log

Gość: tom IP: *.bulldogdsl.com 25.12.06, 12:43

bardzo prosze o sprawdzenie loga . dzieki

Logfile of HijackThis v1.99.1
Scan saved at 10:41:46, on 2006-12-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
E:\dysk d\hijackthis1.99.1\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.amazon.com/exec/obidos/redirect?tag=nearly4less-20
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] FIFA Football 2007
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E799B75-2E41-407F-9093-01FDB119036B}: NameServer = 83.146.21.5 212.158.248.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E799B75-2E41-407F-9093-01FDB119036B}: NameServer = 83.146.21.5 212.158.248.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{4E799B75-2E41-407F-9093-01FDB119036B}: NameServer = 83.146.21.5 212.158.248.6
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

Obserwuj wątek

Gość: tom Re: log IP: *.bulldogdsl.com 25.12.06, 14:05

przeskanowalem komputer ewido oto skan, napiszcie prosze jak to pousuwac :

__________________________________________________
ewido anti-spyware online scanner
www.ewido.net
__________________________________________________

Name: TrackingCookie.Fastclick
Path: C:\Documents and Settings\william\Cookies\william@fastclick[2].txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: C:\Documents and Settings\william\Cookies\william@adbrite[2].txt
Risk: Medium

Name: TrackingCookie.Doubleclick
Path: C:\Documents and Settings\william\Cookies\william@doubleclick[1].txt
Risk: Medium

Name: TrackingCookie.Atdmt
Path: C:\Documents and Settings\william\Cookies\william@atdmt[2].txt
Risk: Medium

Name: Adware.ISTBar
Path: HKU\.DEFAULT\Software\IST
Risk: Medium

Name: Adware.ISTBar
Path: HKU\S-1-5-18\Software\IST
Risk: Medium

Name: Downloader.IstBar.pn
Path: C:\WINDOWS\Temp\isinst.exe
Risk: High

Name: Logger.Agent
Path: C:\WINDOWS\patcher.exe
Risk: High

Name: Downloader.Small.edb
Path: C:\WINDOWS\user32.exe
Risk: High

Name: Downloader.Adload.dr
Path: C:\WINDOWS\dr.exe
Risk: High

Name: Trojan.Nilage.aeh
Path: C:\WINDOWS\widupdate.exe
Risk: High

Name: Downloader.IstBar.pn
Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\44ZBSLU3\istdownload[1].exe
Risk: High

Name: Trojan.ProcKill.DJ
Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\44ZBSLU3\fkfdcxj[1].htm
Risk: High

Name: Downloader.Small.dgk
Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\44ZBSLU3\nsctdaktzy[1].htm
Risk: High

Name: Not-A-Virus.Hoax.Win32.Renos.gc
Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0D6B8L63\uzupnm[1].htm
Risk: Low

Name: Downloader.Small.ecr
Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0D6B8L63\jnmhfeq[1].txt
Risk: High

Name: Proxy.Wopla.ac
Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YLO66OS3\xbxihg[1].htm
Risk: High

Name: Trojan.Sinowal.ay
Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CSEDDOBE\ckfrkn[1].txt
Risk: High

Name: Trojan.ProcKill.DJ
Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CSEDDOBE\mazxfcmj[1].htm
Risk: High

Name: Downloader.Adload.dr
Path: C:\Program Files\dr.exe
Risk: High

Name: Downloader.IstBar.po
Path: C:\Program Files\shell32.exe
Risk: High

Name: Downloader.Small.edb
Path: C:\Program Files\serial.dat/user32.exe
Risk: High

Name: Trojan.Nilage.aeh
Path: C:\Program Files\serial.dat/widupdate.exe
Risk: High

Name: Logger.Agent
Path: C:\Program Files\serial.dat/patcher.exe
Risk: High

Name: Downloader.Small.edb
Path: C:\Program Files\serial.zip/user32.exe
Risk: High

Name: Trojan.Nilage.aeh
Path: C:\Program Files\serial.zip/widupdate.exe
Risk: High

Name: Logger.Agent
Path: C:\Program Files\serial.zip/patcher.exe
Risk: High

Name: Trojan.Nilage.aeh
Path: C:\Program Files\widupdate.exe
Risk: High

Name: Logger.Agent
Path: C:\Program Files\patcher.exe
Risk: High

Name: Downloader.Agent.bbx
Path: C:\System Volume Information\_restore{E7FE5339-D1B5-41A8-876C-4A6E58E50B80}\RP4\A0007180.exe
Risk: High

Name: Downloader.Adload.dr
Path: C:\System Volume Information\_restore{E7FE5339-D1B5-41A8-876C-4A6E58E50B80}\RP4\A0007182.exe
Risk: High

Name: Downloader.Agent.bbx
Path: C:\System Volume Information\_restore{E7FE5339-D1B5-41A8-876C-4A6E58E50B80}\RP4\A0007183.exe
Risk: High

Name: Proxy.Wopla.ac
Path: C:\System Volume Information\_restore{E7FE5339-D1B5-41A8-876C-4A6E58E50B80}\RP4\A0007212.exe
Risk: High

Name: Trojan.Sinowal.ay
Path: C:\diwov.exe
Risk: High

Name: Trojan.ProcKill.DJ
Path: C:\hfyfedhg.exe
Risk: High

Name: Not-A-Virus.Hoax.Win32.Renos.gc
Path: C:\gpitgiwe.exe
Risk: Low

Name: Trojan.ProcKill.DJ
Path: C:\lwuevcol.exe
Risk: High

Name: Downloader.Small.dgk
Path: C:\vhenfgwd.exe
Risk: High

dzieki
ponadto od wczoraj pojawia mi sie taki komunikat avasta o tresci:
DCOM EXPLOIT atak z xx.x.xx.xxx:135/tcp
tam gdzie x zawsze sa rozne cyfry natomiast 135 jest zawsze.
odkad zaczal sie pojawiac ten komunikat komputer sam sie wylacza i wlacza(restartuje sie)POMOCY!!!!
dzieki

Drzewko
Od najstarszego
Od najnowszego

Gość: Kolobos Re: log IP: *.crowley.pl 25.12.06, 12:47

W hijackthis usun:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.amazon.com/exec/obidos/redirect?tag=nearly4less-20
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] FIFA Football 2007

Do tego przeskanuj system przy pomocy ewido.
- Gość: tom log IP: *.bulldogdsl.com 25.12.06, 13:26
  
  dzieki wielkie
- Gość: tom Re: log IP: *.bulldogdsl.com 25.12.06, 14:05
  
  przeskanowalem komputer ewido oto skan, napiszcie prosze jak to pousuwac :
  
  __________________________________________________
  ewido anti-spyware online scanner
  www.ewido.net
  __________________________________________________
  
  Name: TrackingCookie.Fastclick
  Path: C:\Documents and Settings\william\Cookies\william@fastclick[2].txt
  Risk: Medium
  
  Name: TrackingCookie.Adbrite
  Path: C:\Documents and Settings\william\Cookies\william@adbrite[2].txt
  Risk: Medium
  
  Name: TrackingCookie.Doubleclick
  Path: C:\Documents and Settings\william\Cookies\william@doubleclick[1].txt
  Risk: Medium
  
  Name: TrackingCookie.Atdmt
  Path: C:\Documents and Settings\william\Cookies\william@atdmt[2].txt
  Risk: Medium
  
  Name: Adware.ISTBar
  Path: HKU\.DEFAULT\Software\IST
  Risk: Medium
  
  Name: Adware.ISTBar
  Path: HKU\S-1-5-18\Software\IST
  Risk: Medium
  
  Name: Downloader.IstBar.pn
  Path: C:\WINDOWS\Temp\isinst.exe
  Risk: High
  
  Name: Logger.Agent
  Path: C:\WINDOWS\patcher.exe
  Risk: High
  
  Name: Downloader.Small.edb
  Path: C:\WINDOWS\user32.exe
  Risk: High
  
  Name: Downloader.Adload.dr
  Path: C:\WINDOWS\dr.exe
  Risk: High
  
  Name: Trojan.Nilage.aeh
  Path: C:\WINDOWS\widupdate.exe
  Risk: High
  
  Name: Downloader.IstBar.pn
  Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\44ZBSLU3\istdownload[1].exe
  Risk: High
  
