looknie ktos na loga?

IP: *.toya.net.pl 31.01.07, 21:51
jestem po identyfikacji i eksterminacji (mam nadzieje) nastepującego ścierwa:
- trojano:win32.1756
- trojan.proxy.horst1

oto log z hijacka, za ewentualną analizę tegoż, będę bardzo wdzięczna:

Logfile of HijackThis v1.99.1
Scan saved at 21:39:54, on 2007-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus\avpm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\agnieszka\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.pl/
O1 - Hosts: 212.191.79.98 elek.osemka.p.lodz.pl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook
Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [AVPCC] C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus\avpcc.exe /wait
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
-lang 1033
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: BlackICE Utility.lnk = C:\Program
Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a -
C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
C:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) -
www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program
Files\Kaspersky Lab\Kaspersky Anti-Virus\avpcc.exe" /Service (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program
Files\ISS\BlackICE\blackd.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard
- C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program
Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program
Files\ISS\BlackICE\rapapp.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program
Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program
Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe


    • Gość: Kolobos Re: looknie ktos na loga? IP: *.escom.net.pl 31.01.07, 23:03
      Zostaw tylko jeden antyvirus, drugo odinstaluj.

      W hjt usun:
      O4 - HKLM\..\RunServices: [microsft windows updates] mswupdate32.exe <- plik usun z dysku.

      Przeskanuj tez system przy pomocy ewido.
      • Gość: cleo Dziękuję za pomoc. Pozdrawiam. (ntxt) IP: *.toya.net.pl 01.02.07, 16:35
Pełna wersja