Bardzo proszę o sprawdzenie loga

IP: *.internetdsl.tpnet.pl 11.09.05, 19:10
Wiem, że coś mnie dopadło. Może ktoś pomoże? Prosze..

Logfile of HijackThis v1.99.1
Scan saved at 19:15:28, on 2005-09-11
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\acs.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINNT\system32\RUNDLL32.EXE
D:\Gadu-Gadu\gg.exe
C:\Program Files\22M WLAN Adapter\WLANMON.exe
C:\Program Files\YDP\YdpDict\Watch.exe
C:\Program Files\PLANET WL-8310\WLANPRO.exe
C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = 192.168.0.1/wpad.dat
F2 - REG:system.ini: Shell=explorer.exe
"C:\Program
Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} -
D:\DAP\DAPBHO.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} -
D:\DAP\DAPIEBar.dll
O3 - Toolbar: Norton Personal Firewall -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DownloadAccelerator] D:\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Personal
Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz
/CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
/Consumer
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [System] C:\WINNT\svchost.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
Folders\ibm00005.exe"
O4 - Global Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN
Adapter\WLANMON.exe
O4 - Global Startup: Aktywacja Testera.lnk = C:\Program
Files\YDP\YdpDict\Watch.exe
O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = C:\Program
Files\PLANET WL-8310\WLANPRO.exe
O4 - Global Startup: Reg.lnk = C:\Program Files\PLANET WL-8310\Reg.exe
O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} -
D:\DAP\DAP.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
- www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
skaner.mks.com.pl/SkanerOnline.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9F38AF8C-1CC1-49FD-B165-86FE31C7B1B5}:
NameServer = 192.168.0.1
O17 -
HKLM\System\CCS\Services\Tcpip\..\{C402E360-C22E-484C-BD48-EFC4575DB8D6}:
NameServer = 195.136.250.200,195.136.250.201
O17 -
HKLM\System\CS1\Services\Tcpip\..\{9F38AF8C-1CC1-49FD-B165-86FE31C7B1B5}:
NameServer = 192.168.0.1
O17 -
HKLM\System\CS2\Services\Tcpip\..\{9F38AF8C-1CC1-49FD-B165-86FE31C7B1B5}:
NameServer = 192.168.0.1
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner -
C:\WINNT\system32\acs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
Personal Firewall\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec
Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
C:\WINNT\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 11.09.05, 20:27
      Nic dziwnego skoro nie aktualizujesz systemu!
      Platform: Windows 2000 SP3 (WinNT 5.00.2195)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)
      Jak juz zrobisz wszystko co napisalem to wejdz na www.windowsupdate.com i
      sciagnij aktualizacje do windowsa oraz ie!

      Sciagnij:
      www.kellys-korner-xp.com/regs_edits/exefix.reg
      W hijackthis usun:

      F2 - REG:system.ini: Shell=explorer.exe
      "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
      O4 - HKCU\..\Run: [System] C:\WINNT\svchost.exe <- usun ten plik z dysku
      O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web
      Folders\ibm00005.exe" <- i ten tez usun.

      Nastepnie uruchom:
      exefix.reg

      Przeskanuj system tym:
      download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
      download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
      przeskanowaniu odinstaluj.
      Zamknij porty tym:
      www.firewallleaktester.com/tools/wwdc.exe
      • Gość: Magda Re: Bardzo proszę o sprawdzenie loga IP: *.internetdsl.tpnet.pl 12.09.05, 18:58
        Witam,
        dziękuję bardzo za odpowiedź

        relacja z moich działań:
        - jest aktualizacja ie
        - nie wiem co z aktualizacją do windows`a. Podczas wyszukiwania aktualizacji do
        komp. pojawia się informacja o problemie z wyświetleniem strony
        - nie moge znaleźć ibm0005.exe
        - nie wiem co z svchost.exe. Na dysku były trzy pliki o tej nazwie, dwa usunęłam
        - link www.firewallleaktester.com/tools/wwdc.exe nie działa, nie mogę sciągnąć

        wklejam log po przeskanowaniu:

        Logfile of HijackThis v1.99.1
        Scan saved at 18:57:04, on 2005-09-12
        Platform: Windows 2000 SP3 (WinNT 5.00.2195)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINNT\System32\smss.exe
        C:\WINNT\system32\winlogon.exe
        C:\WINNT\system32\services.exe
        C:\WINNT\system32\lsass.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\system32\acs.exe
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Norton Personal Firewall\ISSVC.exe
        C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINNT\system32\spoolsv.exe
        C:\WINNT\System32\svchost.exe
        C:\Program Files\ewido\security suite\ewidoctrl.exe
        C:\Program Files\Norton AntiVirus\navapsvc.exe
        C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
        C:\WINNT\System32\nvsvc32.exe
        C:\WINNT\system32\regsvc.exe
        C:\WINNT\system32\MSTask.exe
        C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
        C:\WINNT\System32\WBEM\WinMgmt.exe
        C:\WINNT\system32\svchost.exe
        C:\WINNT\Explorer.EXE
        D:\DAP\DAP.EXE
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\WINNT\system32\RUNDLL32.EXE
        C:\Program Files\22M WLAN Adapter\WLANMON.exe
        C:\Program Files\YDP\YdpDict\Watch.exe
        C:\Program Files\PLANET WL-8310\WLANPRO.exe
        D:\Gadu-Gadu\gg.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINNT\system32\msiexec.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
        C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.google.pl/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,AutoConfigURL = 192.168.0.1/wpad.dat
        O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} -
        D:\DAP\DAPBHO.dll
        O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
        C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton AntiVirus\NavShExt.dll
        O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
        {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
        O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\DAP\DAPIEBar.dll
        O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}
        - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [DownloadAccelerator] D:\DAP\DAP.EXE /STARTUP
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Personal
        Firewall\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz
        /CMDLINE "REBOOT"
        O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec
        Shared\Security Center\UsrPrmpt.exe
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
        /Consumer
        O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
        C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
        O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray
        O4 - Global Startup: 22M WLAN Adapter.lnk = C:\Program Files\22M WLAN
        Adapter\WLANMON.exe
        O4 - Global Startup: Aktywacja Testera.lnk = C:\Program Files\YDP\YdpDict\Watch.exe
        O4 - Global Startup: PLANET WL-8310 Configuration Utility.lnk = C:\Program
        Files\PLANET WL-8310\WLANPRO.exe
        O4 - Global Startup: Reg.lnk = C:\Program Files\PLANET WL-8310\Reg.exe
        O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
        O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
        C:\WINNT\System32\msjava.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console -
        {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
        O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
        update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126539475379
        O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
        www.bitdefender.com/scan/Msie/bitdefender.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        skaner.mks.com.pl/SkanerOnline.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{9F38AF8C-1CC1-49FD-B165-86FE31C7B1B5}:
        NameServer = 192.168.0.1
        O17 - HKLM\System\CCS\Services\Tcpip\..\{C402E360-C22E-484C-BD48-EFC4575DB8D6}:
        NameServer = 195.136.250.200,195.136.250.201
        O17 - HKLM\System\CS1\Services\Tcpip\..\{9F38AF8C-1CC1-49FD-B165-86FE31C7B1B5}:
        NameServer = 192.168.0.1
        O17 - HKLM\System\CS2\Services\Tcpip\..\{9F38AF8C-1CC1-49FD-B165-86FE31C7B1B5}:
        NameServer = 192.168.0.1
        O23 - Service: Atheros Configuration Service (ACS) - Unknown owner -
        C:\WINNT\system32\acs.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Usługa administracyjna Menedżera dysków logicznych (dmadmin) -
        VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
        O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton
        Personal Firewall\ISSVC.exe
        O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
        Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
        O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec
        Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
        O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
        C:\WINNT\System32\nvsvc32.exe
        O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
        AntiVirus\SAVScan.exe
        O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
        C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation
        - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common
        Files\Symantec Shared\CCPD-LC\symlcsvc.exe

        • Gość: Kolobos Re: Bardzo proszę o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 12.09.05, 19:21
          Juz nic wiecej nie usuwaj bo zepsujesz.
          Log wyglada ok, ewido odinstaluj.
          • Gość: Magda Re: Bardzo proszę o sprawdzenie loga IP: *.internetdsl.tpnet.pl 12.09.05, 19:26
            Dziękuję za pomoc:)
            pozdrawiam
Pełna wersja