[ Príspevkov: 49 ] 1, 2
AutorSpráva
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6

Prosím niekoho, pomôžte mi.Už mesiac sa trápim s AVG FREE verziou, no bez výsledkov. :( .Stará známa pesnička, pre vyliečenie potrebuje reštart no potom sa nič nedeje.Sem tam sa ohlási, zase chce reštart a potom zase nič.Už ho viem aj vyprovokovať, keď stlačím F3 - ku tak sa hneď hlási: " Threat Detected". Čo mám robiť?

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:26:01, on 28.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Perfect Keylogger Lite\bpk.exe
C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
E:\Peti\Antivir\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30E11142-03DC-4BD3-9C28-3055FEB72A8C} - C:\WINDOWS\System32\d3di.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC4A8086-CAF3-49D0-A168-54B9F35062EE} - C:\WINDOWS\System32\d3di.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CleverCrypt] C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe /boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BPK] C:\Program Files\Perfect Keylogger Lite\bpk.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winppl32 - C:\WINDOWS\SYSTEM32\winppl32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 28.12.2007 10:03 | Infikovaný súbor D3DI.dll, pomoooc

fixni

O2 - BHO: (no name) - {30E11142-03DC-4BD3-9C28-3055FEB72A8C} - C:\WINDOWS\System32\d3di.dll
O20 - Winlogon Notify: winppl32 - C:\WINDOWS\SYSTEM32\winppl32.dll


Ak si si neinstaloval program Perfect Keylogger, tak si ho odinstaluj

restart a novy log


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 11:53 | Infikovaný súbor D3DI.dll, pomoooc

Neviem či som to mal robiť v SAFE MODE, alebo nie, robím to 1.time


Logfile of HijackThis v1.99.1
Scan saved at 11:44:19, on 28.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Perfect Keylogger Lite\bpk.exe
C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Peti\Antivir\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30E11142-03DC-4BD3-9C28-3055FEB72A8C} - C:\WINDOWS\System32\d3di.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC4A8086-CAF3-49D0-A168-54B9F35062EE} - C:\WINDOWS\System32\d3di.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CleverCrypt] C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe /boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BPK] C:\Program Files\Perfect Keylogger Lite\bpk.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winppl32 - C:\WINDOWS\SYSTEM32\winppl32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-----------------------------------------------------------------------

Ten Keylogger je moja práca, ale ak je nutné tak ho dám preč :oops:

Jaaj nerobil som to Safe MODE


Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 28.12.2007 12:00 | Infikovaný súbor D3DI.dll, pomoooc

mozes to robit v normalnom rezime

oznac si v hijackthis tieto polozky, a daj fixchecked

O2 - BHO: (no name) - {30E11142-03DC-4BD3-9C28-3055FEB72A8C} - C:\WINDOWS\System32\d3di.dll
O20 - Winlogon Notify: winppl32 - C:\WINDOWS\SYSTEM32\winppl32.dll

a potom sem hod novy log

PS: Pokial o tom keyloggery vies, tak nic, ale nikdy nevies ci to nema nejake zadne vratka ;)


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 12:08 | Infikovaný súbor D3DI.dll, pomoooc

Noo, pred chvíľkou som to robil výsledok si videl.Spraviť to znova?


Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 12:46 | Infikovaný súbor D3DI.dll, pomoooc

Trocha som sa nudil tak som stiahol novšiu ver. Hijackthis.Pohľadal som tie 2 položky dal som fix checked, restartoval a potom znovu otestoval. Tu je log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:41, on 28.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Perfect Keylogger Lite\bpk.exe
C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
E:\Peti\Antivir\hijackthis\HijackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC4A8086-CAF3-49D0-A168-54B9F35062EE} - C:\WINDOWS\System32\d3di.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CleverCrypt] C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe /boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BPK] C:\Program Files\Perfect Keylogger Lite\bpk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winppl32 - C:\WINDOWS\SYSTEM32\winppl32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7049 bytes

Mimochodom vďaka za pomoc.
:D


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 04.05.07
Prihlásený: 16.01.11
Príspevky: 192
Témy: 32 | 32
NapísalOffline : 28.12.2007 12:56 | Infikovaný súbor D3DI.dll, pomoooc

inak ak by sa ti to porestarte opakovalo aj po zmazani tak vypni obnovu systemu a zmaz to v safe mode.
inak by som ti namiesto avg free odporucil radsej aviru free a asi by si podobne problemy teraz nemal...


Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 28.12.2007 12:57 | Infikovaný súbor D3DI.dll, pomoooc

pozeram ze evidentne sa ti to odmieta odstranit, takze skusime iny sposob
stiahni si http://swandog46.geekstogo.com/avenger.exe , spusti a daj si Imput Script Manually a potom stlac lupu, do otvoreneho okna vloz tento kod

Kód:
Files to delete:
C:\WINDOWS\System32\d3di.dll
C:\WINDOWS\SYSTEM32\winppl32.dll


a stlac semafor, pocitac sa moze restartnut ;)


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 13:29 | Infikovaný súbor D3DI.dll, pomoooc

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\viabiulx

*******************

Script file located at: \??\C:\Program Files\nikfjwno.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\System32\d3di.dll for deletion
Deletion of file C:\WINDOWS\System32\d3di.dll failed!

Could not process line:
C:\WINDOWS\System32\d3di.dll
Status: 0xc0000022

File C:\WINDOWS\SYSTEM32\winppl32.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ten D3DI.DLL ešte stále :shit: . Čo ďalej? Nie je nebezpečné mazať tie dll súbory? :(


Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 28.12.2007 13:35 | Infikovaný súbor D3DI.dll, pomoooc

praveze tieto hej, lebo su nebezpecne, treba prist na to ako ho zlikvidovat, takto na dialku ma nic nenapada :(


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.03.07
Prihlásený: 28.07.16
Príspevky: 4153
Témy: 251 | 251
Bydlisko: Michalovce
NapísalOffline : 28.12.2007 13:50 | Infikovaný súbor D3DI.dll, pomoooc

Použi SmitFraudFix..
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Choď do núdzového režimu, spusti SFF, potvrď licensiu, a daj možnosť 2.!
Počítač môže byť reštartovaný...
Potom vlož log


_________________
PC1: Intel Core i5 4690k / MSI Z97 Gaming 3 / Kingston HyperX Fury 8GB DDR3 / MSI R9 380 Gaming 2GB / Crucial MX100 256GB SSD / Samsung EcoGreen F3 HD105SI 1TB SATA / CoolerMaster G450M / LG IPS235P

PC2: AMD Phenom II X4 955 / ASUS M5A97 PRO / Kingston 8GB Kit DDR3 / grafika RIP :( /

NTB: Lenovo IdeaPad Y580 - Intel Core i5 3210 / 15.6" 1080p / 8GB DDR3 / NVIDIA GeForce GTX660M 2GB / SSD 90GB Intel 525 mSATA / HDD 1TB 5400 RPM
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 04.05.07
Prihlásený: 16.01.11
Príspevky: 192
Témy: 32 | 32
NapísalOffline : 28.12.2007 14:12 | Infikovaný súbor D3DI.dll, pomoooc

ak to nepojde mozes vyskusat aj killbox

sprav to po vypnuti obnovovania systemu a v nudzovom rezime


Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 18:10 | Infikovaný súbor D3DI.dll, pomoooc

Sorry za výpadok, ale kadečo som musel vybaviť. Tak log zo Smitfraud:
SmitFraudFix v2.274

Scan done at 15:45:57,03, pi 28.12.2007
Run from E:\Peti\Antivir\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [Verzia 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Ten Avenger to zvládol len z polovice, ten d3di.dll je stale tam.
Killbox to tiež nevedel vymazať. Počítač bol SAFE MODE a s vypnutým obnovovaním systému.
Ti kokso, začínam byť :jaw:
Heelp!


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 04.05.07
Prihlásený: 16.01.11
Príspevky: 192
Témy: 32 | 32
NapísalOffline : 28.12.2007 18:26 | Infikovaný súbor D3DI.dll, pomoooc

skus este unlocker

http://ccollomb.free.fr/unlocker/unlocker1.8.5.exe


Offline

Čestný člen
Čestný člen
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 07.04.07
Prihlásený: 09.12.17
Príspevky: 4438
Témy: 82 | 82
Bydlisko: Rožňava
NapísalOffline : 28.12.2007 18:34 | Infikovaný súbor D3DI.dll, pomoooc

A čo tak použiť Combofix? :)
http://www.techsupportforum.com/sectool ... mboFix.exe

snad to zmaze.

