Log hijack i spybot ruch sieciowy duzo wysylanych pakietow

playro · 4 Kwiecień 2008 13:55

tak jak w temacie nie powinno być ruchu w sieci a coś cały czas mi mieli łącze szczególnie wysyłanie

logi ponizej

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:32:40, on 2008-04-03

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe

C:\WINDOWS\TBPanel.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Unknown owner - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (file missing)

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe

O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe


--

End of file - 7585 bytes

--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---


2008-01-28 blindman.exe (1.0.0.7)

2008-01-28 SDDelFile.exe (1.0.2.4)

2008-01-28 SDMain.exe (1.0.0.5)

2007-10-07 SDShred.exe (1.0.1.2)

2008-01-28 SDUpdate.exe (1.0.8.8)

2008-01-28 SDWinSec.exe (1.0.0.11)

2008-01-28 SpybotSD.exe (1.5.2.20)

2008-01-28 TeaTimer.exe (1.5.2.16)

2008-03-20 unins000.exe (51.49.0.0)

2008-01-28 Update.exe (1.4.0.6)

2008-01-28 advcheck.dll (1.5.4.5)

2007-04-02 aports.dll (2.1.0.0)

2007-11-17 DelZip179.dll (1.79.7.4)

2008-01-28 SDFiles.dll (1.5.1.19)

2008-01-28 SDHelper.dll (1.5.0.11)

2008-01-28 Tools.dll (2.1.3.3)

2008-04-02 Includes\Cookies.sbi

2007-12-26 Includes\Dialer.sbi

2008-04-02 Includes\DialerC.sbi

2008-04-02 Includes\HeavyDuty.sbi

2008-03-19 Includes\Hijackers.sbi

2008-04-02 Includes\HijackersC.sbi

2008-02-27 Includes\Keyloggers.sbi

2008-04-02 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2008-03-26 Includes\Malware.sbi

2008-04-02 Includes\MalwareC.sbi

2008-03-26 Includes\PUPS.sbi

2008-04-02 Includes\PUPSC.sbi

2008-04-02 Includes\Revision.sbi

2008-01-09 Includes\Security.sbi

2008-04-02 Includes\SecurityC.sbi

2008-04-02 Includes\Spybots.sbi

2008-04-02 Includes\SpybotsC.sbi

2007-11-06 Includes\Tracks.uti

2008-04-02 Includes\Trojans.sbi

2008-04-02 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll


Located: HK_LM:Run, Alcmtr

command: ALCMTR.EXE

   file: C:\WINDOWS\ALCMTR.EXE

   size: 69632

    MD5: 8B4CBBA1EA526830C7F97E7822E2493A


Located: HK_LM:Run, ANIWZCS2Service

command: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

   file: 

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: HK_LM:Run, AVP

command: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

   file: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

   size: 227856

    MD5: 7519905CD74F26E9385B83BF2EF242C2


Located: HK_LM:Run, Gainward

command: C:\WINDOWS\TBPanel.exe /A

   file: C:\WINDOWS\TBPanel.exe

   size: 2177576

    MD5: F341B24808300D734408DBD19BC2D700


Located: HK_LM:Run, Kernel and Hardware Abstraction Layer

command: KHALMNPR.EXE

   file: C:\WINDOWS\KHALMNPR.EXE

   size: 56080

    MD5: F6D01B49CEFE36286A1FD8BAE8F2D6A3


Located: HK_LM:Run, NvCplDaemon

command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

   file: 

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: HK_LM:Run, NvMediaCenter

command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

   file: 

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: HK_LM:Run, nwiz

command: nwiz.exe /install

   file: C:\WINDOWS\system32\nwiz.exe

   size: 1626112

    MD5: 9493BFFB9F82EFEC742F5C56A279BD5B


Located: HK_LM:Run, RTHDCPL

command: RTHDCPL.EXE

   file: C:\WINDOWS\RTHDCPL.EXE

   size: 16858112

    MD5: D9A546F736F9C4C2C95D8D686E195010


Located: HK_LM:Run, Windows Defender

command: "C:\Program Files\Windows Defender\MSASCui.exe" -hide

   file: C:\Program Files\Windows Defender\MSASCui.exe

   size: 866584

    MD5: 77C03BF23AE56B0A31AE4D5BB4B3D0AC


Located: HK_CU:Run, ctfmon.exe

  where: S-1-5-21-796845957-813497703-839522115-1003...

command: C:\WINDOWS\system32\ctfmon.exe

   file: C:\WINDOWS\system32\ctfmon.exe

   size: 15360

    MD5: CBFA30492D70CE3938D8A7783D0C0436


Located: HK_CU:Run, SpybotSD TeaTimer

  where: S-1-5-21-796845957-813497703-839522115-1003...

command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

   file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

   size: 2097488

    MD5: A9A5DB6AC3721BE698B996913693D73F


Located: Autostart (wspólny), Logitech SetPoint.lnk

  where: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart...

command: C:\Program Files\Logitech\SetPoint\SetPoint.exe

   file: C:\Program Files\Logitech\SetPoint\SetPoint.exe

   size: 692224

    MD5: 8E6DD7BC88200935A6927FFC5E003D42


Located: Autostart (wyłączony), Rejestracja produktu Logitech (DISABLED)

command: C:\PROGRA~1\COMMON~1\LOGISH~1\eReg\SetPoint\eReg.exe /remind /language=PLK /PRNM="Logitech"

   file: C:\PROGRA~1\COMMON~1\LOGISH~1\eReg\SetPoint\eReg.exe

   size: 3036688

    MD5: D0BD3670DE8F65599CA60B7604831A83


Located: WinLogon, ckpNotify

command: ckpNotify.dll

   file: ckpNotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, crypt32chain

command: crypt32.dll

   file: crypt32.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, cryptnet

command: cryptnet.dll

   file: cryptnet.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, cscdll

command: cscdll.dll

   file: cscdll.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, klogon

command: C:\WINDOWS\system32\klogon.dll

   file: C:\WINDOWS\system32\klogon.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, ScCertProp

command: wlnotify.dll

   file: wlnotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, Schedule

command: wlnotify.dll

   file: wlnotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, sclgntfy

command: sclgntfy.dll

   file: sclgntfy.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, SensLogn

command: WlNotify.dll

   file: WlNotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, termsrv

command: wlnotify.dll

   file: wlnotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, WgaLogon

command: WgaLogon.dll

   file: WgaLogon.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!


Located: WinLogon, wlballoon

command: wlnotify.dll

   file: wlnotify.dll

   size: 0

    MD5: D41D8CD98F00B204E9800998ECF8427E

         Warning: if the file is actually larger than 0 bytes,

         the checksum could not be properly calculated!




Spybot2



Kod: Zaznacz cały

addmir · 4 Kwiecień 2008 14:05

Pokaż log z ComboFix

playro · 4 Kwiecień 2008 15:57

log z combo

ComboFix 08-04-03.5 - Paweł 2008-04-04 17:52:17.1 - NTFSx86

Agaton · 4 Kwiecień 2008 17:24

playro ,

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu

Proszę poprawić pisownię w temacie i w opisie problemu.

W celu edycji swojego posta proszę skorzystać z przycisku przy poście otwierającym temat.

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.