spyker
(Qoompel)
11 Grudzień 2006 14:01
#1
Po ściągnieciu jakiegoś małego pliku avast wykrył jakiś wirus. A po kilku minutach zaczęły mi wyskakiwać jakieś komunikaty od avasta, że przychodzą jakieś dziwne wiadomości (ok 1 co 30s…). Musiałem wszystko zamykać po kolei. Wyłączyłem avasta. Internet zaczął chodzić znacznie wolniej. Zrobiłem reset. Po tym avasta zostawiłem włączonego, komunikatów nie ma, Net chodzi dobrze. Ale proszę s prawdzenie LOGA.
Dzięki. Pozdrawiam.
Logfile of HijackThis v1.99.1 Scan saved at 14:48:23, on 2006-12-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files{F4AAB007-0682-1045-0907-040407160030}\Update.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\wvi.exe C:\nhnk.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\msasvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\MOZILLA.ORG \MOZILLA\MOZILLA.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Marcin\Moje dokumenty\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1{34AAB~1\888Bar.dll O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1{34AAB~1\888Bar.dll O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [WINDOWS] C:\nhnk.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [35] “C:\WINDOWS\system32\35.exe” O4 - HKCU…\Run: [wvi] “C:\WINDOWS\system32\wvi.exe” O4 - HKCU…\Run: [wqvdbw] “C:\WINDOWS\system32\wqvdbw.exe” O4 - HKCU…\Run: [1] “C:\WINDOWS\system32\1.exe” O4 - HKCU…\Run: [wphtjqbi] “C:\WINDOWS\system32\wphtjqbi.exe” O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{40299191-B5BD-4D17-8C88-7971528F808E}: NameServer = 213.199.225.10,213.199.225.14 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: dataclen.exe - Unknown owner - C:\WINDOWS\system32\dataclen.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
Bieniol
(Bbieniol)
11 Grudzień 2006 14:04
#2
Użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable (jeżeli jakieś znaczki są żółte, to niech takie zostaną). Po użyciu tego narzędzia wymagany jest reset sysa.
Pobierz i uruchom narzędzie The Avenger . Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:
Klikasz Done , a następnie zielone światełko i zgadzasz się na restart klikając OK . Po restarcie odpali Ci się Hijack, więc robisz skan i usuwasz wpisy:
Kasujesz ręcznie z dysku plik: C:\Avenger\ backup.zip i wklejasz na forum raport: C:\ avenger.txt + nowy log z Hijacka + log z Silent Runners
squeet
(squeet)
11 Grudzień 2006 14:08
#3
Proszę zmienić temat na konkretny, mówiący o problemie.
W tym celu proszę użyć przycisku
spyker
(Qoompel)
11 Grudzień 2006 14:54
#4
Avenger
Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\otqusdbr ******************* Script file located at: ??\C:\Program Files\micdqrme.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\nhnk.exe not found! Deletion of file C:\nhnk.exe failed! Could not process line: C:\nhnk.exe Status: 0xc0000034 File C:\WINDOWS\system32\35.exe not found! Deletion of file C:\WINDOWS\system32\35.exe failed! Could not process line: C:\WINDOWS\system32\35.exe Status: 0xc0000034 File C:\WINDOWS\system32\wvi.exe deleted successfully. File C:\WINDOWS\system32\wqvdbw.exe not found! Deletion of file C:\WINDOWS\system32\wqvdbw.exe failed! Could not process line: C:\WINDOWS\system32\wqvdbw.exe Status: 0xc0000034 File C:\WINDOWS\system32\1.exe not found! Deletion of file C:\WINDOWS\system32\1.exe failed! Could not process line: C:\WINDOWS\system32\1.exe Status: 0xc0000034 File C:\WINDOWS\system32\wphtjqbi.exe not found! Deletion of file C:\WINDOWS\system32\wphtjqbi.exe failed! Could not process line: C:\WINDOWS\system32\wphtjqbi.exe Status: 0xc0000034 File C:\WINDOWS\system32\dataclen.exe deleted successfully. File C:\WINDOWS\system32\msasvc.exe deleted successfully. Folder C:\PROGRA~1\COMMON~1{34AAB~1 deleted successfully. Driver dataclen.exe unloaded successfully. Driver MsaSvc unloaded successfully. Program C:\Documents and Settings\Marcin\Moje dokumenty\hijackthis\HijackThis.exe successfully set up to run once on reboot. Completed script processing. ******************* Finished! Terminate.
Hijack This
Logfile of HijackThis v1.99.1 Scan saved at 15:54:24, on 2006-12-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\MOZILLA.ORG \MOZILLA\MOZILLA.EXE C:\Documents and Settings\Marcin\Moje dokumenty\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [RecordPadRun] “C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe” -logon O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{40299191-B5BD-4D17-8C88-7971528F808E}: NameServer = 213.199.225.10,213.199.225.14 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
A Silent Runners nie mogę zrobić scana :oops: