x-kom hosting

StarWindService.exe

tomq90

tomq90

utworzono
utworzono

Witam :)

4be807321524a9f1.jpg

Czy nie wydaje się wam dziwny mój Menadżer Zadań ?

Bo mnie z deka nie pokoi :/ Nie dawno miałem formata i pozamykałem Porty programami a więc wirus żaden chyba się nie wkradła :/

Ale czy to nie dziwne że są dwa otwarte:

ati2evxx.exe i CLI.exe

Zawsze miałem każde tylko po jednym otwarte :/

Wie ktoś czy to źle że są po dwa razy otwarte ?

I co to jest to StarWindService.exe bo to coś mnie nie pokoi i odkąd pamiętam nigdy tego nie miałem otwartego :/

CatchMe

CatchMe

komentarz
komentarz

Wklej logi z HijackThis i ComboFix. :)

tomq90

tomq90

komentarz
  • Autor
komentarz

HijackThis

Logfile of HijackThis v1.99.1Scan saved at 19:05:20, on 2007-07-27Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:Program FilesCommon FilesLightScribeLSSrvc.exeC:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exeD:ProgramyAlcohol SoftAlcohol 120StarWindStarWindService.exeC:WINDOWSsystem32RunDll32.exeC:Program FilesATI TechnologiesATI.ACEcli.exeC:Program FilesCommon FilesRealUpdate_OBrealsched.exeC:Program FilesJavajre1.6.0_02binjusched.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesATI TechnologiesATI.ACECLI.exeC:WINDOWSsystem32wscntfy.exeD:ProgramyWinampwinamp.exeC:WINDOWSsystem32svchost.exeD:ProgramyGadu-Gadugg.exeD:ProgramyHijackThisHijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dllO2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:ProgramyFlashGetjccatch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dllO2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:ProgramyFlashGetgetflash.dllO4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM..Run: [CM-SmWizard] C:WINDOWSSystemSmWizard.exeO4 - HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exeO4 - HKLM..Run: [ATICCC] "C:Program FilesATI TechnologiesATI.ACEcli.exe" runtimeO4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe"  -osbootO4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesJavajre1.6.0_02binjusched.exe"O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exeO4 - HKCU..Run: [Gadu-Gadu] "D:ProgramyGadu-Gadugg.exe" /trayO4 - Global Startup: Adobe Reader Speed Launch.lnk = D:ProgramyAdobeReader 8.0Readerreader_sl.exeO4 - Global Startup: Adobe Reader Synchronizer.lnk = D:ProgramyAdobeReader 8.0ReaderAdobeCollabSync.exeO4 - Global Startup: ATI CATALYST System Tray.lnk = C:Program FilesATI TechnologiesATI.ACECLI.exeO4 - Global Startup: Microsoft Office.lnk = D:ProgramyMicrosoft OfficeOffice10OSA.EXEO8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - D:ProgramyFlashGetjc_link.htmO8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - D:ProgramyFlashGetjc_all.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:ProgramyMICROS~1Office10EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:ProgramyFlashGetFlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:ProgramyFlashGetFlashGet.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exeO23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exeO23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:ProgramyAlcohol SoftAlcohol 120StarWindStarWindService.exe

ComboFix

"Tomasz" - 2007-07-27 19:11:19 - ComboFix 07-07-23.6 - Dodatek Service Pack 2  NTFS  (((((((((((((((((((((((((   Files Created from 2007-06-27 to 2007-07-27  )))))))))))))))))))))))))))))))2007-07-27 19:10	51,200	--a------	C:WINDOWSnircmd.exe2007-07-27 18:23	<DIR>	d--------	C:Downloads2007-07-26 11:54	639,224	--a------	C:WINDOWSsystem32driverssptd.sys2007-07-23 13:41	221,184	--a------	C:WINDOWSsystem32wmpns.dll2007-07-21 20:20	<DIR>	d--------	C:DOCUME~1TomaszDANEAP~1GanymedeNet2007-07-21 19:22	1,663	--a------	C:WINDOWSmozver.dat2007-07-21 19:12	<DIR>	d--------	C:WINDOWSpss2007-07-21 19:01	<DIR>	d--------	C:Program FilesCommon Filesxing shared2007-07-21 19:00	<DIR>	d--------	C:Program FilesCommon FilesReal2007-07-21 19:00	<DIR>	d--------	C:DOCUME~1TomaszDANEAP~1Real2007-07-21 18:50	<DIR>	d--------	C:Program FilesCommon FilesThraex Software2007-07-21 18:15	<DIR>	d--------	C:Program FilesCommon FilesAdobe Systems Shared2007-07-21 18:08	<DIR>	d--------	C:Program FilesCommon FilesNero2007-07-21 18:08	<DIR>	d--------	C:Program FilesCommon FilesLightScribe2007-07-21 18:07	364,544	---------	C:WINDOWSsystem32TwnLib4.dll2007-07-21 18:07	106,496	--a------	C:WINDOWSsystem32TwnLib20.dll2007-07-21 18:06	476,320	---------	C:WINDOWSsystem32ImagXpr7.dll2007-07-21 18:06	471,040	---------	C:WINDOWSsystem32ImagXRA7.dll2007-07-21 18:06	262,144	---------	C:WINDOWSsystem32ImagXR7.dll2007-07-21 18:06	155,648	--a------	C:WINDOWSsystem32NeroCheck.exe2007-07-21 18:06	1,568,768	---------	C:WINDOWSsystem32ImagX7.dll2007-07-21 18:06	<DIR>	d--------	C:Program FilesCommon FilesAhead2007-07-21 17:56	82,944	--a------	C:WINDOWSsystem32driverswdmaud.sys2007-07-21 17:56	7,552	--a------	C:WINDOWSsystem32driversMSKSSRV.sys2007-07-21 17:56	60,800	--a------	C:WINDOWSsystem32driverssysaudio.sys2007-07-21 17:56	6,400	--a------	C:WINDOWSsystem32driverssplitter.sys2007-07-21 17:56	54,272	--a------	C:WINDOWSsystem32driversswmidi.sys2007-07-21 17:56	52,864	--a------	C:WINDOWSsystem32driversDMusic.sys2007-07-21 17:56	5,376	--a------	C:WINDOWSsystem32driversMSPCLOCK.sys2007-07-21 17:56	4,992	--a------	C:WINDOWSsystem32driversMSPQM.sys2007-07-21 17:56	3,072	--a------	C:WINDOWSsystem32driversaudstub.sys2007-07-21 17:56	2,944	--a------	C:WINDOWSsystem32driversdrmkaud.sys2007-07-21 17:56	171,776	--a------	C:WINDOWSsystem32driverskmixer.sys2007-07-21 17:56	142,464	--a------	C:WINDOWSsystem32driversaec.sys2007-07-21 17:55	60,288	--a------	C:WINDOWSsystem32driversdrmk.sys2007-07-21 17:55	58,624	--a------	C:WINDOWSsystem32driversredbook.sys2007-07-21 17:55	42,240	--a------	C:WINDOWSsystem32driversVIAAGP.SYS2007-07-21 17:55	4,096	--a------	C:WINDOWSsystem32ksuser.dll2007-07-21 17:55	2,944	--a------	C:WINDOWSsystem32driversmsmpu401.sys2007-07-21 17:55	145,792	--a------	C:WINDOWSsystem32driversportcls.sys2007-07-21 17:55	10,624	--a------	C:WINDOWSsystem32driversgameenum.sys2007-07-21 17:54	77,312	--a------	C:WINDOWSsystem32usbui.dll2007-07-21 17:54	27,165	--a------	C:WINDOWSsystem32driversfetnd5.sys2007-07-21 17:53	<DIR>	d--hs----	C:WINDOWSInstaller2007-07-21 17:53	<DIR>	d--------	C:Program FilesCommon FilesODBC2007-07-21 17:52	9,936	--a------	C:WINDOWSsystemLZEXPAND.DLL2007-07-21 17:52	9,168	--a------	C:WINDOWSsystemVER.DLL2007-07-21 17:52	85,532	--a------	C:WINDOWSsystem32dgsetup.dll2007-07-21 17:52	83,456	--a------	C:WINDOWSsystemOLECLI.DLL2007-07-21 17:52	8,704	--a------	C:WINDOWSsystem32batt.dll2007-07-21 17:52	8,192	-ra------	C:WINDOWSsystem32kbdhept.dll2007-07-21 17:52	75,776	--a------	C:WINDOWSsystem32storprop.dll2007-07-21 17:52	70,144	--a------	C:WINDOWSNOTEPAD.EXE2007-07-21 17:52	70,096	--a------	C:WINDOWSsystemAVICAP.DLL2007-07-21 17:52	7,168	--a------	C:WINDOWSsystem32kbdcz.dll2007-07-21 17:52	69,552	--a------	C:WINDOWSsystemMMSYSTEM.DLL2007-07-21 17:52	6,656	-ra------	C:WINDOWSsystem32kbdhela3.dll2007-07-21 17:52	6,656	--a------	C:WINDOWSsystem32kbdycl.dll2007-07-21 17:52	6,656	--a------	C:WINDOWSsystem32kbdsl1.dll2007-07-21 17:52	6,656	--a------	C:WINDOWSsystem32kbdsl.dll2007-07-21 17:52	6,656	--a------	C:WINDOWSsystem32kbdhu.dll2007-07-21 17:52	6,656	--a------	C:WINDOWSsystem32kbdcz2.dll2007-07-21 17:52	6,656	--a------	C:WINDOWSsystem32kbdcz1.dll2007-07-21 17:52	6,656	--a------	C:WINDOWSsystem32kbdcr.dll2007-07-21 17:52	6,656	--a------	C:WINDOWSsystem32KBDAL.DLL2007-07-21 17:52	6,144	-ra------	C:WINDOWSsystem32kbdtuq.dll2007-07-21 17:52	6,144	-ra------	C:WINDOWSsystem32kbdtuf.dll2007-07-21 17:52	6,144	-ra------	C:WINDOWSsystem32kbdlv1.dll2007-07-21 17:52	6,144	-ra------	C:WINDOWSsystem32kbdlv.dll2007-07-21 17:52	6,144	-ra------	C:WINDOWSsystem32kbdhela2.dll2007-07-21 17:52	6,144	-ra------	C:WINDOWSsystem32kbdgkl.dll2007-07-21 17:52	6,144	-ra------	C:WINDOWSsystem32kbdest.dll2007-07-21 17:52	5,632	-ra------	C:WINDOWSsystem32kbdmon.dll2007-07-21 17:52	5,632	-ra------	C:WINDOWSsystem32kbdlt1.dll2007-07-21 17:52	5,632	-ra------	C:WINDOWSsystem32kbdlt.dll2007-07-21 17:52	5,632	-ra------	C:WINDOWSsystem32kbdkyr.dll2007-07-21 17:52	5,632	-ra------	C:WINDOWSsystem32kbdhe319.dll2007-07-21 17:52	5,632	-ra------	C:WINDOWSsystem32kbdhe220.dll2007-07-21 17:52	5,632	-ra------	C:WINDOWSsystem32kbdhe.dll2007-07-21 17:52	5,632	-ra------	C:WINDOWSsystem32kbdazel.dll2007-07-21 17:52	5,632	--a------	C:WINDOWSsystem32kbdro.dll2007-07-21 17:52	5,632	--a------	C:WINDOWSsystem32kbdhu1.dll2007-07-21 17:52	5,120	--a------	C:WINDOWSsystemSHELL.DLL2007-07-21 17:52	33,376	--a------	C:WINDOWSsystemCOMMDLG.DLL2007-07-21 17:52	24,661	--a------	C:WINDOWSsystem32spxcoins.dll2007-07-21 17:52	24,064	--a------	C:WINDOWSsystemOLESVR.DLL2007-07-21 17:52	19,200	--a------	C:WINDOWSsystemTAPI.DLL2007-07-21 17:52	176,157	--a------	C:WINDOWSsystem32dgrpsetu.dll2007-07-21 17:52	15,360	--a------	C:WINDOWSTASKMAN.EXE2007-07-21 17:52	13,312	--a------	C:WINDOWSsystem32irclass.dll2007-07-21 17:52	127,008	--a------	C:WINDOWSsystemMSVIDEO.DLL2007-07-21 17:52	11,264	--a------	C:WINDOWSsystem32driversirenum.sys2007-07-21 17:52	109,488	--a------	C:WINDOWSsystemAVIFILE.DLL2007-07-21 17:52	103,424	--a------	C:WINDOWSsystem32EqnClass.Dll2007-07-21 17:52	<DIR>	dr-h-----	C:DOCUME~1DEFAUL~1Ustawienia lokalne2007-07-21 17:52	<DIR>	dr-h-----	C:DOCUME~1DEFAUL~1Dane aplikacji2007-07-21 17:52	<DIR>	dr-h-----	C:DOCUME~1ALLUSE~1Dane aplikacji2007-07-21 17:52	<DIR>	dr-------	C:Program Files2007-07-21 17:52	<DIR>	dr-------	C:DOCUME~1DEFAUL~1Menu Start2007-07-21 17:52	<DIR>	dr-------	C:DOCUME~1ALLUSE~1Menu Start((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))2007-07-21 14:20:47	73,532	----a-w	C:WINDOWSsystem32perfc015.dat2007-07-21 14:20:47	495,436	----a-w	C:WINDOWSsystem32perfh015.dat2007-07-21 14:03:35	--------	d-----w	C:Program FilesUsługi online(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"Cmaudio"="cmicnfg.cpl" []"ATIPTA"="C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" [2004-08-25 12:52]"@"="" []"ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" [2004-08-25 14:25]"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2007-07-21 19:00]"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_02binjusched.exe" [2007-07-12 04:00][HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 00:44]"Gadu-Gadu"="D:ProgramyGadu-Gadugg.exe" [2007-05-10 16:36][HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionrun]"<NO NAME>"="ATICCC"="C:Program FilesATI TechnologiesATI.ACEcli.exe" runtimeC:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Reader Speed Launch.lnk - D:ProgramyAdobeReader 8.0Readerreader_sl.exe [2006-10-23 02:48:00]Adobe Reader Synchronizer.lnk - D:ProgramyAdobeReader 8.0ReaderAdobeCollabSync.exe [2006-10-23 01:01:00]ATI CATALYST System Tray.lnk - C:Program FilesATI TechnologiesATI.ACECLI.exe [2004-08-25 14:25:56]Microsoft Office.lnk - D:ProgramyMicrosoft OfficeOffice10OSA.EXE [2001-02-13 10:01:04][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregFlashget]"D:ProgramyFlashGetFlashGet.exe" /min[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGadu-Gadu]"D:ProgramyGadu-Gadugg.exe" /tray[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]C:WINDOWSsystem32NeroCheck.exe[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregWinampAgent]D:ProgramyWinampwinampa.exeR2 SetupNT;SetupNT;C:WINDOWSsystem32SetupNT.sysR3 cmuda;C-Media WDM Audio Interface;C:WINDOWSsystem32driverscmuda.sysR3 FETNDIS;Sterownik NT karty VIA PCI 10/100Mb Fast Ethernet;C:WINDOWSsystem32DRIVERSfetnd5.sysR3 ms_mpu401;Sterownik portu MIDI UART Microsoft MPU-401;C:WINDOWSsystem32driversmsmpu401.sysS3 GVCplDrv;GVCplDrv;C:WINDOWSsystem32driversGVCplDrv.sys**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2007-07-27 19:12:32Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden registry entries ...[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavoitesA151c]"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************Completion time: 2007-07-27 19:13:34	--- E O F ---

[ Dodano: 2007-07-27, 19:49 ]

Jak na moją głowę to z HijackThis Logi są czyste a na ComboFixie to nie mam pojęcia xD

CatchMe

CatchMe

komentarz
komentarz

czyste :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

Zadaj pytanie bez logowania
Przejdź do listy tematów
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.

  Akceptuję