Kshaq
(Kshaq)
18 Czerwiec 2007 10:57
#1
ostatnio zauwazylem znaczne spowolnienie systemu i neta… skany avast’em jak i spybotem nic nie wykazuja-Help!;/ zamieszczam log z hajdżaka:
Logfile of HijackThis v1.99.1 Scan saved at 12:55:58, on 2007-06-18 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\UAService7.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Documents and Settings\kshaq.KSHAQ-MASZYNA\Pulpit\HijackThis.exe R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [CnxDslTaskBar] “C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” “ZTE Corporation\ZXDSL852” O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Windows Service Update] C:\WINDOWS\System32\livecal.exe O4 - HKLM…\Run: [Ashampoo FireWall] “C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” -TRAY O4 - HKLM…\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [Windows Service Update] C:\WINDOWS\System32\livecal.exe O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O10 - Unknown file in Winsock LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll O17 - HKLM\System\CCS\Services\Tcpip…{C9317532-1556-445A-B138-C7A395D5A33F}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
Gutek
(Gutek)
18 Czerwiec 2007 15:24
#2
użyj Windows Worms Doors Cleanera zmień znaczki z disable na enable. Po użyciu tego narzędzia wymagany jest reset sysa. wtrybie awaryjnym usuń plik, a wpisy HJT
Daj log z Combofix
Kshaq
(Kshaq)
18 Czerwiec 2007 16:07
#3
wiec tak: uzylem WWDC-jeden z portow byl blokniety.oba pliki livecall usunelem killboxem zamiast w trybie awaryjnym- poskutkowalo spadkiem uzycia procka z ~90% do normy [~0%;)]i wszystko bylo ok do czasu gdy uruchomilem Combofix- w trakcie skanu avast wykryl 1 trojana ktorego wpakowalem do kwarantanny…po skonczeniu skanu zuzycie procka znow wacha sie w granicy 100%.;/
log o ktory prosiles:
ComboFix 07-06-17 - C:\Documents and Settings\kshaq.KSHAQ-MASZYNA\Moje dokumenty\RingTones\ComboFix.exe “kshaq” - 2007-06-18 17:52:24 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\a.exe ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) 2007-06-18 17:51 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-18 13:38 2007-06-17 21:36 987,136 --a------ C:\WINDOWS\system32\agsaamh.dll 2007-06-17 21:36 90,112 --a------ C:\WINDOWS\system32\agsaami.dll 2007-06-17 21:36 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll 2007-06-17 21:36 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2007-06-17 21:36 46 --a------ C:\WINDOWS\system32\winitn.dll 2007-06-17 21:36 46 --a------ C:\WINDOWS\system32\kakle.dll 2007-06-17 21:36 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll 2007-06-17 21:36 331,776 --a------ C:\WINDOWS\system32\agsaama.dll 2007-06-17 21:36 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll 2007-06-17 21:36 196,608 --a------ C:\WINDOWS\system32\maag.dll 2007-06-17 21:36 1,986,560 --a------ C:\WINDOWS\system32\akll.dll 2007-06-17 21:36 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll 2007-06-17 21:36 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll 2007-06-17 21:35 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-06-17 21:35 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-06-17 21:35 40,960 --a------ C:\WINDOWS\system32\VBAME.DLL 2007-06-17 21:35 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-06-17 21:35 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-06-17 21:35 2007-06-17 21:35 2007-06-17 16:54 2007-06-17 16:38 2007-06-15 17:28 20,096 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-06-15 17:26 99,840 --a------ C:\WINDOWS\system32\irftp.exe 2007-06-15 17:26 78,848 --a------ C:\WINDOWS\system32\irmon.dll 2007-06-15 17:26 7,680 --a------ C:\WINDOWS\system32\wshirda.dll 2007-06-15 17:26 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-06-15 17:26 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys 2007-06-15 17:26 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-06-15 15:39 2007-06-15 15:38 35 --a------ C:\WINDOWS\system32\RTELM.dll 2007-06-15 15:12 2007-06-15 15:08 2007-06-13 03:06 2007-06-05 22:23 2007-05-26 14:31 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-05-26 14:24 2007-05-26 13:14 2007-05-25 22:11 2007-05-25 22:09 2007-05-25 22:07 2007-05-25 22:06 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-18 15:45:47 -------- d-----w C:\Program Files\Neostrada TP 2007-06-15 20:17:38 -------- d-----w C:\DOCUME~1\KSHAQ~1.KSH\DANEAP~1\Skype 2007-06-15 20:11:08 -------- d-----w C:\Program Files\Gadu-Gadu 2007-06-15 11:10:35 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll 2007-06-15 11:10:34 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll 2007-06-15 11:10:31 362,312 ----a-w C:\WINDOWS\system32\kdfmgr.exe 2007-06-15 10:56:47 -------- d-----w C:\Program Files\Silkroad 2007-06-09 22:37:55 -------- d-----w C:\Program Files\VstPlugins 2007-06-02 13:49:08 -------- d-----w C:\Program Files\Image-Line 2007-05-26 12:24:29 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-26 11:19:47 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-16 13:27:36 -------- d-----w C:\Program Files\AtomixMP3 2007-05-16 13:03:05 -------- d-----w C:\Program Files\ASIO4ALL v2 2007-05-09 18:06:36 479,744 ----a-w C:\WINDOWS\system32\kdfinj.dll 2007-05-08 17:57:55 -------- d-----w C:\Program Files\Skype 2007-05-08 17:57:55 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-05 21:16:33 -------- d-----w C:\Program Files\Opera 2007-05-04 11:37:11 -------- d-----w C:\Program Files\INSTALKI.pl 2007-05-03 12:02:37 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-03 12:02:37 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-03 11:42:17 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-30 21:01:58 -------- d-----w C:\DOCUME~1\KSHAQ~1.KSH\DANEAP~1\Real 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-28 19:24:02 -------- d-----w C:\Program Files\Winamp 2007-04-10 13:16:46 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-09 16:22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-04-09 16:22:56 221,184 ----a-w C:\WINDOWS\system32\UAService7.exe 2007-03-18 14:43:27 0 --sha-r C:\MSDOS.SYS 2007-03-18 14:43:27 0 --sha-r C:\IO.SYS 2007-03-18 14:43:27 0 ----a-w C:\CONFIG.SYS 2007-03-18 14:43:27 0 ----a-w C:\AUTOEXEC.BAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2005-12-10 03:06 C:\WINDOWS\system32\nwiz.exe] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “CnxDslTaskBar”=“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” [2005-07-21 22:52] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2005-07-21 08:33] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2005-07-21 08:33] “SoundMan”=“SOUNDMAN.EXE” [2005-04-15 05:01 C:\WINDOWS\SOUNDMAN.EXE] “Ashampoo FireWall”=“C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” [2006-09-13 13:22] “OCAudioIni”=“C:\Program Files\One-click Audio Converter\OCAudioIni.exe” [2005-03-29 18:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-20 19:05] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Windows Service Update”=C:\WINDOWS\System32\livecal.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-18 17:56:15 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-18 17:57:39 — E O F —
Złączono Posta : 18.06.2007 (Pon) 18:09
wiec tak: uzylem WWDC-jeden z portow byl blokniety.oba pliki livecall usunelem killboxem zamiast w trybie awaryjnym- poskutkowalo spadkiem uzycia procka z ~90% do normy [~0%;)]i wszystko bylo ok do czasu gdy uruchomilem Combofix- w trakcie skanu avast wykryl 1 trojana ktorego wpakowalem do kwarantanny…po skonczeniu skanu zuzycie procka znow wacha sie w granicy 100%.;/
log o ktory prosiles:
ComboFix 07-06-17 - C:\Documents and Settings\kshaq.KSHAQ-MASZYNA\Moje dokumenty\RingTones\ComboFix.exe “kshaq” - 2007-06-18 17:52:24 - Dodatek Service Pack. 1 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\a.exe ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) 2007-06-18 17:51 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-18 13:38 2007-06-17 21:36 987,136 --a------ C:\WINDOWS\system32\agsaamh.dll 2007-06-17 21:36 90,112 --a------ C:\WINDOWS\system32\agsaami.dll 2007-06-17 21:36 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll 2007-06-17 21:36 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2007-06-17 21:36 46 --a------ C:\WINDOWS\system32\winitn.dll 2007-06-17 21:36 46 --a------ C:\WINDOWS\system32\kakle.dll 2007-06-17 21:36 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll 2007-06-17 21:36 331,776 --a------ C:\WINDOWS\system32\agsaama.dll 2007-06-17 21:36 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll 2007-06-17 21:36 196,608 --a------ C:\WINDOWS\system32\maag.dll 2007-06-17 21:36 1,986,560 --a------ C:\WINDOWS\system32\akll.dll 2007-06-17 21:36 1,245,184 --a------ C:\WINDOWS\system32\bkll.dll 2007-06-17 21:36 1,212,416 --a------ C:\WINDOWS\system32\ckll.dll 2007-06-17 21:35 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2007-06-17 21:35 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll 2007-06-17 21:35 40,960 --a------ C:\WINDOWS\system32\VBAME.DLL 2007-06-17 21:35 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll 2007-06-17 21:35 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll 2007-06-17 21:35 2007-06-17 21:35 2007-06-17 16:54 2007-06-17 16:38 