Skocz do zawartości


Zdjęcie

Logi - Poczta sama wysyła spam

Rozpoczęty przez axelek , 20 06 2008 15:43

  • Zamknięty Temat jest zamknięty
5 odpowiedzi w tym temacie

#1 axelek

axelek

    Nowy

  • 3 postów

Napisano 20 06 2008 - 15:43

Mój komp wysyła sam z siebie masakryczną liczbę spamu, wiem bo Norton Internet Security skanuje mi wsyzstkie wiadomośći wychodzące no i daje co chwila znać że spam. Co to powoduje? proszę pomóżcie tutaj mój z HiJacka

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:35:37, on 2008-06-20Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Mozilla Firefox\firefox.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://www.google.pl/"]http://www.google.pl/[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.pcf.pl/"]http://www.pcf.pl/[/url]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dllO2 - BHO: (no name) - {536d4d7a-ff05-4c03-ba9a-e69ec1de440a} - C:\WINDOWS\system32\pmnkJdeD.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {f86b11f3-0ce1-475f-9541-5329bf7b3597} - C:\WINDOWS\system32\vtUmNFxv.dllO3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dllO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automountO4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.pcf.pl/O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213465007546"]http://www.update.microsoft.com/microsoftu...b?1213465007546[/url]O20 - Winlogon Notify: vtUmNFxv - C:\WINDOWS\SYSTEM32\vtUmNFxv.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXEO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe--End of file - 6448 bytes

i logi z silent runners
"Silent Runners.vbs", revision 58, [url="http://www.silentrunners.org/"]http://www.silentrunners.org/[/url]Operating System: Windows XPOutput limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"AlcoholAutomount" = ""C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount" ["Alcohol Soft Development Team"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)  -> {HKLM...CLSID} = "AcroIEHlprObj Class"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll" ["Symantec Corporation"]{536d4d7a-ff05-4c03-ba9a-e69ec1de440a}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\WINDOWS\system32\pmnkJdeD.dll" [null data]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)  -> {HKLM...CLSID} = "SSVHelper Class"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]{f86b11f3-0ce1-475f-9541-5329bf7b3597}\(Default) = (no title provided)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\WINDOWS\system32\vtUmNFxv.dll" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"  -> {HKLM...CLSID} = "Display Panning CPL Extension"                   \InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"  -> {HKLM...CLSID} = "Portable Media Devices Menu"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"                   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"  -> {HKLM...CLSID} = "DesktopContext Class"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"  -> {HKLM...CLSID} = "NVIDIA CPL Extension"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"  -> {HKLM...CLSID} = "Desktop Explorer"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"  -> {HKLM...CLSID} = "nView Desktop Context Menu"                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"  -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"                   \InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\ONFILTER.DLL" [MS]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\<<!>> "{F86B11F3-0CE1-475F-9541-5329BF7B3597}" = "*hO`**ř*********c*T*" (unwritable string)  -> {HKLM...CLSID} = (no title provided)                   \InProcServer32\(Default) = "C:\WINDOWS\system32\vtUmNFxv.dll" [null data]HKLM\SYSTEM\CurrentControlSet\Control\Lsa\<<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\pmnkJdeD"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]<<!>> vtUmNFxv\DLLName = "vtUmNFxv.dll" [null data]HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"  -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"  -> {HKLM...CLSID} = "PDF Shell Extension"                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"  -> {HKLM...CLSID} = "IEContextMenu Class"                   \InProcServer32\(Default) = "C:\PROGRA~1\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"  -> {HKLM...CLSID} = "IEContextMenu Class"                   \InProcServer32\(Default) = "C:\PROGRA~1\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"  -> {HKLM...CLSID} = "WinRAR"                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) dword:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles{unrecognized setting}"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\Documents and Settings\Krystian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"Enabled Screen Saver:---------------------HKCU\Control Panel\Desktop\"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]Windows Portable Device AutoPlay Handlers-----------------------------------------HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\AlcoholAutoPlayV2.BurnDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "BurnDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\alcohol.exe" %1" ["Alcohol Soft Development Team"]AlcoholAutoPlayV2.ReadDisc\"Provider" = "Alcohol 120%""InvokeProgID" = "AlcoholAutoPlayV2""InvokeVerb" = "ReadDisc"HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command\(Default) = ""C:\Program Files\Alcohol Soft\Alcohol 120\alcohol.exe" %1" ["Alcohol Soft Development Team"]EHomeMusicDropTarget\"Provider" = "Media Center""InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}"  -> {HKLM...CLSID} = "EHomeMusicDropTarget Class"                   \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]EHomePhotosHandler\"Provider" = "Media Center""InvokeProgID" = "EHomeDropTarget.EHomePhotosHandler""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = "{4b7601c1-d292-4902-89f4-583a5ce0c535}"  -> {HKLM...CLSID} = "EHomePhotosHandler Class"                   \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]EHomeVideoDropTarget\"Provider" = "Media Center""InvokeProgID" = "EHomeDropTarget.EHomeVideoDropTarget""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = "{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}"  -> {HKLM...CLSID} = "EHomeVideoDropTarget Class"                   \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]EHomeVideosHandler\"Provider" = "Media Center""InvokeProgID" = "EHomeDropTarget.EHomeVideosHandler""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = "{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}"  -> {HKLM...CLSID} = "EHomeVideosHandler Class"                   \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS]NeroAutoPlay2CDAudio\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2CopyCD\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2DataDisc\"Provider" = "Nero Express""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]NeroAutoPlay2LaunchNeroStartSmart\"Provider" = "Nero StartSmart""InvokeProgID" = "Nero.AutoPlay2""InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]RPCDBurningOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.CDBurn.6""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]RPDeviceOnArrival\"Provider" = "RealPlayer""ProgID" = "RealPlayer.HWEventHandler"HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"  -> {HKLM...CLSID} = "RealNetworks Scheduler"                   \LocalServer32\(Default) = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]RPPlayCDAudioOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AudioCD.6""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe"  /play %1 " ["RealNetworks, Inc."]RPPlayDVDMovieOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.DVD.6""InvokeVerb" = "play"HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe"  /dvd %1 " ["RealNetworks, Inc."]RPPlayMediaOnArrival\"Provider" = "RealPlayer""InvokeProgID" = "RealPlayer.AutoPlay.6""InvokeVerb" = "open"HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]Startup items in "Krystian" & "All Users" startup folders:----------------------------------------------------------C:\Documents and Settings\Krystian\Start Menu\Programs\Startup"Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS]Enabled Scheduled Tasks:------------------------"Norton Internet Security - Run Full System Scan - Krystian" -> launches: "C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------ToolbarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"  -> {HKLM...CLSID} = "Show Norton Toolbar"                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll" ["Symantec Corporation"]Explorer BarsHKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Poszukaj"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"  -> {HKCU...CLSID} = "Java Plug-in"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]{2670000A-7350-4F3C-8081-5663EE0C6C49}\"ButtonText" = "Wyślij do programu OneNote""MenuText" = "Wyślij &do programu OneNote""CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}"  -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button"                   \InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll" [MS]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"{E2E2DD38-D088-4134-82B7-F2BA38496583}\"MenuText" = "@xpsp3res.dll,-20001""Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]{FB5F1910-F110-11D2-BB9E-00C04F795683}\"ButtonText" = "Messenger""MenuText" = "Windows Messenger""Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]Miscellaneous IE Hijack Points------------------------------C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")Added lines (compared with English-language version):[Strings]: START_PAGE_URL=http://www.pcf.pl/Missing lines (compared with English-language version):[Strings]: 1 lineRunning Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS]NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]Symantec AppCore Service, SymAppCore, ""C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon" ["Symantec Corporation"]Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]Usługa Odbiornik Media Center, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS]Usługa Planowanie nagrywania, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS]Print Monitors:---------------HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS]---------- (launch time: 2008-06-20 15:59:11)<<!>>: Suspicious data at a malware launch point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,  launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INI  DLL launch points, use the -supp parameter or answer "No" at the  first message box and "Yes" at the second message box.---------- (total run time: 186 seconds, including 4 seconds for message boxes)


