Guess Who utworzono 14 sierpnia 2007 utworzono 14 sierpnia 2007 Jak prawie kazdy, korzystam z wyszukiwarki google.pl/itd... Dzisiaj po wpisaniu terminu do wyszukania wyswietlil mi sie blad '403 Forbidden' (pewnie brak dostepu), a pod nim komunikat: We're sorry... ... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now. We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software. We apologize for the inconvenience, and hope we'll see you again on Google. Zamieszczam tutaj loga z HijackThis, poniewaz moj antywirus (Avast) nic nie wykryl... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:19:52, on 2007-08-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSSYSTEM32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe C:Program FilesAlwil SoftwareAvast4ashServ.exe C:WINDOWSsystem32spoolsv.exe C:AppServApacheApache.exe C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe C:WINDOWSeHomeehRecvr.exe C:WINDOWSeHomeehSched.exe C:AppServApacheApache.exe C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgentSvc.exe C:PROGRA~1Microsoft SQL ServerMSSQLbinnsqlservr.exe C:AppServmysqlbinmysqld-nt.exe C:WINDOWSsystem32nvsvc32.exe C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWLService.exe C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWMP54Gv4.exe C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe C:Program FilesAlwil SoftwareAvast4ashWebSv.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE C:WINDOWSehomeehtray.exe C:WINDOWSsystem32ItemEditor.exe C:Program FilesAlwil SoftwareAvast4ashDisp.exe C:WINDOWSeHomeehmsas.exe C:WINDOWSPatch.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesMessengermsmsgs.exe C:Program FilesGadu-Gadugg.exe C:Program FilesValveSteamSteam.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesVidalia BundleVidaliavidalia.exe C:Program FilesVidalia BundlePrivoxyprivoxy.exe C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe C:Program FilesivoUniSpiker-2.6uni_spiker-2.6.exe C:WINDOWSSystem32svchost.exe C:Program FilesSkypePlugin ManagerskypePM.exe C:Program FilesOperaOpera.exe C:Program FilesVidalia BundleTortor.exe C:WINDOWSsystem32svchost.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.vobis.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: MU Online Toolbar Helper - {D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:Program FilesMU Online Toolbarv3.2.0.0MU_Online_Toolbar.dll O3 - Toolbar: MU Online Toolbar - {B9D1647F-A66A-4695-B249-07901A45FF59} - C:Program FilesMU Online Toolbarv3.2.0.0MU_Online_Toolbar.dll O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot O4 - HKLM..Run: [sysCtrl] C:WINDOWSsystem32ItemEditor.exe O4 - HKLM..Run: [avast!] "C:Program FilesAlwil SoftwareAvast4ashDisp.exe" O4 - HKLM..Run: [Patch] C:WINDOWSPatch.exe /nomsg O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray O4 - HKCU..Run: [steam] "C:Program FilesValveSteamSteam.exe" -silent O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized O4 - HKCU..Run: [Vidalia] "C:Program FilesVidalia BundleVidaliavidalia.exe" O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') O4 - Startup: UniSpiker-2.6.lnk = ? O4 - Global Startup: KaBoom! Popup Blocker.lnk = C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgent.exe O4 - Global Startup: Privoxy.lnk = C:Program FilesVidalia BundlePrivoxyprivoxy.exe O4 - Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/ O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSkype4COM.dll O23 - Service: Apache - Unknown owner - C:AppServApacheApache.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing) O23 - Service: IEAgentSvc - Binns and Company Software, Inc. - C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgentSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLiveUpdateLuComServer_3_1.EXE O23 - Service: MySQL - Unknown owner - C:AppServmysqlbinmysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: WMP54Gv4SVC - GEMTEKS - C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWLService.exe -- End of file - 6735 bytes Dodam, ze od dzisiaj korzystam z anonimowego ip, sieci Tor, moze to jest przyczyna... Z gory dziekuje za pomoc w tej sprawie Pozdrawiam, Gu3ss Wh0.
CatchMe komentarz 14 sierpnia 2007 komentarz 14 sierpnia 2007 Usuń w t. awaryjnym plik: C:WINDOWSPatch.exe O4 - HKLM..Run: [Patch] C:WINDOWSPatch.exe /nomsg Znasz? C:WINDOWSsystem32ItemEditor.exeO4 - HKLM..Run: [sysCtrl] C:WINDOWSsystem32ItemEditor.exe - Wklej log z ComboFix.
