TA STRONA UŻYWA COOKIE. Dowiedz się więcej o celu ich używania i zmianie ustawień cookie w przeglądarce. Korzystając ze strony wyrażasz zgodę na używanie cookie, zgodnie z aktualnymi ustawieniami przeglądarki.
Od dnia 25.05.2018 r. na terenie Unii Europejskiej wchodzi w życie Rozporządzenie Parlamentu Europejskiego w sprawie ochrony danych osobowych. Prosimy o zapoznanie się z polityką prywatności oraz regulaminem serwisu  [X]

jak usunąć virus darkmoon

Logi, zabezpieczenie komputera, danych. Programy antywirusowe antyspyware, firewall itp.
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Wyślij odpowiedź

jak usunąć virus darkmoon

Postprzez 124daniel » 26 Sty 2008, 08:49

PostUA:

Dzień dobry.Mam problem z virusem darkmoon,kaspersky nic nie wykrywa,ale spyware doctor zawsze po uruchomieniu komputera.Usuwam go spyware doctorem,ale to nic nie pomaga.Proszę o pomoc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:31:35, on 2008-01-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
C:\programy\Ad-adware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\programy\doctor spyware\Spyware Doctor\svcntaux.exe
C:\programy\doctor spyware\Spyware Doctor\swdsvc.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
C:\programy\doctor spyware\Spyware Doctor\SDTrayApp.exe
C:\programy\java\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\programy\cursor powre pack\CursorXP.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\programy\zegarynka\Zegarynka.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\programy\ObjectDock\ObjectDock\ObjectDock.exe
C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\programy\brio pack\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\programy\gadu-gadu\gg.exe
C:\programy\hijack\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\programy\java\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\programy\java\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SDTray] "C:\programy\doctor spyware\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [SkinClock] C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [CursorXP] C:\programy\cursor powre pack\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Zegarynka] C:\programy\zegarynka\Zegarynka.exe
O4 - HKCU\..\Run: [RocketDock] "C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\programy\daemon\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\programy\ObjectDock\ObjectDock\ObjectDock.exe
O4 - Startup: UberIcon.lnk = C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\programy\brio pack\Vista Inspirat 2\YzShadow\YzShadow.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\programy\java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\programy\java\bin\ssv.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6780472968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0930063656
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\programy\Ad-adware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\programy\doctor spyware\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\programy\doctor spyware\Spyware Doctor\swdsvc.exe

--
End of file - 6434 bytes


"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SkinClock" = "C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe" [null data]
"CursorXP" = "C:\programy\cursor powre pack\CursorXP.exe" [" "]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
"Zegarynka" = "C:\programy\zegarynka\Zegarynka.exe" ["Marcin Dutkiewicz"]
"RocketDock" = ""C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe"" [null data]
"DAEMON Tools Pro Agent" = ""C:\programy\daemon\DAEMON Tools Pro\DTProAgent.exe"" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroFilterCheck" = "D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"SunJavaUpdateSched" = ""C:\programy\java\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SDTray" = ""C:\programy\doctor spyware\Spyware Doctor\SDTrayApp.exe"" ["PC Tools"]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]
"AVP" = ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\programy\java\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\shdocvw.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\programy\brio pack\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
-> {HKLM...CLSID} = "Statystyki ochrony WWW"
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "D:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\programy\brio pack\Vista Inspirat 2\iColorFolder\CMExt.dll" ["Revenger inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\programy\winrar\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\van Helsing\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Startup items in "van Helsing" & "All Users" startup folders:
-------------------------------------------------------------

D:\Documents and Settings\van Helsing\Menu Start\Programy\Autostart
"RocketDock" -> shortcut to: "C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe" [null data]
"Stardock ObjectDock" -> shortcut to: "C:\programy\ObjectDock\ObjectDock\ObjectDock.exe" ["Stardock"]
"UberIcon" -> shortcut to: "C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [null data]
"Y'z Shadow" -> shortcut to: "C:\programy\brio pack\Vista Inspirat 2\YzShadow\YzShadow.exe" ["Y'z@Home"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\programy\java\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\programy\java\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki ochrony WWW"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\programy\Ad-adware 2007\aawservice.exe"" ["Lavasoft"]
Kaspersky Anti-Virus 6.0, AVP, ""D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]
NMIndexingService, NMIndexingService, ""D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Auxiliary Service, sdAuxService, "C:\programy\doctor spyware\Spyware Doctor\svcntaux.exe" ["PC Tools"]
PC Tools Security Service, sdCoreService, "C:\programy\doctor spyware\Spyware Doctor\swdsvc.exe" ["PC Tools"]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 51 seconds, including 9 seconds for message boxes)