  • 0

#2 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 20 06 2008 - 16:51

Najpierw odpal hjt wybierz opcję do a system scan only.Zrobi Ci się log i zaznacz kwadraty obok poniższych wpisów i daj fix


O2 - BHO: (no name) - {f86b11f3-0ce1-475f-9541-5329bf7b3597} - C:\WINDOWS\system32\vtUmNFxv.dll
O2 - BHO: (no name) - {536d4d7a-ff05-4c03-ba9a-e69ec1de440a} - C:\WINDOWS\system32\pmnkJdeD.dll

Dodatkowo usuń killbox poniższe pliki:

C:\WINDOWS\system32\pmnkJdeD.dll
C:\WINDOWS\system32\vtUmNFxv.dll

Instrukcja do killboxa:

Po odpaleniu kliknij na prawy od rączki obrazek i wybierz powyższe pliki i następnie naciśnij na czerwony przycisk(krzyżyk)

Po wykonaniu tego daj loga z combofix'a.

  • 0

#3 axelek

axelek

    Nowy

  • 3 postów

Napisano 20 06 2008 - 17:12

no wiec tak logi z ComboFix jeszcze przed wykasowaniem tych plikow poeniwaz pmnkJeD.dll pisze ze nie da sie wywalic pliczku a vtUmNFxv.dll nie istnieje w ogole... nie wiem jakim cudem. (pliki sa widoczne wszystkie, nie ma nic ulrytego)
ComboFix 08-06-19.2 - Krystian 2008-06-20 16:45:18.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.209 [GMT 2:00]Running from: C:\Documents and Settings\Krystian\Desktop\ComboFix.exe * Created a new restore point.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\DedJknmp.iniC:\WINDOWS\system32\DedJknmp.ini2C:\WINDOWS\system32\haskel32.dllC:\WINDOWS\system32\pmnkJdeD.dllC:\WINDOWS\system32\pskill.exeC:\WINDOWS\system32\pvfthsbj.iniC:\WINDOWS\system32\xmd.dat.(((((((((((((((((((((((((   Files Created from 2008-05-20 to 2008-06-20  ))))))))))))))))))))))))))))))).2008-06-20 16:54 . 2008-06-20 16:54	53,248	--a------	C:\Temp\catchme.dll2008-06-20 15:00 . 2008-06-20 15:00	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-20 14:46 . 2008-06-20 14:46	79,360	--a------	C:\WINDOWS\system32\jbshtfvp.dll2008-06-20 14:36 . 2008-06-20 16:54	62,384	--a------	C:\WINDOWS\system32\pqasghjd.sys2008-06-20 14:35 . 2008-06-20 14:35	24,576	--a------	C:\WINDOWS\system32\vtUmNFxv.dll2008-06-20 14:33 . 2008-06-20 14:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared2008-06-19 08:03 . 2006-03-21 05:23	23,040	---------	C:\WINDOWS\kb913800.exe2008-06-18 20:40 . 2008-06-19 16:39	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\SPORE Creature Creator2008-06-18 20:39 . 2008-06-18 20:39	<DIR>	d--------	C:\WINDOWS\Logs2008-06-18 19:29 . 2008-04-13 20:47	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys2008-06-18 19:29 . 2008-04-13 20:47	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys2008-06-16 18:12 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Kamil\iss144C.tmp2008-06-16 18:12 . 2008-06-16 18:12	<DIR>	d--------	C:\Documents and Settings\Kamil2008-06-16 16:16 . 2008-06-16 16:16	69	--a------	C:\WINDOWS\NeroDigital.ini2008-06-15 15:29 . 2008-06-15 15:29	<DIR>	d--------	C:\Program Files\uTorrent2008-06-15 15:29 . 2008-06-19 21:42	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\uTorrent2008-06-15 14:55 . 2004-08-04 14:12	142,848	--a------	C:\WINDOWS\gamedelete.exe2008-06-15 09:59 . 2008-06-15 09:59	<DIR>	d--------	C:\WINDOWS\system32\VIRepair2008-06-15 09:38 . 2008-06-15 09:39	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\ViStart2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Program Files\WinFlip2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Program Files\TrueTransparency2008-06-15 09:36 . 2008-06-15 09:59	<DIR>	d--------	C:\Program Files\Styler2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\Styler2008-06-15 09:30 . 2008-06-15 10:01	<DIR>	d--------	C:\WINDOWS\system32\VITrans2008-06-15 09:30 . 2006-12-03 17:15	111,104	--a------	C:\WINDOWS\system32\Uharc.exe2008-06-15 09:30 . 2008-06-15 09:30	78,942	--a------	C:\WINDOWS\Icon_1.ico2008-06-15 09:30 . 2006-12-03 17:15	69,632	--a------	C:\WINDOWS\system32\moveex.exe2008-06-15 09:30 . 2006-12-03 17:15	19,968	--a------	C:\WINDOWS\system32\reico.exe2008-06-15 09:30 . 2006-12-03 17:14	8,636	--a------	C:\WINDOWS\system32\modifype.exe2008-06-14 22:45 . 2008-04-14 02:11	21,504	--a------	C:\WINDOWS\system32\hidserv.dll2008-06-14 22:45 . 2008-04-13 20:39	14,592	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-14 22:45 . 2001-08-17 13:48	12,160	--a------	C:\WINDOWS\system32\drivers\mouhid.sys2008-06-14 22:45 . 2001-08-17 13:48	12,160	--a--c---	C:\WINDOWS\system32\dllcache\mouhid.sys2008-06-14 22:44 . 2008-06-14 22:44	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\nView_Profiles2008-06-14 22:44 . 2008-04-13 20:45	10,368	--a------	C:\WINDOWS\system32\drivers\hidusb.sys2008-06-14 22:29 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll2008-06-14 22:29 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui2008-06-14 22:06 . 2008-04-13 20:46	85,248	--a------	C:\WINDOWS\system32\drivers\nabtsfec.sys2008-06-14 22:06 . 2008-04-13 20:46	19,200	--a------	C:\WINDOWS\system32\drivers\wstcodec.sys2008-06-14 22:06 . 