Dodaj do ulubionych

Log - proszę o sprawdzenie!

IP: *.neoplus.adsl.tpnet.pl 24.04.06, 09:06
Avast wykrył mi całą masę zainfekowanych plików przez różne trojany i robaki
(ale ich nie usuwa:( - system ledwo chodzi/lub sam się restartuje.Proszę o
pomoc aby pozbyć się z systemu niepotrzebnych "gości". Z góry serdecznie
dziękuję i pozdrawiam.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\kernels8.exe
C:\WINDOWS\inet20001\socks.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rpcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\vxgame6.exe3584.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WWlanMonitor.exe
C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\dlh9jkdq6.exe
C:\WINDOWS\System32\dlh9jkdq7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
D:\PLIKI z C przed formatem\Wiola- dok. dysku C\pakiet.rat\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 196.40.0.1:554
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: (no name) - {A5062D4B-9ACA-828B-1AB4-942A23B6A897} -
xxtoolbar.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20001
\socks.exe
O4 - HKLM\..\Run: [WTFCTF] dePloy.exe
O4 - HKLM\..\Run: [init32] sysmon12.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dmzvh.exe] C:\WINDOWS\System32\dmzvh.exe
O4 - HKLM\..\Run: [rpcc] rpcc.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\System32\vxgame6.exe3584.exe
O4 - HKCU\..\Run: [init32] pi...exe
O4 - HKCU\..\Run: [sysmon12] XTermInit.exe
O4 - HKCU\..\Run: [WinInitDll] Shaitan1678.exe
O4 - Global Startup: Aktywacja Testera.lnk = C:\Program
Files\YDP\YdpDict\Watch.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
Files\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Office\Office\OSA9.EXE
O4 - Global Startup: WLAN Monitor Utility.lnk = C:\Program Files\WLAN\802.11
Wireless LAN\WWlanMonitor.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-
34EC851B0EFC}: NameServer = 85.255.116.130,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8925DB-7B87-45FE-B33D-
D59ADB327B17}: NameServer = 85.255.116.130,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D302173-8BAE-4A75-8D41-
E16383EF353D}: NameServer = 85.255.116.130,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{94CB422E-5635-45AE-8535-
F478D9140E6C}: NameServer = 85.255.116.130,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-
34EC851B0EFC}: NameServer = 85.255.116.130,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-
34EC851B0EFC}: NameServer = 85.255.116.130,85.255.112.191

Edytor zaawansowany
  • Gość: k IP: *.warszawa.sdi.tpnet.pl 24.04.06, 13:15
    Zakoncz:
    C:\WINDOWS\System32\kernels8.exe
    C:\WINDOWS\inet20001\socks.exe
    C:\WINDOWS\System32\rpcc.exe
    C:\WINDOWS\System32\vxgame6.exe3584.exe
    C:\WINDOWS\System32\dlh9jkdq6.exe
    C:\WINDOWS\System32\dlh9jkdq7.exe
    W razie problemow Killbox, Process Explorer, Unlocker itd.

    W hijackthis usun:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = 196.40.0.1:554 <- co to za proxy?
    R3 - URLSearchHook: (no name) - {A5062D4B-9ACA-828B-1AB4-942A23B6A897} -
    xxtoolbar.dll (file missing)
    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
    O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
    O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe <- usun plik
    O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20001
    \socks.exe <- usun katalog inet20001
    reszte wymienionych plikow exe tez usun:
    O4 - HKLM\..\Run: [WTFCTF] dePloy.exe
    O4 - HKLM\..\Run: [init32] sysmon12.exe
    O4 - HKLM\..\Run: [dmzvh.exe] C:\WINDOWS\System32\dmzvh.exe
    O4 - HKLM\..\Run: [rpcc] rpcc.exe
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
    O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe" <- usun
    katalog UnSpyPc
    O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\System32\vxgame6.exe3584.exe
    O4 - HKCU\..\Run: [init32] pi...exe
    O4 - HKCU\..\Run: [sysmon12] XTermInit.exe
    O4 - HKCU\..\Run: [WinInitDll] Shaitan1678.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

    Usun te dnsy i ustaw taki jakie zaleca Twoj dostawca:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-
    34EC851B0EFC}: NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8925DB-7B87-45FE-B33D-
    D59ADB327B17}: NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D302173-8BAE-4A75-8D41-
    E16383EF353D}: NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{94CB422E-5635-45AE-8535-
    F478D9140E6C}: NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CS1\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-
    34EC851B0EFC}: NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CS2\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-
    34EC851B0EFC}: NameServer = 85.255.116.130,85.255.112.191

    Do tego skan przy pomocy eiwdo, po wszystkim wklej nowy log CALY.

  • Gość: sigma IP: *.neoplus.adsl.tpnet.pl 24.04.06, 15:10
    Zrobiłam ile mi się udało - niestety tapeta pulpitu jest czarna i widnieje na
    niej napis: "Your computer is in danger! Windows Security Center has detected
    spyware/adware infection!It is strongly recommendet to use special antispyware
    tools to prevent data loss!"
    Poza tym Avast (oprócz innych Trojanów) wykrył :Trojan.gen {Other}- który to
    chyba jest raczej trudny do usunięcia.DNS-ów nie umiem ustawić.
    Wklejam obecny log:

    Logfile of HijackThis v1.97.7
    Scan saved at 15:00:43, on 2006-04-24
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\YDP\YdpDict\Watch.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\YDP\UserAccessManager\useraccess.exe
    C:\Program Files\WLAN\802.11 Wireless LAN\WWlanMonitor.exe
    C:\Program Files\GetRight\getright.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Documents and Settings\mistrz.MISTRZ-UEL02EVF\Pulpit\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O1 - Hosts: localhost 127.0.0.1
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
    atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
    O4 - HKCU\..\Run: [WinMedia] "C:\WINDOWS\System32\vxgame6.exe3584.exe"
    O4 - Global Startup: Aktywacja Testera.lnk = C:\Program
    Files\YDP\YdpDict\Watch.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
    Files\GetRight\getright.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Office\Office\OSA9.EXE
    O4 - Global Startup: WLAN Monitor Utility.lnk = C:\Program Files\WLAN\802.11
    Wireless LAN\WWlanMonitor.exe
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
    fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} -
    download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-34EC851B0EFC}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8925DB-7B87-45FE-B33D-D59ADB327B17}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D302173-8BAE-4A75-8D41-E16383EF353D}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{94CB422E-5635-45AE-8535-F478D9140E6C}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CS1\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-34EC851B0EFC}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CS2\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-34EC851B0EFC}:
    NameServer = 85.255.116.130,85.255.112.191

  • Gość: k IP: *.warszawa.sdi.tpnet.pl 24.04.06, 16:05
    Naprawa tapety tutaj:
    www.searchengines.pl/phpbb203/index.php?showtopic=47691
    oraz:
    www.searchengines.pl/phpbb203/index.php?showtopic=31936
    > Poza tym Avast (oprócz innych Trojanów) wykrył :Trojan.gen {Other}-
    > który to chyba jest raczej trudny do usunięcia.

    Podasz łaskawie w jakim pliku?!

    > DNS-ów nie umiem ustawić.

    Wiec sie naucz, to nie jest wiedza tajemna...
    Ale to dopiero po usunieciu rootkita.

    Panel Sterowania -> Polaczenia sieciowe i tel. -> wybierasz wlasciowsci twojego
    polaczenia pozniej wlasciwosci tcp/ip i tam na dole ustawiasz adresy serwerow
    DNS takie jakie zalecil Twoj dostawca internetu.

    Masz piracki windows bez żadnych aktualizacji:
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Wiec zamknij porty w wwdc oraz nie uzywaj wiecej IE,
    zainstaluj sobie Opere lub FF.

    Usun jeszcze to:
    O4 - HKCU\..\Run: [WinMedia] "C:\WINDOWS\System32\vxgame6.exe3584.exe"
    oraz to:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-34EC851B0EFC}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E8925DB-7B87-45FE-B33D-D59ADB327B17}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D302173-8BAE-4A75-8D41-E16383EF353D}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{94CB422E-5635-45AE-8535-F478D9140E6C}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CS1\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-34EC851B0EFC}:
    NameServer = 85.255.116.130,85.255.112.191
    O17 - HKLM\System\CS2\Services\Tcpip\..\{47FC8BA8-524F-4646-AAD1-34EC851B0EFC}:
    NameServer = 85.255.116.130,85.255.112.191

    Dalej log sie nie zmiescil wiec doklej brakujaca czesc.

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka