Prosze o sprawdzenie loga

michalrydz · 18 Listopad 2005 10:55

Logfile of HijackThis v1.99.1

Scan saved at 11:46:23 AM, on 11/18/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:/WINDOWS/System32/smss.exe

D:/WINDOWS/system32/winlogon.exe

D:/WINDOWS/system32/services.exe

D:/WINDOWS/system32/lsass.exe

D:/WINDOWS/system32/svchost.exe

D:/WINDOWS/System32/svchost.exe

D:/WINDOWS/system32/spoolsv.exe

d:/program files/mcafee.com/agent/mcdetect.exe

d:/PROGRA~1/mcafee.com/agent/mctskshd.exe

D:/PROGRA~1/McAfee.com/PERSON~1/MpfService.exe

D:/WINDOWS/System32/svchost.exe

D:/WINDOWS/system32/wscntfy.exe

D:/WINDOWS/explorer.exe

D:/PROGRA~1/McAfee.com/PERSON~1/MpfTray.exe

D:/WINDOWS/system32/ctfmon.exe

D:/PROGRA~1/McAfee.com/PERSON~1/MpfAgent.exe

D:/Program Files/Mozilla Firefox/firefox.exe

D:/WINDOWS/PCHealth/HelpCtr/Binaries/MSConfig.exe

D:/WINDOWS/system32/notepad.exe

D:/Program Files/WinRAR/WinRAR.exe

D:/DOCUME~1/MICHAL~1.AUD/LOCALS~1/Temp/Rar$EX00.236/HijackThis.exe


R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = about:blank

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = about:blank

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = about:blank

F2 - REG:system.ini: Shell=explorer.exe "D:/Program Files/Common Files/Microsoft Shared/Web Folders/ibm00001.exe"

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:/program files/google/googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:/program files/google/googletoolbar1.dll

O4 - HKLM/../Run: [KAVPersonal50] "D:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kav.exe" /minimize

O4 - HKLM/../Run: [MPFExe] D:/PROGRA~1/McAfee.com/PERSON~1/MpfTray.exe

O4 - HKLM/../Run: [MCAgentExe] d:/PROGRA~1/mcafee.com/agent/mcagent.exe

O4 - HKLM/../Run: [MCUpdateExe] d:/PROGRA~1/mcafee.com/agent/mcupdate.exe

O4 - HKLM/../Run: [MSConfig] D:/WINDOWS/PCHealth/HelpCtr/Binaries/MSConfig.exe /auto

O4 - HKCU/../Run: [CTFMON.EXE] D:/WINDOWS/system32/ctfmon.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/OFFICE~1/OFFICE11/REFIEBAR.DLL (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:/Program Files/Messenger/msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:/Program Files/Messenger/msmsgs.exe

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab

O17 - HKLM/System/CCS/Services/Tcpip/../{733B44E3-46FC-41B2-A618-DD6ACAF4C4FA}: NameServer = 157.193.40.42 157.193.71.1

O17 - HKLM/System/CS1/Services/Tcpip/../{733B44E3-46FC-41B2-A618-DD6ACAF4C4FA}: NameServer = 157.193.40.42 157.193.71.1

O20 - Winlogon Notify: policies - D:/WINDOWS/system32/l4p20e7oeh.dll (file missing)

O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - D:/WINDOWS/system32/agjnfgne.dll (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - D:/WINDOWS/bWljaGFs/command.exe (file missing)

O23 - Service: kavsvc - Kaspersky Lab - D:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kavsvc.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:/program files/mcafee.com/agent/mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:/PROGRA~1/mcafee.com/agent/mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:/PROGRA~1/McAfee.com/Agent/mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:/PROGRA~1/McAfee.com/PERSON~1/MpfService.exe

dziekuje! moze mi cos pomozecie, spybot i kaspersky juz byly…

====================================

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Pozdrawiam kuz5

RarLab · 18 Listopad 2005 13:53

na wstepie

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

uruchomic, zeskanowac tylko dysk c, usunac wszystko co wykryje, oprocz wykrytych jako: PRAWDOPODOBNIE…

pozniej pobrac: http://files3.majorgeeks.com/files/1775 … rsonal.exe

zainstalowac, zaktualizowac (zaoferuje przy uruchomieniu), kliknac Start, zaznaczyc full scan, po zakonczeniu pojawi sie lista wykrytych, po czym kliknac prawym klawiszem mychy na liste i wybrac Select all, wcisnac Next

uruchomic ponownie kompa i przeslac ponownie nowego loga do sprawdzenia

michalrydz · 18 Listopad 2005 17:46

Logfile of HijackThis v1.99.1

Scan saved at 6:44:36 PM, on 11/18/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

D:/WINDOWS/System32/smss.exe

D:/WINDOWS/system32/winlogon.exe

D:/WINDOWS/system32/services.exe

D:/WINDOWS/system32/lsass.exe

D:/WINDOWS/system32/svchost.exe

D:/WINDOWS/System32/svchost.exe

D:/WINDOWS/explorer.exe

D:/WINDOWS/system32/spoolsv.exe

D:/PROGRA~1/McAfee.com/PERSON~1/MpfTray.exe

D:/PROGRA~1/mcafee.com/agent/mcagent.exe

D:/WINDOWS/system32/ctfmon.exe

d:/program files/mcafee.com/agent/mcdetect.exe

d:/PROGRA~1/mcafee.com/agent/mctskshd.exe

D:/PROGRA~1/McAfee.com/PERSON~1/MpfService.exe

D:/WINDOWS/System32/svchost.exe

D:/PROGRA~1/McAfee.com/PERSON~1/MpfAgent.exe

D:/WINDOWS/system32/wscntfy.exe

D:/WINDOWS/System32/msiexec.exe

D:/Program Files/Mozilla Firefox/firefox.exe

D:/Program Files/WinRAR/WinRAR.exe

D:/DOCUME~1/MICHAL~1.AUD/LOCALS~1/Temp/Rar$EX14.585/HijackThis.exe


R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank

R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = about:blank

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank

R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank

R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = about:blank

R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = about:blank

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:/program files/google/googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:/program files/google/googletoolbar1.dll

O4 - HKLM/../Run: [KAVPersonal50] "D:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kav.exe" /minimize

O4 - HKLM/../Run: [MPFExe] D:/PROGRA~1/McAfee.com/PERSON~1/MpfTray.exe

O4 - HKLM/../Run: [MCAgentExe] d:/PROGRA~1/mcafee.com/agent/mcagent.exe

O4 - HKLM/../Run: [MCUpdateExe] D:/PROGRA~1/mcafee.com/agent/mcupdate.exe

O4 - HKLM/../Run: [FineReader7NewsReaderPro] "C:/finereader/ABBYYNewsReader.exe"

O4 - HKCU/../Run: [CTFMON.EXE] D:/WINDOWS/system32/ctfmon.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/OFFICE~1/OFFICE11/REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:/Program Files/Messenger/msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:/Program Files/Messenger/msmsgs.exe

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab

O17 - HKLM/System/CCS/Services/Tcpip/../{733B44E3-46FC-41B2-A618-DD6ACAF4C4FA}: NameServer = 157.193.40.42 157.193.71.1

O17 - HKLM/System/CS1/Services/Tcpip/../{733B44E3-46FC-41B2-A618-DD6ACAF4C4FA}: NameServer = 157.193.40.42 157.193.71.1

O20 - Winlogon Notify: policies - D:/WINDOWS/system32/l4p20e7oeh.dll (file missing)

O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - D:/WINDOWS/system32/agjnfgne.dll (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - D:/WINDOWS/bWljaGFs/command.exe (file missing)

O23 - Service: kavsvc - Kaspersky Lab - D:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kavsvc.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:/program files/mcafee.com/agent/mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:/PROGRA~1/mcafee.com/agent/mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:/PROGRA~1/McAfee.com/Agent/mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:/PROGRA~1/McAfee.com/PERSON~1/MpfService.exe

RarLab · 18 Listopad 2005 18:26

log jest ok

mozna jedynie usunac to czego juz nie ma

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll (file missing)

O20 - Winlogon Notify: policies - D:/WINDOWS/system32/l4p20e7oeh.dll (file missing)

O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - D:/WINDOWS/system32/agjnfgne.dll (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - D:/WINDOWS/bWljaGFs/command.exe (file missing)

jesli masz dwa antywiry zainstalowane, to pozostaw tylko jednego z nich, dwa moga doprowadzic do roznych skutkow

wyjatek: jesli tylko jeden z nich ma aktywny monitoring w czasie rzeczywistym to wtedy mozna

michalrydz · 18 Listopad 2005 20:23

chyba usuniecie wpisu z ibm.00001.exe pomoglo. jest teraz dobrze. te drobne poprawki tez wprowadzilem dzieki!

RarLab · 18 Listopad 2005 21:16

ibm00001.exe to byl trojan, dlatego chcialem abys na pocztek uruchomil skaner drweb, bo wiem ze on sam w systemie nie siedzi, zawsze sa jeszcze inne jego kopie

pozatym hijackthis nie pokazuje wszystkich uruchamianych ze startem uslug/plikow, sa trojany ktore bardzo dobrze potrafia sie maskowac i w logu ich nie widac

ciesze sie ze moglem pomoc, pozdrawiam