Potom vlož novy log ;)


_________________
PC1: l CPU: AMD Phenom II X4 955BE C3 l MB: MSI 870A-G54 l RAM: 2x4GB A-DATA Gamers Series 1600 CL9 l VGA: SAPPHIRE R9 280X VAPOR-X l
HDD: SAMSUNG F3 1TB l DVD-RW: LG H22N l PSU: CORSAIR VX450W l MONITOR: LG LCD W2284F-PF l OS: WINDOWS7 HOME PREMIUM l
PC2: l CPU: AMD AthlonXP 2100+ 1733MHz (jadro Thoroughbred - B) socket A l MB: ASRock K7VT4A Pro l RAM: Apacer 1280MB 333MHz CL2.5 l
VGA: ASUS Nvidia N7600GS SILENT l HDD: Seagate 120GB ATA l CD-RW/DVD: LG H12 l PSU: Trust 370W l MONITOR: LG FLATRON L1919S l OS: XP SP3 SK l
NOTEBOOK: ASUS U36SG
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 18:38 | Infikovaný súbor D3DI.dll, pomoooc

Ten Combofix mám spúšťať v normálnom móde alebo SAFE?


Offline

Čestný člen
Čestný člen
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 07.04.07
Prihlásený: 09.12.17
Príspevky: 4438
Témy: 82 | 82
Bydlisko: Rožňava
NapísalOffline : 28.12.2007 18:48 | Infikovaný súbor D3DI.dll, pomoooc

v normalnom ;)


_________________
PC1: l CPU: AMD Phenom II X4 955BE C3 l MB: MSI 870A-G54 l RAM: 2x4GB A-DATA Gamers Series 1600 CL9 l VGA: SAPPHIRE R9 280X VAPOR-X l
HDD: SAMSUNG F3 1TB l DVD-RW: LG H22N l PSU: CORSAIR VX450W l MONITOR: LG LCD W2284F-PF l OS: WINDOWS7 HOME PREMIUM l
PC2: l CPU: AMD AthlonXP 2100+ 1733MHz (jadro Thoroughbred - B) socket A l MB: ASRock K7VT4A Pro l RAM: Apacer 1280MB 333MHz CL2.5 l
VGA: ASUS Nvidia N7600GS SILENT l HDD: Seagate 120GB ATA l CD-RW/DVD: LG H12 l PSU: Trust 370W l MONITOR: LG FLATRON L1919S l OS: XP SP3 SK l
NOTEBOOK: ASUS U36SG
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 24.03.07
Prihlásený: 28.07.16
Príspevky: 4153
Témy: 251 | 251
Bydlisko: Michalovce
NapísalOffline : 28.12.2007 19:01 | Infikovaný súbor D3DI.dll, pomoooc

tomino0123 píše:
v normalnom ;)


Ale vzhladom na problem by bolo dobre skusit aj v safe...
Btw akoze stale mas problem?


_________________
PC1: Intel Core i5 4690k / MSI Z97 Gaming 3 / Kingston HyperX Fury 8GB DDR3 / MSI R9 380 Gaming 2GB / Crucial MX100 256GB SSD / Samsung EcoGreen F3 HD105SI 1TB SATA / CoolerMaster G450M / LG IPS235P

PC2: AMD Phenom II X4 955 / ASUS M5A97 PRO / Kingston 8GB Kit DDR3 / grafika RIP :( /

NTB: Lenovo IdeaPad Y580 - Intel Core i5 3210 / 15.6" 1080p / 8GB DDR3 / NVIDIA GeForce GTX660M 2GB / SSD 90GB Intel 525 mSATA / HDD 1TB 5400 RPM
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 28.12.2007 19:08 | Infikovaný súbor D3DI.dll, pomoooc

MiNoR píše:
Btw akoze stale mas problem?

akoze ten pociatocny problem, co pisal aj v nadpise, subor d3di.dll stale pretrvava, ten subor je jako ebola, ani ta sa neda vyhubit :lol:


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 19:10 | Infikovaný súbor D3DI.dll, pomoooc

