Vulgath
(Emperor222)
17 Czerwiec 2007 15:48
#1
Tj w temacie. Dodatkowo Windows podejzanie zwolnil ostatnio.Bylbym bardzo wdzieczny za sprawdzenie loga
Logfile of HijackThis v1.99.1 Scan saved at 17:46:03, on 2007-06-17 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\Explorer.EXE g:\Program Files\Alwil Software\Avast4\aswUpdSv.exe g:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\WINDOWS\System32\msqI23.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\winregude4.exe C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe G:\Program Files\eMule48\emule.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Siemens Data Suite SX1\SDS\SPhoneObserver.exe C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe g:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\WINDOWS\System32\dllcache\winegne.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe g:\Program Files\Alwil Software\Avast4\ashWebSv.exe g:\Program Files\Alwil Software\Avast4\ashMaiSv.exe g:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\WINDOWS\System32\devldr32.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\cmd.exe G:\PROGRA~1\GADU-G~2\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe I:\Michal\programy\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.icq.com/start R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avast!] g:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [internet Security Servicexs] msqI23.exe O4 - HKLM…\Run: [Office Monitor Secure Systemas] C:\WINDOWS\System32\winregude4.exe O4 - HKLM…\RunServices: [internet Security Servicexs] msqI23.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [Odkurzacz-MCD] g:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [Gadu-Gadu] “G:\PROGRA~1\GADU-G~2\gg.exe” /tray O4 - HKCU…\Run: [internet Security Servicexs] msqI23.exe O4 - HKCU…\Run: [Office Monitor Secure Systemas] C:\WINDOWS\System32\winregude4.exe O4 - HKCU…\Run: [eMuleAutoStart] G:\Program Files\eMule48\emule.exe -AutoStart O4 - Startup: Skrót do emule.lnk = G:\Program Files\eMule48\emule.exe O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra ‘Tools’ menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - g:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - g:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - g:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - g:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - g:\Program Files\Executive Software\DiskeeperLite\DKService.exe O23 - Service: EnGenius Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winegne.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Złączono Posta : 17.06.2007 (Nie) 20:38
Oto log z ComboFix:
omboFix 07-06-17 - C:\Documents and Settings\bbb\Pulpit\ComboFix.exe “bbb” - 2007-06-17 20:34:16 ((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 ))))))))))))))))))))))))))))))) 2007-06-17 20:30 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-17 18:19 113,152 --a------ C:\WINDOWS\system32\spool.exe 2007-06-17 18:19 113,152 --a------ C:\WINDOWS\fkhsxh.exe 2007-06-17 15:35 113,152 --a------ C:\WINDOWS\system32\winregude4.exe 2007-06-16 22:31 270,848 --a------ C:\WINDOWS\tjsdghs.exe 2007-06-16 21:23 0 --a------ C:\WINDOWS\system32\27031_winsptr.exe 2007-06-16 13:19 2007-06-16 12:18 967 --a------ C:\WINDOWS\ScUnin.pif 2007-06-16 12:18 94,208 --a------ C:\WINDOWS\ScUnin.exe 2007-06-16 12:18 27,805 --a------ C:\WINDOWS\scunin.dat 2007-06-14 13:08 2007-06-11 17:58 2007-06-11 17:58 2007-06-11 17:56 11,603,336 --a------ C:\Program Files\Install_ICQ6.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:56 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:42 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:52 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:24 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-09 13:36:40 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-04-09 13:36:40 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-30 19:56:34 1,385,744 ----a-w C:\WINDOWS\system32\msvbvm60.dll 2001-10-26 15:29:52 270,848 --sh–r C:\WINDOWS\system32\msqI23.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\System32\NvCpl.dll” [2005-02-24 07:32] “nwiz”=“nwiz.exe” [2005-02-24 07:32 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\System32\NvMcTray.dll” [2005-02-24 07:32] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 13:03] “avast!”