CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo trojan.downloader.agent.II

trojan.downloader.agent.II

I dopadło mnie. Objawy: po uruchomieniu kompa samoczynnie wybiera moje domyślne połączenie, nastepnie wywala okienka z reklamami co jakiś czas, zmieniona strona startowa w IE, dodany jakiś pasek z przyciskami w IE. Sprawdzałem mks–em–online:Znalazł: Adware.Elitebar.J31; Trojan.Downloader.Agent.II; Trojan.Startpeg.Nk; Skanując online kasowałem wszystko co proponował mi pragram, nastepnie scan całego kompa Nortonem Antywirusem: czysto. Odinstalowałem pasek narzędziowy w IE(była taka opcja), zmieniłem stronę startową na "swoją" i restart. I na nowo sam się łączy, i wyrzuca te cholerne reklamy. W IE wygląda, źe jest ok. Znowu scan mks–online i znajduje Trojan.Downloader.Agent.II, usuwa go i po restarcie znowu to samo. Po przeglądnięciu forum prośba o sprawdzenie loga z Hijacka i o pomoc w usunieciu tego swiństwa.
Logfile of Browser Hijack Recover(BHR) v1.41
http://www.browser–hijack.com/
Log created on 2005–02–12 16:57:09
Microsoft Windows XP Professional (Build 2600)
Internet Explorer v6.0.2600.0000

[Process Manager] – [Process]
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32alg.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:WINDOWSsystem32pctspk.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32wdfmgr.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesAVerTVQuickTV.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSexplorer.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Program FilesBrowser Hijack Recoverhr.exe

