Forum Tibia.pl

Forum Tibia.pl (http://forum.tibia.pl//index.php)
-   O wszystkim i o niczym (http://forum.tibia.pl//forumdisplay.php?f=20)
-   -   Trend Micro Hijack (http://forum.tibia.pl//showthread.php?t=241008)

przemo123977 06-04-2013 13:37
Trend Micro Hijack
 
Witam. Jestem prawie pewny, że złapałem keylogera. Może ktoś przejrzec mój wynik skanowania programem Trend Micro Hijack, gdyż kompletnie się an tym nie znam? :p

Kod:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:29:38, on 2013-04-06
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng*****
C:\Windows\system32\Dwm*****
C:\Windows\Explorer*****
C:\Program Files\Windows Defender\MSASCui*****
C:\Program Files\Synaptics\SynTP\SynTPEnh*****
C:\Program Files\Launch Manager\HotkeyApp*****
C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****
C:\Program Files\Real\RealPlayer\Update\realsched*****
C:\Program Files\Common Files\Java\Java Update\jusched*****
C:\Windows\System32\qttask*****
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier*****
C:\Program Files\Pando Networks\Media Booster\PMB*****
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor*****
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler*****
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM*****
C:\Program Files\Synaptics\SynTP\SynTPHelper*****
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC*****
C:\Windows\system32\wuauclt*****
C:\Program Files\Google\Chrome\Application\chrome*****
C:\Windows\system32\conime*****
C:\Windows\system32\javaw*****
C:\Program Files\Google\Chrome\Application\chrome*****
C:\Users\ttw\Downloads\HijackThis*****
C:\PROGRA~1\COMMON~1\SpeedBit\SBUpdate\SBUpdate*****
C:\Program Files\Google\Chrome\Application\chrome*****

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/?aff=grbr_VA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: TinyBHO Class - {00e71626-0bef-11dc-8314-0800200c9a66} - C:\Users\ttw\AppData\Roaming\DownloaderGold\ieplug.dll
O2 - BHO: TinyBHO Class - {00e71626-0bef-11dc-8314-0864264c9a64} - C:\Users\ttw\AppData\Roaming\DownloaderGold\ieplug.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll
O2 - BHO: Free Lunch Design - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll
O2 - BHO: RewardsArcade - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: SBCONVERT - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\softonic\1.5.11.5\bh\softonic.dll
O2 - BHO: TheBflix - {F0CEC09A-7AC2-4836-B069-F9C62A73260A} - (no file)
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\grabber.dll
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\prxtbFre2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\softonic\1.5.11.5\softonicTlbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui***** -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh*****
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp*****"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart*****"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol*****
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp*****
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton*****
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui*****" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched*****"  -osboot
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan*****"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched*****"
O4 - HKLM\..\Run: [QuickTime Task] C:\Windows\System32\qttask*****
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM*****"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui*****" --auto-start
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier*****"
O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate*****" "sleep"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite*****" -autorun
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator*****" /startup
O4 - HKCU\..\Run: [Spark] C:\Program Files\Spark\Spark*****
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares*****" -h
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB*****
O4 - HKCU\..\Run: [Oracle Java] "C:\Windows\system32\javaw*****" -jar "C:\Users\ttw\AppData\Roaming\java_u.jar"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar***** /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32***** oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar***** /detectMem (User 'USŁUGA SIECIOWA')
O4 - Startup: Autostart Intel iPOS v3.lnk = C:\Program Files\Intel iPOS v3\TCEidletimer*****
O4 - Startup: Intel iPOS v3.lnk = C:\Program Files\Intel iPOS v3\TCEPlayer*****
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.6.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler*****
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos*****/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL*****/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc*****
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService*****
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01*****
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx*****
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv*****
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn*****
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate*****
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate*****
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService*****
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2*****
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc*****
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice*****
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService*****
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService*****
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc*****
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Need for Speed ProStreet\PB\PnkBstrA*****
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater*****
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService*****
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler*****
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService*****
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc*****

--
End of file - 12571 bytes

Vadimq 06-04-2013 15:47
Hijackthis to przestarzałe narzędzie i rzadko już wykorzystywane do diagnostyki. Pomijając fakt, że sam program nie jest już od dawna wspierany.
Do tego sam log jest mało wartościowy, forum rozszerzenia plików zastępuja gwiazdkami.

Zapraszam do zapoznania się z tym tematem i przedstawienia odpowiednich logów: http://forum.tibia.pl/showthread.php?t=240287


Wszystkie czasy podano w strefie GMT +2. Teraz jest 08:01.

Powered by vBulletin 3