2008-04-13 20:46	17,024	--a------	C:\WINDOWS\system32\drivers\ccdecode.sys2008-06-14 22:06 . 2008-04-14 02:12	16,384	--a------	C:\WINDOWS\system32\ipsink.ax2008-06-14 22:06 . 2008-04-13 20:46	15,232	--a------	C:\WINDOWS\system32\drivers\streamip.sys2008-06-14 22:06 . 2008-04-13 20:46	11,136	--a------	C:\WINDOWS\system32\drivers\slip.sys2008-06-14 22:06 . 2008-04-13 20:46	10,880	--a------	C:\WINDOWS\system32\drivers\ndisip.sys2008-06-14 22:06 . 2008-04-13 20:39	5,504	--a------	C:\WINDOWS\system32\drivers\mstee.sys2008-06-14 22:04 . 2008-04-14 02:12	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax2008-06-14 22:04 . 2008-04-14 02:12	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax2008-06-14 22:04 . 2008-04-14 02:12	53,760	--a------	C:\WINDOWS\system32\vfwwdm32.dll2008-06-14 22:04 . 2008-04-14 02:12	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax2008-06-14 22:04 . 2008-04-14 02:12	28,672	--a------	C:\WINDOWS\system32\vidcap.ax2008-06-14 21:58 . 2005-01-31 10:30	141,246	---------	C:\WINDOWS\system32\drivers\NVCAP.SYS2008-06-14 21:58 . 2005-01-31 10:30	29,696	---------	C:\WINDOWS\system32\FILTER.AX2008-06-14 21:58 . 2005-01-31 10:30	16,176	---------	C:\WINDOWS\system32\drivers\NVXBAR.SYS2008-06-14 21:57 . 2008-06-14 21:59	<DIR>	d--------	C:\WINDOWS\nview2008-06-14 21:57 . 2006-04-28 09:47	208,896	--a------	C:\WINDOWS\system32\nvudisp.exe2008-06-14 21:57 . 2008-06-20 16:53	51,048	--a------	C:\WINDOWS\system32\nvapps.xml2008-06-14 21:57 . 2006-04-28 09:47	16,960	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-06-14 21:55 . 2006-04-28 04:27	208,896	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-06-14 21:52 . 2004-05-02 10:47	23,040	-ra------	C:\WINDOWS\system32\drivers\GVCplDrv.sys2008-06-14 21:42 . 2008-06-20 16:53	<DIR>	d---s----	C:\Temp\Temporary Internet Files2008-06-14 21:42 . 2008-06-14 21:42	<DIR>	d--------	C:\Recorded TV2008-06-14 21:42 . 2008-04-13 20:45	32,128	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-14 21:33 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys2008-06-14 21:29 . 2008-06-14 21:29	<DIR>	d--------	C:\Program Files\Windows XP MUI Pack2008-06-14 21:29 . 2001-12-05 05:00	65,536	--a------	C:\WINDOWS\system32\WMErrPLK.dll2008-06-14 21:29 . 2001-12-05 05:00	36,946	--a------	C:\WINDOWS\WMPrfPLK.prx2008-06-14 21:27 . 2008-06-14 21:27	<DIR>	d--------	C:\Program Files\Windows Media Connect 22008-06-14 21:26 . 2008-06-14 21:26	<DIR>	d--------	C:\Program Files\Toub2008-06-14 21:20 . 2008-04-13 20:45	46,592	---------	C:\WINDOWS\system32\drivers\irbus.sys2008-06-14 21:20 . 2008-04-13 20:45	19,200	---------	C:\WINDOWS\system32\drivers\hidir.sys2008-06-14 21:19 . 2008-04-14 14:30	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-06-14 21:17 . 2008-06-14 21:17	<DIR>	d--------	C:\Program Files\ffdshow2008-06-14 21:17 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Krystian\iss144C.tmp2008-06-14 21:17 . 2008-06-14 19:35	<DIR>	d--------	C:\Documents and Settings\Krystian2008-06-14 21:17 . 2005-12-29 19:00	237,568	--ah-----	C:\HTConfTest.dll2008-06-14 21:15 . 2008-06-14 21:15	<DIR>	d--hs----	C:\Documents and Settings\NetworkService2008-06-14 21:15 . 2008-06-14 21:15	<DIR>	d--hs----	C:\Documents and Settings\LocalService2008-06-14 21:15 . 2008-06-14 21:15	8,192	--a------	C:\WINDOWS\REGLOCS.OLD2008-06-14 21:13 . 2008-06-14 21:05	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\iss144C.tmp2008-06-14 21:13 . 2004-08-10 15:00	221,184	--a--c---	C:\WINDOWS\system32\dllcache\wmpns.dll2008-06-14 21:13 . 2004-08-10 13:13	73,728	--a--c---	C:\WINDOWS\system32\dllcache\ehresja.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresko.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresfr.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresde.dll2008-06-14 21:13 . 2004-08-10 13:13	61,440	--a--c---	C:\WINDOWS\system32\dllcache\ehreschs.dll2008-06-14 21:13 . 2004-08-10 15:00	28,288	--a--c---	C:\WINDOWS\system32\dllcache\xjis.nls2008-06-14 21:11 . 2008-04-14 02:09	13,463,552	--a--c---	C:\WINDOWS\system32\dllcache\hwxjpn.dll2008-06-14 21:10 . 2008-06-14 21:10	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-06-14 21:10 . 2008-06-14 21:10	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-06-14 21:10 . 2004-08-10 15:00	94,720	--a--c---	C:\WINDOWS\system32\dllcache\certmap.ocx2008-06-14 21:10 . 2007-07-30 19:19	43,352	--a------	C:\WINDOWS\system32\wups2.dll2008-06-14 21:07 . 2008-06-14 21:07	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-06-14 21:07 . 2008-06-14 23:53	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-06-14 21:07 . 2008-06-14 21:07	<DIR>	d--------	C:\Program Files\HighMAT CD Writing Wizard2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Real2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\NVIDIA Corporation2008-06-14 21:05 . 2008-06-18 16:03	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\EnglishOtto2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Common Files\xing shared2008-06-14 21:05 . 