2007-06-15 17:28 20,096 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys 2007-06-15 17:26 99,840 --a------ C:\WINDOWS\system32\irftp.exe 2007-06-15 17:26 78,848 --a------ C:\WINDOWS\system32\irmon.dll 2007-06-15 17:26 7,680 --a------ C:\WINDOWS\system32\wshirda.dll 2007-06-15 17:26 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-06-15 17:26 26,624 --a------ C:\WINDOWS\system32\drivers\irstusb.sys 2007-06-15 17:26 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-06-15 15:39 2007-06-15 15:38 35 --a------ C:\WINDOWS\system32\RTELM.dll 2007-06-15 15:12 2007-06-15 15:08 2007-06-13 03:06 2007-06-05 22:23 2007-05-26 14:31 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys 2007-05-26 14:24 2007-05-26 13:14 2007-05-25 22:11 2007-05-25 22:09 2007-05-25 22:07 2007-05-25 22:06 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-18 15:45:47 -------- d-----w C:\Program Files\Neostrada TP 2007-06-15 20:17:38 -------- d-----w C:\DOCUME~1\KSHAQ~1.KSH\DANEAP~1\Skype 2007-06-15 20:11:08 -------- d-----w C:\Program Files\Gadu-Gadu 2007-06-15 11:10:35 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll 2007-06-15 11:10:34 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll 2007-06-15 11:10:31 362,312 ----a-w C:\WINDOWS\system32\kdfmgr.exe 2007-06-15 10:56:47 -------- d-----w C:\Program Files\Silkroad 2007-06-09 22:37:55 -------- d-----w C:\Program Files\VstPlugins 2007-06-02 13:49:08 -------- d-----w C:\Program Files\Image-Line 2007-05-26 12:24:29 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-26 11:19:47 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-16 13:27:36 -------- d-----w C:\Program Files\AtomixMP3 2007-05-16 13:03:05 -------- d-----w C:\Program Files\ASIO4ALL v2 2007-05-09 18:06:36 479,744 ----a-w C:\WINDOWS\system32\kdfinj.dll 2007-05-08 17:57:55 -------- d-----w C:\Program Files\Skype 2007-05-08 17:57:55 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-05 21:16:33 -------- d-----w C:\Program Files\Opera 2007-05-04 11:37:11 -------- d-----w C:\Program Files\INSTALKI.pl 2007-05-03 12:02:37 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-03 12:02:37 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-03 11:42:17 23,016 ----a-w C:\WINDOWS\system32\emptyregdb.dat 2007-04-30 21:01:58 -------- d-----w C:\DOCUME~1\KSHAQ~1.KSH\DANEAP~1\Real 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-28 19:24:02 -------- d-----w C:\Program Files\Winamp 2007-04-10 13:16:46 0 ----a-w C:\WINDOWS\nsreg.dat 2007-04-09 16:22:56 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-04-09 16:22:56 221,184 ----a-w C:\WINDOWS\system32\UAService7.exe 2007-03-18 14:43:27 0 --sha-r C:\MSDOS.SYS 2007-03-18 14:43:27 0 --sha-r C:\IO.SYS 2007-03-18 14:43:27 0 ----a-w C:\CONFIG.SYS 2007-03-18 14:43:27 0 ----a-w C:\AUTOEXEC.BAT ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nwiz”=“nwiz.exe” [2005-12-10 03:06 C:\WINDOWS\system32\nwiz.exe] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “CnxDslTaskBar”=“C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe” [2005-07-21 22:52] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2005-07-21 08:33] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2005-07-21 08:33] “SoundMan”=“SOUNDMAN.EXE” [2005-04-15 05:01 C:\WINDOWS\SOUNDMAN.EXE] “Ashampoo FireWall”=“C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” [2006-09-13 13:22] “OCAudioIni”=“C:\Program Files\One-click Audio Converter\OCAudioIni.exe” [2005-03-29 18:54] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\ctfmon.exe” [2002-09-20 19:05] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “Windows Service Update”=C:\WINDOWS\System32\livecal.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-18 17:56:15 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-18 17:57:39 — E O F —
qrczak13
(qrczak13)
18 Czerwiec 2007 18:32
#4
Ściągnij The Avenger ,
wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:
Po wklejeniu > Done > klik na zielone światło > ok i będzie restart. Po restarcie wchodzisz gdzie masz The Avenger i wklejasz raport C:\avenger.txt .
Po tym nowy log z combo.
Kshaq
(Kshaq)
18 Czerwiec 2007 21:30
#5
link do tego programu [avenger] probuje zasysac trojana i avast mi go blokuje. nie moge znalezc innego zrodla
Gutek
(Gutek)
18 Czerwiec 2007 22:26
#6
Użyj Pocket Killbox . Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżkę
C:\WINDOWS\System32\livecal.exe
i naciskasz X czerwony . Program poprosi o reset kompa … czyli resetujesz.
Czyszczenie rejestru:
RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177
możesz rejestr przelecieć albo
jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509