Wirus który powoduje wyskakiwanie okien itp

dean999 · 4 Lipiec 2007 13:15

hijach this:

Logfile of HijackThis v1.99.1

Scan saved at 15:16:20, on 2007-07-04

Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

C:\Grisoft\AVG7\avgupsvc.exe

C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\WINDOWS\Explorer.EXE

D:\WINDOWS\System32\svchost.exe

C:\WapSter\AQQ\AQQ.exe

D:\Program Files\Ares\Ares.exe

D:\Program Files\Video ActiveX Access\imsmn.exe

D:\WINDOWS\System32\rundll32.exe

D:\Program Files\Video ActiveX Access\iesmn.exe

D:\Program Files\Video ActiveX Access\imsmain.exe

D:\Program Files\Video ActiveX Access\iesmin.exe

C:\Grisoft\AVG7\avgamsvr.exe

C:\Grisoft\AVG7\avgwb.dat

C:\Grisoft\AVG7\avgcc.exe

C:\K-Meleon\K-Meleon.exe

C:\Moje\programy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - D:\Program Files\Video ActiveX Access\iesplg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - D:\Program Files\Video ActiveX Access\iesbpl.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VirusProtectPro 3.3] "D:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe" /h

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE

O17 - HKLM\System\CCS\Services\Tcpip\..\{C6C84F77-2907-4B39-A75A-A04B76063053}: NameServer = 192.168.0.99,194.204.152.34

O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\Program Files\Ares\chatServer.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Grisoft\AVG7\avgemc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Joan · 4 Lipiec 2007 13:32

Użyj SmitFraudFix z opcji 2 w trybie awaryjnym i po tym nowe logi z HJT i Silent Runners a także raport ze SmitFraudFix – plik c:\rapport.txt.

dean999 · 4 Lipiec 2007 14:43

Podczas kiedy chcem uruchomić tryb awaryjny wyskakuje błąd i restartuje sie komputer a silent ruunners też niemoge uruchomić bo pisze "system windows niemoże odnaleźć programu script.exe

Joan · 4 Lipiec 2007 14:52

Jaki błąd wyskakuje? Możesz zastosować Smita w normalnym trybie ale to szczerze mówiąc niewiele da. Zrób jeszcze skan AVG AntiSpyware 7.5 po update, wklej raport i daj loga z ComboFix

dean999 · 4 Lipiec 2007 15:11

Scan AVG już robiłem wcześniej i nic niewykrył

“dean” - 2007-07-04 17:09:12 - ComboFix 07-07-04.4 - Dodatek Service Pack. 1 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) D:\DOCUME~1\ALLUSE~1\DANEAP~1.\TEMP D:\DOCUME~1\dean\DANEAP~1.\Microsoft\Internet Explorer\Quick Launch\VirusProtectPro 3.3.lnk D:\DOCUME~1\dean\Pulpit\internet.lnk D:\Program Files\video activex access D:\Program Files\video activex access\iesmin.exe D:\Program Files\video activex access\iesmn.exe D:\Program Files\video activex access\iesplg.dll D:\Program Files\video activex access\imsmain.exe D:\Program Files\video activex access\imsmn.exe ((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 ))))))))))))))))))))))))))))))) 2007-07-04 15:40 1,238 --a------ D:\WINDOWS\system32\tmp.reg 2007-07-04 15:39 53,248 --a------ D:\WINDOWS\system32\Process.exe 2007-07-04 15:39 51,200 --a------ D:\WINDOWS\system32\dumphive.exe 2007-07-04 15:39 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe 2007-07-03 12:12 2007-06-30 16:55 2007-06-26 11:30 2007-06-26 11:25 2007-06-26 11:25 2007-06-22 11:59 2007-06-12 14:04 77,824 --a------ D:\WINDOWS\system32\ospitray.exe 2007-06-09 17:02 1 --a------ D:\WINDOWS\system32\msql32sys.dll 2007-06-09 17:02 2007-06-07 16:30 2007-06-07 16:30 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-04 14:05:24 -------- d-----w D:\DOCUME~1\dean\DANEAP~1\Real 2007-07-04 12:50:59 -------- d-----w D:\DOCUME~1\dean\DANEAP~1\foobar2000 2007-06-29 11:02:04 -------- d–h--w D:\Program Files\InstallShield Installation Information 2007-06-16 22:11:58 51,200 ----a-w D:\WINDOWS\nircmd.exe 2007-06-05 14:00:45 -------- d–h--w D:\Program Files\Zero G Registry 2007-06-02 16:11:32 737,280 ----a-w D:\WINDOWS\iun6002.exe 2007-05-31 06:51:40 50,748 ----a-w D:\WINDOWS\system32\perfc015.dat 2007-05-31 06:51:40 358,702 ----a-w D:\WINDOWS\system32\perfh015.dat 2007-05-31 06:48:07 -------- d-----w D:\Program Files\Microsoft.NET 2007-05-26 13:15:41 -------- d-----w D:\DOCUME~1\dean\DANEAP~1\K-Meleon 2007-05-26 07:57:22 -------- d-----w D:\Program Files\directx 2007-05-23 14:32:42 -------- d-----w D:\DOCUME~1\dean\DANEAP~1\Hamachi 2007-04-27 19:31:29 25,992 ----a-w D:\WINDOWS\system32\pgdfgsvc.exe 2007-04-06 12:57:37 1,289 ----a-w D:\WINDOWS\mozver.dat ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] 2006-12-15 03:23 440056 --a------ D:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”=1 (0x1) “ConsentPromptBehaviorUser”=0 (0x0) “RunStartupScriptSync”=0 (0x0) “SynchronousMachineGroupPolicy”=0 (0x0) “SynchronousUserGroupPolicy”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] “NoDispAppearancePage”=0 (0x0) “NoColorChoice”=0 (0x0) “NoDispBackgroundPage”=0 (0x0) “NoDispCPL”=0 (0x0) “NoDispSettingsPage”=0 (0x0) “NoDispScrSavPage”=0 (0x0) “NoVisualStyleChoice”=0 (0x0) “NoSizeChoice”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=1 (0x1) “NoRemoteRecursiveEvents”=1 (0x1) “NoStrCmpLogical”=1 (0x1) “NoClose”=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “ClearRecentDocsOnExit”=1 (0x1) “NoSMBalloonTip”=1 (0x1) “NoSaveSettings”=0 (0x0) “NoRecentDocsHistory”=1 (0x1) “NoLowDiskSpaceChecks”=1 (0x1) “MemCheckBoxInRunDlg”=0 (0x0) “NoClose”=0 (0x0) “NoAutoTrayNotify”=0 (0x0) “NoResolveTrack”=0 (0x0) “NoResolveSearch”=1 (0x1) “LinkResolveIgnoreLinkInfo”=1 (0x1) “NoStartBanner”=01000000 “NoWelcomeScreen”=1 (0x1) “NoRecentDocsNetHood”=1 (0x1) “NoDesktopCleanupWizard”=1 (0x1) “NoSharedDocuments”=1 (0x1) “NoThemesTab”=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect] C:\AutoConnect\AutoConnect.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC] C:\Grisoft\AVG7\avgcc.exe /STARTUP [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “C:\DAEMON Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAST Defrag] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] “C:\Gadu-Gadu\gg.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstalkiLite] C:\INSTALKI.pl\InstalkiLite\InstalkiLite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] D:\WINDOWS\System32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “D:\Program Files\Messenger\MSMSGS.EXE” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui] “D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] “C:\RivaTuner v2.0 Final Release\RivaTuner.exe” /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “D:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VS Online] “C:\VS Online\VSOnline.exe” /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Winamp\winampa.exe ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-04 17:11:01 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-04 17:11:31 D:\ComboFix-quarantined-files.txt … 2007-07-04 17:11 — E O F —

Joan · 4 Lipiec 2007 15:28

Ten trojan Twój i działa sobie w sposób uprawniony?

wpisy usun w hijacku, podane foldery w trybie awaryjnym z dysku

komplet nowych logów proszę łącznie z SilentRunners