x-kom hosting

Hijackthis log. Prosze sprawdzic, z gory dzieki :P

Guess Who
utworzono
utworzono

Jak prawie kazdy, korzystam z wyszukiwarki google.pl/itd... Dzisiaj po wpisaniu terminu do wyszukania wyswietlil mi sie blad '403 Forbidden' (pewnie brak dostepu), a pod nim komunikat:

We're sorry...

... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now.

We'll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software.

We apologize for the inconvenience, and hope we'll see you again on Google.

Zamieszczam tutaj loga z HijackThis, poniewaz moj antywirus (Avast) nic nie wykryl...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:19:52, on 2007-08-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSSYSTEM32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32spoolsv.exe

C:AppServApacheApache.exe

C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

C:WINDOWSeHomeehRecvr.exe

C:WINDOWSeHomeehSched.exe

C:AppServApacheApache.exe

C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgentSvc.exe

C:PROGRA~1Microsoft SQL ServerMSSQLbinnsqlservr.exe

C:AppServmysqlbinmysqld-nt.exe

C:WINDOWSsystem32nvsvc32.exe

C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWLService.exe

C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWMP54Gv4.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:WINDOWSsystem32dllhost.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSOUNDMAN.EXE

C:WINDOWSehomeehtray.exe

C:WINDOWSsystem32ItemEditor.exe

C:Program FilesAlwil SoftwareAvast4ashDisp.exe

C:WINDOWSeHomeehmsas.exe

C:WINDOWSPatch.exe

C:WINDOWSsystem32ctfmon.exe

C:Program FilesMessengermsmsgs.exe

C:Program FilesGadu-Gadugg.exe

C:Program FilesValveSteamSteam.exe

C:Program FilesSkypePhoneSkype.exe

C:Program FilesVidalia BundleVidaliavidalia.exe

C:Program FilesVidalia BundlePrivoxyprivoxy.exe

C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe

C:Program FilesivoUniSpiker-2.6uni_spiker-2.6.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesSkypePlugin ManagerskypePM.exe

C:Program FilesOperaOpera.exe

C:Program FilesVidalia BundleTortor.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.google.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.vobis.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: MU Online Toolbar Helper - {D3138B39-C8A6-440B-9D42-50F766AEA8C7} - C:Program FilesMU Online Toolbarv3.2.0.0MU_Online_Toolbar.dll

O3 - Toolbar: MU Online Toolbar - {B9D1647F-A66A-4695-B249-07901A45FF59} - C:Program FilesMU Online Toolbarv3.2.0.0MU_Online_Toolbar.dll

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe

O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot

O4 - HKLM..Run: [sysCtrl] C:WINDOWSsystem32ItemEditor.exe

O4 - HKLM..Run: [avast!] "C:Program FilesAlwil SoftwareAvast4ashDisp.exe"

O4 - HKLM..Run: [Patch] C:WINDOWSPatch.exe /nomsg

O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe

O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background

O4 - HKCU..Run: [Gadu-Gadu] "C:Program FilesGadu-Gadugg.exe" /tray

O4 - HKCU..Run: [steam] "C:Program FilesValveSteamSteam.exe" -silent

O4 - HKCU..Run: [skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized

O4 - HKCU..Run: [Vidalia] "C:Program FilesVidalia BundleVidaliavidalia.exe"

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')

O4 - Startup: UniSpiker-2.6.lnk = ?

O4 - Global Startup: KaBoom! Popup Blocker.lnk = C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgent.exe

O4 - Global Startup: Privoxy.lnk = C:Program FilesVidalia BundlePrivoxyprivoxy.exe

O4 - Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.vobis.pl/

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSkype4COM.dll

O23 - Service: Apache - Unknown owner - C:AppServApacheApache.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateALUSchedulerSvc.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe (file missing)

O23 - Service: IEAgentSvc - Binns and Company Software, Inc. - C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgentSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLiveUpdateLuComServer_3_1.EXE

O23 - Service: MySQL - Unknown owner - C:AppServmysqlbinmysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:Program FilesLinksys Wireless-G PCI Wireless Network MonitorWLService.exe

--

End of file - 6735 bytes

Dodam, ze od dzisiaj korzystam z anonimowego ip, sieci Tor, moze to jest przyczyna... Z gory dziekuje za pomoc w tej sprawie :)

Pozdrawiam, Gu3ss Wh0. :piwko:

CatchMe
komentarz
komentarz

Usuń w t. awaryjnym plik:

C:WINDOWSPatch.exe

O4 - HKLM..Run: [Patch] C:WINDOWSPatch.exe /nomsg

Znasz?