[Process Manager] – [NT Services]
Service Name: Sterownik Microsoft ACPI – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSACPI.sys
Service Name: Środowisko obsługi sieci AFD – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32driversafd.sys
Service Name: Filtr magistrali AGP Intel – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSagp440.sys
Service Name: SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSalcan5wn.sys
Service Name: SpeedTouch ADSL Modem ATM Transport – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSalcaudsl.sys
Service Name: Service for WDM 3D Audio Driver – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSdriversALCXSENS.SYS
Service Name: Service for Realtek AC97 Audio (WDM) – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSdriversALCXWDM.SYS
Service Name: Usługa bramy warstwy aplikacji – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32alg.exe
Service Name: Standardowy kontroler dysku twardego IDE/ESDI – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSatapi.sys
Service Name: Ati HotKey Poller – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32Ati2evxx.exe
Service Name: ati2mtag – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSati2mtag.sys
Service Name: Windows Audio – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Sterownik Audio Stub – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSaudstub.sys
Service Name: Beep – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Przeglądarka komputera – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Symantec Event Manager – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
Service Name: Symantec Network Proxy – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesCommon FilesSymantec SharedccProxy.exe
Service Name: Symantec Settings Manager – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
Service Name: Cdfs – Start Type: SERVICE_DISABLED – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Sterownik stacji dysków CD–ROM – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERScdrom.sys
Service Name: Usługi kryptograficzne – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32svchost.exe –k netsvcs
Service Name: AVerMedia, AVerTV Video Capture – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSdriverscx88vid.sys
Service Name: AVerMedia, AVerTV Crossbar (88x) – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSdriversCX88XBAR.sys
Service Name: AVerMedia AVerTV Tuner Service (88x) – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSdriversCX88TUNE.sys
Service Name: Klient DHCP – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Sterownik dysku – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSdisk.sys
Service Name: Sterownik Menedźera dysków logicznych – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32driversdmio.sys
Service Name: dmload – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32driversdmload.sys
Service Name: Menedźer dysków logicznych – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Klient DNS – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k NetworkService
Service Name: Usługa raportowania błędów – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Dziennik zdarzeń – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32services.exe
Service Name: System zdarzeń COM+ – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Fastfat – Start Type: SERVICE_DISABLED – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Zgodność szybkiego przełączania uźytkowników – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Sterownik kontrolera stacji dyskietek – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSfdc.sys
Service Name: Fips – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Sterownik stacji dyskietek – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSflpydisk.sys
Service Name: Sterownik Menedźera woluminów – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSftdisk.sys
Service Name: Rodzajowy klasyfikator pakietu – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSmsgpc.sys
Service Name: Pomoc i obsługa techniczna – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Sterownik portu klawiatury i8042 i myszy PS/2 – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSi8042prt.sys
Service Name: Imapi – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Translator adresów sieciowych IP – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSipnat.sys
Service Name: Sterownik IPSEC – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSipsec.sys
Service Name: Sterownik PnP magistrali ISA/EISA – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSisapnp.sys
Service Name: Sterownik klasy klawiatury – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSkbdclass.sys
Service Name: Microsoft Kernel Wave Audio Mixer – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSdriverskmixer.sys
Service Name: KSecDD – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Serwer – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Stacja robocza – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Pomoc TCP/IP NetBIOS – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k LocalService
Service Name: Posłaniec – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: mnmdd – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Modem – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Sterownik klasy myszy – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSmouclass.sys
Service Name: MountMgr – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Readresator klienta WebDav – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSmrxdav.sys
Service Name: MRXSMB – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSmrxsmb.sys
Service Name: Msfs – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Mup – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: MxlW2k – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Norton AntiVirus Auto Protect Service – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
Service Name: NAVENG – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120050209.032NAVENG.Sys
Service Name: NAVEX15 – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120050209.032NavEx15.Sys
Service Name: Sterownik systemu NDIS – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Sterownik usługi Dostęp zdalny NDIS TAPI – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS distapi.sys
Service Name: Protokół We/Wy trybu uźytkownika NDIS – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS disuio.sys
Service Name: Sterownik usługi Dostęp zdalny NDIS WAN – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS diswan.sys
Service Name: Serwer proxy NDIS – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Interfejs NetBIOS – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS etbios.sys
Service Name: NetBios przez TCP/IP – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS etbt.sys
Service Name: Połączenia sieciowe – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Rozpoznawanie lokalizacji w sieci (NLA) – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Npfs – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Ntfs – Start Type: SERVICE_DISABLED – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Null – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Sterownik portu równoległego – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSparport.sys
Service Name: PartMgr – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: ParVdm – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Sterownik magistrali PCI – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSpci.sys
Service Name: PCIIde – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSpciide.sys
Service Name: PCTEL Speaker Phone – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32pctspk.exe
