proszę o sprawdzenie loga

[kuszczak]

Mam jakiegoś trojana który instaluje sie od nowa i ani avast ani kasperski nie radzi sobie z nim.

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 07:35:58, on 2007-06-08
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programy\Winamp\Winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Programy\eMule\emule.exe
D:\Programy\D-Link\AirPlus.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programy\Firefox\firefox.exe
D:\Pobieralnia\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Programy\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Programy\FlashGet\getflash.dll
O4 - HKLM\..\Run: [WinampAgent] "D:\Programy\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Programy\eMule\emule.exe -AutoStart
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Office XP\Office10\OSA.EXE
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:\Programy\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:\Programy\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programy\OFFICE~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Programy\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{67F1835E-5ACE-4342-BB19-4B04A4935200}: NameServer = 10.129.125.1,194.204.159.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll



[ Dodano: Dzisiaj o 7:04 ]

Kod: Zaznacz wszystko

"Maciek" - 2007-06-08  7:39:21    Dodatek Service Pack 2  NTFS 
ComboFix 07-06-3B - Running from: "D:\Pobieralnia\"


(((((((((((((((((((((((((   Files Created from 2007-05-08 to 2007-06-08  )))))))))))))))))))))))))))))))


2007-06-08 07:21   49,152   --a------   C:\WINDOWS\nircmd.exe
2007-06-08 03:13   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\DANEAP~1\WinRAR
2007-06-08 03:08   524,288   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-08 03:08   <DIR>   dr-h-----   C:\DOCUME~1\ADMINI~1\Dane aplikacji
2007-06-08 03:08   <DIR>   dr-------   C:\DOCUME~1\ADMINI~1\Menu Start
2007-06-08 03:08   <DIR>   d--h-----   C:\DOCUME~1\ADMINI~1\Ustawienia lokalne
2007-06-08 03:08   <DIR>   d--h-----   C:\DOCUME~1\ADMINI~1\Szablony
2007-06-08 03:08   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Ulubione
2007-06-08 03:08   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Pulpit
2007-06-08 03:08   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\Moje dokumenty
2007-06-07 10:00   <DIR>   d---s----   C:\DOCUME~1\Maciek\UserData
2007-06-01 09:40   <DIR>   d--------   C:\DOCUME~1\Maciek\DANEAP~1\ABBYY
2007-05-31 22:52   44,546   --a------   C:\WINDOWS\Sbuninst.exe
2007-05-31 20:36   1,311,335   --a------   C:\WINDOWS\system32\aquarium.scr
2007-05-25 13:49   <DIR>   d--------   C:\Program Files\SkanerOnline
2007-05-21 20:04   17,608   --a------   C:\DOCUME~1\Maciek\DANEAP~1\GDIPFONTCACHEV1.DAT
2007-05-18 17:09   <DIR>   d--------   C:\Program Files\directx