Guess Who komentarz 15 sierpnia 2007 Autor komentarz 15 sierpnia 2007 Patch.exe jest niegrozny. Tzn. sam na sobie trojana testowalem <lol2> ^^ ItemEditor.exe, znam. ComboFix skanuje, pozniej dam edita. Dzieki za pomoc :] @edit Log z ComboFix ComboFix 07-08-14.4 - "Snoopy" 2007-08-16 17:19:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.129 [GMT 2:00] * Created a new restore point ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:WINDOWSlinkinfo.dll ((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 ))))))))))))))))))))))))))))))) 2007-08-16 17:19 51,200 --a------ C:WINDOWSnircmd.exe 2007-08-16 15:32 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1Ethereal 2007-08-16 11:53 <DIR> d-------- C:Program FilesWinPcap 2007-08-16 11:52 <DIR> d-------- C:Program FilesEthereal 2007-08-15 20:58 182,784 --a------ C:WINDOWSsystemscvhost.exe 2007-08-15 19:19 <DIR> d-------- C:Program FilesTrend Micro 2007-08-15 15:24 17,264 --a------ C:WINDOWSsystem32drivershfxp2.sys 2007-08-15 15:24 <DIR> d-------- C:Program FilesHide Folders XP 2 2007-08-15 15:17 <DIR> d-------- C:TempVSD10E.tmp 2007-08-15 15:17 <DIR> d-------- C:Program FilesBlue Lakes Technology 2007-08-15 14:45 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1tor 2007-08-15 14:43 <DIR> d-------- C:Program FilesVidalia Bundle 2007-08-15 14:43 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1Vidalia 2007-08-14 21:14 <DIR> d---s---- C:TempHistoria 2007-08-13 23:39 <DIR> d-------- C:WINDOWSvf_hip 2007-08-13 23:39 <DIR> d-------- C:Program FilesHide IP Platinum 2007-08-12 16:48 <DIR> d-------- C:Program FilesSkype 2007-08-12 16:48 <DIR> d-------- C:Program FilesCommon FilesSkype 2007-08-12 16:48 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1Skype 2007-08-12 16:47 <DIR> d-------- C:DOCUME~1ALLUSE~1APPLIC~1Skype 2007-07-29 18:39 57,962 --a------ C:WINDOWSSFDLL.DLL 2007-07-29 18:39 19,968 --a------ C:WINDOWSolinkinfo.dll 2007-07-29 15:54 <DIR> d-------- C:mailbomber 2007-07-28 23:24 <DIR> d-------- C:WINDOWSspeech 2007-07-28 23:24 <DIR> d-------- C:Program Filesivo 2007-07-28 20:38 55,296 --a------ C:WINDOWSKeyHook.dll 2007-07-28 20:38 494,592 --a------ C:WINDOWSPatch.exe 2007-07-28 20:16 2 --a------ C:PB.SYS 2007-07-28 20:11 <DIR> d-------- C:Program FilesUtility Ping 2007-07-28 20:11 <DIR> d-------- C:Moje dokumenty 2007-07-28 19:22 <DIR> d-------- C:Temp{fadad306-d9f4-455c-bb91-29f629e8175b} 2007-07-28 19:22 <DIR> d-------- C:Program FilesBinnsware, Inc 2007-07-27 23:16 <DIR> d-------- C:!KillBox 2007-07-27 23:03 <DIR> d-------- C:WINDOWSvbSkinner 2007-07-27 23:03 <DIR> d-------- C:Program FilesPFConfig 2007-07-27 22:10 95,872 --a------ C:WINDOWSsystem32AvastSS.scr 2007-07-27 22:10 94,552 --a------ C:WINDOWSsystem32driversaswmon2.sys 2007-07-27 22:10 85,952 --a------ C:WINDOWSsystem32driversaswmon.sys 2007-07-27 22:10 745,600 --a------ C:WINDOWSsystem32aswBoot.exe 2007-07-27 22:10 43,176 --a------ C:WINDOWSsystem32driversaswTdi.sys 2007-07-27 22:10 26,888 --a------ C:WINDOWSsystem32driversaavmker4.sys 2007-07-27 22:10 23,416 --a------ C:WINDOWSsystem32driversaswRdr.sys 2007-07-27 22:10 <DIR> d-------- C:Temp_avast4_ 2007-07-27 22:10 <DIR> d-------- C:Program FilesAlwil Software 2007-07-27 21:57 588 --a------ C:Tempsrtspse.dat 2007-07-27 21:57 524 --a------ C:Tempsrtspsp.dat 2007-07-27 21:57 2,124 --a------ C:Tempsrtspso.dat 2007-07-27 21:38 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1AdobeUM 2007-07-27 16:00 407,130 --a------ C:WINDOWSsystem32ItemEditor.exe 2007-07-25 20:12 408,180 --a------ C:WINDOWSsystem32sys34.exe 2007-07-24 10:51 <DIR> d-------- C:Program FilesTasker 2007-07-24 09:36 <DIR> d-------- C:TempWMC0000.tmp 2007-07-23 23:35 <DIR> d-------- C:WINDOWSpss 2007-07-23 20:30 172 --a------ C:TempSSALiveUpdate.dat 2007-07-23 20:30 172 --a------ C:TempCF_Register_Action.dat 2007-07-23 20:28 <DIR> d-------- C:TempNAV14.0.0.89 2007-07-23 20:28 <DIR> d-------- C:Program FilesCommon FilesSymantec Shared (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-16 12:11 --------- d-------- C:DOCUME~1SnoopyAPPLIC~1Hamachi 2007-08-13 18:42 --------- d-------- C:Program FileseMule 2007-07-30 11:50 --------- d-------- C:DOCUME~1SnoopyAPPLIC~1Tibia 2007-07-28 19:22 --------- d--h----- C:Program FilesInstallShield Installation Information 2007-07-27 22:00 --------- d-------- C:Program FilesSymantec 2007-07-26 12:27 --------- d-------- C:Program FilesTibia 2007-07-24 09:13 --------- d-------- C:Program FilesCommon FilesPanda Software 2007-07-01 15:07 402944 --a------ C:WINDOWSsystem32AKV.exe 2007-06-28 10:22 --------- d-------- C:Program FilesDiablo II Shareware 2007-06-28 10:21 2829 --a------ C:WINDOWSDIIDUnin.pif 2007-06-28 10:21 102400 --a------ C:WINDOWSDIIDUnin.exe 2007-06-27 17:19 --------- d-------- C:Program FilesOpera 2007-06-27 17:19 --------- d-------- C:Program FilesMessenger 2007-06-27 17:19 --------- d-------- C:Program FilesGadu-Gadu 2007-06-26 17:13 851968 --a--c--- C:WINDOWSsystem32dllcachevgx.dll 2007-06-26 16:35 665600 --a--c--- C:WINDOWSsystem32dllcachewininet.dll 2007-06-26 08:08 1104896 --a--c--- C:WINDOWSsystem32dllcachemsxml3.dll 2007-06-26 08:08 1104896 --a------ C:WINDOWSsystem32msxml3.dll 2007-06-25 14:57 24 --a------ C:WINDOWSsystem32driverswnmsav.dat 2007-06-25 13:13 --------- d-------- C:Program FilesAC3Filter 2007-06-25 12:58 --------- d-------- C:Program FilesPanda Software 2007-06-22 21:57 --------- d-------- C:Program FilesAsprate 2007-06-22 21:22 --------- d-------- C:Program FilesValve 2007-06-21 22:28 --------- d-------- C:DOCUME~1SnoopyAPPLIC~1Gadu-Gadu 2007-06-19 15:31 282112 --a--c--- C:WINDOWSsystem32dllcachegdi32.dll 2007-06-19 15:31 282112 --a------ C:WINDOWSsystem32gdi32.dll 2007-06-18 12:56 9924115 --a------ C:Program Filestibia76.exe 2007-06-18 00:18 --------- d-------- C:Program FilesIDoser v4 2007-06-15 10:12 96256 --a--c--- C:WINDOWSsystem32dllcacheinseng.dll 2007-06-15 10:12 616960 --a--c--- C:WINDOWSsystem32dllcacheurlmon.dll 2007-06-15 10:12 55808 --a--c--- C:WINDOWSsystem32dllcacheextmgr.dll 2007-06-15 10:12 532480 --a--c--- C:WINDOWSsystem32dllcachemstime.dll 2007-06-15 10:12 474112 --a--c--- C:WINDOWSsystem32dllcacheshlwapi.dll 2007-06-15 10:12 449024 --a--c--- C:WINDOWSsystem32dllcachemshtmled.dll 2007-06-15 10:12 39424 --a--c--- C:WINDOWSsystem32dllcachepngfilt.dll 2007-06-15 10:12 357888 --a--c--- C:WINDOWSsystem32dllcachedxtmsft.dll 2007-06-15 10:12 3064320 --a--c--- C:WINDOWSsystem32dllcachemshtml.dll 2007-06-15 10:12 251904 --a--c--- C:WINDOWSsystem32dllcacheiepeers.dll 2007-06-15 10:12 205824 --a--c--- C:WINDOWSsystem32dllcachedxtrans.dll 2007-06-15 10:12 16384 --a--c--- C:WINDOWSsystem32dllcachejsproxy.dll 