Trojan.Win32.Small.bxh


(Over20) #1

Cze mam problem z trojanem Trojan.Win32.Small.bxh zrobiłem loga hijackthisem i proszę o dalsze wskazówki jak go usunąć :slight_smile:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:01:57, on 2009-04-22

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\V0420Mon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\PDFCreator\PDFCreator.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\AutoCAD 2006\acad.exe

C:\Documents and Settings\Stawiarski M\Ustawienia lokalne\Temp\AdskCleanup.0001

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.pl/0,0.html?p=013

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: pdfforge Toolbar - {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe"

O4 - HKLM..\Run: [HPWS myPrintMileage Agent] C:\Program Files\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe

O4 - HKLM..\Run: [NWTRAY] NWTRAY.EXE

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\ie_banner_deny.htm

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://c:\PROGRA~1\Office\Office12\EXCEL.EXE/3000

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O11 - Options group: [java_sun] Java (Sun)

O17 - HKLM\System\CCS\Services\Tcpip..{F3C652E2-084D-43B7-BDAD-2D37D215F406}: NameServer = 10.0.0.138

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe

O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: Usługa Google Update (gupdate1c9a920495ba8) (gupdate1c9a920495ba8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

O23 - Service: Aktualizacje automatyczne (wuauserv) - Unknown owner - C:\WINDOWS\

--

End of file - 6360 bytes


(niezDarek) #2

usuń:

w HijackThis zaznacz wskazane pozycje i kliknij na Fix checked

Podaj jeszcze log z Combofix.


(Over20) #3

LOG z COMBOFIX

-- Dodane 23.04.2009 (Cz) 8:54 --

No tego Trojan.Win32.Small.bxh usunęło a tera Kasperski pokazuje :

Tu jest log z HijackThis

i jeszcze ComboFix