS\nircmd.exe

2007-08-06 14:44

2007-08-04 11:12 81,920 --a------ D:\WINDOWS\system32\OpenAL32.dll

2007-08-04 11:12 221,184 --a------ D:\WINDOWS\system32\wrap_oal.dll

2007-08-03 09:44 108,144 --a------ D:\WINDOWS\system32\CmdLineExt.dll

2007-08-03 09:44

2007-08-02 06:38 138,368 --a------ D:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2007-08-02 06:37

2007-08-02 06:36

2007-08-02 06:36

2007-08-01 20:46

2007-08-01 20:24

2007-07-31 15:12

2007-07-31 14:59 98,304 --a------ D:\WINDOWS\system32\msir3jp.dll

2007-07-31 14:59 9,216 --a------ D:\WINDOWS\system32\kbdnecAT.dll

2007-07-31 14:59 838,144 --a------ D:\WINDOWS\system32\chtbrkr.dll

2007-07-31 14:59 70,656 --a------ D:\WINDOWS\system32\korwbrkr.dll

2007-07-31 14:59 7,680 --a------ D:\WINDOWS\system32\kbdnecNT.dll

2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\kbdnec95.dll

2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\kbdibm02.dll

2007-07-31 14:59 7,168 --a------ D:\WINDOWS\system32\f3ahvoas.dll

2007-07-31 14:59 6,656 --a------ D:\WINDOWS\system32\kbdlk41a.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbdlk41j.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbdax2.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd106n.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd101a.dll

2007-07-31 14:59 6,144 --a------ D:\WINDOWS\system32\kbd101.dll

2007-07-31 14:59 218,112 --a------ D:\WINDOWS\system32\c_g18030.dll

2007-07-31 14:59 1,677,824 --a------ D:\WINDOWS\system32\chsbrkr.dll

2007-07-31 14:58 811,064 --a------ D:\WINDOWS\system32\imjp81k.dll

2007-07-31 14:58 76,288 --a------ D:\WINDOWS\system32\uniime.dll

2007-07-31 14:58 6,656 --a------ D:\WINDOWS\system32\c_is2022.dll

2007-07-31 14:57 8,704 --a------ D:\WINDOWS\system32\kbdjpn.dll

2007-07-31 14:57 8,192 --a------ D:\WINDOWS\system32\kbdkor.dll

2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd106.dll

2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd101c.dll

2007-07-31 14:57 6,144 --a------ D:\WINDOWS\system32\kbd101b.dll

2007-07-31 14:57 5,632 --a------ D:\WINDOWS\system32\kbd103.dll

2007-07-29 20:46

2007-07-29 15:07 271,360 --a------ D:\WINDOWS\system32\drivers\atksgt.sys

2007-07-29 15:07 18,048 --a------ D:\WINDOWS\system32\drivers\lirsgt.sys

2007-07-29 07:49

2007-07-29 07:49

2007-07-29 07:48

2007-07-28 16:19

2007-07-27 09:58

2007-07-26 16:25

2007-07-26 16:19 1,415,680 --a------ D:\WINDOWS\system32\wmv9vcm.dll

2007-07-26 15:55 420,240 --a------ D:\WINDOWS\system32\mpg4c32.dll

2007-07-26 15:55 309,616 --a------ D:\WINDOWS\system32\wmv8dmod.dll

2007-07-26 15:32

2007-07-26 15:24

2007-07-26 06:31

2007-07-26 06:20

2007-07-26 05:33

2007-07-26 05:22

2007-07-26 05:01

2007-07-26 04:15

2007-07-26 04:12

2007-07-26 04:12

2007-07-26 04:11 14,048 --------- D:\WINDOWS\system32\spmsg2.dll

2007-07-26 04:10

2007-07-26 04:09

2007-07-26 04:09

2007-07-26 04:04

2007-07-26 03:31 2,916,352 --------- D:\WINDOWS\UNNMP.exe

2007-07-26 03:30 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe

2007-07-26 03:30

2007-07-26 03:29 476,320 --------- D:\WINDOWS\system32\ImagXpr7.dll

2007-07-26 03:29 471,040 --------- D:\WINDOWS\system32\ImagXRA7.dll

2007-07-26 03:29 38,912 --------- D:\WINDOWS\system32\picn20.dll

2007-07-26 03:29 364,544 --------- D:\WINDOWS\system32\TwnLib4.dll

2007-07-26 03:29 262,144 --------- D:\WINDOWS\system32\ImagXR7.dll

2007-07-26 03:29 24,064 --------- D:\WINDOWS\system32\msxml3a.dll

2007-07-26 03:29 2,977,792 --------- D:\WINDOWS\UNNeroVision.exe

2007-07-26 03:29 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll

2007-07-26 03:29 1,568,768 --------- D:\WINDOWS\system32\ImagX7.dll

2007-07-26 03:29

2007-07-26 03:29

2007-07-26 03:27 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys

2007-07-26 03:27

2007-07-25 22:51 163,712 --a------ D:\WINDOWS\system32\drivers\vidstub.sys

2007-07-25 22:50 187,392 --a------ D:\WINDOWS\system32\JPGUtils.dll

2007-07-25 22:50

2007-07-25 22:17 4,694 --a------ D:\WINDOWS\BricoPackFoldersDelete.cmd

2007-07-25 22:04

2007-07-25 21:58

2007-07-25 21:56

2007-07-25 21:55

2007-07-25 21:53

2007-07-25 21:41 49,152 --a------ D:\WINDOWS\rebuild.exe

2007-07-25 21:38 1,611 --a------ D:\WINDOWS\system32\uninstall_pack.bat

2007-07-25 21:38

2007-07-25 21:38

2007-07-25 21:27

2007-07-25 21:26

2007-07-25 20:48

2007-07-25 20:44

2007-07-25 20:32 1,395 --a------ D:\WINDOWS\mozver.dat

2007-07-25 20:27

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-26 04:50 87188 --a------ D:\WINDOWS\system32\perfc015.dat

2007-07-26 04:50 494652 --a------ D:\WINDOWS\system32\perfh015.dat

2007-07-25 22:50 6632448 --a------ D:\WINDOWS\system32\logonuiX.exe

2007-07-25 19:18 219648 --a------ D:\WINDOWS\system32\uxtheme.dll

--------- D:\Program Files\Usługi online

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SkyTel”=“SkyTel.EXE” [2006-05-16 19:04 D:\WINDOWS\SkyTel.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2006-08-01 20:10 D:\WINDOWS\RTHDCPL.exe]

“Alcmtr”=“ALCMTR.EXE” [2005-05-03 19:43 D:\WINDOWS\Alcmtr.exe]

“avast!”=“D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-07-28 00:03]

“RaidTool”=“D:\Program Files\VIA\RAID\raid_tool.exe” [2006-01-04 09:43]

“nwiz”=“nwiz.exe” [2007-04-19 13:26 D:\WINDOWS\system32\nwiz.exe]

“DAEMON Tools-1033”=“C:\programy\daemon\daemon.exe” [2004-08-22 17:05]

“WinampAgent”=“C:\programy\winamp\winampa.exe” [2007-05-15 00:22]

“QuickTime Task”=“C:\programy\Quiktim\qttask.exe” [2007-04-27 09:41]

“LogonStudio”=“C:\programy\LogonStudio\LogonStudio\logonstudio.exe” [2002-09-03 18:38]

“BootSkin Startup Jobs”=“C:\programy\BootSkin\BootSkin.exe” [2004-04-26 16:21]

“SunJavaUpdateSched”=“D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-07-12 04:00]

“SpywareTerminator”=“D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe” [2007-08-02 06:38]

“NvCplDaemon”=“D:\WINDOWS\system32\NvCpl.dll” [2007-04-19 13:26]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“D:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00]

“UberIcon”=“C:\programy\crystal XP\dodatki\Crystal Clear\UberIcon\UberIcon Manager.exe” [2006-02-05 14:20]

“RocketDock”=“C:\programy\crystal XP\dodatki\Crystal Clear\RocketDock\RocketDock.exe” [2006-05-14 22:47]

“SkinClock”=“C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe” [2007-07-23 19:31]

“CursorXP”=“C:\programy\cursor powre pack\CursorXP.exe” [2005-01-19 17:34]

“SpybotSD TeaTimer”=“C:\programy\spybot\Spybot - Search & Destroy\TeaTimer.exe” [2005-05-31 01:04]

D:\Documents and Settings\Van Helsing\Menu Start\Programy\Autostart\

PopTray.lnk - C:\programy\POP3 tray\PopTray.exe [2006-09-16 15:01:16]

RocketDock.lnk - C:\programy\crystal XP\dodatki\Crystal Clear\RocketDock\RocketDock.exe [2006-05-14 22:47:48]

Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock.exe [2007-07-04 18:15:32]

UberIcon.lnk - C:\programy\crystal XP\dodatki\Crystal Clear\UberIcon\UberIcon Manager.exe [2006-02-05 14:20:14]

Y’z Shadow.lnk - C:\programy\crystal XP\dodatki\Crystal Clear\YzShadow\YzShadow.exe [2002-09-30 21:09:06]

Y’z Toolbar.lnk - C:\programy\crystal XP\dodatki\Crystal Clear\YzToolbar\YzToolBar.exe [2002-09-29 14:41:10]

D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

WinZip Quick Pick.lnk - C:\programy\winzip\WZQKPICK.EXE [2007-07-25 18:28:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“NoDispCPL”=0 (0x0)

“NoDispBackgroundPage”=0 (0x0)

“NoDispScrSavPage”=0 (0x0)

“NoDispAppearancePage”=0 (0x0)

“NoDispSettingsPage”=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoViewContextMenu”=0 (0x0)

R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys

R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys

R1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys

R1 sp_rsdrv2;Spyware Terminator Driver 2;??\D:\WINDOWS\system32\drivers\sp_rsdrv2.sys

R2 atksgt;atksgt;D:\WINDOWS\system32\DRIVERS\atksgt.sys

R2 FileDeleter;ZeroSpyware FileDeleter;C:\programy\zerospyware\FileDeleter.exe

R2 lirsgt;lirsgt;D:\WINDOWS\system32\DRIVERS\lirsgt.sys

R3 netrcacm;RCA USB Digital Cable Modem Driver;D:\WINDOWS\system32\DRIVERS\netrcacm.sys

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

S3 idsvc;Windows CardSpace;“D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe”

S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;“D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe”

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-07 14:22:07

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden registry entries …

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]

“Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,…

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-07 14:24:05 - machine was rebooted

— E O F —

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by “{++}”

Startup items buried in registry:

---

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“CTFMON.EXE” = “D:\WINDOWS\system32\ctfmon.exe” [MS]

“UberIcon” = ““C:\programy\crystal XP\dodatki\Crystal Clear\UberIcon\UberIcon Manager.exe”” [null data]

“RocketDock” = ““C:\programy\crystal XP\dodatki\Crystal Clear\RocketDock\RocketDock.exe”” [null data]

“SkinClock” = “C:\programy\clock\Clock Tray Skins\ClockTraySkins.exe” [null data]

“CursorXP” = “C:\programy\cursor powre pack\CursorXP.exe” [" "]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

“SkyTel” = “SkyTel.EXE” [“Realtek Semiconductor Corp.”]

“RTHDCPL” = “RTHDCPL.EXE” [“Realtek Semiconductor Corp.”]