2008-06-14 21:58	<DIR>	d--------	C:\Program Files\Common Files\InstallShield2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\AC3Filter2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Default User\iss144C.tmp2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation2008-06-14 21:05 . 2005-06-14 01:28	671,744	--a------	C:\WINDOWS\system32\DolbyHph.dll2008-06-14 21:05 . 2003-08-19 09:20	180,224	--a------	C:\WINDOWS\system32\ac3filter.cpl2008-06-14 21:05 . 2005-06-14 01:29	60,416	--a------	C:\WINDOWS\system32\DSETUP.dll2008-06-14 21:05 . 2005-06-14 01:27	9,856	--a------	C:\WINDOWS\system32\drivers\pfc.sys2008-06-14 21:05 . 2005-08-23 00:29	4,608	--a------	C:\WINDOWS\system32\drivers\nvport.sys2008-06-14 21:04 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Common Files\Real2008-06-14 21:04 . 2008-06-20 14:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Windows Journal Viewer2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Java2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Common Files\Java2008-06-14 21:00 . 2008-06-14 21:00	<DIR>	d---s----	C:\WINDOWS\system32\Microsoft2008-06-14 19:38 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui2008-06-14 19:35 . 2008-06-14 19:35	<DIR>	d---s----	C:\Documents and Settings\Krystian\UserData2008-06-14 17:31 . 2008-06-14 17:31	<DIR>	d--------	C:\Program Files\Alcohol Soft2008-06-14 17:28 . 2008-06-14 17:28	685,816	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-06-14 17:27 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll.wusetup.1679781.new2008-06-14 17:27 . 2007-07-30 19:18	34,136	--a------	C:\WINDOWS\system32\wucltui.dll.mui2008-06-14 17:27 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui_en2008-06-14 17:27 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuapi.dll.mui2008-06-14 17:27 . 2007-07-30 19:18	20,312	--a------	C:\WINDOWS\system32\wuaueng.dll.mui2008-06-14 17:23 . 2008-06-20 15:42	16	--a------	C:\WINDOWS\system32\coh.cache2008-06-14 17:16 . 2008-06-14 17:16	<DIR>	d--------	C:\Program Files\Gadu-Gadu.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-20 14:50	---------	d-----w	C:\Program Files\Common Files\Symantec Shared2008-06-20 13:58	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec2008-06-14 19:18	---------	d-----w	C:\Program Files\AIDA322008-06-14 19:17	---------	d-----w	C:\Program Files\IntelPCB2008-06-14 18:29	---------	d-----w	C:\Documents and Settings\Krystian\Application Data\Gadu-Gadu2008-06-14 18:26	---------	d-----w	C:\Program Files\Windows Plus2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys2008-04-14 00:11	451,072	----a-w	C:\WINDOWS\AppPatch\aclayers.dll2008-04-14 00:11	39,424	------w	C:\WINDOWS\AppPatch\acadproc.dll2008-04-14 00:11	376,832	----a-w	C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll2008-04-14 00:11	245,248	----a-w	C:\WINDOWS\AppPatch\acspecfc.dll2008-04-14 00:11	141,312	----a-w	C:\WINDOWS\AppPatch\aclua.dll2008-04-14 00:11	116,224	----a-w	C:\WINDOWS\AppPatch\acxtrnal.dll2008-04-14 00:11	1,852,928	----a-w	C:\WINDOWS\AppPatch\acgenral.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f86b11f3-0ce1-475f-9541-5329bf7b3597}]2008-06-20 14:35	24576	--a------	C:\WINDOWS\system32\vtUmNFxv.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 20:17 222592][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMan"="SOUNDMAN.EXE" [2005-12-29 11:00 577536 C:\WINDOWS\SOUNDMAN.EXE]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 09:47 7573504]"nwiz"="nwiz.exe" [2006-04-28 09:47 1519616 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 09:47 86016]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816]"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 09:11 771704]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]C:\Documents and Settings\Krystian\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]"{F86B11F3-0CE1-475F-9541-5329BF7B3597}"= C:\WINDOWS\system32\vtUmNFxv.dll [2008-06-20 14:35 24576][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNFxv]vtUmNFxv.dll 2008-06-20 14:35 24576 C:\WINDOWS\system32\vtUmNFxv.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"=*Newly Created Service* - COMHOST.Contents of the 'Scheduled Tasks' folder"2008-06-14 14:22:49 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Krystian.job"- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-06-20 16:54:13Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\WINDOWS\system32\vtUmNFxv.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\ehome\ehrecvr.exeC:\WINDOWS\ehome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ehome\ehmsas.exeC:\WINDOWS\system32\imapi.exe.**************************************************************************.Completion time: 2008-06-20 16:56:06 - machine was rebootedComboFix-quarantined-files.txt  2008-06-20 14:55:53Pre-Run: 28,007,301,120 bytes freePost-Run: 28,278,755,328 bytes free250	--- E O F ---	2008-06-20 05:06:54

