proszę o sprawdzenie loga...

IP: *.chello.pl 09.06.05, 21:02
Zlapalem wirusa którego z przyjemnością bym się pozbył;)
Poniżej log, proszę o sprawdzenie...

Logfile of HijackThis v1.99.1
Scan saved at 21:02:06, on 2005-06-09
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Acer\Launch Manager\LaunchAp.exe
C:\Program Files\Acer\Launch Manager\PowerKey.exe
C:\Program Files\Acer\Launch Manager\HotkeyApp.exe
C:\Program Files\Acer\Launch Manager\KeyHook.exe
C:\Program Files\Acer\Launch Manager\CtrlVol.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
c:\windows\system32\aoqjuu.exe
C:\WINDOWS\System32\j?vaw.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kuba Wędrychowski\Pulpit\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
195.95.218.172/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
web.neuroticmedia.net/getV1License.asp?content_guid=11634&challenge=AAEAAab7zwqi15gb040k3ZnZjRRt6wklQYVqxv5fQJIIc9KcC
afYB4Mf81yPKSQ!
CRCPEviD7GMhFskopipvTiVmDD9pqn40tmcDTGpgkJrbNKwqM*LhGqtp3lNyW2X!
HxIy5*DeWVIz3ikhn3gsww6TF8B6J75Ih5IchEnHa*uladHX5zhcoJqvz6VNKkx8RxAyb*S8VCidni
CZTQ!V1rGmzWkANJUPovAm5d8PCMzgMJihOhyTqx2nVDdp4dUKDcvpdc1VXx!
t&DRMVer=1.3&filename=file://C:%5cProgram%20Files%5cWinamp%5cSnow_Patrol-
Spitting_Games.wma
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
C:\WINDOWS\System32\vbrundll.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32
\nss5.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F203019C-E155-CEFE-7848-9AECA8ED1290} -
C:\WINDOWS\System32\pqllhom.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Acer\Launch
Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Acer\Launch
Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Acer\Launch
Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [KeyHook] "C:\Program Files\Acer\Launch Manager\KeyHook.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Acer\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch
Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
iGuard.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
O4 - HKLM\..\Run: [vmtuner] gglib.exe
O4 - HKLM\..\Run: [svphnqj] c:\windows\system32\aoqjuu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Corm] C:\Program Files\wasd\aire.exe
O4 - HKCU\..\Run: [Clhreqzf] C:\WINDOWS\System32\j?vaw.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {AEAB97F0-4AC6-4D11-B352-
9C9EF4F75A5B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AEAB97F0-4AC6-
4D11-B352-9C9EF4F75A5B} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=www.sertek.com.tw/
O15 - Trusted Zone: *.bestcounter.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com
    • Gość: Kolobos Re: proszę o sprawdzenie loga... IP: *.warszawa.sdi.tpnet.pl 09.06.05, 21:30
      Virusa? Masz pelno spywareu, a virus to moze przy okazji.
      Tylko po co chcesz to usuwac skoro nie masz aktualizacji ani firewall'a? Zaraz
      Ci sie to samo zainstaluje, po co Ci taki windows?

      Przeskanuj sobie tym:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      Usun wszystko co znajdzie.

      zamknij porty tym:
      www.firewallleaktester.com/tools/wwdc.exe
      Uruchamiasz windows w trybie awaryjnym i uzywasz tego:

      free.of.pl/k/kolobos/nailfix.zip
      W hijackthis usun to:

      > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > 195.95.218.172/index.php
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      > 195.95.218.172/index.php
      > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
      > 195.95.218.172/index.php
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      > 195.95.218.172/index.php
      > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      > 195.95.218.172/index.php
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      > 195.95.218.172/index.php
      > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
      > web.neuroticmedia.net/getV1License.asp?
      content_guid=11634&challenge=AAEAAab7zwqi15gb040k3ZnZjRRt6wklQYVqxv5fQJIIc9KcC
      > afYB4Mf81yPKSQ!
      > CRCPEviD7GMhFskopipvTiVmDD9pqn40tmcDTGpgkJrbNKwqM*LhGqtp3lNyW2X!
      > HxIy5*DeWVIz3ikhn3gsww6TF8B6J75Ih5IchEnHa*uladHX5zhcoJqvz6VNKkx8RxAyb*S8VCidni
      > CZTQ!V1rGmzWkANJUPovAm5d8PCMzgMJihOhyTqx2nVDdp4dUKDcvpdc1VXx!
      > t&DRMVer=1.3&filename=file://C:%5cProgram%20Files%5cWinamp%5cSnow_Patrol-
      > Spitting_Games.wma
      > F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
      > O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} -
      > C:\WINDOWS\System32\vbrundll.dll
      > O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32
      > \nss5.dll
      > O2 - BHO: (no name) - {F203019C-E155-CEFE-7848-9AECA8ED1290} -
      > C:\WINDOWS\System32\pqllhom.dll
      > O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      > O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security
      > iGuard.exe
      > O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
      > O4 - HKLM\..\Run: [_Cat2] C:\WINDOWS\nmstt.exe
      > O4 - HKLM\..\Run: [_Cat1] C:\WINDOWS\nmmst.exe
      > O4 - HKLM\..\Run: [vmtuner] gglib.exe
      > O4 - HKLM\..\Run: [svphnqj] c:\windows\system32\aoqjuu.exe
      > O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
      > O4 - HKCU\..\Run: [Corm] C:\Program Files\wasd\aire.exe
      > O4 - HKCU\..\Run: [Clhreqzf] C:\WINDOWS\System32\j?vaw.exe
      > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      > C:\WINDOWS\web\related.htm
      > O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      > 00aa003c157a} - C:\WINDOWS\web\related.htm
      > O9 - Extra button: Microsoft AntiSpyware helper - {AEAB97F0-4AC6-4D11-B352-
      > 9C9EF4F75A5B} - (no file) (HKCU)
      > O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AEAB97F0-4AC6-
      > 4D11-B352-9C9EF4F75A5B} - (no file) (HKCU)
      > O14 - IERESET.INF: START_PAGE_URL=www.sertek.com.tw/
      > O15 - Trusted Zone: *.bestcounter.biz
      > O15 - Trusted Zone: *.blazefind.com
      > O15 - Trusted Zone: *.clickspring.net
      > O15 - Trusted Zone: *.flingstone.com
      > O15 - Trusted Zone: *.mt-download.com
      > O15 - Trusted Zone: *.my-internet.info
      > O15 - Trusted Zone: *.searchbarcash.com
      > O15 - Trusted Zone: *.searchmiracle.com
      > O15 - Trusted Zone: *.skoobidoo.c

      Po wszystkim wklej nowy log bo ten sie nawet nie zmiescil.
      • Gość: Kuba Re: proszę o sprawdzenie loga... IP: *.chello.pl 09.06.05, 22:53
        teraz wygląda to tak:

        Logfile of HijackThis v1.99.1
        Scan saved at 22:49:58, on 2005-06-09
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Norton AntiVirus\navapsvc.exe
        c:\windows\system32\iizaro.exe
        C:\WINDOWS\System32\igfxtray.exe
        C:\WINDOWS\System32\hkcmd.exe
        C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\WINDOWS\LTSMMSG.exe
        C:\Program Files\Acer\Launch Manager\LaunchAp.exe
        C:\Program Files\Acer\Launch Manager\PowerKey.exe
        C:\Program Files\Acer\Launch Manager\HotkeyApp.exe
        C:\Program Files\Acer\Launch Manager\KeyHook.exe
        C:\Program Files\Acer\Launch Manager\CtrlVol.exe
        C:\PROGRA~1\NORTON~1\navapw32.exe
        C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
        C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Documents and Settings\Kuba Wędrychowski\Pulpit\hijackthis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton AntiVirus\NavShExt.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [LaunchApp] LaunApp
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
        O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
        O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Acer\Launch Manager\LaunchAp.exe"
        O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Acer\Launch Manager\PowerKey.exe"
        O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Acer\Launch
        Manager\HotkeyApp.exe"
        O4 - HKLM\..\Run: [KeyHook] "C:\Program Files\Acer\Launch Manager\KeyHook.exe"
        O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Acer\Launch Manager\CtrlVol.exe"
        O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
        O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch
        Jukebox\mmtask.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
        \SNDMon.exe /Consumer
        O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
        Shared\Security Center\UsrPrmpt.exe
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
        AntiSpyware\gcasServ.exe"
        O4 - HKLM\..\Run: [emrakrq] c:\windows\system32\iizaro.exe r
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
        appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
        O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
        www.xblock.com/download/xclean_micro.exe
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
        O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
        Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
        C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
        Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
        • Gość: Kolobos Re: proszę o sprawdzenie loga... IP: *.warszawa.sdi.tpnet.pl 10.06.05, 00:30
          No to jeszcze raz uruchamiasz w trybie awaryjnym w hijackthis usuwasz te wpisy:


          F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
          O4 - HKLM\..\Run: [emrakrq] c:\windows\system32\iizaro.exe r
          O15 - Trusted Zone: *.slotchbar.com
          O15 - Trusted Zone: *.ysbweb.com
          O15 - Trusted Zone: *.slotchbar.com (HKLM)
          O15 - Trusted Zone: *.ysbweb.com (HKLM)

          Na koniec uruchamiasz jeszcze raz nailfix.

          Po resecie wklej nowy log z hijackthis.
          • Gość: Kuba Re: proszę o sprawdzenie loga... IP: *.chello.pl 10.06.05, 21:19
            Log poniżej:

            Logfile of HijackThis v1.99.1
            Scan saved at 21:15:37, on 2005-06-10
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Kerio-firewall\Personal Firewall 4\kpf4ss.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
            C:\Program Files\Norton AntiVirus\navapsvc.exe
            C:\WINDOWS\System32\igfxtray.exe
            C:\WINDOWS\System32\hkcmd.exe
            C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\WINDOWS\LTSMMSG.exe
            C:\Program Files\Acer\Launch Manager\LaunchAp.exe
            C:\Program Files\Acer\Launch Manager\PowerKey.exe
            C:\Program Files\Acer\Launch Manager\HotkeyApp.exe
            C:\Program Files\Acer\Launch Manager\KeyHook.exe
            C:\Program Files\Acer\Launch Manager\CtrlVol.exe
            C:\PROGRA~1\NORTON~1\navapw32.exe
            C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
            C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
            C:\WINDOWS\System32\ctfmon.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Kerio-firewall\Personal Firewall 4\kpf4gui.exe
            C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
            C:\Program Files\Kerio-firewall\Personal Firewall 4\kpf4gui.exe
            C:\Program Files\Internet Explorer\IEXPLORE.EXE
            C:\WINDOWS\system32\notepad.exe
            C:\Documents and Settings\Kuba Wędrychowski\Pulpit\hijackthis\HijackThis.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.google.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
            C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
            O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
            Files\Norton AntiVirus\NavShExt.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
            C:\Program Files\Norton AntiVirus\NavShExt.dll
            O4 - HKLM\..\Run: [LaunchApp] LaunApp
            O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
            O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
            O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
            O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Acer\Launch Manager\LaunchAp.exe"
            O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Acer\Launch Manager\PowerKey.exe"
            O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Acer\Launch
            Manager\HotkeyApp.exe"
            O4 - HKLM\..\Run: [KeyHook] "C:\Program Files\Acer\Launch Manager\KeyHook.exe"
            O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Acer\Launch Manager\CtrlVol.exe"
            O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
            O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch
            Jukebox\mmtask.exe
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
            atboottime
            O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
            \SNDMon.exe /Consumer
            O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
            Shared\Security Center\UsrPrmpt.exe
            O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
            AntiSpyware\gcasServ.exe"
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
            Files\Adobe\Calibration\Adobe Gamma Loader.exe
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
            O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
            C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
            O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
            O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
            appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
            O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
            www.xblock.com/download/xclean_micro.exe
            O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
            v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1118354416920
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            skaner.mks.com.pl/SkanerOnline.cab
            O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
            O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
            C:\Program Files\Kerio-firewall\Personal Firewall 4\kpf4ss.exe
            O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec
            Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
            O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
            C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
            Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
            O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
            Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

            Jest jeszcze problem z tapetą, a mianowicie na środku pulpitu jest komunikat:
            "A fatal error in IE has occured at 0028:C0011E36 in VXD VMM<01> + 00010E36.
            Error was caused by Trojan-Spy.HTML.Smitfraud.c

            * System can not function in normal mode. Please check you security settings.
            * Scan your PC with any avaliable antivirus/spyware remover program to fix the
            problem."

            ktorego nie da sie usunąc. Opcja ustawienia tapety wogole nie istnieje we
            właściwościach pulpitu.
            • Gość: Kolobos Re: proszę o sprawdzenie loga... IP: *.warszawa.sdi.tpnet.pl 10.06.05, 21:26
              Log wyglada ok.

              Tutaj masz opis naprawy tapety:
              www.searchengines.pl/phpbb203/index.php?showtopic=31936
              tylko nie pisz, ze Ci sie nie otwiera ;-)
              • Gość: Kuba Re: proszę o sprawdzenie loga... IP: *.chello.pl 10.06.05, 21:34
                otwiera sie na szczescie ;)

                wielkie dzieki za pomoc:)

                Pzdr
                • Gość: bert Re: proszę o sprawdzenie loga... IP: *.internetdsl.tpnet.pl 10.06.05, 21:41
                • Gość: bert Re: proszę o sprawdzenie loga... IP: *.internetdsl.tpnet.pl 10.06.05, 21:42
                  GOSCIU jesteś de besciak podziwiam Cie.Pozdrowienia.
Pełna wersja