x-kom hosting

proszę o sprawdzenie loga

noom

noom

utworzono
utworzono

witam, proszę o sprawdzenie loga :)

Logfile of HijackThis v1.99.1

Scan saved at 21:28:12, on 18.07.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:windowsSystem32smss.exe

C:windowsSYSTEM32winlogon.exe

C:windowssystem32services.exe

C:windowssystem32lsass.exe

C:windowssystem32svchost.exe

C:windowsSystem32svchost.exe

C:windowssystem32spoolsv.exe

C:ProgrammeLavasoftAd-Aware 2007aawservice.exe

C:ProgrammeGemeinsame DateienMicrosoft SharedVS7DEBUGMDM.EXE

C:windowssystem32slserv.exe

C:windowssystem32svchost.exe

C:windowssystem32MsPMSPSv.exe

C:windowsexplorer.exe

C:WINDOWSsystem32igfxtray.exe

C:WINDOWSsystem32hkcmd.exe

C:windowsSOUNDMAN.EXE

C:ProgrammeHPhpcoretechhpcmpmgr.exe

C:ProgrammeK-Lite Codec PackRealUpdate_OBrealsched.exe

C:ProgrammeHPHP Software UpdateHPWuSchd2.exe

C:windowssystem32ctfmon.exe

C:ProgrammeHPDigital Imagingbinhpqtra08.exe

C:ProgrammeDTSinus 154 stickWifiusb.exe

C:ProgrammeWinZipWZQKPICK.EXE

C:WINDOWSFSScrCtl.exe

C:Programmestickiesstickies.exe

C:ProgrammeHPhpcoretechcomphptskmgr.exe

C:ProgrammeHPDigital Imagingbinhpqgalry.exe

C:ProgrammeMozilla Firefoxfirefox.exe

C:Dokumente und EinstellungensoniaDesktopHijackThis.exe

C:ProgrammeInternet Exploreriexplore.exe

F2 - REG:system.ini: Shell=explorer.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll

O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [HP Component Manager] "C:ProgrammeHPhpcoretechhpcmpmgr.exe"

O4 - HKLM..Run: [TkBellExe] "C:ProgrammeK-Lite Codec PackRealUpdate_OBrealsched.exe" -osboot

O4 - HKLM..Run: [HP Software Update] C:ProgrammeHPHP Software UpdateHPWuSchd2.exe

O4 - HKCU..Run: [CTFMON.EXE] C:windowssystem32ctfmon.exe

O4 - HKCU..Run: [Odkurzacz-MCD] C:ProgrammeOdkurzaczodk_mcd.exe

O4 - Startup: Screen Saver Control.lnk = C:WINDOWSFSScrCtl.exe

O4 - Startup: Stickies.lnk = C:Programmestickiesstickies.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:ProgrammeHPDigital Imagingbinhpqtra08.exe

O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:ProgrammeHPDigital Imagingbinhpqthb08.exe

O4 - Global Startup: Sinus 154 stick WLAN Manager.lnk = C:ProgrammeDTSinus 154 stickWifiusb.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:ProgrammeWinZipWZQKPICK.EXE

O8 - Extra context menu item: Add to AMV Converter... - C:ProgrammeMP3 Player Utilities 4.05AMVConvertergrab.html

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:ProgrammeMP3 Player Utilities 4.05MediaManagergrab.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:PROGRA~1MICROS~3OFFICE11EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Dokumente und EinstellungensoniaStartmenüProgrammeIMVURun IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammeMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammeMessengermsmsgs.exe

O15 - Trusted Zone: http://www.mks.com.pl

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109943998471

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O20 - Winlogon Notify: igfxcui - C:windowsSYSTEM32igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:windowsSYSTEM32WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:windowssystem32WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:ProgrammeLavasoftAd-Aware 2007aawservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgrammeGemeinsame DateienInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Unknown owner - C:ProgrammePanda SoftwarePanda Platinum 2006 Internet SecurityAntiSpampskmssvc.exe (file missing)

O23 - Service: SmartLinkService (SLService) - - C:windowsSYSTEM32slserv.exe

O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:ProgrammeGemeinsame DateienMSJB DE01FSC SharedServiceSoftware Jukebox v2.0 Service File.exe

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"CTFMON.EXE" = "C:windowssystem32ctfmon.exe" [MS]

"VD" = "*a" (unwritable string) [file not found]

"Odkurzacz-MCD" = "C:ProgrammeOdkurzaczodk_mcd.exe" ["Franmo Software"]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"IgfxTray" = "C:WINDOWSsystem32igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "C:WINDOWSsystem32hkcmd.exe" ["Intel Corporation"]

"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"HP Component Manager" = ""C:ProgrammeHPhpcoretechhpcmpmgr.exe"" ["Hewlett-Packard Company"]

"TkBellExe" = ""C:ProgrammeK-Lite Codec PackRealUpdate_OBrealsched.exe" -osboot" ["RealNetworks, Inc."]

"HP Software Update" = "C:ProgrammeHPHP Software UpdateHPWuSchd2.exe" ["Hewlett-Packard Co."]