ps taki pliczek jeszcze znalazlem C:\WINDOWS\system32\vtUnOhEW.dll
nazwa podobna do : C:\WINDOWS\system32\vtUmNFxv.dll wiec pisze o nim lepiej :)

ps moze w czyms pomoze, norton przekierowal mnie do tej strony:
http://securityresponse.symantec.com/secur...-99&tabid=1
  • 0

#4 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 20 06 2008 - 17:29

Wklej do notatnika


FILE::
C:\WINDOWS\system32\jbshtfvp.dll
C:\WINDOWS\system32\pqasghjd.sys
C:\WINDOWS\system32\vtUmNFxv.dll


REGISTRY::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNFxv]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->Dołączona grafika
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.


Po wykonaniu nowy log combofix daj tylko go NIE wklejaj metoda tylko normalnie go wklej!.
  • 0

#5 axelek

axelek

    Nowy

  • 3 postów

Napisano 20 06 2008 - 17:59

zrobilem to wzsystko i wyglada ze jest ok bo norton nie informuje ze probuje cos wyslac spam no ale wrazie czego zalaczam logi dla pewnosci:
ComboFix 08-06-19.2 - Krystian 2008-06-20 17:49:27.2 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1250.1.1033.18.151 [GMT 2:00]Running from: C:\Documents and Settings\Krystian\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Krystian\Desktop\CFScript.txt * Created a new restore pointFILE ::C:\WINDOWS\system32\jbshtfvp.dllC:\WINDOWS\system32\pqasghjd.sysC:\WINDOWS\system32\vtUmNFxv.dll.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\jbshtfvp.dllC:\WINDOWS\system32\pnmnhbjp.iniC:\WINDOWS\system32\pqasghjd.sysC:\WINDOWS\system32\vtUmNFxv.dllC:\WINDOWS\system32\vtUnOhEW.dllC:\WINDOWS\system32\WEhOnUtv.iniC:\WINDOWS\system32\WEhOnUtv.ini2.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_pqasghjd(((((((((((((((((((((((((   Files Created from 2008-05-20 to 2008-06-20  ))))))))))))))))))))))))))))))).2008-06-20 17:56 . 2008-06-20 17:56	53,248	--a------	C:\Temp\catchme.dll2008-06-20 17:02 . 2008-06-20 17:04	<DIR>	d--------	C:\!KillBox2008-06-20 17:02 . 2008-06-20 17:02	79,360	--a------	C:\WINDOWS\system32\pjbhnmnp.dll2008-06-20 15:00 . 2008-06-20 15:00	<DIR>	d--------	C:\Program Files\Trend Micro2008-06-20 14:33 . 2008-06-20 14:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe Systems Shared2008-06-19 08:03 . 2006-03-21 05:23	23,040	---------	C:\WINDOWS\kb913800.exe2008-06-18 20:40 . 2008-06-19 16:39	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\SPORE Creature Creator2008-06-18 20:39 . 2008-06-18 20:39	<DIR>	d--------	C:\WINDOWS\Logs2008-06-18 19:29 . 2008-04-13 20:47	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys2008-06-18 19:29 . 2008-04-13 20:47	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys2008-06-16 18:12 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Kamil\iss144C.tmp2008-06-16 18:12 . 2008-06-16 18:12	<DIR>	d--------	C:\Documents and Settings\Kamil2008-06-16 16:16 . 2008-06-16 16:16	69	--a------	C:\WINDOWS\NeroDigital.ini2008-06-15 15:29 . 2008-06-15 15:29	<DIR>	d--------	C:\Program Files\uTorrent2008-06-15 15:29 . 2008-06-19 21:42	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\uTorrent2008-06-15 14:55 . 2004-08-04 14:12	142,848	--a------	C:\WINDOWS\gamedelete.exe2008-06-15 09:59 . 2008-06-15 09:59	<DIR>	d--------	C:\WINDOWS\system32\VIRepair2008-06-15 09:38 . 2008-06-15 09:39	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\ViStart2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Program Files\WinFlip2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Program Files\TrueTransparency2008-06-15 09:36 . 2008-06-15 09:59	<DIR>	d--------	C:\Program Files\Styler2008-06-15 09:36 . 2008-06-15 09:36	<DIR>	d--------	C:\Documents and Settings\Krystian\Application Data\Styler2008-06-15 09:30 . 2008-06-15 10:01	<DIR>	d--------	C:\WINDOWS\system32\VITrans2008-06-15 09:30 . 2006-12-03 17:15	111,104	--a------	C:\WINDOWS\system32\Uharc.exe2008-06-15 09:30 . 2008-06-15 09:30	78,942	--a------	C:\WINDOWS\Icon_1.ico2008-06-15 09:30 . 2006-12-03 17:15	69,632	--a------	C:\WINDOWS\system32\moveex.exe2008-06-15 09:30 . 2006-12-03 17:15	19,968	--a------	C:\WINDOWS\system32\reico.exe2008-06-15 09:30 . 