Win32/trojanProxy.Dlena trojan

[Tykis]

Witam wszystkich. mam problem trojanem podanym w temacie. co chwile nod32 wykrywa mi zarazenie jakiegos pliku w folderze system32:

Czas Moduł Obiekt Nazwa Wirus Czynność Użytkownik Informacje
2007-03-06 17:55:44 AMON zbiór C:WINDOWSsystem3255368902ld.exe odmiana Win32/TrojanProxy.Dlena trojan Kwarantanna - usunięty ZARZĄDZANIE NTSYSTEM Zdarzenie miało miejsce podczas próby tworzenia nowego zbioru przez program: C:WINDOWSsystem32svchost.exe. Zbiór został przeniesiony do kwarantanny.
2007-03-06 17:35:41 AMON zbiór C:WINDOWSsystem3235184842ld.exe odmiana Win32/TrojanProxy.Dlena trojan Kwarantanna - usunięty ZARZĄDZANIE NTSYSTEM Zdarzenie miało miejsce podczas próby tworzenia nowego zbioru przez program: C:WINDOWSsystem32svchost.exe. Zbiór został przeniesiony do kwarantanny.
2007-03-06 17:15:18 AMON zbiór C:WINDOWSsystem3214592032ld.exe odmiana Win32/TrojanProxy.Dlena trojan Kwarantanna - usunięty ZARZĄDZANIE NTSYSTEM Zdarzenie miało miejsce podczas próby tworzenia nowego zbioru przez program: C:WINDOWSsystem32svchost.exe. Zbiór został przeniesiony do kwarantanny.
2007-03-06 16:45:46 AMON zbiór C:WINDOWSsystem324202812ld.exe odmiana Win32/TrojanProxy.Dlena trojan Kwarantanna - usunięty ZARZĄDZANIE NTSYSTEM Zdarzenie miało miejsce podczas próby tworzenia nowego zbioru przez program: C:WINDOWSsystem32svchost.exe. Zbiór został przeniesiony do kwarantanny.
2007-03-06 14:42:42 AMON zbiór C:WINDOWSsystem3242376092ld.exe odmiana Win32/TrojanProxy.Dlena trojan Kwarantanna - usunięty ZARZĄDZANIE NTSYSTEM Zdarzenie miało miejsce podczas próby tworzenia nowego zbioru przez program: C:WINDOWSsystem32svchost.exe. Zbiór został przeniesiony do kwarantanny.
2007-03-06 14:32:23 AMON zbiór C:WINDOWSsystem3232189062ld.exe odmiana Win32/TrojanProxy.Dlena trojan Kwarantanna - usunięty ZARZĄDZANIE NTSYSTEM Zdarzenie miało miejsce podczas próby tworzenia nowego zbioru przez program: C:WINDOWSsystem32svchost.exe. Zbiór został przeniesiony do kwarantanny.
2007-03-06 14:22:07 AMON zbiór C:WINDOWSsystem322207182ld.exe odmiana Win32/TrojanProxy.Dlena trojan Kwarantanna - usunięty ZARZĄDZANIE NTSYSTEM Zdarzenie miało miejsce podczas próby tworzenia nowego zbioru przez program: C:WINDOWSsystem32svchost.exe. Zbiór został przeniesiony do kwarantanny.
z tego co wiem to ten proces svchost.exe jest waznym procesem systemowym. poza tym chyba z innego powodu wywala mi neta(po prostu znika okno) gdy wychodze na strone typu konto bankowe, konto w orane-tam gdzie podaje hasla.problem jest gdy robie to za pomoca internet explorer, opery zas nie wywala byc moze to przez programy ktoych ostanio zaczalem uzywac: zonealarm i nod32. Wiem ktos moze jak to naprawic? no i prosze o pomoc w sprawie trojana. oto log z gmera:

