36 trojanów


(Adarek) #1

ktoś sprawdzi ??

ogfile of HijackThis v1.99.1

Scan saved at 14:21:45, on 2006-07-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\spoolsvv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe

C:\PROGRA~1\NEOSTR~1\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Watch.exe

C:\WINDOWS\system32\services.exe

C:\Program Files\LeechGet 2004\LeechGet.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\xp\Pulpit\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O1 - Hosts: m

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: r]

O1 - Hosts: c1.outster.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: r]

O1 - Hosts: c1.outster.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: r]

O1 - Hosts: c1.outster.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: r]

O1 - Hosts: c1.outster.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: 127.0

O1 - Hosts: 127.0

O1 - Hosts: r]

O1 - Hosts: c1.outster.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: supporthelp.com

O1 - Hosts: .1 free.xxxcounter.com

O1 - Hosts: 127.0

O1 - Hosts: 127.0

O1 - Hosts: c1.outster.com

O1 - Hosts: 12

O1 - Hosts: 120.0.1 liveupdate.symantec.com

O1 - Hosts: response.symantec.com

O1 - Hosts: xtracker.com

O1 - Hosts: 1om

O1 - Hosts: 1supporthelp.com

O1 - Hosts: supporthelp.com

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [0b87a2bc.exe] C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\0b87a2bc.exe

O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\xp\USTAWI~1\Temp\7.tmp3072.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Pobierz używając kreatora LeechGet - file://C:\Program Files\LeechGet 2004\\Wizard.html

O8 - Extra context menu item: Pobierz używając LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/Bridge-c139.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36F4B63E-BA81-4E2F-A667-C0C4DE38E4BD}: NameServer = 194.204.152.34 217.98.63.164

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

(Gblade) #2

Edytuj plik hosts w notatniku , znajdujący się w C:\windows\system32\drivers\etc , domyślnie powinna być tam linijka:

Wywal wszystko oprócz niej.

1.Startujesz do trybu awaryjnego

2.Wyłanczasz przywracanie systemu (tylko Me/Xp)

3.Kasujesz wpisy w HijackThis

4.Kasujesz pogrubione pliki/foldery

5.Dajesz nowy log z hjt + log z Silent Runners

Plik C:\Documents and Settings\All Users\Dokumenty\Settings\artm_new.dll , napewno będzie stawiał opór, ponieważ startuje z winlogon notify, dlatego użyj Pocket Killbox>>>uruchom>>>zaznacz opcje "Delete on Reboot">>>w polu "Full path of file" wklej ścieżke:

Klikasz x i zgadzasz się na restart kompa.


(Adarek) #3

To był log z kompa kolegi. Normalnie strach . 36 trojanów . Wszystkie się gdzieś łaczyły . Walka była do końca -ale format szybszy :mrgreen:


(squeet) #4

Proszę o zmianę tematu na konkretny, mówiący o problemie.