Coś mi grozi? [Archiwum] - Forum Tibia.pl

Kawaguchi

22-07-2007, 22:39

Wotam. Przez przypadek wszedłem na podejrzaną stronkę. Nic się nie wyświetliło. Nie wiem czy nie mam jakiegoś syfu ;/

Oto log z hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CE0D95-FF12-4E81-8A99-35B097FDC829}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****

Coś mi grozi? ;/

Brojek

22-07-2007, 22:54

sam sprawdzic nie umisz?

Cygan Slejter

22-07-2007, 22:57

tak raczej tego nie wykryjesz

^Trial^

22-07-2007, 22:57

Wotam. Przez przypadek wszedłem na podejrzaną stronkę. Nic się nie wyświetliło. Nie wiem czy nie mam jakiegoś syfu ;/

Oto log z hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CE0D95-FF12-4E81-8A99-35B097FDC829}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****

Coś mi grozi? ;/

na wszelki wypadek zablokuj sobie firewallem IE bo wiekszosc keygejow wysyla logi przez ie ;]

Uther92

22-07-2007, 23:03

To leci w kosmos.
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

znasz to ?
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****

Shor'tugal

22-07-2007, 23:10

PSIservice jest czysty na 80% . Po wpisaniu tego procesu w googlach, są niejedne pliski o sprawzdenie loga z m.in. tym "PSIservice". Oczywiscie nikt sie tego nie czepiał :D

Kawaguchi

22-07-2007, 23:11

To leci w kosmos.
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Wywalone.

znasz to ?
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****
Nie mam pojęcia co to jest xd

Uther92

22-07-2007, 23:12

W logu z hijacka nic nie ma, ale dla pewności niech autor da jeszcze logi z silent runners i combofix, ale nie tu tylko na http://www.pcformat.pl/forum/index.php.
@Edit
Oraz daj cały log z hijackthis bo dałeś tylko fragment.

Kawaguchi

22-07-2007, 23:22

Logfile of HijackThis v1.99.1
Scan saved at 22:12:29, on 2007-07-22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
C:\Program Files\Common Files\Protexis\License Service\PSIService*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui*****
C:\WINDOWS\System32\wuauclt*****
C:\WINDOWS\System32\ping*****
D:\Tibia 8.0\Tibia*****
C:\WINDOWS\explorer*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Mozilla Firefox\firefox*****
D:\HijackThis\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CE0D95-FF12-4E81-8A99-35B097FDC829}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****

Cały log ;p

@edit
Dzięki Uther, uspokoiłes mnie ;)

Harpun

23-07-2007, 01:10

Jaka to była strona?

Kawaguchi

23-07-2007, 13:18

Logfile of HijackThis v1.99.1
Scan saved at 22:12:29, on 2007-07-22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
C:\Program Files\Common Files\Protexis\License Service\PSIService*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui*****
C:\WINDOWS\System32\wuauclt*****
C:\WINDOWS\System32\ping*****
D:\Tibia 8.0\Tibia*****
C:\WINDOWS\explorer*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Mozilla Firefox\firefox*****
D:\HijackThis\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CE0D95-FF12-4E81-8A99-35B097FDC829}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****

Cały log ;p

@edit
Dzięki Uther, uspokoiłes mnie ;)

@down
Nie pamiętam. xd