Forum Tibia.pl - Zobacz pojedynczy post

KatsuKnight · 11-11-2007, 22:14

Zeskanowałem i to muj log prosze przeglądniicie i informujcie czy jest Keylogger czy inny virek

PHP Kod:



Logfile of HijackThis v1.99.1 
Scan saved at 20:47:18, on 2007-11-12 
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v7.00 (7.00.5730.0013) 
 
Running processes: 
C:WINDOWSSystem32smss***** 
C:WINDOWSsystem32winlogon***** 
C:WINDOWSsystem32services***** 
C:WINDOWSsystem32lsass***** 
C:WINDOWSSystem32Ati2evxx***** 
C:WINDOWSsystem32svchost***** 
C:WINDOWSSystem32svchost***** 
C:Program FilesAlwil SoftwareAvast4aswUpdSv***** 
C:Program FilesAlwil SoftwareAvast4ashServ***** 
C:WINDOWSsystem32LEXBCES***** 
C:WINDOWSsystem32spoolsv***** 
C:WINDOWSsystem32LEXPPS***** 
C:WINDOWSsystem32Ati2evxx***** 
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm***** 
C:WINDOWSsystem32PSIService***** 
C:Program FilesCommon FilesSymantec SharedSNDSrvc***** 
C:WINDOWSSystem32svchost***** 
C:Program FilesAlwil SoftwareAvast4ashMaiSv***** 
C:Program FilesAlwil SoftwareAvast4ashWebSv***** 
C:WINDOWSsystem32winlogon***** 
C:WINDOWSsystem32Ati2evxx***** 
C:WINDOWSExplorer***** 
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd***** 
C:WINDOWSsystem32LXSUPMON***** 
C:PROGRA~1NEOSTR~1CnxMon***** 
C:Program FilesThomsonSpeedTouch USBDragdiag***** 
C:Program FilesAshampooAshampoo FireWallFireWall***** 
C:PROGRA~1ALWILS~1Avast4ashDisp***** 
C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf***** 
C:WINDOWSservices***** 
C:WINDOWSsystem32ctfmon***** 
D:Program FilesAutoConnectAutoConnect***** 
D:TibiaTibia***** 
C:Program FilesInternet ExplorerIEXPLORE***** 
D:gg 77Gadu-Gadugg***** 
D:OperaOpera***** 
C:Documents and SettingsNanekPulpitHijackThis***** 
 
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb 
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.imesh.com/sidebar.html?src=ssb 
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.imesh.com/sidebar.html?src=ssb 
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ 
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb 
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP 
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza 
R3 - URLSearchHook: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file) 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx 
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL 
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) 
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll 
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file) 
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL 
O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck***** 
O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd***** 
O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON***** RUN 
O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon***** 
O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*****" /icon 
O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch***** 
O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon***** 
O4 - HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN***** /logon 
O4 - HKLM..Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall*****" -TRAY 
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp***** 
O4 - HKLM..Run: [UINotify] C:Documents and SettingsRODZINAUstawienia lokalneDane aplikacjiUINotify***** 
O4 - HKLM..Run: [Windows] C:WINDOWSservices***** 
O4 - HKLM..Run: [services] C:Documents and SettingsNanekPulpitServisePack_4***** 
O4 - HKLM..RunServices: [UINotify] C:Documents and SettingsRODZINAUstawienia lokalneDane aplikacjiUINotify***** 
O4 - HKCU..Run: [Gadu-Gadu] "D:\gg 77\Gadu-Gadu\gg*****" /tray 
O4 - HKCU..Run: [UINotify] C:Documents and SettingsNanekUstawienia lokalneDane aplikacjiUINotify***** 
O4 - HKCU..Run: [ctfmon*****] C:WINDOWSsystem32ctfmon***** 
O4 - HKCU..Run: [ares] "D:\Program Files\Ares\Ares*****" -h 
O4 - HKCU..Run: [AutoConnect] D:Program FilesAutoConnectAutoConnect***** 
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA***** 
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs***** 
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs***** 
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll 
O11 - Options group: [INTERNATIONAL] International* 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab 
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab 
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164261359416 
O17 - HKLMSystemCCSServicesTcpip..{524BE7F1-2906-4CBB-8D8B-637B22679960}: NameServer = 194.204.159.1 217.98.63.164 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL 
O18 - Filter: text/html - (no CLSID) - (no file) 
O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll 
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc***** 
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:Program FilesAreschatServer***** 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv***** 
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx***** 
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag***** 
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ***** 
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv*****" /service (file missing) 
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*****" /service (file missing) 
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES***** 
O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService***** 
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc*****

11-11-2007, 22:14	#217
KatsuKnight Użytkownik Forum Data dołączenia: 19 10 2007 Lokacja: WrOCk Posty: 94 Stan: Aktywny Gracz Świat: GuaRdia	Zeskanowałem i to muj log prosze przeglądniicie i informujcie czy jest Keylogger czy inny virek PHP Kod: Logfile of HijackThis v1.99.1 Scan saved at 20:47:18, on 2007-11-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:WINDOWSSystem32smss*** C:WINDOWSsystem32winlogon* C:WINDOWSsystem32services* C:WINDOWSsystem32lsass* C:WINDOWSSystem32Ati2evxx* C:WINDOWSsystem32svchost* C:WINDOWSSystem32svchost* C:Program FilesAlwil SoftwareAvast4aswUpdSv* C:Program FilesAlwil SoftwareAvast4ashServ* C:WINDOWSsystem32LEXBCES* C:WINDOWSsystem32spoolsv* C:WINDOWSsystem32LEXPPS* C:WINDOWSsystem32Ati2evxx* C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm* C:WINDOWSsystem32PSIService* C:Program FilesCommon FilesSymantec SharedSNDSrvc* C:WINDOWSSystem32svchost* C:Program FilesAlwil SoftwareAvast4ashMaiSv* C:Program FilesAlwil SoftwareAvast4ashWebSv* C:WINDOWSsystem32winlogon* C:WINDOWSsystem32Ati2evxx* C:WINDOWSExplorer* C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd* C:WINDOWSsystem32LXSUPMON* C:PROGRA~1NEOSTR~1CnxMon* C:Program FilesThomsonSpeedTouch USBDragdiag* C:Program FilesAshampooAshampoo FireWallFireWall* C:PROGRA~1ALWILS~1Avast4ashDisp* C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnf* C:WINDOWSservices* C:WINDOWSsystem32ctfmon* D:Program FilesAutoConnectAutoConnect* D:TibiaTibia* C:Program FilesInternet ExplorerIEXPLORE* D:gg 77Gadu-Gadugg* D:OperaOpera* C:Documents and SettingsNanekPulpitHijackThis* R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://search.imesh.com/sidebar.html?src=ssb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://search.imesh.com/sidebar.html?src=ssb R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.pl/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Neostrada TP R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza R3 - URLSearchHook: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file) R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:PROGRA~1NEOSTR~1SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:Program FilesAdobeAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - (no file) O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O4 - HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck* O4 - HKLM..Run: [Share-to-Web Namespace Daemon] C:Program FilesHewlett-PackardHP Share-to-Webhpgs2wnd* O4 - HKLM..Run: [LXSUPMON] C:WINDOWSsystem32LXSUPMON* RUN O4 - HKLM..Run: [WooCnxMon] C:PROGRA~1NEOSTR~1CnxMon* O4 - HKLM..Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag*" /icon O4 - HKLM..Run: [WOOWATCH] C:PROGRA~1NEOSTR~1Watch* O4 - HKLM..Run: [WOOTASKBARICON] C:PROGRA~1NEOSTR~1TaskbarIcon* O4 - HKLM..Run: [Easy-PrintToolBox] C:Program FilesCanonEasy-PrintToolBoxBJPSMAIN* /logon O4 - HKLM..Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall*" -TRAY O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp* O4 - HKLM..Run: [UINotify] C:Documents and SettingsRODZINAUstawienia lokalneDane aplikacjiUINotify* O4 - HKLM..Run: [Windows] C:WINDOWSservices* O4 - HKLM..Run: [services] C:Documents and SettingsNanekPulpitServisePack_4* O4 - HKLM..RunServices: [UINotify] C:Documents and SettingsRODZINAUstawienia lokalneDane aplikacjiUINotify* O4 - HKCU..Run: [Gadu-Gadu] "D:\gg 77\Gadu-Gadu\gg*" /tray O4 - HKCU..Run: [UINotify] C:Documents and SettingsNanekUstawienia lokalneDane aplikacjiUINotify* O4 - HKCU..Run: [ctfmon*] C:WINDOWSsystem32ctfmon* O4 - HKCU..Run: [ares] "D:\Program Files\Ares\Ares*" -h O4 - HKCU..Run: [AutoConnect] D:Program FilesAutoConnectAutoConnect* O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA* O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs* O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs*** O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O10 - Unknown file in Winsock LSP: c:program filesashampooashampoo firewallspi.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164261359416 O17 - HKLMSystemCCSServicesTcpip..{524BE7F1-2906-4CBB-8D8B-637B22679960}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O18 - Filter: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc*** O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:Program FilesAreschatServer* O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv* O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSSystem32Ati2evxx* O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag* O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ* O23 - Service: avast! Mail Scanner - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashMaiSv*" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv*" /service (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:WINDOWSsystem32LEXBCES* O23 - Service: ProtexisLicensing - Unknown owner - C:WINDOWSsystem32PSIService* O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc***