Sprawdzenie loga z Hijackthis

08.09.06, 13:38
Logfile of HijackThis v1.99.1
Scan saved at 13:35:25, on 2006-09-08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\kernels8.exe
C:\windows\system32\stonedrv.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Windows\xpupdate.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wupdmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\anusia\Pulpit\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
81.222.131.49/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
"C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKLM\..\Run: [qs8g35O] crtscli.exe
O4 - HKLM\..\Run: [qs8g35O] crtscli.exe
O4 - HKLM\..\Run: [Service Host]
C:\WINDOWS\System32\Services\{B6E8B82C-96B2-41C1-8F2D-C1EF06486338}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper]
C:\WINDOWS\System32\Services\{B6E8B82C-96B2-41C1-8F2D-C1EF06486338}\SECURITY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [atipatxx] C:\WINDOWS\System32\atipatxx.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\pqb2560.exe
O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\pqb2560.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00001.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bBrmRRi5P] cmccp.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) -
arcaonline.arcabit.com/ArcaOnline.cab
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1115838877247
O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object)
- megapanel.gem.pl/WebInstaller.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127731398514
O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
megapanel.gem.pl/temp/netp/1044/9939/9180/5700/5_1044993991805700.ocx
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9C4A4E36-CEB8-4F9B-850E-B27B6A918AD1}:
NameServer = 194.204.159.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT
Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: Debug oupost relations (LAGOS) - Unknown owner -
C:\WINDOWS\System32\ahtun.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe

    • Gość: Kolobos Re: Sprawdzenie loga z Hijackthis IP: *.warszawa.sdi.tpnet.pl 08.09.06, 15:58
      Masz piracki windows bez aktualizacji jak widac:
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Wiec zamknij porty przy pomocy wwdc.exe

      W menadzerze zadan zakoncz (jezeli nie dziala to uzyj Process Explorer, znajdziesz na google):
      C:\WINDOWS\System32\kernels8.exe
      C:\windows\system32\stonedrv.exe
      C:\Windows\xpupdate.exe
      Pliki usun z dysku.

      W hjt usun:e
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      81.222.131.49/index.php
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      81.222.131.49/index.php
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      81.222.131.49/index.php
      R3 - Default URLSearchHook is missing
      F2 - REG:system.ini: Shell=explorer.exe
      "C:\Program
      Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" <- plik ibm usun z dysku.
      Pliki usun z dysku:
      O4 - HKLM\..\Run: [qs8g35O] crtscli.exe
      O4 - HKLM\..\Run: [qs8g35O] crtscli.exe
      O4 - HKLM\..\Run: [Service Host]
      C:\WINDOWS\System32\Services\{B6E8B82C-96B2-41C1-8F2D-C1EF06486338}\SVCHOST.EXE
      O4 - HKLM\..\Run: [Disk Keeper]
      C:\WINDOWS\System32\Services\{B6E8B82C-96B2-41C1-8F2D-C1EF06486338}\SECURITY.EXE
      O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet
      Optimizer\optimize.exe" <- katalog Inter... uusn z dysku.
      O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe <- to samo Media Gate...
      O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
      O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels8.exe
      O4 - HKLM\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe <- katalog Media.. usun z dysku.
      O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
      O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels8.exe
      O4 - HKLM\..\RunServices: [stonedrv] c:\windows\system32\stonedrv.exe
      O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\tool2.exe
      O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\pqb2560.exe
      O4 - HKCU\..\Run: [stonedrv] c:\windows\system32\stonedrv.exe
      O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\pqb2560.exe
      O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
      O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
      Folders\ibm00001.exe"
      O4 - HKCU\..\Run: [bBrmRRi5P] cmccp.exe
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
      O16 - DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} (GWebInstallControl Object)
      - megapanel.gem.pl/WebInstaller.dll
      O16 - DPF: {8626DFA9-2BAC-4BDA-8663-8DAA0F942C0D} -
      megapanel.gem.pl/temp/netp/1044/9939/9180/5700/5_1044993991805700.ocx

      Usluga do kasacji, opis usuwania w przykeljonym poscie:
      O23 - Service: Debug oupost relations (LAGOS) - Unknown owner -
      C:\WINDOWS\System32\ahtun.exe (file missing)

      Do tego zrob skan przy pomocy ewido.

      Oraz czytasz tutaj opis usuwania Trojana.Repsamo (Cimuz):
      www.searchengines.pl/phpbb203/index.php?showtopic=12510&st=30&p=188758&#entry188758
      Po wszystkim nowy log.
Pełna wersja