Prośba o sprawdzenie loga :)


(Divinity221) #1

Witam :slight_smile: Proszę o sprawdzenie loga z programu "Hijackthis", w celu przeszukania kompa czy nie mam na nim programów wykorzystujących lącze :confused: Z góry dziękuję

Oto log :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:33:20, on 2009-07-10

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Program Files\Razer\DeathAdder\razerhid.exe

C:\Program Files\Razer\Lycosa\razerhid.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

D:\program files\gry\counter strike\steam.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\WINDOWS\RaUI.exe

C:\Program Files\Razer\DeathAdder\razertra.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Razer\DeathAdder\razerofa.exe

C:\Program Files\Razer\Lycosa\razertra.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Krzysiek\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe

O4 - HKLM..\Run: [Lycosa] "C:\Program Files\Razer\Lycosa\razerhid.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [steam] "d:\program files\gry\counter strike\steam.exe" -silent

O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip..{17270E85-8246-44C5-822D-84B0753597C6}: NameServer = 192.168.1.1,0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip..{BC8BDFE1-5B06-4990-9660-DC46CC1C00F7}: NameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip..{17270E85-8246-44C5-822D-84B0753597C6}: NameServer = 192.168.1.1,0.0.0.0

O17 - HKLM\System\CS2\Services\Tcpip..{17270E85-8246-44C5-822D-84B0753597C6}: NameServer = 192.168.1.1,0.0.0.0

O17 - HKLM\System\CS3\Services\Tcpip..{17270E85-8246-44C5-822D-84B0753597C6}: NameServer = 192.168.1.1,0.0.0.0

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 5486 bytes


(system) #2

W HiJack This zafixuj ten wpis:

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

Następnie podaj nowego loga z HiJack This.

Odpowiedź na twoje pytanie to ten program: Spy-Bot

Przeskanuj tym komputer: MBAM


(deFco247) #3

Jaki w tym sens :?:

Same usuwanie wpisów w HJT nic nie da.

divinity221 , usuń infekcje z pendrive lub kart pamięci za pomocą Flash Disinfector lub tych narzędzi.

Lub format.

Pokaż logi z OTL oraz log z GMER.


(Divinity221) #4

hmm ale dziwne bo robilem formata zdaje sie 2 tygodnie temu :confused:


(deFco247) #5

Mnie chodzi o format pendrive, karty pamięci, a nie całego dysku. #-o


(Divinity221) #6

Log z MBAM

Malwarebytes' Anti-Malware 1.38

Wersja bazy definicji: 2297

Windows 5.1.2600 Dodatek Service Pack 3

2009-07-10 22:10:38

mbam-log-2009-07-10 (22-10-35).txt

Typ skanowania: Szybkie skanowanie

Przeskanowane obiekty: 75674

Upłynęło: 3 minute(s), 54 second(s)

Zainfekowane procesy w pamięci: 0

Zainfekowane moduły pamięci: 0

Zainfekowane klucze rejestru: 0

Zainfekowane wartości rejestru: 1

Zainfekowane pliki rejestru: 1

Zainfekowane foldery: 0

Zainfekowane pliki: 0

Zainfekowane procesy w pamięci:

(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:

(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:

(Nie wykryto groźnych plików)

Zainfekowane wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.

Zainfekowane pliki rejestru:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Zainfekowane foldery:

(Nie wykryto groźnych plików)

Zainfekowane pliki:

(Nie wykryto groźnych plików)


(deFco247) #7

Zrób pełny skan Malwarebytes'.

Znalezione obiekty usuń.


(Divinity221) #8

LOG z GMER

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-07-10 22:22:21

Windows 5.1.2600 Dodatek Service Pack 3

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF588C6B8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF588C574]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF588CA52]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF588C14C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF588C64E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF588C08C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF588C0F0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF588C76E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF588C72E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF588C8AE]

---- User code sections - GMER 1.0.15 ----

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!ShowWindowAsync 7E37337D 5 Bytes JMP 0048B7F0 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!SetForegroundWindow 7E3742ED 5 Bytes JMP 0048B790 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!SetActiveWindow 7E377822 5 Bytes JMP 0048B840 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 0048B8C0 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!WindowFromPoint 7E379766 5 Bytes JMP 0048B890 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!GetForegroundWindow 7E379823 5 Bytes JMP 0048B7B0 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!GetFocus 7E3798C8 5 Bytes JMP 0048B880 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!SetCursor 7E379930 5 Bytes JMP 0048B920 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!SetWindowPos 7E3799F3 5 Bytes JMP 0048B810 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!ShowWindow 7E37AF56 5 Bytes JMP 0048B7F0 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!SetFocus 7E37B112 5 Bytes JMP 0048B850 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!BringWindowToTop 7E3803A8 5 Bytes JMP 0048B7C0 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text D:\program files\gry\counter strike\GameOverlayUI.exe[2588] USER32.dll!SwitchToThisWindow 7E3A581C 5 Bytes JMP 00491140 D:\program files\gry\counter strike\GameOverlayUI.exe (Steam Game Overlay/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 10012790 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10012820 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10012930 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10012E40 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10012DD0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 100129B0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100128B0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!DispatchMessageW 7E368A01 5 Bytes JMP 10010DE0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!DispatchMessageA 7E3696B8 5 Bytes JMP 10010D80 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 10010BE0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!SetCursor 7E379930 5 Bytes JMP 10010C10 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!GetKeyState 7E379ED9 5 Bytes JMP 10010CB0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!GetAsyncKeyState 7E37A78F 5 Bytes JMP 10010C90 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!SetCapture 7E37C35E 5 Bytes JMP 10010C40 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!ReleaseCapture 7E37C37A 5 Bytes JMP 10010C70 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!GetKeyboardState 7E37D226 5 Bytes JMP 10010CD0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!ShowCursor 7E37FA6E 5 Bytes JMP 10010BA0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!ClipCursor 7E38FDC5 5 Bytes JMP 10010E70 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!SetCursorPos 7E3A61B3 5 Bytes JMP 10010B70 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!GetRawInputBuffer 7E3B0DCD 5 Bytes JMP 10010E40 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!GetClipCursor 7E3BCBA6 5 Bytes JMP 10010EC0 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

.text d:\program files\gry\counter strike\steamapps\razor242313\counter-strike\hl.exe[2908] USER32.dll!RegisterRawInputDevices 7E3BCE0E 5 Bytes JMP 10010F10 D:\program files\gry\counter strike\GameOverlayRenderer.dll (Steam Game Overlay Renderer/Valve Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002

IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Krzysiek\Pulpit\mbam-setup.exe 3561744 bytes

---- EOF - GMER 1.0.15 ----