Log


(Tomek Zamlynny) #1

prsze sprawdzic znajomej Log

Logfile of HijackThis v1.97.7

Scan saved at 12:40:49, on 04-10-04

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MDM.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\SBMX.EXE

C:\WINDOWS\SYSTEM\EUSEXE.EXE

C:\WINDOWS\SYSTEM\IGFXTRAY.EXE

C:\WINDOWS\SYSTEM\HKCMD.EXE

C:\WINDOWS\SYSTEM\PRINTRAY.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

C:\PROGRAM FILES\GADU-GADU\GG.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\PULPIT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.chello.pl:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL

O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_19_0.DLL

O4 - HKLM..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load

O4 - HKLM..\Run: [internat.exe] internat.exe

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM..\Run: [systemTray] SysTray.Exe

O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\Run: [sBMX] C:\WINDOWS\SYSTEM\sbmx.exe

O4 - HKLM..\Run: [iCH Synth] eusexe.exe

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe

O4 - HKLM..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot

O4 - HKLM..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"

O4 - HKLM..\Run: [bELT] C:\WINDOWS\BELT.exe

O4 - HKLM..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

O4 - HKLM..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b

O4 - HKLM..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup

O4 - HKLM..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE

O4 - HKLM..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O4 - HKCU..\Run: [Komunikator] C:\PROGRAM FILES\TLEN.PL\TLEN.EXE

O4 - HKCU..\Run: [skype] "C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE" /nosplash /minimized

O4 - HKCU..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray

O4 - Startup: PalNetaware.lnk = C:\WINDOWS\Pulpit\GOSIA\pnetaware.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000

O9 - Extra button: Run DAP (HKLM)

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O16 - DPF: ING Bank Online - https://ssl.bsk.com.pl/bskonl/component/INGOnl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab

O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab


(Adarek) #2

Jak ja uwielbiem logi o tej godzinie :smiley:

usuń

O4 - HKLM\..\Run: [BELT] C:\WINDOWS\BELT.exe

O4 - HKLM\..\Run: [ICH Synth] eusexe.exe

To nie wiem, ale bym wywalił

O4 - Startup: PalNetaware.lnk = C:\WINDOWS\Pulpit\GOSIA\pnetaware.exe

Ps. Jeszce

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load

:spie: :spioch:


(Jabarek) #3

C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.EXE

zobacz:

http://www.pestpatrol.com/pestinfo/c/comet_dmserver.asp#Overview


(Dragonlnx) #4

Zobacz http://www.processlibrary.com/results/

-dmserver.exe-

Pozdrawiam


(Xiao19) #5

kasujesz tak, w trybie awaryjnym

O4 - HKLM..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL",Load

(Flingstone.com browser hijacker)

O4 - HKLM..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

(Stator wirus)

INFO: /eng,/

Added as a result of the STATOR VIRUS!. Not to be confused with the real ScanRegistry above - which is a vital Windows file. The executable "Scanregw.exe" is located in %windir%System (where %windir% is the Windows directory - C:Windows or C:Winnt). Runs from the registry RunServices key as opposed to the Run key

O4 - HKLM..\Run: [sBMX] C:\WINDOWS\SYSTEM\sbmx.exe

(znasz zostawiasz /NIE/ kasujesz)

O4 - HKLM..\Run: [iCH Synth] eusexe.exe

(znasz zostawiasz /NIE/ kasujesz)

O4 - HKLM..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot

(Comet Cursor adware)

Security Risk (0-5): 1 (szpieg)

O4 - HKLM..\Run: [bELT] C:\WINDOWS\BELT.exe

(Abetterinternet adware related)

(Security Risk (0-5): 1 (szpieg)

O4 - HKLM..\Run: [WINSTART001.EXE] C:\WINDOWS\System\WINSTART001.EXE -b

Security Risk (0-5): 2 (szpieg)

INFO: /eng./

From IGetNet - turns the IE address bar into a keyword engine piped into IGetNet. In other words, with this installed, typing "car" in the IE address bar will point the browser to the Lexus web site. Foistware - installs components without your knowledge

O4 - Startup: PalNetaware.lnk = C:\WINDOWS\Pulpit\GOSIA\pnetaware.exe

(znasz zostawiasz /NIE/ kasacja)

zbijasz te procesy

C:\WINDOWS\SYSTEM\SBMX.EXE

(znasz zostawiasz /NIE/ zabijasz)

C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.EXE

Security Risk (0-5):1 (szpieg)

INFO:

zabijanie procesu /dwa sposoby/

1. Alt-Ctrl-Del i zabicie danego procesu

2. Start w trybie awaryjnym

Potem dajesz skan

Webroot SpyAudit, PestPatrol

na koniec

mks_vir, RAV, F-Secure

http://forum.dobreprogramy.pl/viewtopic ... zpieczenie

Na koniec jak zawsze zabepieczasz kompa

SpywareBlaster, SpywareGuard, PestPatrol

link wyzej jak i ponizej (opis)

http://forum.dobreprogramy.pl/viewtopic ... ht=blaster

ps.

kamaa Log wklejamy wykonany zawsze najnowsza dostepna wersja

Hijacka

/czytaj/

http://forum.dobreprogramy.pl/viewtopic ... ght=hijack

zrob NEWs log i w klej