Proszę o sprawdzenie loga
Po odpaleniu w uruchom cmd i netstat –a pokasuje źe cosik się podkradło wyświetlając jakieś dodatkowe nasłuchiwanie. Ad–aware nic nie widzi, Spyware Doctor nic, Microsoft Antispyware nic Panda nic Kacper nic. Nie wiem co się dzieje a jeśli te programy coś wcześniej widziały to wywaliłem. I procesor 100% biegał ale Panda dała radę teraz tylko te nasłuchiwanie. Nie chcę debiutować z majstrowaniem przy Hjt.
Logfile of HijackThis v1.99.1
Scan saved at 18:25:45, on 2005–04–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\System32\userinit32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Wanadoo\taskbaricon.exe
C:\WINDOWS\gtwatch.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe
C:\WINDOWS\twain_32\S6U12K\WATCH.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\baza\Pulpit\skany\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=userinit.exe,userinit32.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 – Global Startup: PS2 Keyboard English Edition 2.0.lnk = ?
O4 – Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12K\WATCH.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 – Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 – Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{C079AAF6–F9B4–4EC6–8CD4–7F99A6ACADB7}: NameServer = 69.50.166.94,69.31.80.244
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) – SEIKO EPSON CORPORATION – C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 – Service: Hardware Clock Driver (hwclock) – Unknown owner – C:\WINDOWS\System32\hwclock.exe (file missing)
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Logfile of HijackThis v1.99.1
Scan saved at 18:25:45, on 2005–04–14
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\System32\userinit32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Wanadoo\taskbaricon.exe
C:\WINDOWS\gtwatch.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Delux\PS2 Keyboard English Edition 2.0\kb_2k.exe
C:\WINDOWS\twain_32\S6U12K\WATCH.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\baza\Pulpit\skany\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada Plus wita Cie w Internecie
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=userinit.exe,userinit32.exe
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Wanadoo\taskbaricon.exe
O4 – HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 – Global Startup: PS2 Keyboard English Edition 2.0.lnk = ?
O4 – Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12K\WATCH.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 – Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 – Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{C079AAF6–F9B4–4EC6–8CD4–7F99A6ACADB7}: NameServer = 69.50.166.94,69.31.80.244
O23 – Service: Ati HotKey Poller – Unknown owner – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) – SEIKO EPSON CORPORATION – C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 – Service: Hardware Clock Driver (hwclock) – Unknown owner – C:\WINDOWS\System32\hwclock.exe (file missing)
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
Odpowiedzi: 3
Dzięki serdeczne :D Piwko dla tych Panów proszę :!:
userinit32.exe smierdzi rodzinką W32.Petch wiec moze być tez kilka innych plików na dysku.
Wypadałoby ich rowniez poszukać i pousuwać.
023 mało tego ze file missing (ale to akurat mało wazne) najwazniejsze jest to: http://www.sophos.com/virusinfo/analyses/w32hwbota.html
Odpalasz konsole odzyskiwania i strzelasz: disable hwclock
Potem HJT >> Misc Tools >> Delete NT Service >> wklep: hwclock >>> Ok i reboot systemu
Na koniec uszczuplenie loga poprzez odptaszenie progamow zupelnie zbednych przy starcie: Nero, Java, soft skanera, PowerDVD...
Wypadałoby ich rowniez poszukać i pousuwać.
023 mało tego ze file missing (ale to akurat mało wazne) najwazniejsze jest to: http://www.sophos.com/virusinfo/analyses/w32hwbota.html
Odpalasz konsole odzyskiwania i strzelasz: disable hwclock
Potem HJT >> Misc Tools >> Delete NT Service >> wklep: hwclock >>> Ok i reboot systemu
Na koniec uszczuplenie loga poprzez odptaszenie progamow zupelnie zbednych przy starcie: Nero, Java, soft skanera, PowerDVD...
Pan i pastuch:
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Stary ...
C:\WINDOWS\System32\userinit32.exe
Wiruch pewnie ...
F2 – REG:system.ini: UserInit=userinit.exe,userinit32.exe
Trzaby wywalić userinit32.exe
O23 – Service: Hardware Clock Driver (hwclock) – Unknown owner – C:\WINDOWS\System32\hwclock.exe (file missing)
Skoro file missing to po co to siedzi ??
O17 – HKLM\System\CCS\Services\Tcpip\..\{C079AAF6–F9B4–4EC6–8CD4–7F99A6ACADB7}: NameServer = 69.50.166.94,69.31.80.244
Serwery dobre ?? Masz Neostradę więc jakieś takie podejrzane ...
Strona 1 / 1