Dragonlicz
(Adelajda1000)
30 Kwiecień 2006 17:06
#1
Hey, Cześć.
Logfile of HijackThis v1.99.1 Scan saved at 23:56:45, on 2006-04-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\McAfee.com \PERSON~1\MPFSERVICE.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zeallsoft\Free Screen Capture\FSCapture.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\PROGRA~1\KEMailKb\KEMailKb.EXE C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\McAfee.com \PERSON~1\MpfTray.exe C:\Program Files\Gadu-Gadu\gg.exe C:\PROGRA~1\McAfee.com \PERSON~1\MpfAgent.exe C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.exe C:\Program Files\OpenOffice.ux.pl 2.0.1\program\soffice.BIN c:\PROGRA~1\mcafee.com \agent\mctskshd.exe c:\program files\mcafee.com \agent\mcdetect.exe D:\Moje rupiecie\Wapster\AQQ\AQQ.exe C:\Program Files\McAfee.com \Agent\mcagent.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Opera\Opera.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Admin\USTAWI~1\Temp\Rar$EX11.157\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM…\Run: [KEMailKb] C:\PROGRA~1\KEMailKb\KEMailKb.EXE O4 - HKLM…\Run: [type32] “C:\Program Files\Microsoft IntelliType Pro\type32.exe” O4 - HKLM…\Run: [intelliPoint] “C:\Program Files\Microsoft IntelliPoint\point32.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM…\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM…\Run: [spybotSnD] “C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe” O4 - HKLM…\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com \agent\mcagent.exe O4 - HKLM…\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com \agent\mcupdate.exe O4 - HKLM…\Run: [KAVPersonal50] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize O4 - HKLM…\Run: [MPFExe] C:\PROGRA~1\McAfee.com \PERSON~1\MpfTray.exe O4 - HKLM…\Run: [CleanUp] C:\PROGRA~1\McAfee.com \Shared\mcappins.exe /v=3 /cleanup O4 - HKLM…\RunOnce: [mcupdmgr.exe] c:\PROGRA~1\mcafee.com \agent\mcupdmgr.exe -regserver O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe O4 - HKCU…\Run: [eMuleAutoStart] D:\emule\emule.exe -AutoStart O4 - Startup: OpenOffice.ux.pl 2.0.1.lnk = C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O17 - HKLM\System\CCS\Services\Tcpip…{0FBEEE66-3D9A-4C65-96F6-8677F4895902}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{0FBEEE66-3D9A-4C65-96F6-8677F4895902}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com \agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com \agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com \Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com \PERSON~1\MPFSERVICE.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
To jest jak widzicie log. A teraz prośba aby mi ktoś sprawdził.
Chodzi o to że mam najprawdopodobniej trojana, ale problem polega na tym, że żaden antywirus, ani anty trojan nie może go znaleźć. Cholera penie podszywa się pod coś albo sprytnie się ukrywa. Więc może log coś zdradzi.
Obiawy mojego komputera wskazujące na wirusa to bardzo spowolniały internet. Mam Neostradę TP. Po za tym o trojanie informuje o dziwo antywirus NOD 32 i Karspersky w raporcie, ale go nie usuwają.
Z tego co pisze NOD to mam jakiegoś potwora Downloadera o nazwie
Win32/TrojanDownloader.Mediket trojan, zaś Karspersky nazywa go Trojan-Downloader.HTA.Agent.e nie wiem czy to, to samo ale jedno i drugie to Downloader.
Czyli w wolnym tłumaczeniu bardzo dużo wirusów
Karspersky ponad to był łaskaw napisać, że trojan wymaga usunięcia od ręcznego. Czyli antywirus sobie z nim nie poradzi.
W walce z trojanem pomaga mi wprawdzie mój nauczyciel od informatyki, ale teraz jest długi weekend i nie chcę mu zawracać głowy. A może ktoś z was mi pomoże.
Bieniol
(Bbieniol)
30 Kwiecień 2006 17:10
#2
Logi wklejamy w tagach :twisted:
W logu nic nie widać - czysto
Wrzuć jeszcze log z Silent Runners
Podaj lokalizację tego pliku
Dragonlicz
(Adelajda1000)
30 Kwiecień 2006 17:46
#3
Karspersky mówi że jest na C:/inst.hta niestety niepamiętam jak NOD pokazywał. Odinstelowałam go, aby nie przeszkadzał Krsperskiemu :lol:
Niestety nie mogę wkleić loga z tego programu ponieważ ten link do niego troszeczkę nie działa, może masz inny pewny link?
Bo nie chcę ryzykować znalezienia kolejnego wirusa :mrgreen: ?
Bieniol
(Bbieniol)
30 Kwiecień 2006 17:49
#4
Silent Runners (prawy przycisk myszy --> zapisz element docelowy jako --> włączasz i czekasz, aż się pojawi że log jest skończony
PS> Odinstaluj jednego antywirusa - dwa się będą gryzły
Dragonlicz
(Adelajda1000)
30 Kwiecień 2006 18:05
#5
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com ”] “AQQ” = “C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”] “eMuleAutoStart” = “D:\emule\emule.exe -AutoStart” [“http://www.emule-project.net ”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “Easy-PrintToolBox” = “C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon” [“CANON INC.”] “KEMailKb” = “C:\PROGRA~1\KEMailKb\KEMailKb.EXE” [“Dritek System Inc.”] “type32” = ““C:\Program Files\Microsoft IntelliType Pro\type32.exe”” [MS] “IntelliPoint” = ““C:\Program Files\Microsoft IntelliPoint\point32.exe”” [MS] “SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe” [null data] “Anti Trojan Elite” = “C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO” [file not found] “SpybotSnD” = ““C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe”” [“Safer Networking Limited”] “MCAgentExe” = “c:\PROGRA~1\mcafee.com \agent\mcagent.exe” [“McAfee, Inc”] “MCUpdateExe” = “c:\PROGRA~1\mcafee.com \agent\mcupdate.exe” [“McAfee, Inc”] “KAVPersonal50” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize” [“Kaspersky Lab”] “MPFExe” = “C:\PROGRA~1\McAfee.com \PERSON~1\MpfTray.exe” [“McAfee Security”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{A2569D1F-4E06-43EC-9825-0088B471BE47}” = “IntelliType Pro Wireless Control Panel Property Page” -> {HKLM…CLSID} = “IntelliType Pro Wireless Control Panel Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll”” [MS] “{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}” = “IntelliType Pro Scrolling Control Panel Property Page” -> {HKLM…CLSID} = “IntelliType Pro Scrolling Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll”” [MS] “{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}” = “IntelliType Pro Key Settings Control Panel Property Page” -> {HKLM…CLSID} = “IntelliType Pro Key Settings Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll”” [MS] “{20082881-FC36-4E47-9A7A-644C95FF749F}” = “IntelliPoint Wireless Control Panel Property Page” -> {HKLM…CLSID} = “Wireless Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll”” [MS] “{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}” = “IntelliPoint Wheel Control Panel Property Page” -> {HKLM…CLSID} = “Wheel Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll”” [MS] “{653DCCC2-13DB-45B2-A389-427885776CFE}” = “IntelliPoint Activities Control Panel Property Page” -> {HKLM…CLSID} = “Activities Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplact.dll”” [MS] “{124597D8-850A-41AE-849C-017A4FA99CA2}” = “IntelliPoint Buttons Control Panel Property Page” -> {HKLM…CLSID} = “Buttons Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll”” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”]
Nie wiem coś takiego mi wyszło :?
