prosze o sprawdzenie loga :)

07.07.05, 19:19

    • pandoora Re: prosze o sprawdzenie loga :) 07.07.05, 19:19
      Logfile of HijackThis v1.99.1
      Scan saved at 19:17:39, on 2005-07-07
      Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
      C:\WINDOWS\system32\ctfmon.exe
      E:\gg i anti\Gadu-Gadu\gg.exe
      C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
      C:\PROGRA~1\NEOSTR~1\ComComp.exe
      C:\PROGRA~1\NEOSTR~1\Watch.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\STEFAN\Pulpit\hijackthis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      213.159.117.134/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      213.159.117.134/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.onet.pl/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
      Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
      Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
      AntiSpyware\gcasServ.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Steam] E:\Valve\Steam.exe -silent
      O4 - HKCU\..\Run: [Gadu-Gadu] "E:\gg i anti\Gadu-Gadu\gg.exe" /tray
      O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
      O4 - Startup: Tahni Deskmate.LNK = C:\TahniDeskMate\DESKMATE.EXE
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
      res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
      file)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
      C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
      00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: *.iframedollars.biz (HKLM)
      O15 - Trusted Zone: *.slotchbar.com (HKLM)
      O15 - Trusted Zone: *.ysbweb.com (HKLM)
      O15 - Trusted IP range: 213.159.117.202 (HKLM)
      O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
      www.pandasoftware.com/activescan/as5/asinst.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
      bok.plusgsm.pl/rnt/rnl/java/RntX.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{ADB45B64-0F2E-45D9-94ED-634993CE3E90}:
      NameServer = 194.204.152.34 217.98.63.164
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
      \Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      • Gość: Kolobos Re: prosze o sprawdzenie loga :) IP: *.warszawa.sdi.tpnet.pl 07.07.05, 20:26
        Uzyj:
        www.searchengines.pl/phpbb203/index.php?
        s=5debf1bfeab0c89e54567f66c39699f0&act=Attach&type=post&id=459
        cwshredder.net/bin/CWShredder.exe

        W hijackthis to:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        213.159.117.134/index.php
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        213.159.117.134/index.php
        O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
        O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no
        file)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted IP range: 213.159.117.202 (HKLM)
        O16 - DPF: {11111111-1111-1111-1111-111111111732} - file://c:\progra~1\pl.exe

        I po wszystkim kasujesz z dysku:
        C:\WINDOWS\System32\systime.exe
        c:\program files\pl.exe

        Jakby nie chcialy sie usunac to killbox:
        www.downloads.subratam.org/KillBox.zip
        i delete on reboot.
        • Gość: pandoora Re: prosze o sprawdzenie loga :) IP: *.neoplus.adsl.tpnet.pl 07.07.05, 20:35
          usunelam te rzeczy z hijackthis, sciagnelam to cos ale jak mam tego uzyc?
          jestem komletnie zielona..:( a tak wogole to nie ma tych plikow na C :/ o co
          chodzi ?
          • Gość: Kolobos Re: prosze o sprawdzenie loga :) IP: *.warszawa.sdi.tpnet.pl 07.07.05, 20:37
            Pliki masz tylko sa pewnie ukryte, a ty masz wylaczone pokazywanie plikow
            ukrytych.
            Uruchom killbox wklej do niego sciezke do pliku, ktory chcesz usunac, zaznacz
            delete on reboot i nacisnij czerwony przycisk to samo zrob z drugim plikiem.
            I po resecie juz ich nie bedzie to tyle.Jak juz usuniesz to wklej nowy log.
            • Gość: pandoora Re: prosze o sprawdzenie loga :) IP: *.neoplus.adsl.tpnet.pl 07.07.05, 21:59
              Logfile of HijackThis v1.99.1
              Scan saved at 21:56:44, on 2005-07-07
              Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\System32\Ati2evxx.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\Ati2evxx.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              C:\Program Files\Alwil Software\Avast4\ashServ.exe
              C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
              C:\WINDOWS\SOUNDMAN.EXE
              C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
              C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
              C:\PROGRA~1\NEOSTR~1\CnxMon.exe
              C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
              C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
              C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
              E:\gg i anti\Gadu-Gadu\gg.exe
              C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
              C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
              C:\PROGRA~1\NEOSTR~1\ComComp.exe
              C:\PROGRA~1\NEOSTR~1\Watch.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Windows Media Player\wmplayer.exe
              C:\Documents and Settings\STEFAN\Pulpit\hijackthis\HijackThis.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.onet.pl/
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              213.159.117.134/index.php
              R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.onet.pl/
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
              C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
              O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
              C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
              O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
              O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
              Panel\atiptaxx.exe
              O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
              O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
              O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program
              Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
              O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
              O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
              O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
              O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
              AntiSpyware\gcasServ.exe"
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
              O4 - HKCU\..\Run: [Steam] E:\Valve\Steam.exe -silent
              O4 - HKCU\..\Run: [Gadu-Gadu] "E:\gg i anti\Gadu-Gadu\gg.exe" /tray
              O4 - Startup: Tahni Deskmate.LNK = C:\TahniDeskMate\DESKMATE.EXE
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
              Office\Office10\OSA.EXE
              O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
              res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
              C:\Program Files\Messenger\msmsgs.exe
              O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
              00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
              O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
              www.pandasoftware.com/activescan/as5/asinst.cab
              O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
              skaner.mks.com.pl/SkanerOnline.cab
              O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
              bok.plusgsm.pl/rnt/rnl/java/RntX.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{ADB45B64-0F2E-45D9-94ED-634993CE3E90}:
              NameServer = 194.204.152.34 217.98.63.164
              O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
              C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
              O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
              \Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
              O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashServ.exe
              O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashMaiSv.exe" /service (file missing)
              O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
              Software\Avast4\ashWebSv.exe" /service (file missing)

              • Gość: Kolobos Re: prosze o sprawdzenie loga :) IP: *.warszawa.sdi.tpnet.pl 07.07.05, 22:21
                Jeszcze to:
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                213.159.117.134/index.php

                Reszta ok z tego co widze.
                • Gość: pandoora Re: prosze o sprawdzenie loga :) IP: *.neoplus.adsl.tpnet.pl 08.07.05, 00:01
                  dzięki wielkie :)
                  • Gość: C3PO Re: prosze o sprawdzenie loga :) IP: *.neoplus.adsl.tpnet.pl 08.07.05, 01:33
                    Az tak bardzo sie nie ciesz :))) Bo jesli okaze sie, ze masz rootkita to ... az
                    strach mowic :)
                    • Gość: Kolobos Re: prosze o sprawdzenie loga :) IP: *.warszawa.sdi.tpnet.pl 08.07.05, 11:18
                      Nie ma rootkita, ale jak tak bardzo chcesz to tutaj jest:
                      forum.gazeta.pl/forum/72,2.html?f=430&w=26168296
                      • pandoora Re: prosze o sprawdzenie loga :) 08.07.05, 14:01
                        tylko co to jest rootkit :|
                        • Gość: Kolobos Re: prosze o sprawdzenie loga :) IP: *.warszawa.sdi.tpnet.pl 08.07.05, 14:25
                          Nie masz rootkit'a! rootkit to rootkit poczytaj na google co to i co robi.
Inne wątki na temat:
Pełna wersja