---- System - GMER 1.0.12 ----

SSDT a347bus.sys ZwClose
SSDT SystemRootSystem32vsdatant.sys ZwConnectPort
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT SystemRootSystem32vsdatant.sys ZwDeleteKey
SSDT SystemRootSystem32vsdatant.sys ZwDeleteValueKey
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT SystemRootSystem32vsdatant.sys ZwLoadKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT SystemRootSystem32vsdatant.sys ZwOpenProcess
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT SystemRootSystem32vsdatant.sys ZwReplaceKey
SSDT SystemRootSystem32vsdatant.sys ZwRestoreKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT SystemRootSystem32vsdatant.sys ZwSetValueKey

---- User code sections - GMER 1.0.12 ----

.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00C7288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 00C7270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00C72808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 00C72769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00C7279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 00C726DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 00C7273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00C7226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] WS2_32.dll!send 71A5428A 5 Bytes JMP 00C7231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00C72548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00C723BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00C72451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe[300] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00C72640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00A5288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 00A5270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00A52808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 00A52769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00A5279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 00A526DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 00A5273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00A5226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] WS2_32.dll!send 71A5428A 5 Bytes JMP 00A5231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00A52548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00A523BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00A52451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[408] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00A52640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00AA288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 00AA270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00AA2808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 00AA2769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00AA279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 00AA26DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 00AA273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00AA226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] WS2_32.dll!send 71A5428A 5 Bytes JMP 00AA231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00AA2548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00AA23BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00AA2451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32rundll32.exe[480] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00AA2640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 1000288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 1000270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 10002808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 10002769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 1000279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 100026DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 1000273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] WS2_32.dll!connect 71A5406A 5 Bytes JMP 1000226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] WS2_32.dll!send 71A5428A 5 Bytes JMP 1000231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 10002548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] WS2_32.dll!recv 71A5615A 5 Bytes JMP 100023BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 10002451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32kui.exe[632] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 10002640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 1000288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 1000270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 10002808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 10002769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 1000279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 100026DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 1000273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] WS2_32.dll!connect 71A5406A 5 Bytes JMP 1000226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] WS2_32.dll!send 71A5428A 5 Bytes JMP 1000231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 10002548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] WS2_32.dll!recv 71A5615A 5 Bytes JMP 100023BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 10002451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32ctfmon.exe[676] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 10002640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 023D288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 023D270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 023D2808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 023D2769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 023D279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 023D26DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 023D273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] WS2_32.dll!connect 71A5406A 5 Bytes JMP 023D226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] WS2_32.dll!send 71A5428A 5 Bytes JMP 023D231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 023D2548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] WS2_32.dll!recv 71A5615A 5 Bytes JMP 023D23BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 023D2451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe[720] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 023D2640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] ADVAPI32.dll!CryptDestroyKey 77DDA544 3 Bytes JMP 00E6288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] ADVAPI32.dll!CryptDestroyKey + 4 77DDA548 3 Bytes [ 89, CC, CC ]
