Logi z HJ i combofix (prosze o pomoc)

Wiem ze mam jakiegos trojana ale antywirusy go nie uswaja … i nie wiem co mam zrobic wklejam logi z HiJack’a i combofix’a

jesli ktos moze mi pomoc to z gory dzieki

Złączono Posta : 24.06.2007 (Nie) 12:57

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

c:\autorun.inf

C:\Program Files\video activex access

C:\Program Files\video activex access\iesunst.exe

C:\Program Files\video activex access\ot.ico

C:\Program Files\video activex access\ts.ico

C:\Program Files\video activex access\uninst.exe

C:\WINDOWS\system32\msxml3a.dll

d:\autorun.inf

e:\autorun.inf

g:\autorun.inf

((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))

2007-06-24 12:30 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-24 11:26 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-06-24 11:26 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-06-24 11:26 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-06-24 11:26 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-06-24 11:26 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-06-24 11:26 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-06-24 11:26 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-06-24 11:26

2007-06-23 19:08

2007-06-22 20:17

2007-06-22 16:47

2007-06-22 11:24 89,088 --a------ C:\WINDOWS\system32\atl71.dll

2007-06-22 10:24

2007-06-22 09:25 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-06-22 09:25 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-06-22 09:25 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-06-22 09:25 1,420 --a------ C:\WINDOWS\system32\tmp.reg

2007-06-22 09:05

2007-06-22 08:58

2007-06-22 08:35

2007-06-21 17:46

2007-06-21 17:46

2007-06-19 08:06

2007-06-18 16:05

2007-06-16 20:28

2007-06-16 20:28

2007-06-16 20:28

2007-06-15 14:26

2007-06-15 14:25 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll

2007-06-15 14:25 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll

2007-06-15 14:25 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll

2007-06-15 14:25 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll

2007-06-15 14:25 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll

2007-06-15 14:25 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll

2007-06-15 14:25 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll

2007-06-15 14:25 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2007-06-15 14:25 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll

2007-06-15 14:25 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-06-15 14:25 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll

2007-06-15 14:25 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll

2007-06-15 14:25 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2007-06-15 14:25 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll

2007-06-15 14:25 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll

2007-06-15 14:25 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll

2007-06-15 14:25 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll

2007-06-15 14:25 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll

2007-06-15 14:25

2007-06-15 14:25

2007-06-15 14:11 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll

2007-06-15 14:04 23 --ahs---- C:\WINDOWS\system32\defedbbb2_r.dll

2007-06-14 22:47

2007-06-14 22:47

2007-06-14 22:46

2007-06-13 16:51

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 10:31:28 -------- d-----w C:\DOCUME~1\TOMA\DANEAP~1\Skype

2007-06-24 10:10:56 -------- d-----w C:\DOCUME~1\TOMA\DANEAP~1\OpenOffice.org2

2007-06-24 09:20:24 -------- d-----w C:\DOCUME~1\TOMA\DANEAP~1\n-Track Studio5

2007-06-23 17:08:24 -------- d–h--w C:\Program Files\InstallShield Installation Information

2007-06-23 10:41:41 -------- d-----w C:\Program Files\Gadu-Gadu

2007-06-22 14:02:26 1,447 ----a-w C:\WINDOWS\mozver.dat

2007-06-22 08:54:35 -------- d-----w C:\Program Files\Image-Line

2007-06-22 08:49:16 -------- d-----w C:\Program Files\eMule

2007-06-15 12:21:53 -------- d-----w C:\Program Files\MOV to AVI MPEG WMV Converter