  Name: Trojan.ProcKill.DJ
  Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\44ZBSLU3\fkfdcxj[1].htm
  Risk: High
  
  Name: Downloader.Small.dgk
  Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\44ZBSLU3\nsctdaktzy[1].htm
  Risk: High
  
  Name: Not-A-Virus.Hoax.Win32.Renos.gc
  Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0D6B8L63\uzupnm[1].htm
  Risk: Low
  
  Name: Downloader.Small.ecr
  Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\0D6B8L63\jnmhfeq[1].txt
  Risk: High
  
  Name: Proxy.Wopla.ac
  Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\YLO66OS3\xbxihg[1].htm
  Risk: High
  
  Name: Trojan.Sinowal.ay
  Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CSEDDOBE\ckfrkn[1].txt
  Risk: High
  
  Name: Trojan.ProcKill.DJ
  Path: C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\CSEDDOBE\mazxfcmj[1].htm
  Risk: High
  
  Name: Downloader.Adload.dr
  Path: C:\Program Files\dr.exe
  Risk: High
  
  Name: Downloader.IstBar.po
  Path: C:\Program Files\shell32.exe
  Risk: High
  
  Name: Downloader.Small.edb
  Path: C:\Program Files\serial.dat/user32.exe
  Risk: High
  
  Name: Trojan.Nilage.aeh
  Path: C:\Program Files\serial.dat/widupdate.exe
  Risk: High
  
  Name: Logger.Agent
  Path: C:\Program Files\serial.dat/patcher.exe
  Risk: High
  
  Name: Downloader.Small.edb
  Path: C:\Program Files\serial.zip/user32.exe
  Risk: High
  
  Name: Trojan.Nilage.aeh
  Path: C:\Program Files\serial.zip/widupdate.exe
  Risk: High
  
  Name: Logger.Agent
  Path: C:\Program Files\serial.zip/patcher.exe
  Risk: High
  
  Name: Trojan.Nilage.aeh
  Path: C:\Program Files\widupdate.exe
  Risk: High
  
  Name: Logger.Agent
  Path: C:\Program Files\patcher.exe
  Risk: High
  
  Name: Downloader.Agent.bbx
  Path: C:\System Volume Information\_restore{E7FE5339-D1B5-41A8-876C-4A6E58E50B80}\RP4\A0007180.exe
  Risk: High
  
  Name: Downloader.Adload.dr
  Path: C:\System Volume Information\_restore{E7FE5339-D1B5-41A8-876C-4A6E58E50B80}\RP4\A0007182.exe
  Risk: High
  
  Name: Downloader.Agent.bbx
  Path: C:\System Volume Information\_restore{E7FE5339-D1B5-41A8-876C-4A6E58E50B80}\RP4\A0007183.exe
  Risk: High
  
  Name: Proxy.Wopla.ac
  Path: C:\System Volume Information\_restore{E7FE5339-D1B5-41A8-876C-4A6E58E50B80}\RP4\A0007212.exe
  Risk: High
  
  Name: Trojan.Sinowal.ay
  Path: C:\diwov.exe
  Risk: High
  
  Name: Trojan.ProcKill.DJ
  Path: C:\hfyfedhg.exe
  Risk: High
  
  Name: Not-A-Virus.Hoax.Win32.Renos.gc
  Path: C:\gpitgiwe.exe
  Risk: Low
  
  Name: Trojan.ProcKill.DJ
  Path: C:\lwuevcol.exe
  Risk: High
  
  Name: Downloader.Small.dgk
  Path: C:\vhenfgwd.exe
  Risk: High
  
  dzieki
  ponadto od wczoraj pojawia mi sie taki komunikat avasta o tresci:
  DCOM EXPLOIT atak z xx.x.xx.xxx:135/tcp
  tam gdzie x zawsze sa rozne cyfry natomiast 135 jest zawsze.
  odkad zaczal sie pojawiac ten komunikat komputer sam sie wylacza i wlacza(restartuje sie)POMOCY!!!!
  dzieki
  - Gość: Kolobos Re: log IP: *.crowley.pl 25.12.06, 16:31
    
    Log z ewido nie jest potrzebny, po przeskanowaniu masz usunac w programie wszystko co znajdzie (ustawic na remove). Zamknij tez porty przy pomocy wwdc.exe

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się