“Alcmtr” = “ALCMTR.EXE” [“Realtek Semiconductor Corp.”]

“avast!” = “D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”]

“RaidTool” = “D:\Program Files\VIA\RAID\raid_tool.exe” [“VIA Technologies”]

“nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”]

“DAEMON Tools-1033” = ““C:\programy\daemon\daemon.exe” -lang 1033” [“DAEMON’S HOME”]

“WinampAgent” = “C:\programy\winamp\winampa.exe” [null data]

“QuickTime Task” = ““C:\programy\Quiktim\qttask.exe” -atboottime” [“Apple Inc.”]

“LogonStudio” = ““C:\programy\LogonStudio\LogonStudio\logonstudio.exe” /RANDOM” [“Stardock and Luca Saggese”]

“BootSkin Startup Jobs” = ““C:\programy\BootSkin\BootSkin.exe” /StartupJobs” [empty string]

“SunJavaUpdateSched” = ““D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”” [“Sun Microsystems, Inc.”]

“SpywareTerminator” = ““D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”” [“Crawler.com”]

“NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS]

“PHIME2002ASync” = “D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC” [MS]

“PHIME2002A” = “D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName” [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM…CLSID} = “AcroIEHlprObj Class”

\InProcServer32(Default) = “C:\programy\adobereader\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”]

{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}(Default) = “*i*ie*t*” (unwritable string)

-> {HKLM…CLSID} = (no title provided)

\InProcServer32(Default) = “D:\PROGRA~1\Crawler\Toolbar\ctbr.dll” [“Crawler.com”]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM…CLSID} = “SSVHelper Class”

\InProcServer32(Default) = “D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll” [“Sun Microsystems, Inc.”]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

“{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania”

-> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania”

\InProcServer32(Default) = “deskpan.dll” [file not found]

“{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu”

-> {HKLM…CLSID} = “HyperTerminal Icon Ext”

\InProcServer32(Default) = “D:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”]

“{EFA24E62-B078-11d0-89E4-00C04FC9E26E}” = “History Band”

-> {HKLM…CLSID} = “History Band”

\InProcServer32(Default) = “D:\WINDOWS\system32\shdocvw.dll” [MS]

W żadnym z logów nie widać nic podejrzanego choć log z Silenta jest ucięty (nie poczekałeś na pojawienie się komunikatu All Done).

Uwaga : na czas wykonywania czynności wyłącz SpybotSD TeaTimer. W przeciwnym wypadku naniesione zmiany mogą nie zostać zapisane.

ALCMTR.EXE jest plikiem uważanym nieoficjalnie za spyware. Możesz usunąć powyżej przedstawiony wpis, jednak po wykonaniu tej czynności możesz stracić dźwięk.

Widzę, że masz przeciążony autorstart przez co system ładuje się znacznie dłużej. Poniżej przedstawiam kilka rad, których wykonanie może w znacznym stopniu przyśpieszyć start systemu.

Start => uruchom => msconfig => zakładka Uruchamianie => możesz odznaczyć w/w.

Jeśli QuickTime nie jest Ci bardzo potrzebny to zastąp go QuickTime Alternative.

Panel sterowania => Java Plug-in => Update => odznacz opcję Check for updates automatically.

Jeśli nie korzystasz z zaawansowanych usług tekstowych to je wyłącz: Panel sterowania => Opcje regionalne => Języki => Szczegóły => Zaawansowane => zaznacz wyłącz zaawansowane usługi tekstowe.

Start => programy => autostart => kasacja z prawokliku.

Jeśli nie używasz Messenger’a to go usuń: start => uruchom => wpisz polecenie:

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

Dodatkowo możesz wykonać podstawowe czynności przyśpieszające działanie systemu jak czyszczenie rejestru, defragmentacja dysku, defragmentacja rejestru oraz usunięcie zbędnych plików.

Dziękuje za porady,były bardzo pomocne.Dowidzenia