Forum Tibia.pl - Zobacz pojedynczy post

Lord Evad · 15-03-2008, 22:05

sory ze odswiezam ale mam problem tez ;d
bo mi ostatnio jakiegos trojana wykrylo o nazwie tibia.dd
usunelem recznie z c/windows/system32/drivers/services***** tam go mialem xd
daje loga bo zaniedlugo kupuje pacc i chce byc pewny :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:55:37, on 2008-03-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
D:\adawre\aawservice*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\RTHDCPL*****
C:\WINDOWS\system32\RUNDLL32*****
C:\Program Files\Java\jre1.6.0_02\bin\jusched*****
D:\Ashampoo FireWall\FireWall*****
C:\WINDOWS\system32\ctfmon*****
C:\Windows\alg*****
D:\DAEMON Tools\daemon*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc*****
C:\Program Files\Common Files\LightScribe\LSSrvc*****
C:\WINDOWS\System32\nvsvc32*****
C:\WINDOWS\System32\PnkBstrA*****
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr*****
C:\WINDOWS\system32\wscntfy*****
D:\nod32\ekrn*****
D:\nod32\egui*****
C:\Program Files\Mozilla Firefox\firefox*****
C:\Documents and Settings\Sylwia\Pulpit\HiJackThis_v2*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackdtools.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel*****
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL*****
O4 - HKLM\..\Run: [Alcmtr] ALCMTR*****
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32***** C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz***** /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32***** C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare*****" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched*****"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa*****"
O4 - HKLM\..\Run: [Ashampoo FireWall] "D:\Ashampoo FireWall\FireWall*****" -TRAY
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck*****
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UVS11 Preload] D:\dooborkbi\uvPL*****
O4 - HKLM\..\Run: [egui] "D:\nod32\egui*****" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON*****] C:\WINDOWS\system32\ctfmon*****
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor*****"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*****" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O4 - HKCU\..\Run: [Alg] C:\Windows\alg*****
O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon*****" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*****" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON*****] C:\WINDOWS\System32\CTFMON***** (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON*****] C:\WINDOWS\System32\CTFMON***** (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON*****] C:\WINDOWS\System32\CTFMON***** (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON*****] C:\WINDOWS\System32\CTFMON***** (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Sylwia\Pulpit\BitComet*****/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Sylwia\Pulpit\BitComet*****/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Sylwia\Pulpit\BitComet*****/AddAllLink.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs*****
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\adawre\aawservice*****
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc*****
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\nod32\EHttpSrv*****
O23 - Service: Eset Service (ekrn) - ESET - D:\nod32\ekrn*****
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc*****
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32*****
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA*****
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr*****

--
End of file - 5607 bytes

15-03-2008, 22:05	#244
Lord Evad Użytkownik Forum Data dołączenia: 01 05 2006 Wiek: 34 Posty: 173 Stan: Na Emeryturze Profesja: Elite Knight Świat: boterlandia Poziom: 100 Skille: 84 Poziom mag.: 7	sory ze odswiezam ale mam problem tez ;d bo mi ostatnio jakiegos trojana wykrylo o nazwie tibia.dd usunelem recznie z c/windows/system32/drivers/services*** tam go mialem xd daje loga bo zaniedlugo kupuje pacc i chce byc pewny : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 21:55:37, on 2008-03-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss* C:\WINDOWS\system32\winlogon* C:\WINDOWS\system32\services* C:\WINDOWS\system32\lsass* C:\WINDOWS\system32\svchost* C:\WINDOWS\System32\svchost* D:\adawre\aawservice* C:\WINDOWS\Explorer* C:\WINDOWS\RTHDCPL* C:\WINDOWS\system32\RUNDLL32* C:\Program Files\Java\jre1.6.0_02\bin\jusched* D:\Ashampoo FireWall\FireWall* C:\WINDOWS\system32\ctfmon* C:\Windows\alg* D:\DAEMON Tools\daemon* C:\WINDOWS\system32\spoolsv* C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc* C:\Program Files\Common Files\LightScribe\LSSrvc* C:\WINDOWS\System32\nvsvc32* C:\WINDOWS\System32\PnkBstrA* C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr* C:\WINDOWS\system32\wscntfy* D:\nod32\ekrn* D:\nod32\egui* C:\Program Files\Mozilla Firefox\firefox* C:\Documents and Settings\Sylwia\Pulpit\HiJackThis_v2* R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackdtools.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [SkyTel] SkyTel* O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL* O4 - HKLM\..\Run: [Alcmtr] ALCMTR* O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32* C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz* /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32* C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare*" /pause O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched*" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa*" O4 - HKLM\..\Run: [Ashampoo FireWall] "D:\Ashampoo FireWall\FireWall*" -TRAY O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck* O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [UVS11 Preload] D:\dooborkbi\uvPL* O4 - HKLM\..\Run: [egui] "D:\nod32\egui*" /hide /waitservice O4 - HKCU\..\Run: [CTFMON*] C:\WINDOWS\system32\ctfmon* O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor*" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg*" /tray O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*" /background O4 - HKCU\..\Run: [Alg] C:\Windows\alg* O4 - HKCU\..\Run: [DAEMON Tools] "D:\DAEMON Tools\daemon*" -lang 1033 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype*" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON*] C:\WINDOWS\System32\CTFMON* (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON*] C:\WINDOWS\System32\CTFMON* (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON*] C:\WINDOWS\System32\CTFMON* (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON*] C:\WINDOWS\System32\CTFMON* (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Documents and Settings\Sylwia\Pulpit\BitComet*/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Documents and Settings\Sylwia\Pulpit\BitComet*/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Documents and Settings\Sylwia\Pulpit\BitComet*/AddAllLink.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs* O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs* O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\adawre\aawservice* O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc* O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - D:\nod32\EHttpSrv* O23 - Service: Eset Service (ekrn) - ESET - D:\nod32\ekrn* O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc* O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32* O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA* O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr*** -- End of file - 5607 bytes