Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Bardzo prosze o sprawdzenie loga

    IP: 5.2.* / 213.46.163.* 02.11.05, 21:35
    Czesc
    moje dziecko chcialo sciagac jakies tam programy z ze stron z napisem FREE i
    od tego czasu otwieraja sie nam samoistnie strony Internetu typu: casino,
    darmowe centrum sciagania...itp itd.
    bardzo prosze jesli mozliwe sprawdzenie loga....z gory dziekuje

    aha, komputer juz skanowany antywirusem ( 2 rozne ),Microsoft Antispywarem i
    Ad awarem.

    Dziekuje za wszystkie rady w celu usuniecia szkodnika.
    Magda

    Logfile of HijackThis v1.99.1
    Scan saved at 21:34:01, on 02/11/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\U3lsdmFpbg\command.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Magdalena\Bureau\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    home.fra.chello.fr/ssi/welcome/welcome.php?url=search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    www.nouvelobs.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
    Internet Explorer fourni par chello broadband n.v.
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = proxy.chello.fr:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = ;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O1 - Hosts: wnload-network.com
    O1 - Hosts: .0.1 www.emusic.com
    O1 - Hosts: wnload-network.com
    O1 - Hosts: .0.1 www.emusic.com
    O1 - Hosts: enu.com
    O1 - Hosts: ok2me2.com
    O1 - Hosts: enu.com
    O1 - Hosts: ok2me2.com
    O1 - Hosts: 127
    O1 - Hosts: .whenu.com
    O1 - Hosts: w.look2me2.com
    O1 - Hosts: .whenu.com
    O1 - Hosts: w.look2me2.com
    O1 - Hosts: .zinc.whenu.com
    O1 - Hosts: .zinc.whenu.com
    O1 - Hosts: com
    O1 - Hosts: com
    O1 - Hosts: 127.0.0
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
    \IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
    \IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
    \IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
    Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
    \SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
    communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
    atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program
    Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BearShare] "C:\Program
    Files\BearShare\BearShare.exe" /pause
    O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
    lang 1033
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [IncrediMail] C:\Program
    Files\IncrediMail\bin\IncMail.exe /c
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft
    office\Office\OSA9.EXE
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
    C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel -
    res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
    00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
    C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
    00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .avi: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .wav: C:\Program Files\Internet
    Explorer\PLUGINS\npqtplugin2.dll
    O14 - IERESET.INF:
    START_PAGE_URL=home.fra.chello.fr/ssi/welcome/welcome.php?
    url=home&src=ie
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
    messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) -
    messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
    (MsnMessengerSetupDownloadControl Class) -
    messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
    game16.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
    &#
    Obserwuj wątek
      • Gość: Magda Re: Bardzo prosze o sprawdzenie loga IP: 5.2.* / 213.46.163.* 02.11.05, 21:51
        ciag dalszy....
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
        messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
        messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
        messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
        (MsnMessengerSetupDownloadControl Class) -
        messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
        game16.zylomgames.com/activex/zylomgamesplayer.cab
        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
        messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
        \MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: dllodbc - C:\WINDOWS\system\dllodbc.dll (file missing)
        O20 - Winlogon Notify: regcmd - C:\WINDOWS\Fonts\regcmd.dll (file missing)
        O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
        C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
        C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
        C:\Program Files\AVPersonal\AVWUPSRV.EXE
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
        C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
        C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
        C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown
        owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
        c:\APPS\Powercinema\Kernel\TV\CLSched.exe
        O23 - Service: Command Service (cmdService) - Unknown owner -
        C:\WINDOWS\U3lsdmFpbg\command.exe
        O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program
        Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
        O23 - Service: Generic Service for HID Keyboard Input Collections
        (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
        O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
        O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
        Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
        O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
        Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

        z gory serdecznie dziekuje
        Magda
      • Gość: Kolobos Re: Bardzo prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 02.11.05, 22:29
        Dwa antyvirusy? Jezeli tak to wywal nortona.