HKLMSoftwareMicrosoftActive SetupInstalled Components

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}(Default) = "IE7 Uninstall Stub"

StubPath = "C:windowssystem32ieudinit.exe" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

InProcServer32(Default) = "C:ProgrammeAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:ProgrammeMicrosoft OfficeOFFICE11msohev.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:ProgrammeWinRARrarext.dll" [null data]

HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

InProcServer32(Default) = "C:windowssystem32WPDShServiceObj.dll" [MS]

HKLMSystemCurrentControlSetControlSession Manager

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify

<<!>> igfxcuiDLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLMSoftwareClassesPROTOCOLSFilter

<<!>> text/xmlCLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:ProgrammeGemeinsame DateienMicrosoft SharedOFFICE11MSOXMLMF.DLL" [MS]

HKLMSoftwareClasses*shellexContextMenuHandlers

7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Programme7-Zip7-zipn.dll" ["Igor Pavlov"]

VIDEOTRANS(Default) = "{C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}"

-> {HKLM...CLSID} = "AmvTransform Class"

InProcServer32(Default) = "C:ProgrammeMP3 Player Utilities 4.05AMVConverterAmvTransform.dll" [empty string]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:ProgrammeWinRARrarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

InProcServer32(Default) = "C:PROGRA~1WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Programme7-Zip7-zipn.dll" ["Igor Pavlov"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:ProgrammeWinRARrarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

InProcServer32(Default) = "C:PROGRA~1WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLMSoftwareClassesFoldershellexContextMenuHandlers

7-Zip(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "C:Programme7-Zip7-zipn.dll" ["Igor Pavlov"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "C:ProgrammeWinRARrarext.dll" [null data]

WinZip(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

InProcServer32(Default) = "C:PROGRA~1WINZIPWZSHLSTB.DLL" ["WinZip Computing, Inc."]

Default executables:

--------------------

<<!>> HKLMSoftwareClassesscrfileshellopencommand(Default) = ""%1" /S "%3"" [file not found]

Group Policies {policy setting}:

--------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "C:windowssystem32configsystemprofileLokale EinstellungenAnwendungsdatenMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "C:Dokumente und EinstellungensoniaLokale EinstellungenAnwendungsdatenMicrosoftWallpaper1.bmp"

Enabled Screen Saver:

---------------------

HKCUControl PanelDesktop

"SCRNSAVE.EXE" = "C:windowsGO2SLE~1.SCR" (Go2sleep Screensaver !.scr) ["ScreenTime Media"]

Startup items in "sonia" & "All Users" startup folders:

-------------------------------------------------------

C:Dokumente und EinstellungensoniaStartmenüProgrammeAutostart

"Screen Saver Control" -> shortcut to: "C:WINDOWSFSScrCtl.exe" ["Stardust Software"]

"Stickies" -> shortcut to: "C:Programmestickiesstickies.exe" [empty string]

C:Dokumente und EinstellungenAll UsersStartmenüProgrammeAutostart

"HP Digital Imaging Monitor" -> shortcut to: "C:ProgrammeHPDigital Imagingbinhpqtra08.exe" ["Hewlett-Packard Co."]

"HP Image Zone Schnellstart" -> shortcut to: "C:ProgrammeHPDigital Imagingbinhpqthb08.exe -s" [null data]

"Sinus 154 stick WLAN Manager" -> shortcut to: "C:ProgrammeDTSinus 154 stickWifiusb.exe" ["TECOM"]

"WinZip Quick Pick" -> shortcut to: "C:ProgrammeWinZipWZQKPICK.EXE" ["WinZip Computing, Inc."]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E

tries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En

ries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 19

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Explorer Bars

HKLMSoftwareMicrosoftInternet ExplorerExplorer Bars

HKLMSoftwareClassesCLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = "&Recherchieren"

Implemented Categories{00021493-0000-0000-C000-000000000046} [vertical bar]

InProcServer32(Default) = "C:PROGRA~1MICROS~3OFFICE11REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

-> {HKLM...CLSID} = "Web Browser Applet Control"

InProcServer32(Default) = "C:WINDOWSsystem32msjava.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}

"ButtonText" = "Recherchieren"

{D9288080-1BAA-4BC4-9CF8-A92D743DB949}

"ButtonText" = "Run IMVU"

"Exec" = "C:Dokumente und EinstellungensoniaStartmenüProgrammeIMVURun IMVU.lnk" [file not found]

{E2E2DD38-D088-4134-82B7-F2BA38496583}

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%Network Diagnosticxpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:ProgrammeMessengermsmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:ProgrammeLavasoftAd-Aware 2007aawservice.exe"" ["Lavasoft AB"]

Machine Debug Manager, MDM, ""C:ProgrammeGemeinsame DateienMicrosoft SharedVS7DEBUGMDM.EXE"" [MS]

SmartLinkService, SLService, "slserv.exe" [" "]

WMDM PMSP Service, WMDM PMSP Service, "C:windowssystem32MsPMSPSv.exe" [MS]

Print Monitors:

---------------

HKLMSystemCurrentControlSetControlPrintMonitors

hpzsnt10Driver = "hpzsnt10.dll" ["HP"]

Microsoft Document Imaging Writer MonitorDriver = "mdimon.dll" [MS]

Microsoft Shared Fax MonitorDriver = "FXSMON.DLL" [MS]

----------

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 169 seconds.

---------- (total run time: 289 seconds)

proszę o wyrozumiałość, robie to pierwszy raz ;)

dziekuje za odpowiedz

CatchMe

CatchMe

komentarz
komentarz

W HijackThis kasujesz:

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:Dokumente und EinstellungensoniaStartmenüProgrammeIMVURun IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)

- Wklej log z ComboFix.

noom

noom

komentarz
  • Autor
komentarz

proszę o sprawdzenie :)

log z combofix - http://wklej.org/id/0abd03f2bc

CatchMe

CatchMe

komentarz
komentarz

- Skasuj folder kwarantanny C:Qoobox. Także plik Bagle:

C:WINDOWSsystem32flec003.exe

- Użyj narzędzia http://stopwirusom.pl/index.php?option=com...4&Itemid=12 by naprawić tryb awaryjny.

Poza tym logi czyste. :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

Zadaj pytanie bez logowania
Przejdź do listy tematów
×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.

  Akceptuję