C:WINDOWSsystem32ItemEditor.exe

O4 - HKLM..Run: [sysCtrl] C:WINDOWSsystem32ItemEditor.exe

- Wklej log z ComboFix.

Guess Who
komentarz
komentarz

Patch.exe jest niegrozny. Tzn. sam na sobie trojana testowalem <lol2> ^^ ItemEditor.exe, znam.

ComboFix skanuje, pozniej dam edita.

Dzieki za pomoc :]

@edit Log z ComboFix

ComboFix 07-08-14.4 - "Snoopy" 2007-08-16 17:19:48.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.129 [GMT 2:00]

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:WINDOWSlinkinfo.dll

((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))

2007-08-16 17:19 51,200 --a------ C:WINDOWSnircmd.exe

2007-08-16 15:32 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1Ethereal

2007-08-16 11:53 <DIR> d-------- C:Program FilesWinPcap

2007-08-16 11:52 <DIR> d-------- C:Program FilesEthereal

2007-08-15 20:58 182,784 --a------ C:WINDOWSsystemscvhost.exe

2007-08-15 19:19 <DIR> d-------- C:Program FilesTrend Micro

2007-08-15 15:24 17,264 --a------ C:WINDOWSsystem32drivershfxp2.sys

2007-08-15 15:24 <DIR> d-------- C:Program FilesHide Folders XP 2

2007-08-15 15:17 <DIR> d-------- C:TempVSD10E.tmp

2007-08-15 15:17 <DIR> d-------- C:Program FilesBlue Lakes Technology

2007-08-15 14:45 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1tor

2007-08-15 14:43 <DIR> d-------- C:Program FilesVidalia Bundle

2007-08-15 14:43 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1Vidalia

2007-08-14 21:14 <DIR> d---s---- C:TempHistoria

2007-08-13 23:39 <DIR> d-------- C:WINDOWSvf_hip

2007-08-13 23:39 <DIR> d-------- C:Program FilesHide IP Platinum

2007-08-12 16:48 <DIR> d-------- C:Program FilesSkype

2007-08-12 16:48 <DIR> d-------- C:Program FilesCommon FilesSkype

2007-08-12 16:48 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1Skype

2007-08-12 16:47 <DIR> d-------- C:DOCUME~1ALLUSE~1APPLIC~1Skype

2007-07-29 18:39 57,962 --a------ C:WINDOWSSFDLL.DLL

2007-07-29 18:39 19,968 --a------ C:WINDOWSolinkinfo.dll

2007-07-29 15:54 <DIR> d-------- C:mailbomber

2007-07-28 23:24 <DIR> d-------- C:WINDOWSspeech

2007-07-28 23:24 <DIR> d-------- C:Program Filesivo

2007-07-28 20:38 55,296 --a------ C:WINDOWSKeyHook.dll

2007-07-28 20:38 494,592 --a------ C:WINDOWSPatch.exe

2007-07-28 20:16 2 --a------ C:PB.SYS

2007-07-28 20:11 <DIR> d-------- C:Program FilesUtility Ping

2007-07-28 20:11 <DIR> d-------- C:Moje dokumenty

2007-07-28 19:22 <DIR> d-------- C:Temp{fadad306-d9f4-455c-bb91-29f629e8175b}

2007-07-28 19:22 <DIR> d-------- C:Program FilesBinnsware, Inc

2007-07-27 23:16 <DIR> d-------- C:!KillBox

2007-07-27 23:03 <DIR> d-------- C:WINDOWSvbSkinner

2007-07-27 23:03 <DIR> d-------- C:Program FilesPFConfig

2007-07-27 22:10 95,872 --a------ C:WINDOWSsystem32AvastSS.scr

2007-07-27 22:10 94,552 --a------ C:WINDOWSsystem32driversaswmon2.sys

2007-07-27 22:10 85,952 --a------ C:WINDOWSsystem32driversaswmon.sys

2007-07-27 22:10 745,600 --a------ C:WINDOWSsystem32aswBoot.exe

2007-07-27 22:10 43,176 --a------ C:WINDOWSsystem32driversaswTdi.sys

2007-07-27 22:10 26,888 --a------ C:WINDOWSsystem32driversaavmker4.sys

2007-07-27 22:10 23,416 --a------ C:WINDOWSsystem32driversaswRdr.sys

2007-07-27 22:10 <DIR> d-------- C:Temp_avast4_

2007-07-27 22:10 <DIR> d-------- C:Program FilesAlwil Software

2007-07-27 21:57 588 --a------ C:Tempsrtspse.dat

2007-07-27 21:57 524 --a------ C:Tempsrtspsp.dat

2007-07-27 21:57 2,124 --a------ C:Tempsrtspso.dat

2007-07-27 21:38 <DIR> d-------- C:DOCUME~1SnoopyAPPLIC~1AdobeUM

2007-07-27 16:00 407,130 --a------ C:WINDOWSsystem32ItemEditor.exe

2007-07-25 20:12 408,180 --a------ C:WINDOWSsystem32sys34.exe

2007-07-24 10:51 <DIR> d-------- C:Program FilesTasker

2007-07-24 09:36 <DIR> d-------- C:TempWMC0000.tmp

2007-07-23 23:35 <DIR> d-------- C:WINDOWSpss

2007-07-23 20:30 172 --a------ C:TempSSALiveUpdate.dat

2007-07-23 20:30 172 --a------ C:TempCF_Register_Action.dat

2007-07-23 20:28 <DIR> d-------- C:TempNAV14.0.0.89

2007-07-23 20:28 <DIR> d-------- C:Program FilesCommon FilesSymantec Shared

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-16 12:11 --------- d-------- C:DOCUME~1SnoopyAPPLIC~1Hamachi

2007-08-13 18:42 --------- d-------- C:Program FileseMule

2007-07-30 11:50 --------- d-------- C:DOCUME~1SnoopyAPPLIC~1Tibia

2007-07-28 19:22 --------- d--h----- C:Program FilesInstallShield Installation Information