.text C:WINDOWSsystem32svchost.exe[1836] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 00E6270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00E62808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 00E62769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00E6279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 00E626DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 00E6273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00E6226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] WS2_32.dll!send 71A5428A 5 Bytes JMP 00E6231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00E62548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00E623BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00E62451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32svchost.exe[1836] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00E62640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 1000288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 1000270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 10002808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 10002769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 1000279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 100026DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 1000273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] WS2_32.dll!connect 71A5406A 5 Bytes JMP 1000226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] WS2_32.dll!send 71A5428A 5 Bytes JMP 1000231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 10002548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] WS2_32.dll!recv 71A5615A 5 Bytes JMP 100023BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 10002451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text Crogram FilesESETnod32krn.exe[1864] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 10002640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 1000288E crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] ADVAPI32.dll!CryptDeriveKey 77DDA685 7 Bytes JMP 1000270C crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 10002808 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] ADVAPI32.dll!CryptImportKey 77DDA879 7 Bytes JMP 10002769 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 1000279D crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] ADVAPI32.dll!CryptGenKey 77E014B1 7 Bytes JMP 100026DC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] ADVAPI32.dll!CryptGetUserKey 77E01789 7 Bytes JMP 1000273F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] WS2_32.dll!connect 71A5406A 5 Bytes JMP 1000226A crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] WS2_32.dll!send 71A5428A 5 Bytes JMP 1000231F crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 10002548 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] WS2_32.dll!recv 71A5615A 5 Bytes JMP 100023BC crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 10002451 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
.text C:WINDOWSsystem32wscntfy.exe[3760] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 10002640 crogram filescommon filesmicrosoft sharedweb foldersibm00002.dll
A to z Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 18:10:05, on 2007-03-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32svchost.exe
Crogram FilesEsetnod32krn.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:WINDOWSsystem32RunDll32.exe
Crogram FilesEsetnod32kui.exe
Crogram FilesZoneAlarmzlclient.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe
Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe
C:WINDOWSsystem32wscntfy.exe
Crogram FilesGadu-Gadugg.exe
Crogram FilesMicrosoft OfficeOffice10WINWORD.EXE
Crogram FilesOperaOpera.exe
Crogram FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32wuauclt.exe
Cocuments and SettingsTykisPulpitkill em all - Johnny RambohijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - CROGRA~1SkypePhoneIEPluginSKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - crogram filesgooglegoogletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - crogram filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Network Bridge] C:WINDOWSsystem32netadp.exe
O4 - HKLM..Run: [C-Media Speaker Configuration] Cocuments and SettingsTykisPulpitdrvSetup.exe /SPEAKER
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [nod32kui] "Crogram FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [Zone Labs Client] "Crogram FilesZoneAlarmzlclient.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "Crogram FilesCommon FilesAheadlibNMBgMonitor.exe"
O4 - HKCU..Run: [swg] Crogram FilesGoogleGoogleToolbarNotifier1.0.720.3640GoogleToolbarNotifier.exe
O4 - Global Startup: BlueSoleil.lnk = Crogram FilesIVT CorporationBlueSoleilBlueSoleil.exe
O4 - Global Startup: MA003DMN.LNK = Crogram FilesM-Audio Audiophile USBDmnma003dmn.exe
O4 - Global Startup: Microsoft Office.lnk = Crogram FilesMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://CROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - CROGRA~1SkypePhoneIEPluginSKYPEI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Crogram FilesMessengermsmsgs.exe (file missing)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.117.128.162/activex/AxisCamControl.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab
O17 - HKLMSystemCCSServicesTcpip..{503C1AC6-DC48-45B9-A530-C5C1A4C39EB9}: NameServer = 217.144.192.2,217.144.192.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: rpcc - C:WINDOWSsystem32rpcc.dll
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:WINDOWSSystem32urdvxc.exe" /service (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - Crogram FilesEsetnod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:WINDOWSsystem32ZoneLabsvsmon.exe

Czekam cierpliwie na odopowiedz

 

[fl3a]

O4 - HKLM..Run: [Network Bridge] C:WINDOWSsystem32netadp.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:WINDOWSSystem32urdvxc.exe" /service (file missing)
O20 - Winlogon Notify: rpcc - C:WINDOWSsystem32rpcc.dll[/b]

Te wpisy nalezy usunac w HJT oraz recznie usunac pliki za pomoca gmer'a:

gmer -del file C:WINDOWSsystem32netadp.exe
gmer -del file C:WINDOWSsystem32urdvxc.exe
gmer -del file C:WINDOWSsystem32rpcc.dll[/b]

Jesli w katalogu system32 znajduja sie jakies pliki o losowych nazwach podobnych do tych blokowanych przez nod'a - "55368902ld.exe" nalezy je skasowac w podobny sposob!

 

[Tykis]

Wielkie dzieki. Teraz jest gitara :faja: Usunalem te pliki w troche inny sposob niz za pomoca gmer'a (uruchamiajac system z dysku kumpla ktory mam podpiety) ale to juz nie wazne. Pa =]