Ti kokso to je ako Tutanchamonov rodný list či čo:
ComboFix 07-12-21.4 - tibi 2007-12-28 18:53:23.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.88 [GMT 1:00]
Running from: C:\Documents and Settings\tibi.SZABO\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\tibi.SZABO\Application Data\inst.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-28 14:58 . 2007-12-28 15:46 3,016 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-28 01:42 . 2007-12-28 01:42 <DIR> d-------- C:\Program Files\VirusTotalUploader
2007-12-28 00:34 . 2007-12-28 00:34 <DIR> d-------- C:\Program Files\CCleaner
2007-12-27 00:39 . 2007-12-27 01:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\1Click DVD Copy
2007-12-26 21:24 . 2007-12-26 21:24 303 --a------ C:\WINDOWS\ST6UNST.000
2007-12-26 17:29 . 2007-12-28 00:44 <DIR> d-------- C:\Program Files\LG Software Innovations
2007-12-13 14:59 . 2007-12-13 14:59 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\vsosdk
2007-12-13 14:10 . 2007-12-27 01:00 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\1Click DVD Copy Pro
2007-12-13 14:08 . 2007-12-13 14:08 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-12-13 13:36 . 2007-12-13 13:38 <DIR> d-------- C:\Documents and Settings\tibi.SZABO\Application Data\dvdcss
2007-12-07 23:21 . 2007-12-11 00:35 <DIR> d-------- C:\WINDOWS\ULEAD.DAT
2007-12-07 23:21 . 2007-12-07 23:21 <DIR> d-------- C:\Program Files\iPhoto Plus 4
2007-12-07 23:21 . 1995-07-31 14:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-12-07 23:21 . 1996-03-16 01:00 39,936 --a------ C:\WINDOWS\system32\MFC40LOC.DLL
2007-12-07 23:21 . 1997-01-13 19:31 11,264 --a------ C:\WINDOWS\Ulead iPhoto Plus 4.SCR
2007-12-07 23:21 . 2007-12-20 17:02 869 --a------ C:\WINDOWS\Ulead32.ini
2007-12-07 23:18 . 2007-12-07 23:18 <DIR> d-------- C:\Documents and Settings\tibi.SZABO\WINDOWS
2007-12-07 23:17 . 2007-12-07 23:21 <DIR> d-------- C:\MSCAN
2007-12-04 20:28 . 2007-12-04 20:28 <DIR> d-------- C:\Program Files\xat.com JPEG Optimizer
2007-12-03 23:57 . 2007-12-03 23:57 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2007-12-03 23:56 . 2007-12-27 22:00 <DIR> d-------- C:\Documents and Settings\tibi.SZABO\Application Data\PrevxCSI
2007-12-02 22:59 . 2007-12-03 20:09 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-11-30 22:46 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-30 22:31 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-11-30 00:19 . 2007-11-30 00:19 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Tools
2007-11-29 23:25 . 2007-11-29 23:25 <DIR> d-------- C:\Documents and Settings\tibi.SZABO\Application Data\Grisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-27 15:13 --------- d-----w C:\Documents and Settings\tibi.SZABO\Application Data\Skype
2007-12-26 23:55 --------- d-----w C:\Documents and Settings\tibi.SZABO\Application Data\Vso
2007-12-26 20:35 --------- d-----w C:\Program Files\Create-Ringtone
2007-12-26 20:34 --------- d-----w C:\Documents and Settings\tibi.SZABO\Application Data\AVG7
2007-12-26 16:29 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-26 16:29 47,360 ----a-w C:\Documents and Settings\tibi.SZABO\Application Data\pcouffin.sys
2007-12-23 19:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-12-22 16:33 --------- d-----w C:\Program Files\Visual Pinball
2007-12-22 16:33 --------- d-----w C:\Program Files\NCH Swift Sound
2007-12-22 16:33 --------- d-----w C:\Documents and Settings\tibi.SZABO\Application Data\NCH Swift Sound
2007-12-22 16:32 --------- d-----w C:\Program Files\NCH Software
2007-12-22 16:30 --------- d-----w C:\Program Files\Fastream NETFile
2007-12-22 15:34 --------- d-----w C:\Program Files\Perfect Keylogger Lite
2007-12-20 14:09 --------- d-----w C:\Program Files\autoUSD
2007-12-19 20:13 32,944 ----a-w C:\Documents and Settings\tibi.SZABO\Application Data\GDIPFONTCACHEV1.DAT
2007-12-18 08:37 --------- d-----w C:\Program Files\E404 Helper
2007-12-13 12:18 81,920 ----a-w C:\Documents and Settings\tibi.SZABO\Application Data\ezpinst.exe
2007-12-13 10:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2007-11-30 21:33 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-11-29 22:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-25 10:46 19,200 ----a-w C:\WINDOWS\system32\drivers\xpnkgyxw.dat
2007-11-24 16:09 14,963,062 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_11_05_20_15_52_full.dmp.zip
2007-11-24 16:07 14,988,110 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_10_06_23_34_49_full.dmp.zip
2007-11-24 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 16:05 --------- d-----w C:\Program Files\Elaborate Bytes
2007-11-06 17:32 90,371 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_20_16_48_small.dmp.zip
2007-11-06 17:32 103,540 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_05_20_14_51_small.dmp.zip
2007-11-05 19:08 --------- d-----w C:\Documents and Settings\tibi.SZABO\Application Data\tor
2007-10-25 17:32 2,179,072 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-10-23 13:56 21 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\emopts.dat
2007-10-08 18:18 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-10-07 06:57 102,339 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_06_23_33_29_small.dmp.zip
2007-09-30 15:09 52 ----a-w C:\re2.sys
2007-05-06 10:15 87,608 ----a-w C:\Documents and Settings\tibi\Application Data\ezpinst.exe
2007-05-06 10:15 47,360 ----a-w C:\Documents and Settings\tibi\Application Data\pcouffin.sys
2007-05-04 16:27 19,552 ----a-w C:\Documents and Settings\tibi\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AC4A8086-CAF3-49D0-A168-54B9F35062EE}]
2001-08-23 12:00 83456 --a------ C:\WINDOWS\System32\d3di.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 03:41]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 13:30]
"BPK"="C:\Program Files\Perfect Keylogger Lite\bpk.exe" [2002-12-06 14:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-09-07 03:04]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-23 20:15]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-23 22:22]
"NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2006-01-12 14:40]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 12:26]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-04-23 18:57]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"CleverCrypt"="C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe" [2005-01-14 11:56]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2001-08-23 12:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 03:41]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]

C:\Documents and Settings\tibi.SZABO\Start Menu\Programs\Startup\
Watch.lnk - C:\WINDOWS\twain_32\A4S2600X\WATCH.exe [2007-12-07 23:17:52]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winppl32]
winppl32.dll

R0 htecoioi;htecoioi;C:\WINDOWS\System32\drivers\xpnkgyxw.dat []
R3 mgau;mgau;C:\WINDOWS\System32\DRIVERS\mgaum.sys [2001-08-17 13:50]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 01:35]
R3 SFC4;SFC4;C:\WINDOWS\System32\drivers\SFC4.sys [1998-08-14 16:44]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 19:02:39
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2800.1106]
-> C:\Program Files\Unlocker\UnlockerHook.dll
-> C:\Program Files\Perfect Keylogger Lite\bsdhooks.dll
.
Completion time: 2007-12-28 19:05:18 - machine was rebooted


Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 19:14 | Infikovaný súbor D3DI.dll, pomoooc

Posielam aj log z HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:11, on 28.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Perfect Keylogger Lite\bpk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
E:\Peti\Antivir\hijackthis\HijackThis(2).exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC4A8086-CAF3-49D0-A168-54B9F35062EE} - C:\WINDOWS\System32\d3di.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CleverCrypt] C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe /boot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BPK] C:\Program Files\Perfect Keylogger Lite\bpk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winppl32 - winppl32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6975 bytes
-------------------------------------------------------------------------------------

Nevyzerá to dobre! :(


Offline

Čestný člen
Čestný člen
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 07.04.07
Prihlásený: 09.12.17
Príspevky: 4438
Témy: 82 | 82
Bydlisko: Rožňava
NapísalOffline : 28.12.2007 19:17 | Infikovaný súbor D3DI.dll, pomoooc

Skus teraz fixnuť:
O2 - BHO: (no name) - {AC4A8086-CAF3-49D0-A168-54B9F35062EE} - C:\WINDOWS\System32\d3di.dll
O20 - Winlogon Notify: winppl32 - winppl32.dll (file missing)

A odinstaluj ten keylogger..nepači sa mi!


_________________
PC1: l CPU: AMD Phenom II X4 955BE C3 l MB: MSI 870A-G54 l RAM: 2x4GB A-DATA Gamers Series 1600 CL9 l VGA: SAPPHIRE R9 280X VAPOR-X l
HDD: SAMSUNG F3 1TB l DVD-RW: LG H22N l PSU: CORSAIR VX450W l MONITOR: LG LCD W2284F-PF l OS: WINDOWS7 HOME PREMIUM l
PC2: l CPU: AMD AthlonXP 2100+ 1733MHz (jadro Thoroughbred - B) socket A l MB: ASRock K7VT4A Pro l RAM: Apacer 1280MB 333MHz CL2.5 l
VGA: ASUS Nvidia N7600GS SILENT l HDD: Seagate 120GB ATA l CD-RW/DVD: LG H12 l PSU: Trust 370W l MONITOR: LG FLATRON L1919S l OS: XP SP3 SK l
NOTEBOOK: ASUS U36SG
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 10.02.07
Prihlásený: 14.08.11
Príspevky: 1657
Témy: 22 | 22
Bydlisko: Ziar nad Hr...
NapísalOffline : 28.12.2007 19:31 | Infikovaný súbor D3DI.dll, pomoooc

tomino0123 píše:
Skus teraz fixnuť:
O2 - BHO: (no name) - {AC4A8086-CAF3-49D0-A168-54B9F35062EE} - C:\WINDOWS\System32\d3di.dll
O20 - Winlogon Notify: winppl32 - winppl32.dll (file missing)

A odinstaluj ten keylogger..nepači sa mi!


podobne, na ten keylogger som uz aj ja upozornil, odporucam likvidaciu


_________________
Myslenie nemohlo vzniknúť bez reči, no reč bez myslenia sa vyskytuje často. Brie Andre
My OS: Primary - Kubuntu 10.10 Maverick Meerkat , Secondary - Windows 7
Problemy sa riesia tu na fore nie cez ICQ a Skype. Dakujem
Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 20:31 | Infikovaný súbor D3DI.dll, pomoooc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:56, on 28.12.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Peti\Antivir\hijackthis\HijackThis(2).exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AC4A8086-CAF3-49D0-A168-54B9F35062EE} - C:\WINDOWS\System32\d3di.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CleverCrypt] C:\Program Files\Quantum Digital Security\CleverCrypt Lite\CleverCrypt.exe /boot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4S2600X\WATCH.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{4823CF61-1F64-4EA2-B17E-9BFBFAED65BF}: NameServer = 192.168.1.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6879 bytes
----------------------------------------------
Asi to ešte stále nie je ono. Máte ešte nejaký nápad? Začínam byť z toho tak trošku zúfalý. :breakup:


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 04.05.07
Prihlásený: 16.01.11
Príspevky: 192
Témy: 32 | 32
NapísalOffline : 28.12.2007 20:36 | Infikovaný súbor D3DI.dll, pomoooc

dufam ze vsetky tieto srandy robis v safe mode


Offline

Užívateľ
Užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 28.12.07
Prihlásený: 18.09.13
Príspevky: 41
Témy: 6 | 6
Napísal autor témyOffline : 28.12.2007 20:55 | Infikovaný súbor D3DI.dll, pomoooc

Nuuuž, nie všetky.


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.12.07
Prihlásený: 26.02.08
Príspevky: 9
Témy: 0 | 0

Trochu od veci, ale zaujima ma to.

Odkial poznate tieto programy, ze hijackthis, avenger, kilbox, nejaky combofix? Z toho posledneho som cely paf, tolko riadkov vyplul. :loony: Vy atm aj nieco vidite? A ako ste sa to naucili?


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 04.05.07
Prihlásený: 16.01.11
Príspevky: 192
Témy: 32 | 32
NapísalOffline : 28.12.2007 23:43 | Infikovaný súbor D3DI.dll, pomoooc

pichaliska píše:
Trochu od veci, ale zaujima ma to.