        Usun w hijackthis:

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
        Internet Explorer fourni par chello broadband n.v.
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
        Settings,ProxyOverride = ;<local>
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O1 - Hosts: wnload-network.com
        O1 - Hosts: .0.1 www.emusic.com
        O1 - Hosts: wnload-network.com
        O1 - Hosts: .0.1 www.emusic.com
        O1 - Hosts: enu.com
        O1 - Hosts: ok2me2.com
        O1 - Hosts: enu.com
        O1 - Hosts: ok2me2.com
        O1 - Hosts: 127
        O1 - Hosts: .whenu.com
        O1 - Hosts: w.look2me2.com
        O1 - Hosts: .whenu.com
        O1 - Hosts: w.look2me2.com
        O1 - Hosts: .zinc.whenu.com
        O1 - Hosts: .zinc.whenu.com
        O1 - Hosts: com
        O1 - Hosts: com
        O1 - Hosts: 127.0.0
        O14 - IERESET.INF:
        START_PAGE_URL=home.fra.chello.fr/ssi/welcome/welcome.php?
        url=home&src=ie
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
        messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
        messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
        Class) -
        messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
        (MsnMessengerSetupDownloadControl Class) -
        messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
        game16.zylomgames.com/activex/zylomgamesplayer.cab
        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
        messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
        messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
        messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
        (MsnMessengerSetupDownloadControl Class) -
        messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
        game16.zylomgames.com/activex/zylomgamesplayer.cab
        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
        messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1
        \MSNMES~1\msgrapp.dll" (file missing)
        O20 - Winlogon Notify: dllodbc - C:\WINDOWS\system\dllodbc.dll (file missing)
        O20 - Winlogon Notify: regcmd - C:\WINDOWS\Fonts\regcmd.dll (file missing)

        Uruchom services.msc odszukaj tam ta usluge, wejdz w jej wlasciwosci zatrzymaj
        i wylacz:
        O23 - Service: Command Service (cmdService) - Unknown owner -
        C:\WINDOWS\U3lsdmFpbg\command.exe
        Nastpenie usun katalog U3lsdmFpbg i usun usluge w hijackthis -> open misc tools
        wpisz cmdService

        I przeskanuj tym:
        download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
        download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
        przeskanowaniu odinstaluj.

        Sprawdz plik:
        C:\WINDOWS\system32\Userinit.exe
        tym skanerem:
        virusscan.jotti.org/ i napisz czy cos znalazlo ale pliku nie ruszaj
        narazie.

        Dziecko trzeba uswiadomic, ze nie ma nic za free i niech na przyszlosc nic nie
        sciaga z takich stron.
        • Gość: magda Re: Bardzo prosze o sprawdzenie loga IP: 5.2.* / 213.46.163.* 02.11.05, 23:49
          Dzieki Kolobos,

          wynik virusscan.jotti:

          Service load: 0% 100%

          File: Userinit.exe
          Status: OK
          MD5 d6d65ea32b190401b57edb6706f29669
          Packers detected: -
          Scanner results
          AntiVir Found nothing
          ArcaVir Found nothing
          Avast Found nothing
          AVG Antivirus Found nothing
          BitDefender Found nothing
          ClamAV Found nothing
          Dr.Web Found nothing
          F-Prot Antivirus Found nothing
          Fortinet Found nothing
          Kaspersky Anti-Virus Found nothing
          NOD32 Found nothing
          Norman Virus Control Found nothing
          UNA Found nothing
          VBA32 Found nothing

          zostalo mi do zrobienia to:

          Uruchom services.msc odszukaj tam ta usluge, wejdz w jej wlasciwosci zatrzymaj
          > i wylacz:
          > O23 - Service: Command Service (cmdService) - Unknown owner -
          > C:\WINDOWS\U3lsdmFpbg\command.exe
          > Nastpenie usun katalog U3lsdmFpbg i usun usluge w hijackthis -> open misc t
          > ools
          > wpisz cmdService

          na msconfig nie znalazlam tej uslugi.....