2006-12-03 17:14	8,636	--a------	C:\WINDOWS\system32\modifype.exe2008-06-14 22:45 . 2008-04-14 02:11	21,504	--a------	C:\WINDOWS\system32\hidserv.dll2008-06-14 22:45 . 2008-04-13 20:39	14,592	--a------	C:\WINDOWS\system32\drivers\kbdhid.sys2008-06-14 22:45 . 2001-08-17 13:48	12,160	--a------	C:\WINDOWS\system32\drivers\mouhid.sys2008-06-14 22:45 . 2001-08-17 13:48	12,160	--a--c---	C:\WINDOWS\system32\dllcache\mouhid.sys2008-06-14 22:44 . 2008-06-14 22:44	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\nView_Profiles2008-06-14 22:44 . 2008-04-13 20:45	10,368	--a------	C:\WINDOWS\system32\drivers\hidusb.sys2008-06-14 22:29 . 2007-07-30 19:19	271,224	--a------	C:\WINDOWS\system32\mucltui.dll2008-06-14 22:29 . 2007-07-30 19:19	30,072	--a------	C:\WINDOWS\system32\mucltui.dll.mui2008-06-14 22:06 . 2008-04-13 20:46	85,248	--a------	C:\WINDOWS\system32\drivers\nabtsfec.sys2008-06-14 22:06 . 2008-04-13 20:46	19,200	--a------	C:\WINDOWS\system32\drivers\wstcodec.sys2008-06-14 22:06 . 2008-04-13 20:46	17,024	--a------	C:\WINDOWS\system32\drivers\ccdecode.sys2008-06-14 22:06 . 2008-04-14 02:12	16,384	--a------	C:\WINDOWS\system32\ipsink.ax2008-06-14 22:06 . 2008-04-13 20:46	15,232	--a------	C:\WINDOWS\system32\drivers\streamip.sys2008-06-14 22:06 . 2008-04-13 20:46	11,136	--a------	C:\WINDOWS\system32\drivers\slip.sys2008-06-14 22:06 . 2008-04-13 20:46	10,880	--a------	C:\WINDOWS\system32\drivers\ndisip.sys2008-06-14 22:06 . 2008-04-13 20:39	5,504	--a------	C:\WINDOWS\system32\drivers\mstee.sys2008-06-14 22:04 . 2008-04-14 02:12	91,136	--a------	C:\WINDOWS\system32\kswdmcap.ax2008-06-14 22:04 . 2008-04-14 02:12	61,952	--a------	C:\WINDOWS\system32\kstvtune.ax2008-06-14 22:04 . 2008-04-14 02:12	53,760	--a------	C:\WINDOWS\system32\vfwwdm32.dll2008-06-14 22:04 . 2008-04-14 02:12	43,008	--a------	C:\WINDOWS\system32\ksxbar.ax2008-06-14 22:04 . 2008-04-14 02:12	28,672	--a------	C:\WINDOWS\system32\vidcap.ax2008-06-14 21:58 . 2005-01-31 10:30	141,246	---------	C:\WINDOWS\system32\drivers\NVCAP.SYS2008-06-14 21:58 . 2005-01-31 10:30	29,696	---------	C:\WINDOWS\system32\FILTER.AX2008-06-14 21:58 . 2005-01-31 10:30	16,176	---------	C:\WINDOWS\system32\drivers\NVXBAR.SYS2008-06-14 21:57 . 2008-06-14 21:59	<DIR>	d--------	C:\WINDOWS\nview2008-06-14 21:57 . 2006-04-28 09:47	208,896	--a------	C:\WINDOWS\system32\nvudisp.exe2008-06-14 21:57 . 2008-06-20 17:56	51,048	--a------	C:\WINDOWS\system32\nvapps.xml2008-06-14 21:57 . 2006-04-28 09:47	16,960	--a------	C:\WINDOWS\system32\nvdisp.nvu2008-06-14 21:55 . 2006-04-28 04:27	208,896	--a------	C:\WINDOWS\system32\NVUNINST.EXE2008-06-14 21:52 . 2004-05-02 10:47	23,040	-ra------	C:\WINDOWS\system32\drivers\GVCplDrv.sys2008-06-14 21:42 . 2008-06-20 17:56	<DIR>	d---s----	C:\Temp\Temporary Internet Files2008-06-14 21:42 . 2008-06-14 21:42	<DIR>	d--------	C:\Recorded TV2008-06-14 21:42 . 2008-04-13 20:45	32,128	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-14 21:33 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys2008-06-14 21:29 . 2008-06-14 21:29	<DIR>	d--------	C:\Program Files\Windows XP MUI Pack2008-06-14 21:29 . 2001-12-05 05:00	65,536	--a------	C:\WINDOWS\system32\WMErrPLK.dll2008-06-14 21:29 . 2001-12-05 05:00	36,946	--a------	C:\WINDOWS\WMPrfPLK.prx2008-06-14 21:27 . 2008-06-14 21:27	<DIR>	d--------	C:\Program Files\Windows Media Connect 22008-06-14 21:26 . 2008-06-14 21:26	<DIR>	d--------	C:\Program Files\Toub2008-06-14 21:20 . 2008-04-13 20:45	46,592	---------	C:\WINDOWS\system32\drivers\irbus.sys2008-06-14 21:20 . 2008-04-13 20:45	19,200	---------	C:\WINDOWS\system32\drivers\hidir.sys2008-06-14 21:19 . 2008-04-14 14:30	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys2008-06-14 21:17 . 2008-06-14 21:17	<DIR>	d--------	C:\Program Files\ffdshow2008-06-14 21:17 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Krystian\iss144C.tmp2008-06-14 21:17 . 2008-06-14 19:35	<DIR>	d--------	C:\Documents and Settings\Krystian2008-06-14 21:17 . 2005-12-29 19:00	237,568	--ah-----	C:\HTConfTest.dll2008-06-14 21:15 . 2008-06-14 21:15	<DIR>	d--hs----	C:\Documents and Settings\NetworkService2008-06-14 21:15 . 