Bieniol
(Bbieniol)
30 Kwiecień 2006 18:06
#6
Log jest urwany - poczekaj na komunikat, że log skończony - dopiero wtedy wklej go na forum
Właśnie o takie coś chodzi
Dragonlicz
(Adelajda1000)
30 Kwiecień 2006 18:14
#7
“Silent Runners.vbs”, revision 45, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“sms-express.com ”] “AQQ” = “C:\PROGRA~1\Wapster\AQQ\AQQ.exe” [“AQQ Sp. z o.o.”] “eMuleAutoStart” = “D:\emule\emule.exe -AutoStart” [“http://www.emule-project.net ”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “SpeedTouch USB Diagnostics” = ““C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon” [“THOMSON Telecom Belgium”] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “Easy-PrintToolBox” = “C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon” [“CANON INC.”] “KEMailKb” = “C:\PROGRA~1\KEMailKb\KEMailKb.EXE” [“Dritek System Inc.”] “type32” = ““C:\Program Files\Microsoft IntelliType Pro\type32.exe”” [MS] “IntelliPoint” = ““C:\Program Files\Microsoft IntelliPoint\point32.exe”” [MS] “SunJavaUpdateSched” = “C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe” [null data] “Anti Trojan Elite” = “C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO” [file not found] “SpybotSnD” = ““C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe”” [“Safer Networking Limited”] “MCAgentExe” = “c:\PROGRA~1\mcafee.com \agent\mcagent.exe” [“McAfee, Inc”] “MCUpdateExe” = “c:\PROGRA~1\mcafee.com \agent\mcupdate.exe” [“McAfee, Inc”] “KAVPersonal50” = ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” /minimize” [“Kaspersky Lab”] “MPFExe” = “C:\PROGRA~1\McAfee.com \PERSON~1\MpfTray.exe” [“McAfee Security”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {53707962-6F74-2D53-2644-206D7942484F}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll” [“Safer Networking Limited”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}” = “OpenOffice.org Column Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{087B3AE3-E237-4467-B8DB-5A38AB959AC9}” = “OpenOffice.org Infotip Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice.org Property Sheet Handler” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{3B092F0C-7696-40E3-A80F-68D74DA84210}” = “OpenOffice.org Thumbnail Viewer” -> {HKCU…CLSID} = (no title provided) \InProcServer32(Default) = ““C:\Program Files\OpenOffice.ux.pl 2.0.1\program\shlxthdl.dll”” [“Sun Microsystems, Inc.”] “{A2569D1F-4E06-43EC-9825-0088B471BE47}” = “IntelliType Pro Wireless Control Panel Property Page” -> {HKLM…CLSID} = “IntelliType Pro Wireless Control Panel Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll”” [MS] “{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}” = “IntelliType Pro Scrolling Control Panel Property Page” -> {HKLM…CLSID} = “IntelliType Pro Scrolling Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll”” [MS] “{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}” = “IntelliType Pro Key Settings Control Panel Property Page” -> {HKLM…CLSID} = “IntelliType Pro Key Settings Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll”” [MS] “{20082881-FC36-4E47-9A7A-644C95FF749F}” = “IntelliPoint Wireless Control Panel Property Page” -> {HKLM…CLSID} = “Wireless Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll”” [MS] “{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}” = “IntelliPoint Wheel Control Panel Property Page” -> {HKLM…CLSID} = “Wheel Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll”” [MS] “{653DCCC2-13DB-45B2-A389-427885776CFE}” = “IntelliPoint Activities Control Panel Property Page” -> {HKLM…CLSID} = “Activities Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplact.dll”” [MS] “{124597D8-850A-41AE-849C-017A4FA99CA2}” = “IntelliPoint Buttons Control Panel Property Page” -> {HKLM…CLSID} = “Buttons Property Page” \InProcServer32(Default) = ““C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll”” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll” [“Kaspersky Lab”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus(Default) = “{dd230880-495a-11d1-b064-008048ec2fc5}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll” [“Kaspersky Lab”] NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11d3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” ["Eset "] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Admin\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\system32\logon.scr” [MS] Startup items in “Admin” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\Admin\Menu Start\Programy\Autostart “OpenOffice.ux.pl 2.0.1” -> shortcut to: “C:\Program Files\OpenOffice.ux.pl 2.0.1\program\quickstart.exe” [null data] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{327C2873-E90D-4C37-AA9D-10AC9BABA46C}” = “Easy-WebPrint” -> {HKLM…CLSID} = “Easy-WebPrint” \InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data] Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{03C1C47F-0538-4645-8372-D3109B9FC636}(Default) = “Easy-WebPrint” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\Program Files\Canon\Easy-WebPrint\Toolband.dll” [null data] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{08B0E5C0-4FCB-11CF-AAA5-00401C608501}” Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ Missing lines (compared with English-language version): “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, “C:\WINDOWS\system32\Ati2evxx.exe” [“ATI Technologies Inc.”] kavsvc, kavsvc, ““C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe”” [“Kaspersky Lab”] McAfee Personal Firewall Service, MpfService, “C:\PROGRA~1\McAfee.com \PERSON~1\MPFSERVICE.exe” [“McAfee Corporation”] McAfee Task Scheduler, McTskshd.exe, “c:\PROGRA~1\mcafee.com \agent\mctskshd.exe” [“McAfee, Inc”] McAfee WSC Integration, McDetect.exe, “c:\program files\mcafee.com \agent\mcdetect.exe” [“McAfee, Inc”] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor PIXMA iP1000\Driver = “CNMLM6e.DLL” [“CANON INC.”] hpzsnt07\Driver = “hpzsnt07.dll” [“HP”] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 54 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 11 seconds. ---------- (total run time: 93 seconds)
:mrgreen: teraz jest dobrze, nie.
