Forum Tibia.pl

Forum Tibia.pl (http://forum.tibia.pl//index.php)
-   Inne (http://forum.tibia.pl//forumdisplay.php?f=19)
-   -   Coś mi grozi? (http://forum.tibia.pl//showthread.php?t=140719)

Kawaguchi 22-07-2007 22:39
Coś mi grozi?
 
Wotam. Przez przypadek wszedłem na podejrzaną stronkę. Nic się nie wyświetliło. Nie wiem czy nie mam jakiegoś syfu ;/

Oto log z hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CE0D95-FF12-4E81-8A99-35B097FDC829}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****



Coś mi grozi? ;/

Brojek 22-07-2007 22:54
sam sprawdzic nie umisz?

Cygan Slejter 22-07-2007 22:57
tak raczej tego nie wykryjesz

^Trial^ 22-07-2007 22:57
Cytuj:
Oryginalnie napisane przez Kawaguchi (Post 1563520)
Wotam. Przez przypadek wszedłem na podejrzaną stronkę. Nic się nie wyświetliło. Nie wiem czy nie mam jakiegoś syfu ;/

Oto log z hijackthis:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CE0D95-FF12-4E81-8A99-35B097FDC829}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****



Coś mi grozi? ;/


na wszelki wypadek zablokuj sobie firewallem IE bo wiekszosc keygejow wysyla logi przez ie ;]

Uther92 22-07-2007 23:03
To leci w kosmos.
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm


znasz to ?
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****

Shor'tugal 22-07-2007 23:10
PSIservice jest czysty na 80% . Po wpisaniu tego procesu w googlach, są niejedne pliski o sprawzdenie loga z m.in. tym "PSIservice". Oczywiscie nikt sie tego nie czepiał :D

Kawaguchi 22-07-2007 23:11
Cytuj:
Oryginalnie napisane przez Uther92 (Post 1563577)
To leci w kosmos.
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Wywalone.


Cytuj:
znasz to ?
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****
Nie mam pojęcia co to jest xd

Uther92 22-07-2007 23:12
W logu z hijacka nic nie ma, ale dla pewności niech autor da jeszcze logi z silent runners i combofix, ale nie tu tylko na http://www.pcformat.pl/forum/index.php.
@Edit
Oraz daj cały log z hijackthis bo dałeś tylko fragment.

Kawaguchi 22-07-2007 23:22
L
Kod:
ogfile of HijackThis v1.99.1
Scan saved at 22:12:29, on 2007-07-22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
C:\Program Files\Common Files\Protexis\License Service\PSIService*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui*****
C:\WINDOWS\System32\wuauclt*****
C:\WINDOWS\System32\ping*****
D:\Tibia 8.0\Tibia*****
C:\WINDOWS\explorer*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Mozilla Firefox\firefox*****
D:\HijackThis\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CE0D95-FF12-4E81-8A99-35B097FDC829}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****
Cały log ;p


@edit
Dzięki Uther, uspokoiłes mnie ;)

Harpun 23-07-2007 01:10
Jaka to była strona?

Kawaguchi 23-07-2007 13:18
Cytuj:
Oryginalnie napisane przez Kawaguchi (Post 1563621)
L
Kod:
ogfile of HijackThis v1.99.1
Scan saved at 22:12:29, on 2007-07-22
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\system32\spoolsv*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
C:\Program Files\Common Files\Protexis\License Service\PSIService*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui*****
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui*****
C:\WINDOWS\System32\wuauclt*****
C:\WINDOWS\System32\ping*****
D:\Tibia 8.0\Tibia*****
C:\WINDOWS\explorer*****
C:\WINDOWS\System32\svchost*****
C:\Program Files\Mozilla Firefox\firefox*****
D:\HijackThis\HijackThis*****

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs*****" /background
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1CE0D95-FF12-4E81-8A99-35B097FDC829}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{4FABF93A-6B33-40DD-81A2-171F3B92119C}: NameServer = 195.116.185.58,195.116.185.59
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss*****
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService*****
Cały log ;p


@edit
Dzięki Uther, uspokoiłes mnie ;)
@down
Nie pamiętam. xd


Wszystkie czasy podano w strefie GMT +2. Teraz jest 11:40.

Powered by vBulletin 3