Jeszcze jeden log...popatrzcie prosze:)

21.09.06, 20:35
Logfile of HijackThis v1.99.1
Scan saved at 20:32:23, on 2006-09-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\winhlp32.exe
C:\Documents and Settings\Stanisław\Pulpit\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA
Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [eMuleAutoStart] G:\eMule\emule.exe -AutoStart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} -
www.pandasoftware.com/activescan/pol/activescan_principal.htm (file
missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) -
mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania
Onet.pl) - slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144440587715
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
www.hestia.pl/sigeh/files/ocx/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server
Control) - 80.55.74.74/csi_netcam.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program
Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1
\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    • Gość: Kolobos Re: Jeszcze jeden log...popatrzcie prosze:) IP: *.warszawa.sdi.tpnet.pl 21.09.06, 22:51
      Wyglada ok.
    • 1852m Re: Jeszcze jeden log...popatrzcie prosze:) 22.09.06, 17:17
      Panda on-line pokazała cos takiego:
      Zdarzenie
      Status
      Lokalizacja




      Adware:adware/intcodec
      Nie wyleczalny Windows
      Registry


      • Gość: Kolobos Re: Jeszcze jeden log...popatrzcie prosze:) IP: *.warszawa.sdi.tpnet.pl 22.09.06, 17:34
        Uzyj:
        siri.urz.free.fr/Fix/SmitfraudFix_En.php
        Robisz to co masz napisane pod "Clean", log po usunieciu wklej na forum.
        • 1852m Re: Jeszcze jeden log...popatrzcie prosze:) 22.09.06, 18:14
          zrobiłem jak napisałeś oto log: (ale panda on-line dalej pokazuje to samo)

          Logfile of HijackThis v1.99.1
          Scan saved at 18:12:58, on 2006-09-22
          Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\SYSTEM32\GEARSEC.EXE
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
          C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
          C:\WINDOWS\system32\ScsiAccess.EXE
          C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
          G:\eMule\emule.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
          C:\WINDOWS\explorer.exe
          C:\Documents and Settings\Stanisław\Pulpit\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.google.pl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
          Files\Java\jre1.5.0_06\bin\ssv.dll
          O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program
          Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} -
          C:\Program Files\Norton AntiVirus\NavShExt.dll
          O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\System32\autorun.exe
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
          Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA
          Corporation\NvMixer\NVMixerTray.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
          Shared\ccApp.exe"
          O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
          O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
          O4 - HKCU\..\Run: [eMuleAutoStart] G:\eMule\emule.exe -AutoStart
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
          C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
          00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
          O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} -
          www.pandasoftware.com/activescan/pol/activescan_principal.htm (file
          missing)
          O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
          Validation Tool) - go.microsoft.com/fwlink/?linkid=39204
          O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} -
          mks.com.pl/skaner/SkanerOnline.cab
          O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania
          Onet.pl) - slimak.onet.pl/_m/kamerzysta/OnetInstalator012s.ocx
          O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
          update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144440587715
          O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
          www.hestia.pl/sigeh/files/ocx/AxisCamControl.cab
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
          acs.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) -
          80.55.74.74/csi_netcam.cab
          O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32
          \Ati2evxx.exe
          O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -
          C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
          C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
          O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
          O23 - Service: Usługa Auto-Protect programu Norton AntiVirus (navapsvc) -
          Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
          O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec
          Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
          O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
          Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
          O23 - Service: Usługa Norton Protection Center (NSCService) - Symantec
          Corporation - C:\Program Files\Common Files\Symantec Shared\Security
          Console\NSCSRVCE.EXE
          O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program
          Files\Norton AntiVirus\SAVScan.exe
          O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
          Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program
          Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
          O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1
          \NORTON~1\SPEEDD~1\NOPDB.EXE
          O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
          Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
          • Gość: Kolobos Re: Jeszcze jeden log...popatrzcie prosze:) IP: *.warszawa.sdi.tpnet.pl 22.09.06, 18:52
            Nie prosilem o log z hijackthis tylko z programu, ktory Ci podalem...
            Przeskanuj tez system przy pomocy ewido.
            • 1852m Re: Jeszcze jeden log...popatrzcie prosze:) 22.09.06, 19:02
              SmitFraudFix v2.97

              Scan done at 19:00:16,48, 2006-09-22
              Run from C:\Documents and Settings\Stanis?aw\Pulpit\SmitfraudFix\SmitfraudFix
              OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT
              Fix ran in normal mode

              »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
              !!!Attention, following keys are not inevitably infected!!!

              SrchSTS.exe by S!Ri
              Search SharedTaskScheduler's .dll

              »»»»»»»»»»»»»»»»»»»»»»»» Killing process


              »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

              GenericRenosFix by S!Ri


              »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


              »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


              »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

              Registry Cleaning done.

              »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
              !!!Attention, following keys are not inevitably infected!!!

              SrchSTS.exe by S!Ri
              Search SharedTaskScheduler's .dll


              »»»»»»»»»»»»»»»»»»»»»»»» End
              • 1852m Re: Jeszcze jeden log...popatrzcie prosze:) 22.09.06, 19:02
                czy to to?
                • Gość: Kolobos Re: Jeszcze jeden log...popatrzcie prosze:) IP: *.warszawa.sdi.tpnet.pl 22.09.06, 19:14
                  Tak, zobacz czy masz w rejestrze takie klucze:
                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03

                  Ps. Nie zapomnij przeskanowac przy pomocy ewido.
                  • 1852m Re: Jeszcze jeden log...popatrzcie prosze:) 22.09.06, 21:46
                    nie znalazłem nic...ani w rejestrze ani ewido nic nie pokazało.
Pełna wersja