          a oto nowy log z hijackthis:
          Logfile of HijackThis v1.99.1
          Scan saved at 23:48:50, on 02/11/2005
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
          C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
          C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
          C:\Apps\Powercinema\PCMService.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\Program Files\AVPersonal\AVGNT.EXE
          C:\Program Files\D-Tools\daemon.exe
          C:\Program Files\AVPersonal\AVWUPSRV.EXE
          C:\Program Files\Messenger\msmsgs.exe
          c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
          c:\APPS\Powercinema\Kernel\TV\CLSched.exe
          C:\WINDOWS\U3lsdmFpbg\command.exe
          C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
          C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
          c:\APPS\HIDSERVICE\HIDSERVICE.exe
          C:\WINDOWS\system32\slserv.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
          C:\WINDOWS\System32\alg.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Documents and Settings\Magdalena\Bureau\hijackthis\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
          home.fra.chello.fr/ssi/welcome/welcome.php?url=search
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.nouvelobs.com/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
          Settings,ProxyServer = proxy.chello.fr:8080
          F3 - REG:win.ini: load=??? ?
          F3 - REG:win.ini: run=??? ?
          F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
          O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
          \IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
          O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
          \IME\TINTLGNT\TINTSETP.EXE /SYNC
          O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
          \IME\TINTLGNT\TINTSETP.EXE /IMEName
          O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
          Shared\ccApp.exe"
          O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
          Security\UrlLstCk.exe
          O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
          O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
          \SNDMon.exe /Consumer
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
          AntiSpyware\gcasServ.exe"
          O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
          communs\Real\Update_OB\realsched.exe" -osboot
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
          atboottime
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program
          Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
          O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
          O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
          lang 1033
          O4 - HKLM\..\Run: [MSConfig]
          C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft
          office\Office\OSA9.EXE
          O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
          C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
          O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1
          \MICROS~3\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
          O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
          00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
          C:\WINDOWS\system32\Shdocvw.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
          C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
          00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
          O12 - Plugin for .wav: C:\Program Files\Internet
          Explorer\PLUGINS\npqtplugin2.dll
          O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
          C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
          O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
          C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
          C:\Program Files\AVPersonal\AVWUPSRV.EXE
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
          C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
          C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
          C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
          O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown
          owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
          O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
          c:\APPS\Powercinema\Kernel\TV\CLSched.exe
          O23 - Service: Command Service (cmdService) - Unknown owner -
          C:\WINDOWS\U3lsdmFpbg\command.exe (file missing)
          O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program
          Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
          O23 - Service: Generic Service for HID Keyboard Input Collections
          (GenericHidService) - Unknown owner -
          • Gość: magda Re: Bardzo prosze o sprawdzenie loga IP: 5.2.* / 213.46.163.* 02.11.05, 23:55
            O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
            O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
            O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
            Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
            O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
            Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

            przepraszam ze o cos jeszcze cie prosze ale czy mozesz podac mi jakis antivirus
            godny zakupu?

            dziecko uswiadomione ze nie ma nic za darmo..... ale jak to dziecko, bez msn-u
            nie moze zyc wiecej niz godzine.... :-)

            jeszcze raz: wielkie dzieki
            Magda
            • Gość: Kolobos Re: Bardzo prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 03.11.05, 01:50
              Antyvirus ktory masz w zupelnosci wystarczy i nic nie trzeba kupowac.


              :Uruchom services.msc odszukaj tam ta usluge, wejdz w jej wlasciwosci zatrzymaj
              > i wylacz:
              > O23 - Service: Command Service (cmdService) - Unknown owner -
              > C:\WINDOWS\U3lsdmFpbg\command.exe
              > Nastpenie usun katalog U3lsdmFpbg i usun usluge w hijackthis -> open misc t
              > ools
              > wpisz cmdService

              na msconfig nie znalazlam tej uslugi.....

              Przeciez nie pisalem nic o msconfig tylko o services.msc (wpisz to w uruchom).
              • Gość: magda Re: Bardzo prosze o sprawdzenie loga IP: 5.2.* / 213.46.163.* 03.11.05, 19:48
                w services msc usluga odlaczona......
                katalogu U3lsdmFpbg nie znalazlam.....wiec nie wycielam;

                oto dzisiejszy log i jeszcze raz dzieki za pomoc:

                Logfile of HijackThis v1.99.1
                Scan saved at 19:40:54, on 03/11/2005
                Platform: Windows XP SP2 (WinNT 5.01.2600)
                MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