=“g:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “mRouterConfig for Siemens Data Suite SX1”=“C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe” [2003-10-03 12:47] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “Internet Security Servicexs”=“msqI23.exe” [2001-10-26 17:29 C:\WINDOWS\system32\msqI23.exe] “Office Monitor Secure Systemas”=“C:\WINDOWS\System32\winregude4.exe” [2007-06-17 15:35] “WindowsXp Security”=“C:\WINDOWS\System32\spool.exe” [2007-06-17 18:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 17:29] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2005-08-18 15:15] “Odkurzacz-MCD”=“g:\Program Files\Odkurzacz\odk_mcd.exe” [2006-08-02 23:46] “odk_mcd”="" [] “Gadu-Gadu”=“G:\PROGRA~1\GADU-G~2\gg.exe” [2005-03-31 11:18] “Internet Security Servicexs”=“msqI23.exe” [2001-10-26 17:29 C:\WINDOWS\system32\msqI23.exe] “Office Monitor Secure Systemas”=“C:\WINDOWS\System32\winregude4.exe” [2007-06-17 15:35] “WindowsXp Security”=“C:\WINDOWS\System32\spool.exe” [2007-06-17 18:19] “eMuleAutoStart”=“G:\Program Files\eMule48\emule.exe” [2007-05-13 16:57] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] “Internet Security Servicexs”=msqI23.exe [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Internet Security Servicexs”=msqI23.exe “Office Monitor Secure Systemas”=C:\WINDOWS\System32\winregude4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] “C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] “C:\Program Files\ICQLite\ICQLite.exe” -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zegarynka] I:\Michal\programy\Zegarynka.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-17 20:34:24 Windows 5.1.2600 FAT NTAPI scanning hidden processes … ? [3816] ? [45888] ? [16328] ? [28852] ? [38764] ? [33064] ? [38088] ? [60116] ? [31904] ? [34172] ? [33932] ? [34972] ? [34984] scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Files hidden from API: C:\WINDOWS\BĄbelki.bmp C:\WINDOWS\system32\Pokaľ kanay.scf Completion time: 2007-06-17 20:35:10 — E O F —
Vulgath
(Emperor222)
18 Czerwiec 2007 20:04
#3
Nie mogłem sciągnac The Avenger - przewrażliwiony Avast. Poradziłem sobie używając Killboxa… Problem z komunikatem o wyłączaniu sie systemu jest jednak niestety nadal aktualny
Przepraszam za obcięty log z Combofix’a ale niewiedziec czemu cały czas mi sie taki tworzy byc może robię coś nie tak za co z góry przepraszam…
CF:
ComboFix 07-06-17 - I:\Michal\programy\ComboFix.exe “bbb” - 2007-06-18 21:50:34 ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) 2007-06-18 18:57 0 --a------ C:\WINDOWS\system32\27031_redworld.exe 2007-06-18 13:36 2007-06-18 13:09 2007-06-17 23:47 2007-06-17 23:12 16,384 --a------ C:\WINDOWS\nircmd.exe 2007-06-16 12:18 967 --a------ C:\WINDOWS\ScUnin.pif 2007-06-16 12:18 94,208 --a------ C:\WINDOWS\ScUnin.exe 2007-06-16 12:18 27,805 --a------ C:\WINDOWS\scunin.dat 2007-06-14 13:08 2007-06-11 17:58 2007-06-11 17:58 2007-06-11 17:56 11,603,336 --a------ C:\Program Files\Install_ICQ6.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-17 19:06:36 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-17 19:06:36 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:56 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:42 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:52 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:24 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-03-30 19:56:34 1,385,744 ----a-w C:\WINDOWS\system32\msvbvm60.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2005-02-24 07:32 C:\WINDOWS\system32\nwiz.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 13:03] “avast!”=“g:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “mRouterConfig for Siemens Data Suite SX1”=“C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe” [2003-10-03 12:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 17:29] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2005-08-18 15:15] “Odkurzacz-MCD”=“g:\Program Files\Odkurzacz\odk_mcd.exe” [2006-08-02 23:46] “odk_mcd”="" [] “Gadu-Gadu”=“G:\PROGRA~1\GADU-G~2\gg.exe” [2005-03-31 11:18] “eMuleAutoStart”=“G:\Program Files\eMule48\emule.exe” [2007-05-13 16:57] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] “C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] “C:\Program Files\ICQLite\ICQLite.exe” -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zegarynka] I:\Michal\programy\Zegarynka.exe ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) No new files created in this timespan (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-17 19:06:36 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-17 19:06:36 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:56 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:42 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:52 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:24 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-03-30 19:56:34 1,385,744 ----a-w C:\WINDOWS\system32\msvbvm60.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2005-02-24 07:32 C:\WINDOWS\system32\nwiz.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 13:03] “avast!”=“g:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “mRouterConfig for Siemens Data Suite SX1”=“C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe” [2003-10-03 12:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 17:29] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2005-08-18 15:15] “Odkurzacz-MCD”=“g:\Program Files\Odkurzacz\odk_mcd.exe” [2006-08-02 23:46] “odk_mcd”="" [] “Gadu-Gadu”=“G:\PROGRA~1\GADU-G~2\gg.exe” [2005-03-31 11:18] “eMuleAutoStart”=“G:\Program Files\eMule48\emule.exe” [2007-05-13 16:57] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] “C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] “C:\Program Files\ICQLite\ICQLite.exe” -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zegarynka] I:\Michal\programy\Zegarynka.exe
