Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    logfile

    11.06.05, 17:33
    Logfile of HijackThis v1.99.1
    Scan saved at 17:19:31, on 2005-06-11
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Media Access\MediaAccK.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\eDonkey2000\eDonkey2000.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Gadu-Gadu\gg.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Documents and Settings\Komputerek\Pulpit\hijackthis\HijackThis.exe
    C:\WINDOWS\Explorer.exe
    C:\DOCUME~1\KOMPUT~1\USTAWI~1\Temp\PNF\aurareco.exe
    C:\WINDOWS\System32\dwwin.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
    letgohome.com/sp.htm?id=33464
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    letgohome.com/sp.htm?id=33464
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.interia.pl/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    letgohome.com/sp.htm?id=33464
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\System32\SoundMan.exe
    O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\System32\SetCDfmt.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000
    \eDonkey2000.exe" -t
    O4 - HKLM\..\Run: [apinghd] c:\windows\system32\ubmvqq.exe r
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
    00aa003c157a} - C:\WINDOWS\web\related.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CDC93067-10FA-4868-8909-
    FFF5F2465B62}: NameServer = 69.50.184.84,195.225.176.37
    O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
    4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
    O20 - AppInit_DLLs: 7ffl9xy2zw9.dll
    O20 - Winlogon Notify: style2 - C:\WINDOWS\q1177453_disk.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: System Startup Service (SvcProc) - Unknown owner -
    C:\WINDOWS\svcproc.exe

    Obserwuj wątek
      • Gość: Kolobos Re: logfile IP: *.warszawa.sdi.tpnet.pl 11.06.05, 21:19
        Jak zwykle brak aktualizacji...

        Skanujesz/instalujesz itd to:
        download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
        www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
        ochrone przegladarki
        www.firewallleaktester.com/tools/wwdc.exe
        Sciagasz tez:
        free.of.pl/k/kolobos/nailfix.zip
        www.downloads.subratam.org/KillBox.zip
        Uruchamiasz windows w trybie awaryjnym i uzywasz nailfix nastepnie w hijackthis
        kasujesz te wpisy:

        R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
        letgohome.com/sp.htm?id=33464
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        letgohome.com/sp.htm?id=33464
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        letgohome.com/sp.htm?id=33464
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
        R3 - Default URLSearchHook is missing
        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKLM\..\Run: [apinghd] c:\windows\system32\ubmvqq.exe r
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
        O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm

        Jakis backdoor podmienil Ci chyba adresy dns'ow?
        O17 - HKLM\System\CCS\Services\Tcpip\..\{CDC93067-10FA-4868-8909-
        FFF5F2465B62}: NameServer = 69.50.184.84,195.225.176.37
        Czy takie masz w swojej sieci?

        O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-
        4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
        O20 - AppInit_DLLs: 7ffl9xy2zw9.dll
        O20 - Winlogon Notify: style2 - C:\WINDOWS\q1177453_disk.dll
        O23 - Service: System Startup Service (SvcProc) - Unknown owner -
        C:\WINDOWS\svcproc.exe

        Nastepnie killbox i zaznacz Delete file on reboot wklej sciezke do pliku (sam/a
        nie szukaj tylko wklejaj gotowa) i naciskaj czerwony przycisk ale na pytanie o
        reset odpowiadaj nie i tak zrob z tymi plikami:

        C:\Program Files\Media Access\MediaAccK.exe
        Po resecie kasujesz katalog Media Access
        c:\windows\system32\ubmvqq.exe
        C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
        C:\Windows\system32\7ffl9xy2zw9.dll lub C:\Windows\
        C:\WINDOWS\q1177453_disk.dll

        Na koniec wklej nowy log z hijackthis.

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin