Mwav - nález, kontrola logu HijackThis - PLS
Napsal: 13 úno 2008 04:46
Nález Mwav
Wed Feb 13 04:33:46 2008 => Offending Key found: HKLM\Software\webhancer !!!
Wed Feb 13 04:33:57 2008 => Objekt "webhancer Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Feb 13 04:33:59 2008 => Offending Key found: HKCR\wusn.1 !!!
Wed Feb 13 04:33:59 2008 => Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Feb 13 04:34:02 2008 => Offending Folder found: C:\Program Files\Common Files\whenu
Wed Feb 13 04:34:02 2008 => Objekt "whenu.savenow Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Feb 13 04:34:06 2008 => Offending file found: C:\WINDOWS\system32\unrar.dll
Wed Feb 13 04:34:06 2008 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Nic nebylo provedeno.
Wed Feb 13 04:34:06 2008 => Offending Registry Entry found: hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll
Wed Feb 13 04:34:06 2008 => System found infected with regsort Corrupted Adware/Spyware (hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll)! Action taken: Nic nebylo provedeno.
Wed Feb 13 04:34:08 2008 => Offending file found: C:\WINDOWS\iun6002.exe
Wed Feb 13 04:34:08 2008 => System found infected with remacc.multiwebsurv Generic Malware (C:\WINDOWS\iun6002.exe)! Action taken: Nic nebylo provedeno.
Wed Feb 13 04:34:16 2008 => Checking MountPoints2 Registry Key...
Wed Feb 13 04:34:16 2008 => Checking CLSID Reference Entries...
Wed Feb 13 04:34:19 2008 => Checking Module Usage Entries...
Wed Feb 13 04:34:19 2008 => Checking User Trusted External App Entries...
Wed Feb 13 04:34:19 2008 => Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Program Files\GameSpy Arcade\GSAPak.exe". Provedené akce: Nic nebylo provedeno.
Wed Feb 13 04:34:19 2008 => Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Program Files\GameSpy Arcade\GSAPak.exe -launch". Provedené akce: Nic nebylo provedeno.
log Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:17, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programy\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\main\LaunchPd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programy\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LtcyCfgApply] "C:\Program Files\NGO ATI Optimized Driver v1.6.4\PCI Latency Tool\LtcyCfg.exe" /a
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Technologies\main\LaunchPd.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programy\Autodesk Architectural Desktop 3 Csy\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Programy\Autodesk Architectural Desktop 3 Csy\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programy\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programy\Autodesk Architectural Desktop 3 Csy\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programy\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Programy\Autodesk Architectural Desktop 3 Csy\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6461 bytes
Wed Feb 13 04:33:46 2008 => Offending Key found: HKLM\Software\webhancer !!!
Wed Feb 13 04:33:57 2008 => Objekt "webhancer Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Feb 13 04:33:59 2008 => Offending Key found: HKCR\wusn.1 !!!
Wed Feb 13 04:33:59 2008 => Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Feb 13 04:34:02 2008 => Offending Folder found: C:\Program Files\Common Files\whenu
Wed Feb 13 04:34:02 2008 => Objekt "whenu.savenow Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Wed Feb 13 04:34:06 2008 => Offending file found: C:\WINDOWS\system32\unrar.dll
Wed Feb 13 04:34:06 2008 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Nic nebylo provedeno.
Wed Feb 13 04:34:06 2008 => Offending Registry Entry found: hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll
Wed Feb 13 04:34:06 2008 => System found infected with regsort Corrupted Adware/Spyware (hkey_local_machine\software\microsoft\windows\currentversion\explorer\alwaysunloaddll)! Action taken: Nic nebylo provedeno.
Wed Feb 13 04:34:08 2008 => Offending file found: C:\WINDOWS\iun6002.exe
Wed Feb 13 04:34:08 2008 => System found infected with remacc.multiwebsurv Generic Malware (C:\WINDOWS\iun6002.exe)! Action taken: Nic nebylo provedeno.
Wed Feb 13 04:34:16 2008 => Checking MountPoints2 Registry Key...
Wed Feb 13 04:34:16 2008 => Checking CLSID Reference Entries...
Wed Feb 13 04:34:19 2008 => Checking Module Usage Entries...
Wed Feb 13 04:34:19 2008 => Checking User Trusted External App Entries...
Wed Feb 13 04:34:19 2008 => Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Program Files\GameSpy Arcade\GSAPak.exe". Provedené akce: Nic nebylo provedeno.
Wed Feb 13 04:34:19 2008 => Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Program Files\GameSpy Arcade\GSAPak.exe -launch". Provedené akce: Nic nebylo provedeno.
log Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:17, on 13.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programy\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\main\LaunchPd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programy\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [LtcyCfgApply] "C:\Program Files\NGO ATI Optimized Driver v1.6.4\PCI Latency Tool\LtcyCfg.exe" /a
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Technologies\main\LaunchPd.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Programy\Autodesk Architectural Desktop 3 Csy\InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://C:\Programy\Autodesk Architectural Desktop 3 Csy\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programy\Autodesk Architectural Desktop 3\InstBanr.ocx
O16 - DPF: {AE563723-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programy\Autodesk Architectural Desktop 3 Csy\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programy\Autodesk Architectural Desktop 3\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://C:\Programy\Autodesk Architectural Desktop 3 Csy\AcPreview.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6461 bytes