ComboFix 07-07-30.2 - "van Helsing" 2008-01-26 7:35:11.1 [GMT 1:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.Prawda
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))


2008-01-26 07:32 51,200 --a------ D:\WINDOWS\nircmd.exe
2008-01-24 14:01 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\winamp
2008-01-23 08:36 <DIR> d-------- D:\Program Files\Microsoft Silverlight
2008-01-22 01:50 271,224 --a------ D:\WINDOWS\system32\mucltui.dll
2008-01-21 15:30 <DIR> d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Systweak
2008-01-20 10:02 91,492 --a------ D:\WINDOWS\system32\drivers\klin.dat
2008-01-20 10:02 85,860 --a------ D:\WINDOWS\system32\drivers\klick.dat
2008-01-20 10:02 172,576 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-20 10:02 16,671,008 --ahs---- D:\WINDOWS\system32\drivers\fidbox.dat
2008-01-20 10:02 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab
2008-01-16 17:34 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\DANEAP~1\Office Genuine Advantage
2008-01-06 19:03 <DIR> d-------- D:\Program Files\directx
2008-01-03 19:18 <DIR> d-------- D:\Program Files\SystemRequirementsLab
2008-01-03 19:18 <DIR> d-------- D:\DOCUME~1\VANHEL~1\SystemRequirementsLab
2008-01-03 18:53 43,520 --a------ D:\WINDOWS\system32\CmdLineExt03.dll
2008-01-03 18:22 <DIR> d-------- D:\WINDOWS\Ubisoft
2007-12-30 15:10 356,352 --a------ D:\WINDOWS\system32\NVUNINST.EXE
2007-12-30 15:10 356,352 --a------ D:\WINDOWS\system32\nvudisp.exe
2007-12-30 15:10 <DIR> d-------- D:\WINDOWS\nview


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-01-26 07:08 --------- d-------- D:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-25 21:08 237440 --ahs---- D:\WINDOWS\system32\drivers\fidbox.idx
2008-01-25 21:08 20636 --ahs---- D:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-20 06:47 12632 --a------ D:\WINDOWS\system32\lsdelete.exe
2008-01-19 15:09 --------- d-------- D:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 18:57 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-12-24 09:01 --------- dr-h----- D:\DOCUME~1\VANHEL~1\DANEAP~1\SecuROM
2007-12-24 09:00 108144 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2007-12-22 06:21 --------- d-------- D:\Program Files\DFX
2007-12-20 19:07 89166 --a------ D:\WINDOWS\system32\perfc015.dat
2007-12-20 19:07 500826 --a------ D:\WINDOWS\system32\perfh015.dat
2007-12-20 19:06 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\PC Tools
2007-12-17 08:25 --------- d-------- D:\Program Files\VID_0E8F&PID_0012
2007-12-17 04:40 --------- d-------- D:\Program Files\Common Files\Stardock
2007-12-14 04:11 --------- d-------- D:\Program Files\VIA
2007-12-14 03:50 --------- d-------- D:\Program Files\Realtek
2007-12-11 12:37 --------- d-------- D:\Program Files\Kaspersky Lab
2007-12-08 15:45 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\Ahead
2007-12-08 14:26 278984 --a------ D:\WINDOWS\system32\drivers\atksgt.sys
2007-12-08 14:26 25416 --a------ D:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-05 17:30 4632576 --a------ D:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-12-05 14:40 1478 --a------ D:\WINDOWS\mozver.dat
2007-12-05 08:27 --------- d-------- D:\Program Files\MSXML 4.0
2007-12-05 06:33 --------- d-------- D:\DOCUME~1\VANHEL~1\DANEAP~1\vlc
2007-12-05 01:41 8523776 --a------ D:\WINDOWS\system32\nvcpl.dll
2007-12-05 01:41 81920 --a------ D:\WINDOWS\system32\nvwddi.dll
2007-12-05 01:41 81920 --a------ D:\WINDOWS\system32\nvmctray.dll
2007-12-05 01:41 753664 --a------ D:\WINDOWS\system32\nvcplui.exe
2007-12-05 01:41 7435392 --a------ D:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 01:41 6901760 --a------ D:\WINDOWS\system32\nvoglnt.dll
2007-12-05 01:41 6549504 --a------ D:\WINDOWS\system32\nvdisps.dll
2007-12-05 01:41 5773568 --a------ D:\WINDOWS\system32\nv4_disp.dll
2007-12-05 01:41 5611520 --a------ D:\WINDOWS\system32\nvdispsr.dll
2007-12-05 01:41 466944 --a------ D:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41 458752 --a------ D:\WINDOWS\system32\nvmccssr.dll
2007-12-05 01:41 45056 --a------ D:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 01:41 442368 --a------ D:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41 425984 --a------ D:\WINDOWS\system32\keystone.exe
2007-12-05 01:41 385024 --a------ D:\WINDOWS\system32\nvapi.dll
2007-12-05 01:41 3715072 --a------ D:\WINDOWS\system32\nvvitvsr.dll
2007-12-05 01:41 3710976 --a------ D:\WINDOWS\system32\nvvitvs.dll
2007-12-05 01:41 35328 --a------ D:\WINDOWS\system32\nvcodins.dll
2007-12-05 01:41 35328 --a------ D:\WINDOWS\system32\nvcod.dll
2007-12-05 01:41 3420160 --a------ D:\WINDOWS\system32\nvgames.dll
2007-12-05 01:41 335872 --a------ D:\WINDOWS\system32\nvwrses.dll
2007-12-05 01:41 335872 --a------ D:\WINDOWS\system32\nvwrsel.dll
2007-12-05 01:41 3334144 --a------ D:\WINDOWS\system32\nvgamesr.dll
2007-12-05 01:41 327680 --a------ D:\WINDOWS\system32\nvwrsfr.dll
2007-12-05 01:41 327680 --a------ D:\WINDOWS\system32\nvwrsesm.dll
2007-12-05 01:41 327680 --a------ D:\WINDOWS\system32\nvrshe.dll
2007-12-05 01:41 327680 --a------ D:\WINDOWS\system32\nvrsar.dll
2007-12-05 01:41 323584 --a------ D:\WINDOWS\system32\nvwrspt.dll
2007-12-05 01:41 323584 --a------ D:\WINDOWS\system32\nvwrsit.dll
2007-12-05 01:41 319488 --a------ D:\WINDOWS\system32\nvwrsptb.dll
2007-12-05 01:41 319488 --a------ D:\WINDOWS\system32\nvwrsnl.dll
2007-12-05 01:41 315392 --a------ D:\WINDOWS\system32\nvwrsru.dll
2007-12-05 01:41 315392 --a------ D:\WINDOWS\system32\nvwrshu.dll
2007-12-05 01:41 311296 --a------ D:\WINDOWS\system32\nvwrsde.dll
2007-12-05 01:41 307200 --a------ D:\WINDOWS\system32\nvexpbar.dll
2007-12-05 01:41 303104 --a------ D:\WINDOWS\system32\nvwrstr.dll
2007-12-05 01:41 303104 --a------ D:\WINDOWS\system32\nvwrssl.dll
2007-12-05 01:41 303104 --a------ D:\WINDOWS\system32\nvwrsfi.dll
2007-12-05 01:41 299008 --a------ D:\WINDOWS\system32\nvwrssk.dll
2007-12-05 01:41 299008 --a------ D:\WINDOWS\system32\nvwrsno.dll
2007-12-05 01:41 294912 --a------ D:\WINDOWS\system32\nvwrssv.dll
2007-12-05 01:41 294912 --a------ D:\WINDOWS\system32\nvwrspl.dll
2007-12-05 01:41 294912 --a------ D:\WINDOWS\system32\nvwrsda.dll
2007-12-05 01:41 290816 --a------ D:\WINDOWS\system32\nvwrsth.dll
2007-12-05 01:41 286720 --a------ D:\WINDOWS\system32\nvwrseng.dll
2007-12-05 01:41 286720 --a------ D:\WINDOWS\system32\nvwrscs.dll
2007-12-05 01:41 286720 --a------ D:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 01:41 2854912 --a------ D:\WINDOWS\system32\nvmoblsr.dll
2007-12-05 01:41 282624 --a------ D:\WINDOWS\system32\nvwrsar.dll
2007-12-05 01:41 282624 --a------ D:\WINDOWS\system32\nvrsfr.dll
2007-12-05 01:41 282624 --a------ D:\WINDOWS\system32\nvrses.dll
2007-12-05 01:41 282624 --a------ D:\WINDOWS\system32\nvrsel.dll
2007-12-05 01:41 278528 --a------ D:\WINDOWS\system32\nvwrshe.dll
2007-12-05 01:41 278528 --a------ D:\WINDOWS\system32\nvrsit.dll
2007-12-05 01:41 278528 --a------ D:\WINDOWS\system32\nvrsde.dll
2007-12-05 01:41 274432 --a------ D:\WINDOWS\system32\nvrspt.dll
2007-12-05 01:41 274432 --a------ D:\WINDOWS\system32\nvrsnl.dll
2007-12-05 01:41 274432 --a------ D:\WINDOWS\system32\nvrsesm.dll
2007-12-05 01:41 270336 --a------ D:\WINDOWS\system32\nvrsru.dll
2007-12-05 01:41 266240 --a------ D:\WINDOWS\system32\nvrsptb.dll
2007-12-05 01:41 266240 --a------ D:\WINDOWS\system32\nvrsja.dll
2007-12-05 01:41 258048 --a------ D:\WINDOWS\system32\nvrstr.dll
2007-12-05 01:41 258048 --a------ D:\WINDOWS\system32\nvrssl.dll
2007-12-05 01:41 258048 --a------ D:\WINDOWS\system32\nvrssk.dll
2007-12-05 01:41 258048 --a------ D:\WINDOWS\system32\nvrsko.dll
2007-12-05 01:41 258048 --a------ D:\WINDOWS\system32\nvrshu.dll
2007-12-05 01:41 253952 --a------ D:\WINDOWS\system32\nvrsth.dll
2007-12-05 01:41 253952 --a------ D:\WINDOWS\system32\nvrssv.dll
2007-12-05 01:41 253952 --a------ D:\WINDOWS\system32\nvrspl.dll
2007-12-05 01:41 253952 --a------ D:\WINDOWS\system32\nvrsno.dll
2007-12-05 01:41 253952 --a------ D:\WINDOWS\system32\nvrsda.dll
2007-12-05 01:41 2519040 --a------ D:\WINDOWS\system32\nvwssr.dll
2007-12-05 01:41 2498560 --a------ D:\WINDOWS\system32\nvwss.dll
2007-12-05 01:41 249856 --a------ D:\WINDOWS\system32\nvrsfi.dll
2007-12-05 01:41 249856 --a------ D:\WINDOWS\system32\nvrscs.dll
2007-12-05 01:41 245760 --a------ D:\WINDOWS\system32\nvrseng.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
"SunJavaUpdateSched"="C:\programy\java\bin\jusched.exe" [2007-09-25 01:11]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-30 18:42 D:\WINDOWS\RTHDCPL.exe]
"SDTray"="C:\programy\doctor spyware\Spyware Doctor\SDTrayApp.exe" [2007-08-14 17:02]
"nwiz"="nwiz.exe" [2007-12-05 01:41 D:\WINDOWS\system32\nwiz.exe]
"AVP"="D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\programy\clock\Atomic Alarm Clock\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-08-13 11:25]
"CursorXP"="C:\programy\cursor powre pack\CursorXP.exe" [2005-01-19 16:34]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"Zegarynka"="C:\programy\zegarynka\Zegarynka.exe" [2005-02-25 22:02]
"RocketDock"="C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05]
"DAEMON Tools Pro Agent"="C:\programy\daemon\DAEMON Tools Pro\DTProAgent.exe" []