2007-06-13 17:04:48 -------- d-----w C:\Program Files\Silkroad

2007-05-19 07:09:37 -------- d-----w C:\Program Files\Winamp

2007-05-16 16:04:05 -------- d-----w C:\Program Files\Onet

2007-05-09 11:20:09 -------- d-----w C:\Program Files\Acoustica Shared Effects

2007-05-09 11:20:07 -------- d-----w C:\Program Files\Acoustica Beatcraft

2007-05-03 07:06:58 -------- d-----w C:\Program Files\MarBit

2007-05-02 21:28:45 -------- d-----w C:\Program Files\PhotoBrush

2007-05-01 13:31:27 35,135 ----a-w C:\WINDOWS\system32\unins000.dat

2007-05-01 13:30:41 673,782 ----a-w C:\WINDOWS\system32\unins000.exe

2007-04-29 14:15:58 -------- d-----w C:\Program Files\MSN Apps

2007-04-28 20:36:53 -------- d-----w C:\Program Files\Skype

2007-04-28 20:36:53 -------- d-----w C:\Program Files\Common Files\Skype

2007-04-28 13:28:08 53,248 ----a-w C:\WINDOWS\system32\hklspl.dll

2007-04-28 13:28:08 319,488 ----a-w C:\WINDOWS\Pimbolis Dachboden.scr

2007-04-27 15:03:14 -------- d-----w C:\Program Files\San Andreas Mod Installer

2007-04-25 16:57:03 -------- d-----w C:\Program Files\Movie Converter V2

2007-04-24 13:41:02 -------- d-----w C:\Program Files\CDex_150

2007-04-24 12:59:03 74,450 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-04-24 12:59:03 448,348 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-04-20 12:57:24 0 ----a-w C:\WINDOWS\nsreg.dat

2007-04-03 16:59:59 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2007-04-03 16:59:59 221,184 ----a-w C:\WINDOWS\system32\UAService7.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 00:17]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 17:42]

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SoundMan”=“SOUNDMAN.EXE” [2004-07-27 17:01 C:\WINDOWS\soundman.exe]

“ULiRaid”=“C:\Program Files\ULiRaid\ULiRaid.exe” [2006-05-12 13:57]

“nwiz”=“nwiz.exe” [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe]

“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-08-06 09:45]

“Error Nuker”=“C:\Program Files\Error Nuker\bin\ErrorNuker.exe” []

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]

“SpyCrush 3.3”=“C:\Program Files\SC\SpyCrush 3.3\SpyCrush 3.3.exe” [2007-06-19 13:55]

“pas_check”=“C:\Program Files\SystemDoctor 2006 Free\pasmon.exe” []

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]

“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” []

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-03-30 13:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

“FFTI”=C:\Documents and Settings\TOMA\Dane aplikacji\Mozilla\Firefox\Profiles\qpbpam1h.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=“C:\Documents and Settings\TOMA\Dane aplikacji\Mozilla\Firefox\Profiles/qpbpam1h.default\extensions{B13721C7-F507-4982-B2E5-502A71474FED}”

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

“{8bbe40fd-0416-4c3f-80ea-0c7ad5fb1aab}”=“C:\WINDOWS\system32\igpfced.dll” []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0b15b93e-f263-11db-9b44-00138fb3693c}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{21a66622-b2bf-11db-9b8f-b9ca65be7af4}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{a76e1c55-d31e-11db-9bf3-801257f71cf5}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b57a4584-b2be-11db-aa19-806d6172696f}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b57a4585-b2be-11db-aa19-806d6172696f}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b57a4586-b2be-11db-aa19-806d6172696f}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bac19e8f-b373-11db-9b92-c1542cae5ffa}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{c93b2d58-0201-11dc-9b6a-000e50b78ddc}]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

*Newly Created Service* - AAVMKER4

*Newly Created Service* - ASWMON2

*Newly Created Service* - ASWRDR

*Newly Created Service* - ASWTDI

*Newly Created Service* - ASWUPDSV

*Newly Created Service* - AVAST!_ANTIVIRUS

*Newly Created Service* - AVAST!_MAIL_SCANNER

*Newly Created Service* - AVAST!_WEB_SCANNER

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-24 12:32:15

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-06-24 12:32:37

C:\ComboFix-quarantined-files.txt … 2007-06-24 12:32

— E O F —

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym nowy log

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Pokaż nowe logi.

OT-y KOSZ