analiza loga
Logfile of HijackThis v1.99.1
Scan saved at 18:39:43, on 2005–06–07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kavmm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\keyhook.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kav.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Winamp\Winamp.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\PopUpCop\PCCloser.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett–Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Suja\USTAWI~1\Temp\Rar$EX00.938\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: PopUpCop – {DB43E4E6–FF8A–4018–8C8E–F68587A44A73} – C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 – HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\system32\keyhook.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [Microsoft uptime Service] sysuptime.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 – HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kav.exe" –run –n PersonalPro –v 5.0.0.0 –chkss
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\RunServices: [Microsoft uptime Service] sysuptime.exe
O4 – HKLM\..\RunServices: [SDK Codre Function22] sdkimddprovment2.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Microsoft uptime Service] sysuptime.exe
O4 – HKCU\..\Run: [Disspy] C:\Program Files\Disspy\Disspy.exe – silent
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Open Image in New Window – res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{B7A4EC6E–AA19–4817–8EA3–E3E9D56ED9BC}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Usługa administracyjna Menedźera dysków logicznych (dmadmin) – VERITAS Software Corp. – C:\WINNT\System32\dmadmin.exe
O23 – Service: Kaspersky Anti–Virus Service (KLBLMain) – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kavmm.exe
Ciagle mi sie takie cos wyswietla :/
Scan saved at 18:39:43, on 2005–06–07
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kavmm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\keyhook.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kav.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Winamp\Winamp.exe
C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe
C:\PROGRA~1\NEOSTR~1\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Watch.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\PopUpCop\PCCloser.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett–Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Suja\USTAWI~1\Temp\Rar$EX00.938\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: PopUpCop – {DB43E4E6–FF8A–4018–8C8E–F68587A44A73} – C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 – HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\system32\keyhook.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 – HKLM\..\Run: [Microsoft uptime Service] sysuptime.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 – HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kav.exe" –run –n PersonalPro –v 5.0.0.0 –chkss
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\RunServices: [Microsoft uptime Service] sysuptime.exe
O4 – HKLM\..\RunServices: [SDK Codre Function22] sdkimddprovment2.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [Microsoft uptime Service] sysuptime.exe
O4 – HKCU\..\Run: [Disspy] C:\Program Files\Disspy\Disspy.exe – silent
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Open Image in New Window – res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{B7A4EC6E–AA19–4817–8EA3–E3E9D56ED9BC}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Usługa administracyjna Menedźera dysków logicznych (dmadmin) – VERITAS Software Corp. – C:\WINNT\System32\dmadmin.exe
O23 – Service: Kaspersky Anti–Virus Service (KLBLMain) – Kaspersky Lab – C:\Program Files\Kaspersky Lab\Kaspersky Anti–Virus Personal Pro 5\kavmm.exe
Ciagle mi sie takie cos wyswietla :/
Odpowiedzi: 3
Tak myslalem ze to te wpisy. Wsio działa :D
nie didalem foty ale dzieki za szybka odpowiedz :D
Masz te dwa robale:
http://www.sophos.com/virusinfo/analyses/w32rbotacg.html
oraz http://www.sophos.com/virusinfo/analyses/w32sdbotyj.html
http://www.sophos.com/virusinfo/analyses/w32rbotacg.html
oraz http://www.sophos.com/virusinfo/analyses/w32sdbotyj.html
O4 – HKLM\..\Run: [Microsoft uptime Service] sysuptime.exe
O4 – HKLM\..\RunServices: [Microsoft uptime Service] sysuptime.exe
O4 – HKLM\..\RunServices: [SDK Codre Function22] sdkimddprovment2.exe
04 – HKCU\..\Run: [Microsoft uptime Service] sysuptime.exe
Strona 1 / 1