Logfile of HijackThis v1.99.1
Scan saved at 11:46:23 AM, on 11/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:/WINDOWS/System32/smss.exe
D:/WINDOWS/system32/winlogon.exe
D:/WINDOWS/system32/services.exe
D:/WINDOWS/system32/lsass.exe
D:/WINDOWS/system32/svchost.exe
D:/WINDOWS/System32/svchost.exe
D:/WINDOWS/system32/spoolsv.exe
d:/program files/mcafee.com/agent/mcdetect.exe
d:/PROGRA~1/mcafee.com/agent/mctskshd.exe
D:/PROGRA~1/McAfee.com/PERSON~1/MpfService.exe
D:/WINDOWS/System32/svchost.exe
D:/WINDOWS/system32/wscntfy.exe
D:/WINDOWS/explorer.exe
D:/PROGRA~1/McAfee.com/PERSON~1/MpfTray.exe
D:/WINDOWS/system32/ctfmon.exe
D:/PROGRA~1/McAfee.com/PERSON~1/MpfAgent.exe
D:/Program Files/Mozilla Firefox/firefox.exe
D:/WINDOWS/PCHealth/HelpCtr/Binaries/MSConfig.exe
D:/WINDOWS/system32/notepad.exe
D:/Program Files/WinRAR/WinRAR.exe
D:/DOCUME~1/MICHAL~1.AUD/LOCALS~1/Temp/Rar$EX00.236/HijackThis.exe
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = about:blank
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = about:blank
F2 - REG:system.ini: Shell=explorer.exe "D:/Program Files/Common Files/Microsoft Shared/Web Folders/ibm00001.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:/program files/google/googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:/program files/google/googletoolbar1.dll
O4 - HKLM/../Run: [KAVPersonal50] "D:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kav.exe" /minimize
O4 - HKLM/../Run: [MPFExe] D:/PROGRA~1/McAfee.com/PERSON~1/MpfTray.exe
O4 - HKLM/../Run: [MCAgentExe] d:/PROGRA~1/mcafee.com/agent/mcagent.exe
O4 - HKLM/../Run: [MCUpdateExe] d:/PROGRA~1/mcafee.com/agent/mcupdate.exe
O4 - HKLM/../Run: [MSConfig] D:/WINDOWS/PCHealth/HelpCtr/Binaries/MSConfig.exe /auto
O4 - HKCU/../Run: [CTFMON.EXE] D:/WINDOWS/system32/ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/OFFICE~1/OFFICE11/REFIEBAR.DLL (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:/Program Files/Messenger/msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:/Program Files/Messenger/msmsgs.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
O17 - HKLM/System/CCS/Services/Tcpip/../{733B44E3-46FC-41B2-A618-DD6ACAF4C4FA}: NameServer = 157.193.40.42 157.193.71.1
O17 - HKLM/System/CS1/Services/Tcpip/../{733B44E3-46FC-41B2-A618-DD6ACAF4C4FA}: NameServer = 157.193.40.42 157.193.71.1
O20 - Winlogon Notify: policies - D:/WINDOWS/system32/l4p20e7oeh.dll (file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - D:/WINDOWS/system32/agjnfgne.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - D:/WINDOWS/bWljaGFs/command.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - D:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kavsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:/program files/mcafee.com/agent/mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:/PROGRA~1/mcafee.com/agent/mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:/PROGRA~1/McAfee.com/Agent/mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:/PROGRA~1/McAfee.com/PERSON~1/MpfService.exe
dziekuje! moze mi cos pomozecie, spybot i kaspersky juz byly…
====================================
Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE
Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.
Pozdrawiam kuz5
RarLab
(Rarlab)
18 Listopad 2005 13:53
#2
na wstepie
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
uruchomic, zeskanowac tylko dysk c, usunac wszystko co wykryje, oprocz wykrytych jako: PRAWDOPODOBNIE…
pozniej pobrac: http://files3.majorgeeks.com/files/1775 … rsonal.exe
zainstalowac, zaktualizowac (zaoferuje przy uruchomieniu), kliknac Start, zaznaczyc full scan, po zakonczeniu pojawi sie lista wykrytych, po czym kliknac prawym klawiszem mychy na liste i wybrac Select all, wcisnac Next
uruchomic ponownie kompa i przeslac ponownie nowego loga do sprawdzenia
Logfile of HijackThis v1.99.1
Scan saved at 6:44:36 PM, on 11/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:/WINDOWS/System32/smss.exe
D:/WINDOWS/system32/winlogon.exe
D:/WINDOWS/system32/services.exe
D:/WINDOWS/system32/lsass.exe
D:/WINDOWS/system32/svchost.exe
D:/WINDOWS/System32/svchost.exe
D:/WINDOWS/explorer.exe
D:/WINDOWS/system32/spoolsv.exe
D:/PROGRA~1/McAfee.com/PERSON~1/MpfTray.exe
D:/PROGRA~1/mcafee.com/agent/mcagent.exe
D:/WINDOWS/system32/ctfmon.exe
d:/program files/mcafee.com/agent/mcdetect.exe
d:/PROGRA~1/mcafee.com/agent/mctskshd.exe
D:/PROGRA~1/McAfee.com/PERSON~1/MpfService.exe
D:/WINDOWS/System32/svchost.exe
D:/PROGRA~1/McAfee.com/PERSON~1/MpfAgent.exe
D:/WINDOWS/system32/wscntfy.exe
D:/WINDOWS/System32/msiexec.exe
D:/Program Files/Mozilla Firefox/firefox.exe
D:/Program Files/WinRAR/WinRAR.exe
D:/DOCUME~1/MICHAL~1.AUD/LOCALS~1/Temp/Rar$EX14.585/HijackThis.exe
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank
R1 - HKCU/Software/Microsoft/Internet Explorer/Main,Default_Search_URL = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Default_Page_URL = about:blank
R1 - HKLM/Software/Microsoft/Internet Explorer/Main,Search Page = about:blank
R0 - HKCU/Software/Microsoft/Internet Explorer/Main,Local Page = about:blank
R0 - HKLM/Software/Microsoft/Internet Explorer/Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:/program files/google/googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:/program files/google/googletoolbar1.dll
O4 - HKLM/../Run: [KAVPersonal50] "D:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kav.exe" /minimize
O4 - HKLM/../Run: [MPFExe] D:/PROGRA~1/McAfee.com/PERSON~1/MpfTray.exe
O4 - HKLM/../Run: [MCAgentExe] d:/PROGRA~1/mcafee.com/agent/mcagent.exe
O4 - HKLM/../Run: [MCUpdateExe] D:/PROGRA~1/mcafee.com/agent/mcupdate.exe
O4 - HKLM/../Run: [FineReader7NewsReaderPro] "C:/finereader/ABBYYNewsReader.exe"
O4 - HKCU/../Run: [CTFMON.EXE] D:/WINDOWS/system32/ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:/OFFICE~1/OFFICE11/REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:/Program Files/Messenger/msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:/Program Files/Messenger/msmsgs.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/pl/big/1.1.62-big/GoogleNav.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37440.cab
O17 - HKLM/System/CCS/Services/Tcpip/../{733B44E3-46FC-41B2-A618-DD6ACAF4C4FA}: NameServer = 157.193.40.42 157.193.71.1
O17 - HKLM/System/CS1/Services/Tcpip/../{733B44E3-46FC-41B2-A618-DD6ACAF4C4FA}: NameServer = 157.193.40.42 157.193.71.1
O20 - Winlogon Notify: policies - D:/WINDOWS/system32/l4p20e7oeh.dll (file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - D:/WINDOWS/system32/agjnfgne.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - D:/WINDOWS/bWljaGFs/command.exe (file missing)
O23 - Service: kavsvc - Kaspersky Lab - D:/Program Files/Kaspersky Lab/Kaspersky Anti-Virus Personal/kavsvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - d:/program files/mcafee.com/agent/mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - d:/PROGRA~1/mcafee.com/agent/mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - D:/PROGRA~1/McAfee.com/Agent/mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - D:/PROGRA~1/McAfee.com/PERSON~1/MpfService.exe
RarLab
(Rarlab)
18 Listopad 2005 18:26
#4
log jest ok
mozna jedynie usunac to czego juz nie ma
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:/Program Files/Adobe/Acrobat 7.0/ActiveX/AcroIEHelper.dll (file missing)
O20 - Winlogon Notify: policies - D:/WINDOWS/system32/l4p20e7oeh.dll (file missing)
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - D:/WINDOWS/system32/agjnfgne.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - D:/WINDOWS/bWljaGFs/command.exe (file missing)
jesli masz dwa antywiry zainstalowane, to pozostaw tylko jednego z nich, dwa moga doprowadzic do roznych skutkow
wyjatek: jesli tylko jeden z nich ma aktywny monitoring w czasie rzeczywistym to wtedy mozna
chyba usuniecie wpisu z ibm.00001.exe pomoglo. jest teraz dobrze. te drobne poprawki tez wprowadzilem dzieki!
RarLab
(Rarlab)
18 Listopad 2005 21:16
#6
ibm00001.exe to byl trojan, dlatego chcialem abys na pocztek uruchomil skaner drweb, bo wiem ze on sam w systemie nie siedzi, zawsze sa jeszcze inne jego kopie
pozatym hijackthis nie pokazuje wszystkich uruchamianych ze startem uslug/plikow, sa trojany ktore bardzo dobrze potrafia sie maskowac i w logu ich nie widac
ciesze sie ze moglem pomoc, pozdrawiam