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-08 05:28:48   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-05-04 21:45:36   --------   d-----w   C:\DOCUME~1\Maciek\DANEAP~1\Google
2007-05-02 15:08:55   803   ----a-w   C:\WINDOWS\eReg.dat
2007-05-02 15:07:15   12,464   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-01 15:40:52   --------   d-----w   C:\DOCUME~1\Maciek\DANEAP~1\Help
2007-04-30 20:11:30   --------   d-----w   C:\Program Files\Realtek
2007-04-30 19:44:22   658   ----a-w   C:\WINDOWS\mozver.dat
2007-04-29 20:01:51   682,232   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2007-04-29 17:35:48   --------   d-----w   C:\DOCUME~1\Maciek\DANEAP~1\Sports Interactive
2007-04-27 15:40:58   --------   d-----w   C:\Program Files\Common Files\Ahead
2007-04-26 13:06:43   --------   d-----w   C:\DOCUME~1\Maciek\DANEAP~1\FlashGet
2007-04-26 13:03:04   2,560   ----a-w   C:\WINDOWS\_MSRSTRT.EXE
2007-04-25 21:41:55   --------   d-----w   C:\DOCUME~1\Maciek\DANEAP~1\Real
2007-04-25 20:53:19   --------   d-----w   C:\DOCUME~1\Maciek\DANEAP~1\Lavasoft
2007-04-23 16:12:28   4,402,176   ----a-w   C:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-04-21 14:20:07   49,492   ----a-w   C:\WINDOWS\system32\perfc015.dat
2007-04-21 14:20:07   355,486   ----a-w   C:\WINDOWS\system32\perfh015.dat
2007-04-21 14:16:49   --------   d-----w   C:\Program Files\Microsoft ActiveSync
2007-04-21 14:12:32   --------   d-----w   C:\DOCUME~1\Maciek\DANEAP~1\WinRAR
2007-04-21 14:08:14   --------   d-----w   C:\Program Files\Messenger
2007-04-21 13:43:01   --------   d-----w   C:\Program Files\Common Files\Everstrike Software
2007-04-21 13:20:18   315,392   ----a-w   C:\WINDOWS\HideWin.exe
2007-04-21 13:20:16   --------   d-----w   C:\Program Files\Common Files\InstallShield
2007-04-21 13:12:45   --------   d-----w   C:\Program Files\Common Files\ODBC
2007-04-21 13:12:43   --------   d-----w   C:\Program Files\Common Files\SpeechEngines
2007-04-21 12:56:17   --------   d--h--w   C:\Program Files\WindowsUpdate
2007-04-21 12:55:47   0   ----a-w   C:\WINDOWS\nsreg.dat
2007-04-21 12:38:23   --------   d-----w   C:\Program Files\Movie Maker
2007-04-21 12:36:43   --------   d-----w   C:\Program Files\Windows NT
2007-04-21 12:21:26   --------   d-----w   C:\Program Files\microsoft frontpage
2007-04-21 12:21:05   0   --sha-r   C:\MSDOS.SYS
2007-04-21 12:21:05   0   --sha-r   C:\IO.SYS
2007-04-21 12:21:05   0   ----a-w   C:\CONFIG.SYS
2007-04-21 12:21:05   0   ----a-w   C:\AUTOEXEC.BAT
2007-04-21 12:20:02   --------   d-----w   C:\Program Files\Usługi online
2007-04-21 12:19:03   --------   d-----w   C:\Program Files\Common Files\MSSoap
2007-04-21 12:18:36   21,856   ----a-w   C:\WINDOWS\system32\emptyregdb.dat
2007-04-21 12:18:06   --------   d-----w   C:\Program Files\MSN Gaming Zone
2007-04-18 16:14:32   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-04-18 11:21:16   393,216   ----a-w   C:\WINDOWS\system32\igxpun.exe
2007-04-13 13:36:14   1,822,720   ----a-w   C:\WINDOWS\SkyTel.exe
2007-04-12 15:33:10   16,132,608   ----a-w   C:\WINDOWS\RTHDCPL.exe
2007-03-30 13:12:06   204,800   ----a-w   C:\WINDOWS\system32\igfxCoIn_v4814.dll
2007-03-30 12:34:44   2,556,928   ----a-w   C:\WINDOWS\system32\igxpdx32.dll
2007-03-30 12:33:56   57,344   ----a-w   C:\WINDOWS\system32\igxprd32.dll
2007-03-30 12:33:50   149,504   ----a-w   C:\WINDOWS\system32\igxpgd32.dll
2007-03-30 12:33:36   1,612,992   ----a-w   C:\WINDOWS\system32\igxpdv32.dll
2007-03-30 11:33:06   450,560   ----a-w   C:\WINDOWS\system32\igldev32.dll
2007-03-30 11:31:28   2,334,720   ----a-w   C:\WINDOWS\system32\iglicd32.dll
2007-03-30 11:08:36   180,224   ----a-w   C:\WINDOWS\system32\igfxres.dll
2007-03-30 11:01:10   528,384   ----a-w   C:\WINDOWS\system32\igfxcfg.exe
2007-03-30 11:00:16   155,648   ----a-w   C:\WINDOWS\system32\hkcmd.exe
2007-03-30 11:00:02   131,072   ----a-w   C:\WINDOWS\system32\igfxtray.exe
2007-03-30 10:59:44   200,704   ----a-w   C:\WINDOWS\system32\igfxpph.dll
2007-03-30 10:59:36   24,576   ----a-w   C:\WINDOWS\system32\igfxexps.dll
2007-03-30 10:59:36   135,168   ----a-w   C:\WINDOWS\system32\igfxdo.dll
2007-03-30 10:59:36   131,072   ----a-w   C:\WINDOWS\system32\igfxpers.exe
2007-03-30 10:59:34   159,744   ----a-w   C:\WINDOWS\system32\igfxext.exe
2007-03-30 10:59:28   47,616   ----a-w   C:\WINDOWS\system32\igfxsrvc.dll
2007-03-30 10:59:26   245,760   ----a-w   C:\WINDOWS\system32\igfxsrvc.exe
2007-03-30 10:59:20   163,840   ----a-w   C:\WINDOWS\system32\igfxzoom.exe
2007-03-30 10:59:08   102,400   ----a-w   C:\WINDOWS\system32\hccutils.dll
2007-03-30 10:59:06   204,800   ----a-w   C:\WINDOWS\system32\igfxdev.dll
2007-03-30 10:58:56   3,293,184   ----a-w   C:\WINDOWS\system32\igfxress.dll
2007-03-23 17:19:10   9,715,200   ----a-w   C:\WINDOWS\RTLCPL.exe
2007-03-21 18:54:16   77,312   ----a-w   C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-21 18:54:16   69,632   ----a-w   C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-21 18:54:16   48,560   ----a-w   C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-17 13:45:36   293,376   ----a-w   C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:47   579,072   ----a-w   C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47   40,960   ----a-w   C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47   281,600   ----a-w   C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33   1,843,840   ----a-w   C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=D:\Programy\FlashGet\jccatch.dll [2007-04-13 10:34]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{F156768E-81EF-470C-9057-481BA8380DBA}=D:\Programy\FlashGet\getflash.dll [2007-04-13 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LFAgent"="" []
"WinampAgent"="D:\Programy\Winamp\Winampa.exe" [2003-04-02 04:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 17:33 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-02-14 20:45]
"eMuleAutoStart"="D:\Programy\eMule\emule.exe" [2007-05-13 16:57]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 07:39:49
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-08  7:40:03
C:\ComboFix-quarantined-files.txt ... 2007-06-08 07:40
C:\ComboFix2.txt ... 2007-06-08 07:21

   --- E O F ---


[wojtas]

log z hijacka jest uciety pokaz screena jak avast Ci pokazuje alert i trojanie