Trojan Qhost/ hi jack log - help - Wirusy, trojany, spyware - Forum dyskusyjne

ajlip Re: Trojan Qhost/ hi jack log - help 12.02.05, 13:51

No to cały log:

Logfile of HijackThis v1.99.0
Scan saved at 12:27:15, on 2005-02-12
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\ArchestrA\aaLogger.exe
D:\Program Files\Common Files\ArchestrA\NTServApp.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\Program Files\Common Files\ArchestrA\slssvc.exe
E:\SIEMENS\Common\sws\almsrv\almsrvx.exe
D:\WINDOWS\SYSTEM32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
D:\PROGRA~1\NEOSTR~1\CnxMon.exe
D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
E:\SIEMENS\Common\S7ubtoox\s7ubtstx.exe
D:\Program Files\Internet Optimizer\optimize.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\??plorer.exe
D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
E:\WinZip\WZQKPICK.EXE
E:\OpenOffice.org1.1.2\program\soffice.exe
E:\SIEMENS\Common\Sqlany\dbsrv50.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
E:\SIEMENS\Common\Sqlany\dbclient.exe
D:\Program Files\Neostrada TP\NeostradaTP.exe
D:\Program Files\Neostrada TP\ComComp.exe
D:\Program Files\Neostrada TP\Watch.exe
D:\Program Files\Panda Software\Panda Antivirus Platinum\IFACE.EXE
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\DOCUMENTS AND SETTINGS\WS\PULPIT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} -
D:\Program Files\IEMenuExtension\tbextn.dll
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [S7UB Start] "E:\SIEMENS\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe
"D:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus
Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus
Platinum\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Etaa] D:\Documents and Settings\ws\Dane aplikacji\asss.exe
O4 - HKCU\..\Run: [Off] D:\WINDOWS\System32\??plorer.exe
O4 - Startup: OpenOffice.org 1.1.2.lnk =
E:\OpenOffice.org1.1.2\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st
800-840\dslmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) -
www.globalphon.com/dialer/russia.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108128066881
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
iframedollars.biz/tb/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
O17 - HKLM\System\CCS\Services\Tcpip\..\{A50654C8-571A-4F29-97D9-9103566D68D6}:
NameServer = 194.204.152.34 217.98.63.164
O23 - Service: ArchestrA Logger - Invensys Systems, Inc. - D:\Program
Files\Common Files\ArchestrA\aaLogger.exe
O23 - Service: Automation License Manager Service - SIEMENS AG -
E:\SIEMENS\Common\sws\almsrv\almsrvx.exe
O23 - Service: FS Service Control - Wonderware Corporation - D:\Program
Files\Common Files\ArchestrA\NTServApp.exe
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda

Drzewko
Od najstarszego
Od najnowszego

netsec Re: Trojan Qhost/ hi jack log - help 12.02.05, 12:42

Wklej CAŁY HiJackThis log.
- ajlip Re: Trojan Qhost/ hi jack log - help 12.02.05, 13:51
  
  No to cały log:
  
  Logfile of HijackThis v1.99.0
  Scan saved at 12:27:15, on 2005-02-12
  Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
  
  Running processes:
  D:\WINDOWS\System32\smss.exe
  D:\WINDOWS\SYSTEM32\winlogon.exe
  D:\WINDOWS\system32\services.exe
  D:\WINDOWS\system32\lsass.exe
  D:\WINDOWS\system32\svchost.exe
  D:\WINDOWS\System32\svchost.exe
  D:\WINDOWS\system32\spoolsv.exe
  D:\Program Files\Common Files\ArchestrA\aaLogger.exe
  D:\Program Files\Common Files\ArchestrA\NTServApp.exe
  D:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
  D:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
  D:\Program Files\Common Files\ArchestrA\slssvc.exe
  E:\SIEMENS\Common\sws\almsrv\almsrvx.exe
  D:\WINDOWS\SYSTEM32\rundll32.exe
  D:\WINDOWS\Explorer.EXE
  D:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
  D:\WINDOWS\System32\wuauclt.exe
  D:\Program Files\Winamp\winampa.exe
  D:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
  D:\PROGRA~1\NEOSTR~1\CnxMon.exe
  D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
  E:\SIEMENS\Common\S7ubtoox\s7ubtstx.exe
  D:\Program Files\Internet Optimizer\optimize.exe
  D:\WINDOWS\System32\ctfmon.exe
  D:\WINDOWS\System32\??plorer.exe
  D:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
  E:\WinZip\WZQKPICK.EXE
  E:\OpenOffice.org1.1.2\program\soffice.exe
  E:\SIEMENS\Common\Sqlany\dbsrv50.exe
  D:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
  E:\SIEMENS\Common\Sqlany\dbclient.exe
  D:\Program Files\Neostrada TP\NeostradaTP.exe
  D:\Program Files\Neostrada TP\ComComp.exe
  D:\Program Files\Neostrada TP\Watch.exe
  D:\Program Files\Panda Software\Panda Antivirus Platinum\IFACE.EXE
  D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
  D:\DOCUMENTS AND SETTINGS\WS\PULPIT\HijackThis.exe
  
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
  213.159.117.134/index.php
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = szukaj.wp.pl
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
  www.neostrada.pl
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
  213.159.117.134/index.php
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
  213.159.117.134/index.php
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
  213.159.117.134/index.php
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  213.159.117.134/index.php
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
  R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
  D:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
  O1 - Hosts: 69.20.16.183 auto.search.msn.com
  O1 - Hosts: 69.20.16.183 search.netscape.com
  O1 - Hosts: 69.20.16.183 ieautosearch
  O1 - Hosts: 69.20.16.183 ieautosearch
  O1 - Hosts: 69.20.16.183 ieautosearch
  O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
  D:\WINDOWS\System32\msdxm.ocx
  O3 - Toolbar: IEMenuExtension toolbar - {6b95678d-30a4-4ff8-a72f-4208340c1f7f} -
  D:\Program Files\IEMenuExtension\tbextn.dll
  O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
  O4 - HKLM\..\Run: [WooCnxMon] D:\PROGRA~1\NEOSTR~1\CnxMon.exe
  O4 - HKLM\..\Run: [WOOWATCH] D:\PROGRA~1\NEOSTR~1\Watch.exe
  O4 - HKLM\..\Run: [WOOTASKBARICON] D:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
  O4 - HKLM\..\Run: [S7UB Start] "E:\SIEMENS\Common\S7ubtoox\s7ubtstx.exe" -StartDB
  O4 - HKLM\..\Run: [Internet Optimizer] "D:\Program Files\Internet
  Optimizer\optimize.exe"
  O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe
  "D:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
  O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Antivirus
  Platinum\Inicio.exe"
  O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Antivirus
  Platinum\APVXDWIN.EXE" /s
  O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
  O4 - HKCU\..\Run: [Etaa] D:\Documents and Settings\ws\Dane aplikacji\asss.exe
  O4 - HKCU\..\Run: [Off] D:\WINDOWS\System32\??plorer.exe
  O4 - Startup: OpenOffice.org 1.1.2.lnk =
  E:\OpenOffice.org1.1.2\program\quickstart.exe
  O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\SAGEM F@st
  800-840\dslmon.exe
  O4 - Global Startup: WinZip Quick Pick.lnk = E:\WinZip\WZQKPICK.EXE
  O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
  D:\WINDOWS\web\related.htm
  O9 - Extra 'Tools' menuitem: Show &Related Links -
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
  O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
  O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
  O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
  O10 - Unknown file in Winsock LSP: d:\windows\system32\aklsp.dll
  O15 - Trusted Zone: *.blazefind.com
  O15 - Trusted Zone: *.clickspring.net
  O15 - Trusted Zone: *.flingstone.com
  O15 - Trusted Zone: *.iframedollars.biz
  O15 - Trusted Zone: *.mt-download.com
  O15 - Trusted Zone: *.my-internet.info
  O15 - Trusted Zone: *.searchbarcash.com
  O15 - Trusted Zone: *.searchmiracle.com
  O15 - Trusted Zone: *.skoobidoo.com
  O15 - Trusted Zone: *.slotch.com
  O15 - Trusted Zone: *.slotchbar.com
  O15 - Trusted Zone: *.windupdates.com
  O15 - Trusted Zone: *.xxxtoolbar.com
  O15 - Trusted Zone: *.ysbweb.com
  O15 - Trusted Zone: *.blazefind.com (HKLM)
  O15 - Trusted Zone: *.clickspring.net (HKLM)
  O15 - Trusted Zone: *.flingstone.com (HKLM)
  O15 - Trusted Zone: *.iframedollars.biz (HKLM)
  O15 - Trusted Zone: *.mt-download.com (HKLM)
  O15 - Trusted Zone: *.my-internet.info (HKLM)
  O15 - Trusted Zone: *.searchbarcash.com (HKLM)
  O15 - Trusted Zone: *.searchmiracle.com (HKLM)
  O15 - Trusted Zone: *.skoobidoo.com (HKLM)
  O15 - Trusted Zone: *.slotch.com (HKLM)
  O15 - Trusted Zone: *.slotchbar.com (HKLM)
  O15 - Trusted Zone: *.windupdates.com (HKLM)
  O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
  O15 - Trusted Zone: *.ysbweb.com (HKLM)
  O15 - Trusted IP range: 213.159.117.202
  O15 - Trusted IP range: 213.159.117.202 (HKLM)
  O16 - DPF: {3E339D3C-4B12-4E8C-A529-9CC4BEEAFD4F} (VacPro.russia_ver3) -
  www.globalphon.com/dialer/russia.CAB
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
  v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108128066881
  O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
  iframedollars.biz/tb/loader2.ocx
  O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
  Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
  O17 - HKLM\System\CCS\Services\Tcpip\..\{A50654C8-571A-4F29-97D9-9103566D68D6}:
  NameServer = 194.204.152.34 217.98.63.164
  O23 - Service: ArchestrA Logger - Invensys Systems, Inc. - D:\Program
  Files\Common Files\ArchestrA\aaLogger.exe
  O23 - Service: Automation License Manager Service - SIEMENS AG -
  E:\SIEMENS\Common\sws\almsrv\almsrvx.exe
  O23 - Service: FS Service Control - Wonderware Corporation - D:\Program
  Files\Common Files\ArchestrA\NTServApp.exe
  O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda
cnjry Re: Trojan Qhost/ hi jack log - help 12.02.05, 13:17

Odinstaluj aplikacje NeostradaTP i skonfiguruj recznie polaczenie jako zwykle
modemowe, tylko spisz dane login i haslo jako nr dajesz *

Trojan Qhost/ hi jack log - help

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się