proszę o sprawdzenie loga

IP: *.gprsbal.plusgsm.pl 17.06.06, 21:43
Logfile of HijackThis v1.99.1
Scan saved at 20:06:31, on 2006-06-17
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe
C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\mssvcc.exe
C:\WINDOWS\System32\mssecure.exe
C:\WINDOWS\System32\spoolsvv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\KOMP~1.PRE\USTAWI~1\Temp\Rar$EX04.894\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Samsung Common
SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony
Ericsson\Wireless Manager\GCXXManager.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11
\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\Run: [secures23] mssecure.exe
O4 - HKLM\..\Run: [YUpdate] C:\WINDOWS\system32\ymm.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) -
www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) -
static.zangocash.com/cab/Zango/ie/bridge-c32.cab?d8c17f1251d447a0dc59a1399cd528e23edb4c49050b6b360bd50cfa37ae1de95bcdf6f4919164
68680e219c4a07c6a00fda2896f3ebafe4faebe4f2f5e8e3f89db8e84c0b25:97abcc3afe236f9
03b08e5a58227dfbb
O20 - Winlogon Notify: 20242402reg - C:\Documents and Settings\All
Users\Dokumenty\Settings\20242402.dll
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All
Users\Dokumenty\Settings\artm_new.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32
\drivers\CDAC11BA.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32
\slserv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


przy uruchomieniu komputera,pojawia sie ostrzezenie avast o trojanie
WIN32:Agent-MO[Trj] w katalogu C:\WINDOWS\comdlj32.dll

z gory dzieki!!
    • kolobos Re: proszę o sprawdzenie loga 17.06.06, 21:51
      Zakoncz procesy:
      C:\WINDOWS\System32\mssvcc.exe
      C:\WINDOWS\System32\mssecure.exe
      C:\WINDOWS\System32\spoolsvv.exe

      W hjt usun:
      O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
      O4 - HKLM\..\Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
      O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
      O4 - HKLM\..\Run: [secures23] mssecure.exe
      O4 - HKLM\..\Run: [YUpdate] C:\WINDOWS\system32\ymm.exe
      O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
      O4 - HKLM\..\RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap.exe
      O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
      O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
      O4 - HKLM\..\RunServices: [secures23] mssecure.exe
      Wymienione pliki exe usun z dysku.

      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) -
      static.zangocash.com/cab/Zango/ie/bridge-c32.cab?
      d8c17f1251d447a0dc59a1399cd528e23edb4c49050b6b360bd50cfa37ae1de95bcdf6f4919164
      68680e219c4a07c6a00fda2896f3ebafe4faebe4f2f5e8e3f89db8e84c0b25:97abcc3afe236f9
      03b08e5a58227dfbb
      O20 - Winlogon Notify: 20242402reg - C:\Documents and Settings\All
      Users\Dokumenty\Settings\20242402.dll <- plik usun z dysku.
      O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All
      Users\Dokumenty\Settings\artm_new.dll <- i ten.

      Ten tez usun:
      C:\WINDOWS\comdlj32.dll

      W razie problemow z usuwaniem uzyj killbox'a opis w faq do tego zrob skan przy
      pomocy ewido.
      • Gość: kate proszę o ponowne sprawdzenie loga IP: *.gprsbal.plusgsm.pl 18.06.06, 21:04
        Logfile of HijackThis v1.99.1
        Scan saved at 20:53:56, on 2006-06-18
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Ahead\InCD\InCDsrv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\sistray.EXE
        C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
        C:\Program Files\Ahead\InCD\InCD.exe
        C:\WINDOWS\wt\updater\wcmdmgr.exe
        C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Gadu-Gadu\gg.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\System32\drivers\CDAC11BA.EXE
        C:\WINDOWS\system32\slserv.exe
        C:\WINDOWS\System32\wltrysvc.exe
        C:\WINDOWS\System32\bcmwltry.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        D:\Instalki\Instalki\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.interia.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
        O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
        O4 - HKLM\..\Run: [Samsung Common
        SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
        O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [GCXX-Manager-Class] "C:\Program Files\Sony Ericsson\Wireless
        Manager\GCXXManager.exe" -startup
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11
        \bin\jusched.exe
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
        00401C608501} - C:\Program Files\Java\j2re1.4.2_11\bin\npjpi142_11.dll
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) -
        www.cyberlink.com/winxp/CheckDVD.cab
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashMaiSv.exe" /service (file missing)
        O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
        Software\Avast4\ashWebSv.exe" /service (file missing)
        O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32
        \drivers\CDAC11BA.EXE
        O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program
        Files\Ahead\InCD\InCDsrv.exe
        O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
        • Gość: k Re: proszę o ponowne sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 18.06.06, 21:10
          Wyglada ok.

          • Gość: kate Re: proszę o ponowne sprawdzenie loga IP: *.gprspla.plusgsm.pl 18.06.06, 22:36
            Dzięki za pomoc, ale mam jeszce jedno pytanko - uzytkownikowi karin997
            zaleciłeś, żeby usunęła linię zawierającą [KernelFaultCheck] %systemroot%
            \system32\dumprep 0 -k
            U mnie w pierwszym i drugin (nowym) logo też jest ta linia. Czy w moim
            przypadku nie trzeba tego robić?

            • neder Re: proszę o ponowne sprawdzenie loga 18.06.06, 22:43
              można, ale nie trzeba.
              pzdr
            • Gość: k Re: proszę o ponowne sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 18.06.06, 22:43
              To nie ja, a linia [KernelFaultCheck] %systemroot% \system32\dumprep 0 -k
              dodaje sie po wystapieniu bledu wiec zapewne znowu sie pojawi.
              Jak chcesz to mozesz usunac ten wpis.
Pełna wersja