Oraz dodatkowo z HJT:
Logfile of HijackThis v1.99.1 Scan saved at 22:02, on 2007-06-18 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe g:\Program Files\Alwil Software\Avast4\aswUpdSv.exe g:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe C:\Program Files\Siemens Data Suite SX1\SDS\SPhoneObserver.exe C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe G:\PROGRA~1\GADU-G~2\gg.exe C:\WINDOWS\System32\devldr32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wuauclt.exe g:\Program Files\Alwil Software\Avast4\ashMaiSv.exe g:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\ComboFix\catchme.cfexe C:\WINDOWS\explorer.exe I:\Michal\programy\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.icq.com/start R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM…\Run: [avast!] g:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [mRouterConfig for Siemens Data Suite SX1] C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU…\Run: [Odkurzacz-MCD] g:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [Gadu-Gadu] “G:\PROGRA~1\GADU-G~2\gg.exe” /tray O4 - HKCU…\Run: [eMuleAutoStart] G:\Program Files\eMule48\emule.exe -AutoStart O4 - Startup: Skrót do emule.lnk = G:\Program Files\eMule48\emule.exe O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra ‘Tools’ menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - g:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - g:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - g:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - g:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Przepraszam że tak mieszam…
qrczak13
(qrczak13)
18 Czerwiec 2007 20:23
#4
Pobierz Windows Worms Doors Cleaner , ustaw znaczki na zielono, Netbios może być na żółto.
Po użyciu narzędzia wymagany jest restart.
W Pocket Killbox ,
zaznaczasz Delete on reboot , w polu Full Path of File to Delete wklej ścieżkę:
C:\WINDOWS\system32\27031_redworld.exe
i naciskasz X czerwony . Program poprosi o restart kompa, co robisz.
Daj nowe combo.
Vulgath
(Emperor222)
18 Czerwiec 2007 20:32
#5
Oto nowy log z ComboFix’a
ComboFix 07-06-17 - I:\Michal\programy\ComboFix.exe “bbb” - 2007-06-18 22:28:48 ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) 2007-06-18 13:36 2007-06-18 13:09 2007-06-17 23:47 2007-06-17 23:12 16,384 --a------ C:\WINDOWS\nircmd.exe 2007-06-16 12:18 967 --a------ C:\WINDOWS\ScUnin.pif 2007-06-16 12:18 94,208 --a------ C:\WINDOWS\ScUnin.exe 2007-06-16 12:18 27,805 --a------ C:\WINDOWS\scunin.dat 2007-06-14 13:08 2007-06-11 17:58 2007-06-11 17:58 2007-06-11 17:56 11,603,336 --a------ C:\Program Files\Install_ICQ6.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-17 19:06:36 50,748 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-17 19:06:36 358,702 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:56 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:42 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:52 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:24 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-03-30 19:56:34 1,385,744 ----a-w C:\WINDOWS\system32\msvbvm60.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {055FD26D-3A88-4e15-963D-DC8493744B1D}=C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 10:40] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 13:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2005-02-24 07:32 C:\WINDOWS\system32\nwiz.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 13:03] “avast!”=“g:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “mRouterConfig for Siemens Data Suite SX1”=“C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe” [2003-10-03 12:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2001-10-26 17:29] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2001-08-02 07:14] “STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2005-08-18 15:15] “Odkurzacz-MCD”=“g:\Program Files\Odkurzacz\odk_mcd.exe” [2006-08-02 23:46] “odk_mcd”="" [] “Gadu-Gadu”=“G:\PROGRA~1\GADU-G~2\gg.exe” [2005-03-31 11:18] “eMuleAutoStart”=“G:\Program Files\eMule48\emule.exe” [2007-05-13 16:57] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] “C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite] “C:\Program Files\ICQLite\ICQLite.exe” -minimize [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zegarynka] I:\Michal\programy\Zegarynka.exe
Gutek
(Gutek)
18 Czerwiec 2007 22:11
#6