zgredzio
(zgredzio)
11 Sierpień 2006 18:20
#1
Problemy zaczęły po wyłączeniu systemowego firewalla, którego teraz nie mogę włączyć. AntiVir zaczął wykrywać podejrzane pliki. Loga z Silent Runners ie mogę zrobić z powodu błędu. Dam za to loga z Hijacka i Gmera:
Logfile of HijackThis v1.99.1 Scan saved at 20:02:51, on 2006-08-11 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Programy\CacheBoost\cbsrv.exe E:\Programy\cFosSpeed\spd.exe C:\WINDOWS\System32\nvsvc32.exe d:\Programy\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE E:\Programy\cFosSpeed\cFosSpeed.exe D:\Programy\CacheBoost\trayicon.exe E:\Programy\Gadu-Gadu\gg.exe E:\Programy\eMule\emule.exe E:\Programy\AntiVir PersonalEdition Classic\avguard.exe E:\Programy\AntiVir PersonalEdition Classic\avgnt.exe E:\Programy\AntiVir PersonalEdition Classic\sched.exe E:\Programy\Opera\Opera.exe E:\Programy\HijackThis\HijackThis.exe C:\WINDOWS\system32\cmd.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programy\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Star Downloader Toolbar Helper - {E16AB45F-35A8-4f4d-922F-8D00D760F85B} - C:\Program Files\Star Downloader Toolbar\v2.0.0.5\Star_Downloader_Toolbar.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - E:\Programy\STARDO~1\SDIEInt.dll O3 - Toolbar: Star Downloader Toolbar - {8CEB3591-5DDC-47ec-AF97-66699BC85FE0} - C:\Program Files\Star Downloader Toolbar\v2.0.0.5\Star_Downloader_Toolbar.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [cFosSpeed] E:\Programy\cFosSpeed\cFosSpeed.exe O4 - HKLM…\Run: [Odkurzacz-MCD] E:\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKLM…\Run: [CacheBoost] D:\Programy\CacheBoost\trayicon.exe O4 - HKLM…\Run: [KAVPersonal50] “e:\Programy\Kaspersky Anti-Virus Personal\kav.exe” /minimize O4 - HKCU…\Run: [Gadu-Gadu] “E:\Programy\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AWMON] “E:\Programy\Ad-Aware SE Professional\Ad-Watch.exe” O4 - HKCU…\Run: [spybotSD TeaTimer] e:\Programy\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download with Star Downloader - E:\Programy\Star Downloader\sdie.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip…{666613EA-4808-4DAD-A675-E4375087F8D0}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programy\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - E:\Programy\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak India - D:\Programy\CacheBoost\cbsrv.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - E:\Programy\cFosSpeed\spd.exe" -service (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - d:\Programy\Alcohol 120\StarWind\StarWindService.exe
GMER 1.0.10.10122 - http://www.gmer.net Autostart 2006-08-11 20:16:22 Windows 5.1.2600 Dodatek Service Pack. 1 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\SYSTEM\CurrentControlSet\Services\ >>> AntiVirScheduler /*AntiVir PersonalEdition Classic Scheduler*/@ = E:\Programy\AntiVir PersonalEdition Classic\sched.exe AntiVirService /*AntiVir PersonalEdition Classic Guard*/@ = E:\Programy\AntiVir PersonalEdition Classic\avguard.exe CacheBoost Service /*CacheBoost Performance Optimizer and Tuner Service*/@ = D:\Programy\CacheBoost\cbsrv.exe cFosSpeedS /*cFosSpeed System Service*/@ = “E:\Programy\cFosSpeed\spd.exe” -service NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe Spooler /*Bufor wydruku*/@ = %SystemRoot%\system32\spoolsv.exe StarWindService /*StarWind iSCSI Service*/@ = d:\Programy\Alcohol 120\StarWind\StarWindService.exe UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\System32\wdfmgr.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup @nwiznwiz.exe /install = nwiz.exe /install @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit @cFosSpeedE :\Programy\cFosSpeed\cFosSpeed.exe = E:\Programy\cFosSpeed\cFosSpeed.exe @Odkurzacz-MCDE :\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe = E:\Programy\Odkurzacz 10.1 Pro\odk_mcd.exe @CacheBoostD :\Programy\CacheBoost\trayicon.exe = D:\Programy\CacheBoost\trayicon.exe @KAVPersonal50 "e:\Programy\Kaspersky Anti-Virus Personal\kav.exe" /minimize /*file not found*/ = “e:\Programy\Kaspersky Anti-Virus Personal\kav.exe” /minimize /*file not found*/ HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @Gadu-Gadu "E:\Programy\Gadu-Gadu\gg.exe" /tray = “E:\Programy\Gadu-Gadu\gg.exe” /tray @AWMON "E:\Programy\Ad-Aware SE Professional\Ad-Watch.exe" = “E:\Programy\Ad-Aware SE Professional\Ad-Watch.exe” @SpybotSD TeaTimere:\Programy\Spybot - Search & Destroy\TeaTimer.exe = e:\Programy\Spybot - Search & Destroy\TeaTimer.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Foldery w sieci Web*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll @{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/E:\Programy\AntiVir PersonalEdition Classic\shlext.dll = E:\Programy\AntiVir PersonalEdition Classic\shlext.dll @{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/d:\Programy\ALCOHO~1\axshlex.dll = d:\Programy\ALCOHO~1\axshlex.dll @{B7056B8E-4F99-44f8-8CBD-282390FE5428} /*VirtualCloneDrive*/d:\Programy\VirtualCloneDrive\ElbyVCDShell.dll = d:\Programy\VirtualCloneDrive\ElbyVCDShell.dll @{A155339D-CCCD-4714-85EB-3754B804C9DF} /*a-squared Free Context Menu Shell Extension*/e:\Programy\A-SQUA~1\A2FREE~1.DLL = e:\Programy\A-SQUA~1\A2FREE~1.DLL HKLM\Software\Classes*\shellex\ContextMenuHandlers\ >>> Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = E:\Programy\AntiVir PersonalEdition Classic\shlext.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programy\WinRAR\rarext.dll HKLM\Software\Classes*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programy\Nero 7 Premium\Nero 7\Nero BackItUp\NBShell.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programy\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> a2FreeContMenu@{A155339D-CCCD-4714-85EB-3754B804C9DF} = e:\Programy\A-SQUA~1\A2FREE~1.DLL Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = E:\Programy\AntiVir PersonalEdition Classic\shlext.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = e:\Programy\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = D:\Programy\Nero 7 Premium\Nero 7\Nero BackItUp\NBShell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>> @{53707962-6F74-2D53-2644-206D7942484F}E:\Programy\SPYBOT~1\SDHelper.dll = E:\Programy\SPYBOT~1\SDHelper.dll @{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll @{E16AB45F-35A8-4f4d-922F-8D00D760F85B}C:\Program Files\Star Downloader Toolbar\v2.0.0.5\Star_Downloader_Toolbar.dll = C:\Program Files\Star Downloader Toolbar\v2.0.0.5\Star_Downloader_Toolbar.dll @{FFFFFEF0-5B30-21D4-945D-000000000000}E:\Programy\STARDO~1\SDIEInt.dll = E:\Programy\STARDO~1\SDIEInt.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\sstext3d.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp ://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl … ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pagehttp://www.o2.pl/ = http://www.o2.pl/ @Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\WINDOWS\System32\msvidctl.dll vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll ---- EOF - GMER 1.0.10 ----
bartekvip
(Bartekviper)
11 Sierpień 2006 18:31
#2
To wywal. Sprawdź Spybotem. Zapewne masz taki wpis zaobiegający włączeniu firewalla. Nazywa się WIndows.Firewall. (nie pamiętam :P)
zgredzio
(zgredzio)
11 Sierpień 2006 18:35
#3
To już próbowałem.Właśnie pojawiłmi się komunikat o zamknięciu.
Złączono Posta : 12.08.2006 (Sob) 16:11
Jest to komunikat informujący o tym, że system zamknie się za 60 sekund. Raczej rzadko się pojawia. Nie wydaje mi się, żeby był to któryś z wirusów opisanych na tej stronie . Może to byc błąd spowodowany jakimś spyware, ale skanowanie programami nic nie dało.