2007-07-27 22:00 --------- d-------- C:Program FilesSymantec

2007-07-26 12:27 --------- d-------- C:Program FilesTibia

2007-07-24 09:13 --------- d-------- C:Program FilesCommon FilesPanda Software

2007-07-01 15:07 402944 --a------ C:WINDOWSsystem32AKV.exe

2007-06-28 10:22 --------- d-------- C:Program FilesDiablo II Shareware

2007-06-28 10:21 2829 --a------ C:WINDOWSDIIDUnin.pif

2007-06-28 10:21 102400 --a------ C:WINDOWSDIIDUnin.exe

2007-06-27 17:19 --------- d-------- C:Program FilesOpera

2007-06-27 17:19 --------- d-------- C:Program FilesMessenger

2007-06-27 17:19 --------- d-------- C:Program FilesGadu-Gadu

2007-06-26 17:13 851968 --a--c--- C:WINDOWSsystem32dllcachevgx.dll

2007-06-26 16:35 665600 --a--c--- C:WINDOWSsystem32dllcachewininet.dll

2007-06-26 08:08 1104896 --a--c--- C:WINDOWSsystem32dllcachemsxml3.dll

2007-06-26 08:08 1104896 --a------ C:WINDOWSsystem32msxml3.dll

2007-06-25 14:57 24 --a------ C:WINDOWSsystem32driverswnmsav.dat

2007-06-25 13:13 --------- d-------- C:Program FilesAC3Filter

2007-06-25 12:58 --------- d-------- C:Program FilesPanda Software

2007-06-22 21:57 --------- d-------- C:Program FilesAsprate

2007-06-22 21:22 --------- d-------- C:Program FilesValve

2007-06-21 22:28 --------- d-------- C:DOCUME~1SnoopyAPPLIC~1Gadu-Gadu

2007-06-19 15:31 282112 --a--c--- C:WINDOWSsystem32dllcachegdi32.dll

2007-06-19 15:31 282112 --a------ C:WINDOWSsystem32gdi32.dll

2007-06-18 12:56 9924115 --a------ C:Program Filestibia76.exe

2007-06-18 00:18 --------- d-------- C:Program FilesIDoser v4

2007-06-15 10:12 96256 --a--c--- C:WINDOWSsystem32dllcacheinseng.dll

2007-06-15 10:12 616960 --a--c--- C:WINDOWSsystem32dllcacheurlmon.dll

2007-06-15 10:12 55808 --a--c--- C:WINDOWSsystem32dllcacheextmgr.dll

2007-06-15 10:12 532480 --a--c--- C:WINDOWSsystem32dllcachemstime.dll

2007-06-15 10:12 474112 --a--c--- C:WINDOWSsystem32dllcacheshlwapi.dll

2007-06-15 10:12 449024 --a--c--- C:WINDOWSsystem32dllcachemshtmled.dll

2007-06-15 10:12 39424 --a--c--- C:WINDOWSsystem32dllcachepngfilt.dll

2007-06-15 10:12 357888 --a--c--- C:WINDOWSsystem32dllcachedxtmsft.dll

2007-06-15 10:12 3064320 --a--c--- C:WINDOWSsystem32dllcachemshtml.dll

2007-06-15 10:12 251904 --a--c--- C:WINDOWSsystem32dllcacheiepeers.dll

2007-06-15 10:12 205824 --a--c--- C:WINDOWSsystem32dllcachedxtrans.dll

2007-06-15 10:12 16384 --a--c--- C:WINDOWSsystem32dllcachejsproxy.dll

2007-06-15 10:12 151040 --a--c--- C:WINDOWSsystem32dllcachecdfview.dll

2007-06-15 10:12 1498112 --a--c--- C:WINDOWSsystem32dllcacheshdocvw.dll

2007-06-15 10:12 146432 --a--c--- C:WINDOWSsystem32dllcachemsrating.dll

2007-06-15 10:12 1054208 --a--c--- C:WINDOWSsystem32dllcachedanim.dll

2007-06-15 10:12 1022976 --a--c--- C:WINDOWSsystem32dllcachebrowseui.dll

2007-06-14 12:32 18432 --a--c--- C:WINDOWSsystem32dllcacheiedw.exe

2007-06-13 12:23 1033216 --a--c--- C:WINDOWSsystem32dllcacheexplorer.exe

2007-06-13 12:23 1033216 --a------ C:WINDOWSexplorer.exe

2007-05-17 13:28 549376 --a--c--- C:WINDOWSsystem32dllcacheoleaut32.dll

2007-05-17 13:28 549376 --a------ C:WINDOWSsystem32oleaut32.dll

2007-05-16 17:12 86528 --a--c--- C:WINDOWSsystem32dllcachedirectdb.dll

2007-05-16 17:12 85504 --a--c--- C:WINDOWSsystem32dllcachewabimp.dll

2007-05-16 17:12 683520 --a--c--- C:WINDOWSsystem32dllcacheinetcomm.dll

2007-05-16 17:12 683520 --a------ C:WINDOWSsystem32inetcomm.dll

2007-05-16 17:12 510976 --a--c--- C:WINDOWSsystem32dllcachewab32.dll

2007-05-16 17:12 1314816 --a--c--- C:WINDOWSsystem32dllcachemsoe.dll

2007-03-22 21:46 16426460 --a------ C:Program FilesMU_Online_Installer_092906.exe

C:Program Filesbez tytułu.bmp

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 C:WINDOWSSOUNDMAN.EXE]

"NvCplDaemon"="C:WINDOWSsystem32NvCpl.dll" [2005-05-16 11:47]

"nwiz"="nwiz.exe" [2005-05-16 11:47 C:WINDOWSsystem32nwiz.exe]

"NvMediaCenter"="C:WINDOWSsystem32NvMcTray.dll" [2005-05-16 11:47]

"ehTray"="C:WINDOWSehomeehtray.exe" [2005-08-05 14:56]

"TkBellExe"="C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2007-02-05 02:59]

"SysCtrl"="C:WINDOWSsystem32ItemEditor.exe" [2007-07-27 15:59]

"avast!"="C:Program FilesAlwil SoftwareAvast4ashDisp.exe" [2007-04-30 17:42]

"Patch"="C:WINDOWSPatch.exe" [1998-11-14 02:04]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-10 14:00]

"MSMSGS"="C:Program FilesMessengermsmsgs.exe" [2004-10-13 18:24]

"Gadu-Gadu"="C:Program FilesGadu-Gadugg.exe" [2007-05-10 16:36]

"Steam"="C:Program FilesValveSteamSteam.exe" [2007-06-30 14:20]

"Skype"="C:Program FilesSkypePhoneSkype.exe" [2007-08-06 12:43]

"Vidalia"="C:Program FilesVidalia BundleVidaliavidalia.exe" [2007-08-02 09:23]

"scvhost"="c:windowssystemscvhost.exe" [2007-08-15 20:58]

C:Documents and SettingsSnoopyStart MenuProgramsStartup

UniSpiker-2.6.lnk - C:Program FilesivoUniSpiker-2.6uni_spiker-2.6.exe [2006-07-25 13:16:56]

C:Documents and SettingsAll UsersStart MenuProgramsStartup

KaBoom! Popup Blocker.lnk - C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgent.exe [2007-07-28 19:22:47]

Privoxy.lnk - C:Program FilesVidalia BundlePrivoxyprivoxy.exe [2006-11-20 16:30:54]

Service Manager.lnk - C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [2007-04-23 21:50:06]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"InstallVisualStyle"=C:WINDOWSResourcesThemesRoyaleRoyale.msstyles

"InstallTheme"=C:WINDOWSResourcesThemesRoyale.theme

R0 HFXP2;HFXP2;C:WINDOWSsystem32DRIVERSHFXP2.SYS

R0 viamraid;viamraid;C:WINDOWSsystem32DRIVERSviamraid.sys

R1 nvport;NVIDIA PORT IO Control Driver;??C:WINDOWSsystem32Driversnvport.sys

R2 IEAgentSvc;IEAgentSvc;C:Program FilesBinnsware, IncKaBoom! Popup BlockerIEAgentSvc.exe

S3 dump_wmimmc;dump_wmimmc;??C:Documents and SettingsSnoopyDesktopasdWebzenMuGameGuarddump_wmimmc.sys

S3 NPF;NetGroup Packet Filter Driver;C:WINDOWSsystem32driversnpf.sys

S3 PavSRK.sys;PavSRK.sys;??C:WINDOWSsystem32PavSRK.sys

S3 PavTPK.sys;PavTPK.sys;??C:WINDOWSsystem32PavTPK.sys

S3 PsSdk30;PsSdk30;??C:WINDOWSsystem32DriversPsSdk30.drv

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-16 17:24:33

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-08-16 17:26:13 - machine was rebooted

C:ComboFix-quarantined-files.txt ... 2007-08-16 17:26

--- E O F ---

Pozdrawiam, Gu3ss Wh0.

CatchMe
komentarz
komentarz

Zablokuj porty programami WWDC i Seconfig XP

To usunięcia tego użyj: http://stopwirusom.pl/index.php?option=com...3&Itemid=12

C:WINDOWSsystemscvhost.exe

C:WINDOWSPatch.exe

C:WINDOWSsystem32AKV.exe

C:WINDOWSsystem32sys34.exe

C:WINDOWSPatch.exe

C:Temp{fadad306-d9f4-455c-bb91-29f629e8175b}

- Po zabiegu wklej ponownie 2 logi.

  • 3 miesiące później...
Kaiser
komentarz
komentarz

Witam

Też mam ostatnio parę problemów z kompem. Możecie zerknąć na mojego loga? I jeszcze jedno. Co zrobić, kiedy pliki po wyrzuceniu z HT pojawiają się znowu przy następnym scanie?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:25:13, on 2007-12-03

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\System32\nvsvc86.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\System32\dllcache\wintcpack.exe

C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe

C:\WINDOWS\System32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe

O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Legal Service] Srb0ty.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [OfficeWord Monitors] C:\WINDOWS\System32\Offlce.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadsadas3s1] eXtream.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Legal Service] Srb0ty.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Legal Service] Srb0ty.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Legal Service] Srb0ty.exe (User 'Default user')

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll

O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{BF63B269-032B-4101-ABE8-FF95958EA179}: NameServer = 194.204.159.1 217.98.63.164

O20 - AppInit_DLLs: ??????H

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)

O23 - Service: Microsoft Windows TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\wintcpack.exe

O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe (file missing)

--

End of file - 5639 bytes

CatchMe
komentarz
komentarz

Cała paczuszka do usunięcia:

C:\WINDOWS\System32\dllcache\wintcpack.exe

O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe

O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe

O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Legal Service] Srb0ty.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [OfficeWord Monitors] C:\WINDOWS\System32\Offlce.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [MicroSoft ssadsadas3s1] eXtream.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Legal Service] Srb0ty.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MicroSoft Legal Service] Srb0ty.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Legal Service] Srb0ty.exe (User 'Default user')

O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O20 - AppInit_DLLs: ??????H

O23 - Service: Microsoft Windows TCP Ack Timing - Unknown owner - C:\WINDOWS\System32\dllcache\wintcpack.exe

Radzę użyć program SDFIX i przeskanować system dużą ilością skanerów av. Zablokuj też dziurawe porty programem Windows Worms Door Cleaner.

Następnie wklej log z HijackThis i ComboFix.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.