2007-06-15 10:12 151040 --a--c--- C:WINDOWSsystem32dllcachecdfview.dll 2007-06-15 10:12 1498112 --a--c--- C:WINDOWSsystem32dllcacheshdocvw.dll 2007-06-15 10:12 146432 --a--c--- C:WINDOWSsystem32dllcachemsrating.dll 2007-06-15 10:12 1054208 --a--c--- C:WINDOWSsystem32dllcachedanim.dll 2007-06-15 10:12 1022976 --a--c--- C:WINDOWSsystem32dllcachebrowseui.dll 2007-06-14 12:32 18432 --a--c--- C:WINDOWSsystem32dllcacheiedw.exe 2007-06-13 12:23 1033216 --a--c--- C:WINDOWSsystem32dllcacheexplorer.exe 2007-06-13 12:23 1033216 --a------ C:WINDOWSexplorer.exe 2007-05-17 13:28 549376 --a--c--- C:WINDOWSsystem32dllcacheoleaut32.dll 2007-05-17 13:28 549376 --a------ C:WINDOWSsystem32oleaut32.dll 2007-05-16 17:12 86528 --a--c--- C:WINDOWSsystem32dllcachedirectdb.dll 2007-05-16 17:12 85504 --a--c--- C:WINDOWSsystem32dllcachewabimp.dll 2007-05-16 17:12 683520 --a--c--- C:WINDOWSsystem32dllcacheinetcomm.dll 2007-05-16 17:12 683520 --a------ C:WINDOWSsystem32inetcomm.dll 2007-05-16 17:12 510976 --a--c--- C:WINDOWSsystem32dllcachewab32.dll 2007-05-16 17:12 1314816 --a--c--- C:WINDOWSsystem32dllcachemsoe.dll 2007-03-22 21:46 16426460 --a------ C:Program FilesMU_Online_Installer_092906.exe C:Program Filesbez tytułu.bmp ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 C:WINDOWSSOUNDMAN.EXE] "NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2005-05-16 11:47] "nwiz"="nwiz.exe" [2005-05-16 11:47 C:WINDOWSsystem32nwiz.exe] "NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [2005-05-16 11:47] "ehTray"="C:WINDOWSehomeehtray.exe" [2005-08-05 14:56] "TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2007-02-05 02:59] "SysCtrl"="C:WINDOWSsystem32ItemEditor.exe" [2007-07-27 15:59] "avast!"="C:Program FilesAlwil SoftwareAvast4ashDisp.exe" [2007-04-30 17:42] "Patch"="C:WINDOWSPatch.exe" [1998-11-14 02:04] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-10 14:00] "MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24] "Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36] "Steam"="C:Program FilesValveSteamSteam.exe" [2007-06-30 14:20] "Skype"="C:Program FilesSkypePhoneSkype.exe" [2007-08-06 12:43] "Vidalia"="C:Program FilesVidalia BundleVidaliavidalia.exe" [2007-08-02 09:23] "scvhost"="c:windowssystemscvhost.exe" [2007-08-15 20:58] C:Documents and SettingsSnoopyStart MenuProgramsStartup UniSpiker-2.6.lnk - C:Program FilesivoUniSpiker-2.6uni_spiker-2.6.exe [2006-07-25 13:16:56] C:Documents and SettingsAll UsersStart MenuProgramsStartup KaBoom! Popup Blocker.lnk - C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgent.exe [2007-07-28 19:22:47] Privoxy.lnk - C:Program FilesVidalia BundlePrivoxyprivoxy.exe [2006-11-20 16:30:54] Service Manager.lnk - C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [2007-04-23 21:50:06] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "InstallVisualStyle"=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles "InstallTheme"=C:WINDOWSResourcesThemesRoyale.theme R0 HFXP2;HFXP2;C:WINDOWSsystem32DRIVERSHFXP2.SYS R0 viamraid;viamraid;C:WINDOWSsystem32DRIVERSviamraid.sys R1 nvport;NVIDIA PORT IO Control Driver;??C:WINDOWSsystem32Driversnvport.sys R2 IEAgentSvc;IEAgentSvc;C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgentSvc.exe S3 dump_wmimmc;dump_wmimmc;??C:Documents and SettingsSnoopyDesktopasdWebzenMuGameGuarddump_wmimmc.sys S3 NPF;NetGroup Packet Filter Driver;C:WINDOWSsystem32driversnpf.sys S3 PavSRK.sys;PavSRK.sys;??C:WINDOWSsystem32PavSRK.sys S3 PavTPK.sys;PavTPK.sys;??C:WINDOWSsystem32PavTPK.sys S3 PsSdk30;PsSdk30;??C:WINDOWSsystem32DriversPsSdk30.drv ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-16 17:24:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-16 17:26:13 - machine was rebooted C:ComboFix-quarantined-files.txt ... 2007-08-16 17:26 --- E O F --- Pozdrawiam, Gu3ss Wh0.