Odkial poznate tieto programy, ze hijackthis, avenger, kilbox, nejaky combofix? Z toho posledneho som cely paf, tolko riadkov vyplul. :loony: Vy atm aj nieco vidite? A ako ste sa to naucili?

staci ked si precitas toto
http://www.pcforum.sk/cistime-napadnuty ... 27265.html


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 28.12.07
Prihlásený: 26.02.08
Príspevky: 9
Témy: 0 | 0

A to ten Rbot ci kto tu uz nie je? Preco? Tie navody su potom preco pod Spiritom? To nie je porusenie pravidiel a autorskych prav a ineho? http://www.pcforum.sk/rules.php


Offline

Skúsený užívateľ
Skúsený užívateľ
Infikovaný súbor D3DI.dll, pomoooc

Registrovaný: 22.03.07
Prihlásený: 14.06.14
Príspevky: 2108
Témy: 15 | 15
Bydlisko: Bratislava V
NapísalOffline : 28.12.2007 23:51 | Infikovaný súbor D3DI.dll, pomoooc

Rbot/aviro901 sa po odchode z nejakého dôvodu snažil "zahladiť" všetky stopy. :) Po jeho odchode je tu zrazu kopa "expertov". :)

Ale k veci. som3body, daj do avengeru:
Kód:
files to delete:
C:\WINDOWS\system32\tmp.reg
C:\Documents and Settings\tibi.SZABO\Application Data\ezpinst.exe
C:\WINDOWS\system32\drivers\xpnkgyxw.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\emopts.dat
C:\WINDOWS\iun6002.exe
C:\re2.sys
folders to delete:
C:\Program Files\Perfect Keylogger Lite


Spusti aj vundofix, mohlo by ísť aj o Vundo trojana.

d3di.dll vyzerá byť nezničiteľný, skús použiť undll.


 [ Príspevkov: 49 ] 1, 2


Infikovaný súbor D3DI.dll, pomoooc



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

Infikovaný súbor

v Antivíry a antispywary

15

958

25.12.2008 22:30

som3body

V tomto fóre nie sú ďalšie neprečítané témy.

Súbor dll

v Ostatné programy

2

808

06.11.2007 22:39

tidem

V tomto fóre nie sú ďalšie neprečítané témy.

subor xlive.dll

v Ostatné programy

3

1455

01.03.2010 19:28

Samoo99

V tomto fóre nie sú ďalšie neprečítané témy.

Windows - chyba subor hat.dll

v Operačné systémy Microsoft

4

341

01.01.2010 11:18

Pato8

V tomto fóre nie sú ďalšie neprečítané témy.

Vista:Potrebujem pomoc chyba mi subor d3d9.dll

v Operačné systémy Microsoft

6

684

19.08.2008 21:18

jano1507

V tomto fóre nie sú ďalšie neprečítané témy.

Subor C:\users\AppData\Local\Temp\pmnmjIcy.dll nebol najdeny

v Operačné systémy Microsoft

8

913

06.01.2010 19:48

prandof

V tomto fóre nie sú ďalšie neprečítané témy.

php_mssql.dll (tiež sqlsrv.dll) problém, podobne ADOdb

v PHP, ASP

2

108

18.01.2017 8:51

mackooo

V tomto fóre nie sú ďalšie neprečítané témy.

Problem s kniznicou shell32.dll a sti.dll

v Operačné systémy Microsoft

3

366

18.04.2009 9:49

Horalka

V tomto fóre nie sú ďalšie neprečítané témy.

user32.dll a shell32.dll Nepovolene premiestnenie...???

v Operačné systémy Microsoft

0

316

26.09.2007 13:22

kolci

V tomto fóre nie sú ďalšie neprečítané témy.

Run DLL problém (tsiVi032.dll)

v Ostatné

4

325

15.09.2013 0:09

Marko289

V tomto fóre nie sú ďalšie neprečítané témy.

user32.dll alebo SHELL32.dll

v Operačné systémy Microsoft

1

533

11.08.2010 19:15

Revolution

V tomto fóre nie sú ďalšie neprečítané témy.

CCleaner bol infikovaný zrejme hacknutím kompilačného prostredia, obeťami milióny

v Novinky

4

256

21.09.2017 16:05

JanoF

V tomto fóre nie sú ďalšie neprečítané témy.

Potrebujem pomoooc

v Elektronika

7

432

17.05.2007 13:34

Spirit

V tomto fóre nie sú ďalšie neprečítané témy.

Ramka-Pomoooc

v Pamäte

9

2108

26.04.2009 17:07

malak1

V tomto fóre nie sú ďalšie neprečítané témy.

WordPress--POMOOOC

v Redakčné systémy

2

349

26.05.2007 10:50

MiroCO

V tomto fóre nie sú ďalšie neprečítané témy.

pomoooc vzhlad

v Redakčné systémy

8

741

20.07.2006 21:25

Vandrak23



© 2005 - 2017 PCforum, edited by JanoF