Vanilly
(Zanetaszpil)
16 Czerwiec 2007 07:19
#1
HAXFIX logfile - by Marckie version 4.39 2007-06-16 9:04:04,60 — Checking for Haxdoor — checking for a3d files a3d files not found checking for matching notify keys no matching notify keys found checking for matching services matching services found ASPI32 checking for matching safeboot services no matching safeboot services found checking for other Haxdoor-files no other Haxdoor-files found — Checking for Goldun — checking for SSODL keys no ssodl keys found checking for notify keys no notify keys found checking for services no services found checking for other Goldun-files no other Goldun-files found checking iexplore.exe iexplore.exe is not infected Finished!
Logfile of HijackThis v1.99.1 Scan saved at 09:04:26, on 2007-06-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Żana\Pulpit\Nieużywane skróty pulpitu\Skype\Phone\Skype.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\Żana\Pulpit\Nieużywane skróty pulpitu\HijackThis.exe C:\WINDOWS\system32\ping.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [Detect Mode] C:\Program Files\ABIT\ABIT vGuru\OCGuru\DetectMode.exe O4 - HKLM…\Run: [Ad-aware] “C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe” +c O4 - HKLM…\Run: [Ad-watch] “C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Budzik.lnk = C:\Program Files\Budzik\budzik.exe O4 - Startup: Timer Runing (Fast Ram Clean).lnk = C:\Program Files\Fast Ram Clean PRO\timerruning.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ … nnerV2.ocx O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc … oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup … 9706987453 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab O17 - HKLM\System\CCS\Services\Tcpip…{EAC8E3CD-4DDC-49A6-8892-6948BED63455}: NameServer = 217.30.129.149,217.30.137.200 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
ComboFix 07-06-13.3 - C:\Documents and Settings\˝ana\Pulpit\ComboFix.exe “˝ana” - 2007-06-16 9:18:16 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 ))))))))))))))))))))))))))))))) 2007-06-16 09:17 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-16 02:22 2007-06-16 02:22 2007-06-15 02:09 2007-06-05 00:26 2007-06-03 12:34 2007-06-03 12:33 2007-05-21 05:58 128,232 --a------ C:\WINDOWS\system32\mucltui.dll 2007-05-21 02:28 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-05-21 02:27 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-16 07:17:54 -------- d-----w C:\DOCUME~1\ANA~1\DANEAP~1\Skype 2007-06-16 06:46:27 -------- d-----w C:\Program Files\eMule 2007-06-15 18:07:25 -------- d-----w C:\Program Files\Winamp 2007-06-14 17:21:49 153,925 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys 2007-06-12 07:32:45 -------- d-----w C:\Program Files\Gadu-Gadu 2007-05-19 19:36:17 -------- d-----w C:\Program Files\Lineage II 2007-05-16 15:18:58 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-14 22:48:38 -------- d-----w C:\DOCUME~1\ANA~1\DANEAP~1\Gadu-Gadu 2007-05-14 16:50:38 24 ----a-w C:\WINDOWS\popcinfo.dat 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-20 22:13:55 -------- d-----w C:\Program Files\Dynomite 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 14:37:28 -------- d-----w C:\Program Files\Wirtualne Studio Wizazu 2007-04-07 23:16:22 552 ----a-w C:\WINDOWS\system32\d3d8caps.dat 2007-04-06 19:43:39 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-03-26 00:30:26 68,554 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-03-26 00:30:26 439,538 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}=C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 15:37] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-07-17 22:10] “Detect Mode”=“C:\Program Files\ABIT\ABIT vGuru\OCGuru\DetectMode.exe” [2004-09-03 15:23] “Ad-aware”=“C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe” [2003-07-12 23:01] “Ad-watch”=“C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe” [2003-02-12 23:04] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe” [2006-11-09 16:07] “SoundMan”=“SOUNDMAN.EXE” [2004-11-15 12:20 C:\WINDOWS\soundman.exe] “iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-03-14 20:05] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44] “swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [] “Yahoo! Pager”=“C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe” [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f1c7098f-affe-11db-a435-806d6172696f}] AutoRun\command- E:\ASUSACPI.exe Contents of the ‘Scheduled Tasks’ folder 2007-06-10 20:20:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-16 01:00:00 C:\WINDOWS\tasks\XoftSpySE.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-16 09:19:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-16 9:20:02 — E O F —
Złączono Posta : 16.06.2007 (Sob) 9:30
I jeszcze jedno pytanie, dlaczego są programy których nie powinno być bo albo nie były instalowane, albo dawno wykopane są z dysku…?? i dziwne skanery on line, których nie używam w ogóle ?
C:\WINDOWS\system32\ping.exe co to jest ?
bdoscandel.exe a właśnie to zostało określone jako niebezpieczy trojan, mks on line go usunął (ponoć)
ale avast nie widzi mi żadnego zagrożenia
Gutek
(Gutek)
16 Czerwiec 2007 13:31
#2
Process Name: Microsoft Ping Utility
Dokończyć skanerami online - Skanery do wyboru
przeskanuj i daj wynik - http://www.virustotal.com/en/indexf.html
Vanilly
(Zanetaszpil)
16 Czerwiec 2007 14:23
#3
wynik skanowania z tego pliczku.
dziwi mnie ten ping.exe ponieważ nie miałam nic uruchomionego co mogłoby się z tym wiązać, czy coś mogło to uruchomić ?
[
qrczak13
(qrczak13)
17 Czerwiec 2007 12:58
#4