Czy ktos mi sprawdzi loga?pliz

IP: *.ols.vectranet.pl / 62.29.133.* 22.05.05, 18:07
Logfile of HijackThis v1.97.7
Scan saved at 18:04:20, on 05-05-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\NavNT\rtvscan.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\system32\wmiprvsc.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\eMule\emule.exe
E:\Z dysku C\Marta\programiki na robala\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program
Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01
\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Update Process] wmiprvsc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\RunServices: [Windows Update Process] wmiprvsc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Update Process] wmiprvsc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: BPHOnl - e-bank.bphpbk.pl/bph/portal/starts.nsf/econline/
$File/BPHOnl.cab
O16 - DPF: {37A49D66-2735-4BB9-8503-82BA5E2333D0} (MailCfg Control) -
poczta.wp.pl/autoryzacja/mailcfg.ocx
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation
Engine) - office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX
Control) - gdansk.procad.pl/download/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) -
www.bph.pl/pi/components/SignActivX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38111.5481597222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
    • Gość: Kolobos Re: Czy ktos mi sprawdzi loga?pliz IP: *.warszawa.sdi.tpnet.pl 22.05.05, 19:28
      Usun te wpisy:

      To jakis virus/trojan:
      O4 - HKLM\..\Run: [Windows Update Process] wmiprvsc.exe
      O4 - HKLM\..\RunServices: [Windows Update Process] wmiprvsc.exe
      O4 - HKCU\..\Run: [Windows Update Process] wmiprvsc.exe

      Zbedne:
      O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
      O9 - Extra button: Messenger (HKLM)
      O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

      Plik wmiprvsc.exe usun z dysku powinien byc w:
      C:\WINDOWS\system32\wmiprvsc.exe
      Jakby nie chcial sie skasowac to w hijackthis w misc tools masz delete file on
      reboot.
      • Gość: marta Re: Czy ktos mi sprawdzi loga?pliz IP: *.ols.vectranet.pl / 62.29.133.* 23.05.05, 13:58
        Wielkie dzieki za sprawdzenie.Mam tylko jeszcze jedno pytanko, ten plik
        wmiprvsc.exe znajduje sie w katologu Prefetch (C:\Windows\Prefetch) czy moge go
        normalnie stad wyrzucic?
        • Gość: Kolobos Re: Czy ktos mi sprawdzi loga?pliz IP: *.warszawa.sdi.tpnet.pl 23.05.05, 14:53
          Tak i w system32 tez powinien byc wiec tez go wywal.
          • Gość: marta Re: Czy ktos mi sprawdzi loga?pliz IP: *.ols.vectranet.pl / 62.29.133.* 23.05.05, 15:31
            Juz go wywalilam ale w pliku system32 go nie ma
Pełna wersja