Bieniol
(Bbieniol)
30 Kwiecień 2006 18:20
#8
W logu nic nie widać - czysto
PS> Widzę, że masz nawet 3 antywirusy :roll: Odinstaluj dwa z nich i zostaw sobie jeden
Dragonlicz
(Adelajda1000)
30 Kwiecień 2006 19:07
#9
To gdzie ten cholernik się w końcu ukrył ? ](*,) Tu niema, antywirus twierdzi, że jest, a go nie usuwa.
Bieniol
(Bbieniol)
30 Kwiecień 2006 19:41
#10
Zrób jeszcze skan EWIDO po update i wrzuć raport
Dragonlicz
(Adelajda1000)
30 Kwiecień 2006 20:04
#11
A można to zrobić bez update :lol: Powiedzmy z przyczyn czysto prawnych :lol:
Bieniol
(Bbieniol)
30 Kwiecień 2006 20:06
#12
A mogę wiedzieć co nielegalnego jest w aktualizowaniu darmowej wersji? Tutaj nie szerzymy piractwa, więc wszystko co mówimy jest zgodne z prawem
Niestety wtedy może nie znaleźć groźnych plików :roll:
Dragonlicz
(Adelajda1000)
30 Kwiecień 2006 22:29
#13
--------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 00:01:30, 2006-05-01 + Report-Checksum: FE120341 + Scan result: C:\Documents and Settings\Admin\Cookies\admin@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@b.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@idg.adocean[1].txt -> TrackingCookie.Adocean : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@my.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Admin\Cookies\admin@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup :mozilla.21:C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8pfzaag7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.22:C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\8pfzaag7.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Admin\Ustawienia lokalne\Temporary Internet Files\Content.IE5\K9MN01IV\kaspersky_lek[1].zip/KeyViewer.exe -> Dropper.Agent.xk : Cleaned with backup C:\eied_s7_c_200sp2.exe -> Downloader.Mediket.ci : Cleaned with backup D:\KeyViewer.exe -> Dropper.Agent.xk : Cleaned with backup ::Report End
Bieniol jesteś Wielki ! :cmok1: Ten programik usunął mi 19 syfu w ty dwa Trojany i dokładnie te o które chodziło Mediketa i Agenta I szczerze mówiąc na mój gust Internet minimalnie, ale przyśpieszył .
Jeszcze zobaczę jak po restarcie będzie wyglądało.
A jednak nie nadal net chodzi na wstecznym. Krucze coś jeszcze musi być .Tylko co ?
Bieniol
(Bbieniol)
1 Maj 2006 07:57
#14
Jeżeli w logach jest czysto, EWIDO usunął wszystko co znalazł, to wydaje mi się, że wina nie lezy po Twojej stronie :roll: Popytaj się znajomych, którzy mieszkają niedaleko Ciebie i mają tego samego dostawcę internetu, czy nie mają takich samych problemów jak Ty
Ok wycofuje poprzednie zażalenie. Po restarcie owszem nic wielkiego się nie zmieniło, ale po przenocowaniu komputerka normalnie rewelacja