                Running processes:
                C:\WINDOWS\System32\smss.exe
                C:\WINDOWS\system32\winlogon.exe
                C:\WINDOWS\system32\services.exe
                C:\WINDOWS\system32\lsass.exe
                C:\WINDOWS\system32\svchost.exe
                C:\WINDOWS\System32\svchost.exe
                C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
                C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
                C:\WINDOWS\system32\spoolsv.exe
                C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
                C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
                C:\Program Files\AVPersonal\AVWUPSRV.EXE
                c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                c:\APPS\HIDSERVICE\HIDSERVICE.exe
                C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
                C:\WINDOWS\system32\slserv.exe
                C:\WINDOWS\system32\svchost.exe
                C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
                C:\WINDOWS\Explorer.EXE
                C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
                C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
                C:\Apps\Powercinema\PCMService.exe
                C:\WINDOWS\SOUNDMAN.EXE
                C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
                C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
                C:\Program Files\QuickTime\qttask.exe
                C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
                C:\Program Files\AVPersonal\AVGNT.EXE
                C:\Program Files\D-Tools\daemon.exe
                C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
                C:\WINDOWS\system32\ctfmon.exe
                C:\Program Files\Messenger\msmsgs.exe
                C:\Program Files\MSN Messenger\MsnMsgr.Exe
                C:\Program Files\Internet Explorer\iexplore.exe
                C:\Documents and Settings\Magdalena\Bureau\hijackthis\HijackThis.exe

                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
                home.fra.chello.fr/ssi/welcome/welcome.php?url=search
                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.gazeta.pl/0,0.html
                R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
                home.fra.chello.fr/ssi/welcome/welcome.php?url=home&src=ie
                R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
                Internet Explorer fourni par chello broadband n.v.
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                Settings,ProxyServer = proxy.chello.fr:8080
                R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
                Settings,ProxyOverride = ;<local>
                R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
                F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
                O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
                \IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
                O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
                \IME\TINTLGNT\TINTSETP.EXE /SYNC
                O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
                \IME\TINTLGNT\TINTSETP.EXE /IMEName
                O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
                Shared\ccApp.exe"
                O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
                Security\UrlLstCk.exe
                O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
                O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
                \SNDMon.exe /Consumer
                O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
                O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
                AntiSpyware\gcasServ.exe"
                O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
                communs\Real\Update_OB\realsched.exe" -osboot
                O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
                atboottime
                O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
                O4 - HKLM\..\Run: [RemoteControl] "C:\Program
                Files\CyberLink\PowerDVD\PDVDServ.exe"
                O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
                O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
                O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
                lang 1033
                O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
                O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
                Messenger\MsnMsgr.Exe" /background
                O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft
                office\Office\OSA9.EXE
                O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1
                \MICROS~3\OFFICE11\EXCEL.EXE/3000
                O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
                C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
                O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-
                00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
                O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
                C:\WINDOWS\system32\Shdocvw.dll
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                C:\Program Files\Messenger\msmsgs.exe
                O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
                00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
                O12 - Plugin for .wav: C:\Program Files\Internet
                Explorer\PLUGINS\npqtplugin2.dll
                O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -
                C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
                O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
                C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
                O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
                O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -
                C:\Program Files\AVPersonal\AVWUPSRV.EXE
                O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
                C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
                O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
                C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
                O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
                C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
                O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown
                owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
                O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
                c:\APPS\Powercinema\Kernel\TV\CLSched.exe
                O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program
                Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
                O23 - Service: Generic Service for HID Keyboard Input Collections
                (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
                O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
                O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
                O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
                Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
                O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
                Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
                • Gość: Kolobos Re: Bardzo prosze o sprawdzenie loga IP: *.warszawa.sdi.tpnet.pl 03.11.05, 22:09
                  W opcjach folderow wlacz pokazywanie plikow ukrytych oraz chronionych to
                  zapewne zobaczysz katalog U3lsdmFpbg o ile jeszcze jest.
                  Log wyglada ok.



                  • Gość: Magda Re: Bardzo prosze o sprawdzenie loga IP: 5.2.* / 213.46.163.* 03.11.05, 22:21
                    wlaczylam opcje ale katalogu dalej nie widze.......chyba go juz nie ma...

                    Log wyglada ok ===> super

                    dzieki za pomoc & zycze dobrego wieczoru
                    i wspanialego weekendu......
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin
    Treści z serwisów internetowych Grupy Wyborcza.pl oraz serwisu tokfm.pl prezentujemy w ramach komercyjnej współpracy z ich wydawcami: Wyborcza sp. z o.o. oraz Grupą Radiową Agory sp. z o.o.
    Wybrane treści z serwisu Sport.pl są dostępne po wykupieniu płatnej subskrypcji