Service Name: Plug and Play – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32services.exe
Service Name: WAN Miniport (PPTP) – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS aspptp.sys
Service Name: PQNTDrv – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: Sterownik procesora – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSprocessr.sys
Service Name: Magazyn chroniony – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32lsass.exe
Service Name: Harmonogram pakietów QoS – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSpsched.sys
Service Name: Sterownik bezpośredniego połączenia kablowego – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSptilink.sys
Service Name: PCTEL Serial Device Driver for PCI – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSptserlp.sys
Service Name: Labtec WebCam(PID_0840) – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSLVCD.sys
Service Name: Sterownik automatycznego połączenia dostępu zdalnego – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS asacd.sys
Service Name: Menedźer autopołączenia dostępu zdalnego – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: WAN Miniport (L2TP) – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS asl2tp.sys
Service Name: Menedźer połączeń usługi Dostęp zdalny – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Sterownik usługi Dostęp zdalny PPPOE – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS aspppoe.sys
Service Name: Bezpośrednie połączenie kablowe – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS aspti.sys
Service Name: Rdbss – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS dbss.sys
Service Name: RDPCDD – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSRDPCDD.sys
Service Name: Sterownik przekierowania urządzenia serwera terminali – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS dpdr.sys
Service Name: Sterownik filtru odtwarzania audio cyfrowych dysków CD – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS edbook.sys
Service Name: Routing i dostęp zdalny – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Rejestr zdalny – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32svchost.exe –k LocalService
Service Name: Zdalne wywoływanie procedur (RPC) – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32svchost –k rpcss
Service Name: Menedźer kont zabezpieczeń – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32lsass.exe
Service Name: SAVRT – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesNorton Internet SecurityNorton AntiVirusSAVRT.SYS
Service Name: SAVRTPEL – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesNorton Internet SecurityNorton AntiVirusSAVRTPEL.SYS
Service Name: SAVScan – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
Service Name: Harmonogram zadań – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Secdrv – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSsecdrv.sys
Service Name: Logowanie pomocnicze – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Zawiadomienie o zdarzeniu systemowym – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32svchost.exe –k netsvcs
Service Name: Sterownik filtru Serenum – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSserenum.sys
Service Name: Sterownik portu szeregowego – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSserial.sys
Service Name: Zapora połączenia internetowego / Udostępnianie połączenia internetowego – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Wykrywanie sprzętu powłoki – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Symantec Network Drivers Service – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
Service Name: Bufor wydruku – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32spoolsv.exe
Service Name: Srv – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSsrv.sys
Service Name: Usługa odnajdywania SSDP – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k LocalService
Service Name: Windows Image Acquisition (WIA) – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k imgsvc
Service Name: Sterownik magistrali programowej – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSswenum.sys
Service Name: SYMDNS – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DriversSYMDNS.SYS
Service Name: SymEvent – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:Program FilesSymantecSYMEVENT.SYS
Service Name: SYMFW – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DriversSYMFW.SYS
Service Name: SYMIDS – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DriversSYMIDS.SYS
Service Name: SYMIDSCO – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:PROGRA~1COMMON~1SYMANT~1SymcDataidsdefs20041123.015symidsco.sys
Service Name: SYMNDIS – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DriversSYMNDIS.SYS
Service Name: SYMREDRV – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DriversSYMREDRV.SYS
Service Name: SYMTDI – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DriversSYMTDI.SYS
Service Name: Urządzenie audio Microsoft Kernel System – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSdriverssysaudio.sys
Service Name: Telefonia – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Sterownik protokołu TCP/IP – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS cpip.sys
Service Name: Sterownik urządzenia terminalu – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERS ermdd.sys
Service Name: Usługi terminalowe – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Kompozycje – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Klient śledzenia łączy rozproszonych – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32svchost.exe –k netsvcs
Service Name: Windows User Mode Driver Framework – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32wdfmgr.exe
Service Name: Sterownik Microcode Update – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSupdate.sys
Service Name: Menedźer przekazywania – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Koncentrator z obsługą USB2 – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSusbhub.sys
Service Name: Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSusbuhci.sys
Service Name: VgaSave – Start Type: SERVICE_SYSTEM_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32driversvga.sys
Service Name: XP Vmodem – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSvmodem.sys
Service Name: VolSnap – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path:
Service Name: XP Vpctcom – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSvpctcom.sys
Service Name: XP Vvoice – Start Type: SERVICE_BOOT_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32DRIVERSvvoice.sys
Service Name: Usługa Czas systemu Windows – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs
Service Name: Sterownik usługi Dostęp zdalny IP ARP – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSDRIVERSwanarp.sys
Service Name: Sterownik zgodności audio Microsoft WINMM WDM – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSdriverswdmaud.sys
Service Name: WebClient – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k LocalService
Service Name: Instrumentacja zarządzania Windows – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32svchost.exe –k netsvcs
Service Name: Środowisko wspomagające dostawcę usług innych niź IFS – Windows Socket 2.0 – Start Type: SERVICE_DEMAND_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32driversws2ifsl.sys
Service Name: Aktualizacje automatyczne – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSsystem32svchost.exe –k netsvcs
Service Name: Konfiguracja zerowej sieci bezprzewodowej – Start Type: SERVICE_AUTO_START – Service Status: SERVICE_RUNNING – Binary path: C:WINDOWSSystem32svchost.exe –k netsvcs

[IE Options] – [Normal]
R0 – HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
R0 – HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain,Window Title =

[IE Options] – [IE Menu]

[IE Options] – [Internet Options]

[IE Options] – [IE Search Hooks]
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL
R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00–17A6–11D0–99CB–00C04FD64497} – C:WINDOWSSystem32shdocvw.dll

[IE Add–Ons] – [Toolbars]

[IE Add–Ons] – [Explorer Bars]
O9 – Extra "View" Explorer Bars: Pasek wyszukiwania – {30D02401–6A81–11D0–8274–00C04FD5AE38} – C:WINDOWSSystem32rowseui.dll
O9 – Extra "View" Explorer Bars: Pasek multimediów – {32683183–48a0–441b–a342–7c2a440a9478} – C:WINDOWSSystem32rowseui.dll
O9 – Extra "View" Explorer Bars: Favorites Band – {EFA24E61–B078–11D0–89E4–00C04FC9E26E} – C:WINDOWSSystem32shdocvw.dll
O9 – Extra "View" Explorer Bars: History Band – {EFA24E62–B078–11D0–89E4–00C04FC9E26E} – C:WINDOWSSystem32shdocvw.dll

[IE Add–Ons] – [Context Menu]
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html

[IE Add–Ons] – [BHOs]
O2 – BHO: &EliteSideBar – {ED103D9F–3070–4580–AB1E–E5C179C1AE41} – C:WINDOWSEliteSideBarEliteSideBar 08.dll

[IE Add–Ons] – [Tools Menu]
O9 – Extra "Tool" Menu Item: Po&kaź łącza pokrewne – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm

[IE Add–Ons] – [Tools Button]
O9 – Extra Button: Pokrewne – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra Button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:WINDOWSSystem32Shdocvw.dll

[System Options]

[StartUp]
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun SoundMan = SOUNDMAN.EXE
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun ATIPTA = C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun NeroFilterCheck = C:WINDOWSsystem32NeroCheck.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun RemoteControl = C:Program FilesCyberLinkPowerDVDPDVDServ.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun SpeedTouch USB Diagnostics = C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun LVCOMS = C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun TkBellExe = C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun P2P Networking = C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun WinampAgent = C:Program FilesWinampWinampa.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun SSC_UserPrompt = C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun KernelFaultCheck = C:WINDOWSsystem32dumprep 0 –k
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun ccApp = C:Program FilesCommon FilesSymantec SharedccApp.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun URLLSTCK.exe = C:Program FilesNorton Internet SecurityUrlLstCk.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun Symantec NetDriver Monitor = C:PROGRA~1SYMNET~1SNDMon.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun mmtask = c:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun Windows AdStatus = C:Program FilesWindows AdStatusWinStat.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun antiware = C:windowssystem32eliteztu32.exe
04 – HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun THGuard = C:Program FilesTrojanHunter 4.1THGuard.exe
O4 – C:Documents and SettingsAll UsersMenu StartProgramyAutostartQuickTV.lnk = C:PROGRA~1AVerTVQuickTV.exe
O4 – C:Documents and SettingsAll UsersMenu StartProgramyAutostartMicrosoft Office.lnk = C:PROGRA~1MICROS~2OfficeOSA9.EXE
O4 – C:Documents and SettingsAll UsersMenu StartProgramyAutostartAdobe Gamma Loader.exe.lnk = C:PROGRA~1COMMON~1AdobeCALIBR~1ADOBEG~1.EXE

Odpowiedzi: 6

Wielkie, wielkie, wielkie dzięki. :P Wszystkio juz chyba ok. Po restarcie komp sam nie wybiera połączenia, źadne śmieci nie wyskakują, moge spać spokojnie :wink:
wojciechs
Dodano
13.02.2005 00:03:54
wojciechs:
...Temporary Internet FilesContent.IE58H0BXCQPdl[1].exe update[1].html z zawartością
Komputer w tryb awaryjny i reczne czyszczenie tempow internetowych jak i "normalnego" folderu Temp

To usun:

O4 – HKLM..Run: [antiware] C:windowssystem32eliteztu32.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
Plik ktorego nie mozesz odnalezc usun w HiJacku –> nacisnij przycisk "Config", pozniej zakladka "Misc Tools" a nastepnie "Delete a file on reboot" gdzie podasz sciezke dostepu. No i oczywiscie reset.
EL NINO
Dodano
12.02.2005 22:21:38
Zrobiłem tak jak radziłes, niestety problem pozostał. nurtuje mnie plik elitetzu.exe, nie mam go na dysku(nie znajduję), a w logu widze, źe cos tam z nim jest. Zauwazyłem tez, źe trojan ten pakuje sie do C:WINDOWSsystem32configsystemprofileUstawienia lokalneTemporary Internet FilesContent.IE58H0BXCQPdl[1].exe
po jakimś czasie aktywności w necie w tym samym katalogu pojawia sie jakiś update[1].html z zawartością
001|AT|86400|| 001|AM|6|| 001|TR|86400|| 001|country|Poland|| 001|city|Olsztyn|| 001|state|85|| 005|http://yupsearch.com/dl.exe|c:dl1.exe|| 001|RX|1|| 001|RX2.8|1|| 001|RX2.9|1|| 001|RX3.0|1|| 001|RX3.1|1||

i jeszcze raz mój log z hijacka po wszystkich zabiegach
Logfile of HijackThis v1.99.0
Scan saved at 20:46:25, on 2005–02–12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:WINDOWSsystem32pctspk.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
C:Program FilesAVerTVQuickTV.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:WINDOWSSystem32wuauclt.exe
C:WINDOWSSystem32wuauclt.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsTataMoje dokumentywojciechsiedlecki@neostrada.plHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [LVCOMS] C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet SecurityUrlLstCk.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [mmtask] c:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
O4 – HKLM..Run: [antiware] C:windowssystem32eliteztu32.exe
O4 – Global Startup: QuickTV.lnk = C:Program FilesAVerTVQuickTV.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:WINDOWSSystem32Shdocvw.dll
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_58.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {2A781DED–C22D–4153–9812–CEA98A32981C} (GameDesire Makao) – http://67.15.101.3/g_bin/pl/cardsmakao_2_0_0_17.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102182686871
O16 – DPF: {67135BDA–6546–4426–BC94–BB5AF5005231} (GameDesire Checkers) – http://67.15.101.3/g_bin/pl/checkers_2_0_0_15.cab
O16 – DPF: {881290B9–F53C–4676–8DAF–3DBEFC297308} (GameDesire Makao) – http://67.15.101.3/g_bin/pl/makao_2_0_0_15.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O17 – HKLMSystemCCSServicesTcpip..{CA33E461–CD2A–46C2–887B–15C20B781AFD}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Ati HotKey Poller – Unknown – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Network Proxy – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Norton AntiVirus Auto Protect Service – Symantec Corporation – C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
O23 – Service: PCTEL Speaker Phone – PCtel, Inc. – C:WINDOWSsystem32pctspk.exe
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

wojciechs
Dodano
12.02.2005 21:58:26
Wylacz przywracanie

Zakoncz proces:
P2P Networking.exe

Usun:
C:WINDOWSEliteSideBar
C:WINDOWSSystem32P2P Networking
C:Program FilesWindows AdStatus
eliteztu32.exe

FIX:
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchmiracle.com/sp.php
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing)
O2 – BHO: &EliteSideBar – {ED103D9F–3070–4580–AB1E–E5C179C1AE41} – C:WINDOWSEliteSideBarEliteSideBar 08.dll
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [Windows AdStatus] C:Program FilesWindows AdStatusWinStat.exe
O4 – HKLM..Run: [antiware] C:windowssystem32eliteztu32.exe
O16 – DPF: v3cab – http://searchmiracle.com/cab/v3cab_SerialSpot.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge–c112.cab
Bobi
Dodano
12.02.2005 19:48:47
Juz wklejam:

Logfile of HijackThis v1.99.0
Scan saved at 18:39:57, on 2005–02–12
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSSystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
C:WINDOWSsystem32pctspk.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesThomsonSpeedTouch USBDragdiag.exe
C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
C:Program FilesCommon FilesRealUpdate_OB ealsched.exe
C:WINDOWSSystem32P2P NetworkingP2P Networking.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
C:Program FilesAVerTVQuickTV.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:WINDOWSSystem32wuauclt.exe
C:DOCUME~1TataUSTAWI~1TempRar$EX00.625HijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://searchmiracle.com/sp.php
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:PROGRA~1NEOSTR~1SEARCH~1.DLL (file missing)
O2 – BHO: &EliteSideBar – {ED103D9F–3070–4580–AB1E–E5C179C1AE41} – C:WINDOWSEliteSideBarEliteSideBar 08.dll
O4 – HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM..Run: [ATIPTA] C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 – HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 – HKLM..Run: [SpeedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon
O4 – HKLM..Run: [LVCOMS] C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
O4 – HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OB ealsched.exe" –osboot
O4 – HKLM..Run: [P2P Networking] C:WINDOWSSystem32P2P NetworkingP2P Networking.exe /AUTOSTART
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [SSC_UserPrompt] C:Program FilesCommon FilesSymantec SharedSecurity CenterUsrPrmpt.exe
O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 –k
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet SecurityUrlLstCk.exe
O4 – HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMon.exe
O4 – HKLM..Run: [mmtask] c:Program FilesMusicMatchMusicMatch Jukeboxmmtask.exe
O4 – HKLM..Run: [Windows AdStatus] C:Program FilesWindows AdStatusWinStat.exe
O4 – HKLM..Run: [antiware] C:windowssystem32eliteztu32.exe
O4 – Global Startup: QuickTV.lnk = C:Program FilesAVerTVQuickTV.exe
O4 – Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 – Extra context menu item: &Google Search – res://c:program filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:program filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:program filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:program filesgoogleGoogleToolbar1.dll/cmtrans.html
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:WINDOWSSystem32Shdocvw.dll
O16 – DPF: komentator – http://sport.onet.pl/komentator.cab
O16 – DPF: v3cab – http://searchmiracle.com/cab/v3cab_SerialSpot.cab
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/ClickYesToContinue/ie/Bridge–c112.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_58.cab
O16 – DPF: {1D6711C8–7154–40BB–8380–3DEA45B69CBF} (Web P2P Installer) –
O16 – DPF: {2A781DED–C22D–4153–9812–CEA98A32981C} (GameDesire Makao) – http://67.15.101.3/g_bin/pl/cardsmakao_2_0_0_17.cab
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102182686871
O16 – DPF: {67135BDA–6546–4426–BC94–BB5AF5005231} (GameDesire Checkers) – http://67.15.101.3/g_bin/pl/checkers_2_0_0_15.cab
O16 – DPF: {881290B9–F53C–4676–8DAF–3DBEFC297308} (GameDesire Makao) – http://67.15.101.3/g_bin/pl/makao_2_0_0_15.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GameDesire Snooker) – http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab
O17 – HKLMSystemCCSServicesTcpip..{CA33E461–CD2A–46C2–887B–15C20B781AFD}: NameServer = 194.204.152.34 217.98.63.164
O23 – Service: Ati HotKey Poller – Unknown – C:WINDOWSSystem32Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:WINDOWSsystem32ati2sgag.exe
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Network Proxy – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Norton AntiVirus Auto Protect Service – Symantec Corporation – C:Program FilesNorton Internet SecurityNorton AntiVirus avapsvc.exe
O23 – Service: PCTEL Speaker Phone – PCtel, Inc. – C:WINDOWSsystem32pctspk.exe
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Symantec Network Drivers Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe

wojciechs
Dodano
12.02.2005 19:42:38
Wklej log z Hijack This, bedzie wygodniej
Juz wiedze pare smieci
Bobi
Dodano
12.02.2005 18:39:41
wojciechs
Dodano:
12.02.2005 18:04:19
Komentarzy:
6
Strona 1 / 1