2008-06-14 21:15	<DIR>	d--hs----	C:\Documents and Settings\LocalService2008-06-14 21:15 . 2008-06-14 21:15	8,192	--a------	C:\WINDOWS\REGLOCS.OLD2008-06-14 21:13 . 2008-06-14 21:05	<DIR>	d--------	C:\WINDOWS\system32\config\systemprofile\iss144C.tmp2008-06-14 21:13 . 2004-08-10 15:00	221,184	--a--c---	C:\WINDOWS\system32\dllcache\wmpns.dll2008-06-14 21:13 . 2004-08-10 13:13	73,728	--a--c---	C:\WINDOWS\system32\dllcache\ehresja.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresko.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresfr.dll2008-06-14 21:13 . 2004-08-10 13:13	69,632	--a--c---	C:\WINDOWS\system32\dllcache\ehresde.dll2008-06-14 21:13 . 2004-08-10 13:13	61,440	--a--c---	C:\WINDOWS\system32\dllcache\ehreschs.dll2008-06-14 21:13 . 2004-08-10 15:00	28,288	--a--c---	C:\WINDOWS\system32\dllcache\xjis.nls2008-06-14 21:11 . 2008-04-14 02:09	13,463,552	--a--c---	C:\WINDOWS\system32\dllcache\hwxjpn.dll2008-06-14 21:10 . 2008-06-14 21:10	<DIR>	d--------	C:\WINDOWS\system32\xircom2008-06-14 21:10 . 2008-06-14 21:10	<DIR>	d--------	C:\Program Files\microsoft frontpage2008-06-14 21:10 . 2004-08-10 15:00	94,720	--a--c---	C:\WINDOWS\system32\dllcache\certmap.ocx2008-06-14 21:10 . 2007-07-30 19:19	43,352	--a------	C:\WINDOWS\system32\wups2.dll2008-06-14 21:07 . 2008-06-14 21:07	<DIR>	d--------	C:\WINDOWS\Downloaded Installations2008-06-14 21:07 . 2008-06-14 23:53	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$2008-06-14 21:07 . 2008-06-14 21:07	<DIR>	d--------	C:\Program Files\HighMAT CD Writing Wizard2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Real2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\NVIDIA Corporation2008-06-14 21:05 . 2008-06-18 16:03	<DIR>	d--h-----	C:\Program Files\InstallShield Installation Information2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\EnglishOtto2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Common Files\xing shared2008-06-14 21:05 . 2008-06-14 21:58	<DIR>	d--------	C:\Program Files\Common Files\InstallShield2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\AC3Filter2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\Default User\iss144C.tmp2008-06-14 21:05 . 2008-06-14 21:05	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation2008-06-14 21:05 . 2005-06-14 01:28	671,744	--a------	C:\WINDOWS\system32\DolbyHph.dll2008-06-14 21:05 . 2003-08-19 09:20	180,224	--a------	C:\WINDOWS\system32\ac3filter.cpl2008-06-14 21:05 . 2005-06-14 01:29	60,416	--a------	C:\WINDOWS\system32\DSETUP.dll2008-06-14 21:05 . 2005-06-14 01:27	9,856	--a------	C:\WINDOWS\system32\drivers\pfc.sys2008-06-14 21:05 . 2005-08-23 00:29	4,608	--a------	C:\WINDOWS\system32\drivers\nvport.sys2008-06-14 21:04 . 2008-06-14 21:05	<DIR>	d--------	C:\Program Files\Common Files\Real2008-06-14 21:04 . 2008-06-20 14:33	<DIR>	d--------	C:\Program Files\Common Files\Adobe2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Windows Journal Viewer2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Java2008-06-14 21:03 . 2008-06-14 21:03	<DIR>	d--------	C:\Program Files\Common Files\Java2008-06-14 21:00 . 2008-06-14 21:00	<DIR>	d---s----	C:\WINDOWS\system32\Microsoft2008-06-14 19:38 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui2008-06-14 19:35 . 2008-06-14 19:35	<DIR>	d---s----	C:\Documents and Settings\Krystian\UserData2008-06-14 17:31 . 2008-06-14 17:31	<DIR>	d--------	C:\Program Files\Alcohol Soft2008-06-14 17:28 . 2008-06-14 17:28	685,816	--a------	C:\WINDOWS\system32\drivers\sptd.sys2008-06-14 17:27 . 2007-07-30 19:19	207,736	--a------	C:\WINDOWS\system32\muweb.dll.wusetup.1679781.new2008-06-14 17:27 . 2007-07-30 19:18	34,136	--a------	C:\WINDOWS\system32\wucltui.dll.mui2008-06-14 17:27 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui_en2008-06-14 17:27 . 2007-07-30 19:19	25,944	--a------	C:\WINDOWS\system32\wuapi.dll.mui2008-06-14 17:27 . 2007-07-30 19:18	20,312	--a------	C:\WINDOWS\system32\wuaueng.dll.mui2008-06-14 17:23 . 2008-06-20 17:23	16	--a------	C:\WINDOWS\system32\coh.cache2008-06-14 17:16 . 2008-06-14 17:16	<DIR>	d--------	C:\Program Files\Gadu-Gadu2008-06-14 17:16 . 2008-06-20 10:50	<DIR>	d--------	C:\Documents and Settings\Krystian\Gadu-Gadu.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-20 14:50	---------	d-----w	C:\Program Files\Common Files\Symantec Shared2008-06-20 13:58	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec2008-06-14 19:18	---------	d-----w	C:\Program Files\AIDA322008-06-14 19:17	---------	d-----w	C:\Program Files\IntelPCB2008-06-14 18:29	---------	d-----w	C:\Documents and Settings\Krystian\Application Data\Gadu-Gadu2008-06-14 18:26	---------	d-----w	C:\Program Files\Windows Plus2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys2008-04-14 00:12	69,120	----a-w	C:\WINDOWS\notepad.exe2008-04-14 00:12	50,688	----a-w	C:\WINDOWS\twain_32.dll2008-04-14 00:12	32,866	------w	C:\WINDOWS\slrundll.exe2008-04-14 00:12	283,648	----a-w	C:\WINDOWS\winhlp32.exe2008-04-14 00:12	146,432	----a-w	C:\WINDOWS\regedit.exe2008-04-14 00:12	10,752	----a-w	C:\WINDOWS\hh.exe2008-04-14 00:12	1,033,728	----a-w	C:\WINDOWS\explorer.exe2008-04-14 00:11	451,072	----a-w	C:\WINDOWS\AppPatch\aclayers.dll2008-04-14 00:11	39,424	------w	C:\WINDOWS\AppPatch\acadproc.dll2008-04-14 00:11	245,248	----a-w	C:\WINDOWS\AppPatch\acspecfc.dll2008-04-14 00:11	141,312	----a-w	C:\WINDOWS\AppPatch\aclua.dll2008-04-14 00:11	116,224	----a-w	C:\WINDOWS\AppPatch\acxtrnal.dll2008-04-14 00:11	1,852,928	----a-w	C:\WINDOWS\AppPatch\acgenral.dll.(((((((((((((((((((((((((((((   snapshot@2008-06-20_16.55.21.50   ))))))))))))))))))))))))))))))))))))))))).- 2008-06-20 14:52:49	2,048	--s-a-w	C:\WINDOWS\bootstat.dat+ 2008-06-20 15:55:19	2,048	--s-a-w	C:\WINDOWS\bootstat.dat.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 20:17 222592][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMan"="SOUNDMAN.EXE" [2005-12-29 11:00 577536 C:\WINDOWS\SOUNDMAN.EXE]"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56 64512]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-28 09:47 7573504]"nwiz"="nwiz.exe" [2006-04-28 09:47 1519616 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-28 09:47 86016]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 07:59 115816]"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 09:11 771704]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]"6ca9aad1"="C:\WINDOWS\system32\pjbhnmnp.dll" [2008-06-20 17:02 79360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]C:\Documents and Settings\Krystian\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNFxv]vtUmNFxv.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\Messenger\\msmsgs.exe"=*Newly Created Service* - COMHOST.Contents of the 'Scheduled Tasks' folder"2008-06-14 14:22:49 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Krystian.job"- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-06-20 17:56:07Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... C:\WINDOWS\system32\pnmnhbjp.ini 294 bytesscan completed successfullyhidden files: 1**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\explorer.exe-> C:\WINDOWS\system32\pjbhnmnp.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\ehome\ehrecvr.exeC:\WINDOWS\ehome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\ehome\ehmsas.exeC:\WINDOWS\system32\rundll32.exe.**************************************************************************.Completion time: 2008-06-20 17:57:38 - machine was rebootedComboFix-quarantined-files.txt  2008-06-20 15:57:31ComboFix2.txt  2008-06-20 14:56:08Pre-Run: 28,275,871,744 bytes freePost-Run: 28,261,150,720 bytes free268	--- E O F ---	2008-06-20 05:06:54

  • 0

#6 ordynat

ordynat

    Zaawansowany użytkownik

  • 804 postów

Napisano 21 06 2008 - 16:41

Wklej do Notatnika:
File::
C:\WINDOWS\system32\pjbhnmnp.dll
C:\WINDOWS\system32\pnmnhbjp.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUmNFxv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6ca9aad1"=-
>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
--> Dołączona grafika
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.

ordynat

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·