CatchMe komentarz 16 sierpnia 2007 komentarz 16 sierpnia 2007 Zablokuj porty programami WWDC i Seconfig XP To usunięcia tego użyj: http://stopwirusom.pl/index.php?option=com...3&Itemid=12 C:WINDOWSsystemscvhost.exe C:WINDOWSPatch.exe C:WINDOWSsystem32AKV.exe C:WINDOWSsystem32sys34.exe C:WINDOWSPatch.exe C:Temp{fadad306-d9f4-455c-bb91-29f629e8175b} - Po zabiegu wklej ponownie 2 logi.
Kaiser komentarz 3 grudnia 2007 komentarz 3 grudnia 2007 Witam Też mam ostatnio parę problemów z kompem. Możecie zerknąć na mojego loga? I jeszcze jedno. Co zrobić, kiedy pliki po wyrzuceniu z HT pojawiają się znowu przy następnym scanie? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:25:13, on 2007-12-03 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\System32\nvsvc86.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\dllcache\wintcpack.exe C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe C:\WINDOWS\System32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Legal Service] Srb0ty.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [OfficeWord Monitors] C:\WINDOWS\System32\Offlce.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadsadas3s1] eXtream.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Legal Service] Srb0ty.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Legal Service] Srb0ty.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Legal Service] Srb0ty.exe (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{BF63B269-032B-4101-ABE8-FF95958EA179}: NameServer = 194.204.159.1 217.98.63.164 O20 - AppInit_DLLs: ??????H O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing) O23 - Service: Microsoft Windows TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\wintcpack.exe O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe (file missing) -- End of file - 5639 bytes
CatchMe komentarz 4 grudnia 2007 komentarz 4 grudnia 2007 Cała paczuszka do usunięcia: C:\WINDOWS\System32\dllcache\wintcpack.exe O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Legal Service] Srb0ty.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [OfficeWord Monitors] C:\WINDOWS\System32\Offlce.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadsadas3s1] eXtream.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Legal Service] Srb0ty.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Legal Service] Srb0ty.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Legal Service] Srb0ty.exe (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O20 - AppInit_DLLs: ??????H O23 - Service: Microsoft Windows TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\wintcpack.exe Radzę użyć program SDFIX i przeskanować system dużą ilością skanerów av. Zablokuj też dziurawe porty programem Windows Worms Door Cleaner. Następnie wklej log z HijackThis i ComboFix.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.