D:\Documents and Settings\van Helsing\Menu Start\Programy\Autostart\
RocketDock.lnk - C:\programy\brio pack\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02]
Stardock ObjectDock.lnk - C:\programy\ObjectDock\ObjectDock\ObjectDock.exe [2007-12-04 15:05:25]
UberIcon.lnk - C:\programy\brio pack\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08]
Y'z Shadow.lnk - C:\programy\brio pack\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 08:43:14]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^van Helsing^Menu Start^Programy^Autostart^TransBar.lnk]
backup=D:\WINDOWS\pss\TransBar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Accelerator]
"C:\programy\naprawa rejestru\Professional Registry Doctor\rc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\programy\supera\SUPERAntiSpyware.exe

R0 IKFileSec;File Security Driver;D:\WINDOWS\system32\drivers\ikfilesec.sys
R0 viamraid;viamraid;D:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;D:\WINDOWS\system32\DRIVERS\videX32.sys
R1 AmdK8;Sterownik procesora AMD;D:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 IKSysFlt;System Filter Driver;D:\WINDOWS\system32\drivers\iksysflt.sys
R1 IKSysSec;System Security Driver;D:\WINDOWS\system32\drivers\iksyssec.sys
R1 PQNTDrv;PQNTDrv;D:\WINDOWS\system32\drivers\PQNTDrv.sys
R1 SASDIFSV;SASDIFSV;\??\C:\programy\supera\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\programy\supera\SASKUTIL.sys
R2 atksgt;atksgt;D:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 EIO;EIO;\??\D:\WINDOWS\system32\drivers\EIO.sys
R2 lirsgt;lirsgt;D:\WINDOWS\system32\DRIVERS\lirsgt.sys
R3 USB_RNDIS;Arris Remote NDIS Network Device Driver;D:\WINDOWS\system32\DRIVERS\usb8023.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
S3 SASENUM;SASENUM;\??\C:\programy\supera\SASENUM.SYS
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 07:36:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-01-26 7:37:20

--- E O F ---
Awatar użytkownika
124daniel
Forumowicz
Forumowicz
 
Posty: 53
Dołączenie: 22 Lip 2007, 19:22
Góra

Postprzez pantik » 26 Sty 2008, 12:08

PostUA:

Backdoor.Win32.DarkMoon.bt

Uruchomiony, w folderze systemowym tworzy pliki expl0rer.exe oraz sp00lsv.exe a także plik logów win32log.dat.

By uruchamiać się z każdym startem systemu operacyjnego, w rejestrze tworzy wpis:

"explorer" = "expl0rer.exe"
w lokalizacji:
HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run


spróbuj w awaryjnyum przeskanowac dysk jakąś szczepionkę z instalek tam jest kilka potem f-secure albo nodem powinno pomóc



pomogłem daj plusika
asus p4p800-E
Pentium 4 2,53 Ghz
1,5 Gb ram
GeForce FX 5200 128 mb
gg: 11000111011110000101110
Awatar użytkownika
pantik
Postujący
Postujący
 
Posty: 382
Dołączenie: 24 Kwi 2006, 17:34
Góra

Postprzez 124daniel » 26 Sty 2008, 13:54

PostUA:

Ogólnie niedobrze, w trybie awaryjnym zostało jeszcze wykryte"Trojan.NirCmd" i "Trojan-PWS.Tanspy".
Awatar użytkownika
124daniel
Forumowicz
Forumowicz
 
Posty: 53
Dołączenie: 22 Lip 2007, 19:22
Góra
Wyślij odpowiedź

Powróć do Bezpieczeństwo

Kto jest na forum

Zarejestrowani użytkownicy: Bing [Bot]

Switch to mobile style
Technologię dostarcza phpBB® Forum Software © phpBB Group
Profesjonalne polskie tłumaczenie phpBB3
Korzystanie z forum oznacza akceptację polityki prywatności
cron